[wp-trac] [WordPress Trac] #62812: Make it easier to update bundled certificates

WordPress Trac noreply at wordpress.org
Thu Jan 30 18:51:35 UTC 2025 

#62812: Make it easier to update bundled certificates
-------------------------------------+----------------------
 Reporter:  desrosj                  |       Owner:  desrosj
     Type:  enhancement              |      Status:  closed
 Priority:  normal                   |   Milestone:  6.8
Component:  Build/Test Tools         |     Version:
 Severity:  normal                   |  Resolution:  fixed
 Keywords:  has-patch needs-testing  |     Focuses:
-------------------------------------+----------------------
Changes (by desrosj):

 * owner:  (none) => desrosj
 * status:  new => closed
 * resolution:   => fixed


Comment:

 In [changeset:"59740" 59740]:
 {{{
 #!CommitTicketReference repository="" revision="59740"
 Security: Introduce Grunt task for updating Root Certificates.

 The Root Certificate bundle maintained by Mozilla ships in WordPress to
 allow SSL certificates to be verified on hosts with incomplete, outdated,
 or invalid local SSL configurations. To date, updates have only been
 merged into Core when problems arise using a highly manual process.

 This introduces the `certificates:upgrade` Grunt task to automate the
 process of updating the included bundle with upstream changes using
 Composer to manage versioning.

 The legacy 1024bit certificates included for backwards compatibility are
 now maintained in a separate file that is prepended to the built version
 of the bundle during the relevant Grunt tasks. Some expired certificates
 from this list have been removed:

 - Cybertrust Global Root (expired 2021-12-15)
 - Thawte Server CA (expired 2020-12-31)
 - Thawte Premium Server CA (expired 2020-12-31)

 The Dependabot configuration has also been updated to open pull requests
 when new releases occur upstream. Going forward, the recommendation is to
 create a task ticket for updating these certificates with each release
 when an update is published. See #62811 for an example of this.

 Props johnbillion, desrosj, whyisjake, ayeshrajans, SergeyBiryukov,
 swissspidy, skithund, barry.
 Fixes #62812. See #62811, 50828.
 }}}

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/62812#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list