[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()

WordPress Trac noreply at wordpress.org
Wed Dec 7 17:38:17 UTC 2016


#16778: wordpress is leaking user/blog information during wp_version_check()
----------------------------+-----------------------
 Reporter:  investici       |       Owner:
     Type:  enhancement     |      Status:  reopened
 Priority:  normal          |   Milestone:
Component:  Administration  |     Version:
 Severity:  minor           |  Resolution:
 Keywords:  has-patch       |     Focuses:
----------------------------+-----------------------

Comment (by Otto42):

 Replying to [comment:70 anu.gupta]:
 > Multisite instances with hundreds of thousands of sets of tables aren't
 going to be automatically updating, are they?

 They certainly should be, yes. And to be clear, the alternate upgrade path
 I was referring to would be a case where we prevented update notifications
 from being sent to sites with large number of tables or users. That's why
 the info is needed: Because a case might exist where we don't want to send
 update notifications to those sites, in favor of a more manual upgrade
 path.


 > In any case, this is all orthogonal to the main issue, which is user
 data privacy.

 As you like, I was only providing information as to the question of why
 this data is included in update checks. It's there because it is relevant
 to whether the API sends update information or not.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/16778#comment:71>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list