WordPress.org

Make WordPress Core

{31} Tickets in the Security component (45 matches)

Arguments
Create a new ticket
  • Active tickets in the Security component
  • Grouped by workflow and sorted by type, summary
  • Accepted tickets have an '*' appended to their owner's name

Slated for Next Release (2 matches)

Ticket Summary Owner Priority Severity Milestone Type Workflow Modified
#50828 Update ca-bundle.crt and remove expired certificates normal normal 5.6 defect (bug) commit 08/02/2020
#5272 WordPress allows anonymous user to see slug for private post by guessing post number SergeyBiryukov normal normal 5.6 defect (bug) has-patch 07/31/2020

Tickets Awaiting Review (20 matches)

Ticket Summary Owner Priority Severity Milestone Type Workflow Modified
#24907 Escape admin_url() when used for ajax_url in admin header normal normal Awaiting Review defect (bug) has-patch 06/04/2019
#41391 Links to media in password protected pages normal normal Awaiting Review defect (bug) 07/24/2017
#37559 Password protected pages require the password only once normal normal Awaiting Review defect (bug) 06/04/2019
#37264 Please do not chmod 666 the wp-config.php file on installation. normal normal Awaiting Review defect (bug) has-patch 03/22/2019
#34852 fix broken re-auth loop (due to expired session) normal normal Awaiting Review defect (bug) 06/04/2019
#38260 A FORCE_SSL_CANONICAL constant normal normal Awaiting Review enhancement 06/04/2019
#38259 A FORCE_SSL_CONTENT constant normal normal Awaiting Review enhancement 06/04/2019
#38261 A FORCE_SSL_SCRIPTS constant normal normal Awaiting Review enhancement 06/04/2019
#37757 Add `allowed_classes` to `maybe_unserialize` When WordPress is running on PHP 7+ normal normal Awaiting Review enhancement has-patch 09/13/2017
#23165 Admin validation errors on form nonce element IDs (_wpnonce) normal normal Awaiting Review enhancement has-patch 01/14/2020
#39656 Create a submenu item under About admin bar for security normal normal Awaiting Review enhancement 01/23/2017
#40237 Educate users about modern password best-practices normal normal Awaiting Review enhancement 02/09/2018
#43320 Harden API requests against man-in-the-middle attacks low minor Awaiting Review enhancement 02/18/2018
#38262 Task: Opt in SSL Improvements normal normal Awaiting Review enhancement 02/05/2020
#37941 add rel="noopener noreferrer" to any target="_blank" nicolapeluchetti normal normal Awaiting Review enhancement has-patch 01/28/2020
#36177 default htaccess should include security measures normal normal Awaiting Review enhancement 02/05/2020
#44011 link to gmpg.org for XFN should now be https everywhere in core and core themes normal normal Awaiting Review enhancement has-patch 05/08/2018
#43215 Allow wp_kses to pass allowed CSS properties normal normal Awaiting Review feature request 02/02/2018
#38536 Hook/Function to Set Content-Security-Policy normal normal Awaiting Review feature request 06/04/2019
#50613 disable update for themes e plugin normal normal Awaiting Review feature request 07/09/2020

Candidates for Closure (7 matches)

Ticket Summary Owner Priority Severity Milestone Type Workflow Modified
#46792 CPANEL Directory Privacy DoesNOT work With WordPress Admin Directory normal blocker Awaiting Review defect (bug) reporter-feedback 04/05/2019
#44637 Escape strings in wp-admin/themes.php normal normal Awaiting Review defect (bug) reporter-feedback 07/24/2018
#50027 Retire Phpass and use PHP native password hashing normal normal Awaiting Review defect (bug) needs-unit-tests 04/29/2020
#31686 wp_authenticate_username_password() should check for a WP_Error object normal normal Awaiting Review defect (bug) reporter-feedback 08/06/2019
#37670 wp_validate_redirect fails when running WordPress on a port normal normal Awaiting Review defect (bug) reporter-feedback 06/04/2019
#50510 Improve security of wp_nonce implementation normal normal Awaiting Review enhancement reporter-feedback 06/29/2020
#47440 add_header X-Frame-Options normal normal Awaiting Review enhancement close 05/31/2019

Tickets Needing Feedback (5 matches)

Ticket Summary Owner Priority Severity Milestone Type Workflow Modified
#15394 Ancient "Are you sure you want to do this" now confusing normal minor Future Release defect (bug) dev-feedback 05/17/2019
#16483 Visibility: password-protected exposes multiple pages normal normal Future Release defect (bug) dev-feedback 09/26/2018
#37000 Support for the SameSite cookie attribute normal normal Future Release enhancement dev-feedback 04/11/2020
#29429 Support frame-ancestors directive over X-Frame-Options normal normal Future Release enhancement dev-feedback 07/29/2019
#21022 Use bcrypt for password hashing; updating old hashes normal major Future Release enhancement dev-feedback 08/02/2020

Tickets with Patches (4 matches)

Ticket Summary Owner Priority Severity Milestone Type Workflow Modified
#39941 Allow using Content-Security-Policy without unsafe-inline johnbillion* normal normal Future Release enhancement dev-feedback 04/04/2020
#38474 wp_signups.activation_key stores activation keys in plain text SergeyBiryukov normal normal Future Release enhancement has-patch 01/08/2019
#37604 'Password Lost/Changed' emails should give indication of the strength of the new password normal normal Future Release feature request dev-feedback 04/09/2018
#20140 Ask old password to change user password normal normal Future Release feature request dev-feedback 06/04/2019

Unpatched Bugs (2 matches)

Ticket Summary Owner Priority Severity Milestone Type Workflow Modified
#34041 Tying nonces to sessions breaks when users are switched normal major Future Release defect (bug) 06/04/2019
#48955 WP 5.3.1 changes cause potential backwards compatibility breakage with kses normal normal Future Release defect (bug) 08/12/2020

Unpatched Enhancements (5 matches)

Ticket Summary Owner Priority Severity Milestone Type Workflow Modified
#28521 FORCE_SSL constant for really forcing SSL normal normal Future Release enhancement 07/01/2019
#44058 Include security sniffs in PHPCS ruleset normal normal Future Release enhancement 05/16/2018
#36087 Migration plan from insecure RNG fallback normal normal enhancement 01/30/2020
#32067 Remove inline javascript from WP-Core to allow CSP protection johnbillion* normal normal Future Release feature request 01/09/2019
#50437 Add leniency to the overdue check for plugin and theme auto updates normal normal Future Release task (blessed) 07/14/2020
Note: See TracReports for help on using and creating reports.