[wp-trac] [WordPress Trac] #45807: CA Bundle is way out of date
WordPress Trac
noreply at wordpress.org
Tue Jan 1 19:03:57 UTC 2019
#45807: CA Bundle is way out of date
------------------------------------------+-----------------------------
Reporter: paragoninitiativeenterprises | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: trunk
Severity: normal | Keywords:
Focuses: |
------------------------------------------+-----------------------------
The latest bundle is from 2018-12-05, the one shipped with WordPress is
from 2015-09-16.
https://core.trac.wordpress.org/browser/trunk/src/wp-includes/certificates
/ca-bundle.crt
The past 3 years have shown some significant CA revocations, including
Symantec's CA certs. I don't believe an outdated CACert bundle is
necessarily a vulnerability worth reporting privately, but updating this
may prevent corner case of nation state exploitation.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45807>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list