[wp-trac] [WordPress Trac] #64462: Update Sodium Compat to 1.24.0
WordPress Trac
noreply at wordpress.org
Tue Dec 30 18:39:14 UTC 2025
#64462: Update Sodium Compat to 1.24.0
------------------------------------------+-----------------------------
Reporter: paragoninitiativeenterprises | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: External Libraries | Version: trunk
Severity: normal | Keywords: has-patch
Focuses: |
------------------------------------------+-----------------------------
Read: https://00f.net/2025/12/30/libsodium-vulnerability/
Triggering this vulnerability would require working on the underlying
internal edwards25519 code rather than the high level crypto_sign API or
Ristretto255 API.
It's ''incredibly'' unlikely that anyone will actually be affected by
this. Therefore, I do not believe this warrants being treated as a
security issue for WordPress's purposes (i.e., requiring a confidential
HackerOne ticket rather than Trac).
However, on the offchance that the unlikely happens, please make sure the
update is backported to all supported WordPress versions in the next patch
release. Better safe than sorry.
https://github.com/paragonie/sodium_compat/compare/v1.23.0...v1.24.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64462>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list