[wp-trac] [WordPress Trac] #62815: Explicitly require the `hash` extension
WordPress Trac
noreply at wordpress.org
Thu Jan 16 16:52:27 UTC 2025
#62815: Explicitly require the `hash` extension
----------------------------+-------------------------
Reporter: johnbillion | Owner: johnbillion
Type: task (blessed) | Status: assigned
Priority: normal | Milestone: 6.8
Component: Security | Version:
Severity: normal | Keywords: needs-patch
Focuses: |
----------------------------+-------------------------
In #60638 the Gravatar hashes have been switched from sha1 to sha256. In
#21022 sha384 will be used for pre-hashing user passwords. The `hash`
extension is required in order for either of these extensions to be
available for use by `hash()` or `hash_hmac()`.
In the discussion on https://github.com/WordPress/wordpress-
develop/pull/8097, Dion observed that one single site out of all those
tracked on 6.1+ had `hash` disabled while otherwise being compatible.
As a result, let's add `hash` to the list of extensions that are required
to run WordPress 6.8 so we can ship safer Gravatar hashes and safer
password hashing, and correspondingly remove some compatibility code.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62815>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list