[wp-trac] [WordPress Trac] #62811: Update bundled root certificates for 6.8
WordPress Trac
noreply at wordpress.org
Thu Jan 30 18:51:35 UTC 2025
#62811: Update bundled root certificates for 6.8
--------------------------+---------------------
Reporter: desrosj | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.8
Component: Security | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+---------------------
Comment (by desrosj):
In [changeset:"59740" 59740]:
{{{
#!CommitTicketReference repository="" revision="59740"
Security: Introduce Grunt task for updating Root Certificates.
The Root Certificate bundle maintained by Mozilla ships in WordPress to
allow SSL certificates to be verified on hosts with incomplete, outdated,
or invalid local SSL configurations. To date, updates have only been
merged into Core when problems arise using a highly manual process.
This introduces the `certificates:upgrade` Grunt task to automate the
process of updating the included bundle with upstream changes using
Composer to manage versioning.
The legacy 1024bit certificates included for backwards compatibility are
now maintained in a separate file that is prepended to the built version
of the bundle during the relevant Grunt tasks. Some expired certificates
from this list have been removed:
- Cybertrust Global Root (expired 2021-12-15)
- Thawte Server CA (expired 2020-12-31)
- Thawte Premium Server CA (expired 2020-12-31)
The Dependabot configuration has also been updated to open pull requests
when new releases occur upstream. Going forward, the recommendation is to
create a task ticket for updating these certificates with each release
when an update is published. See #62811 for an example of this.
Props johnbillion, desrosj, whyisjake, ayeshrajans, SergeyBiryukov,
swissspidy, skithund, barry.
Fixes #62812. See #62811, 50828.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62811#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list