[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()
WordPress Trac
noreply at wordpress.org
Wed Dec 7 17:38:17 UTC 2016
#16778: wordpress is leaking user/blog information during wp_version_check()
----------------------------+-----------------------
Reporter: investici | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone:
Component: Administration | Version:
Severity: minor | Resolution:
Keywords: has-patch | Focuses:
----------------------------+-----------------------
Comment (by Otto42):
Replying to [comment:70 anu.gupta]:
> Multisite instances with hundreds of thousands of sets of tables aren't
going to be automatically updating, are they?
They certainly should be, yes. And to be clear, the alternate upgrade path
I was referring to would be a case where we prevented update notifications
from being sent to sites with large number of tables or users. That's why
the info is needed: Because a case might exist where we don't want to send
update notifications to those sites, in favor of a more manual upgrade
path.
> In any case, this is all orthogonal to the main issue, which is user
data privacy.
As you like, I was only providing information as to the question of why
this data is included in update checks. It's there because it is relevant
to whether the API sends update information or not.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/16778#comment:71>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list