[wp-trac] [WordPress Trac] #62815: Explicitly require the `hash` extension

WordPress Trac noreply at wordpress.org
Thu Jan 16 16:52:27 UTC 2025


#62815: Explicitly require the `hash` extension
----------------------------+-------------------------
 Reporter:  johnbillion     |      Owner:  johnbillion
     Type:  task (blessed)  |     Status:  assigned
 Priority:  normal          |  Milestone:  6.8
Component:  Security        |    Version:
 Severity:  normal          |   Keywords:  needs-patch
  Focuses:                  |
----------------------------+-------------------------
 In #60638 the Gravatar hashes have been switched from sha1 to sha256. In
 #21022 sha384 will be used for pre-hashing user passwords. The `hash`
 extension is required in order for either of these extensions to be
 available for use by `hash()` or `hash_hmac()`.

 In the discussion on https://github.com/WordPress/wordpress-
 develop/pull/8097, Dion observed that one single site out of all those
 tracked on 6.1+ had `hash` disabled while otherwise being compatible.

 As a result, let's add `hash` to the list of extensions that are required
 to run WordPress 6.8 so we can ship safer Gravatar hashes and safer
 password hashing, and correspondingly remove some compatibility code.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/62815>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list