WordPress.org

Make WordPress Core

{31} Tickets in the Security component (45 matches)

Arguments
Create a new ticket
  • Active tickets in the Security component
  • Grouped by workflow and sorted by type, summary
  • Accepted tickets have an '*' appended to their owner's name

Tickets Awaiting Review (24 matches)

Ticket Summary Owner Priority Severity Milestone Type Workflow Modified
#24907 Escape admin_url() when used for ajax_url in admin header normal normal Awaiting Review defect (bug) has-patch 06/04/2019
#46879 Expired certificate ca-bundle.crt normal major Awaiting Review defect (bug) 04/11/2019
#41391 Links to media in password protected pages normal normal Awaiting Review defect (bug) 07/24/2017
#37559 Password protected pages require the password only once normal normal Awaiting Review defect (bug) 06/04/2019
#37264 Please do not chmod 666 the wp-config.php file on installation. normal normal Awaiting Review defect (bug) has-patch 03/22/2019
#41359 Timeout login popup window loads admin instead of closing normal normal Awaiting Review defect (bug) 07/19/2017
#34852 fix broken re-auth loop (due to expired session) normal normal Awaiting Review defect (bug) 06/04/2019
#39542 wp_kses() et al. $allowed_html parameter not documented as accepting string values normal normal Awaiting Review defect (bug) has-patch 01/14/2017
#38260 A FORCE_SSL_CANONICAL constant normal normal Awaiting Review enhancement 06/04/2019
#38259 A FORCE_SSL_CONTENT constant normal normal Awaiting Review enhancement 06/04/2019
#38261 A FORCE_SSL_SCRIPTS constant normal normal Awaiting Review enhancement 06/04/2019
#37757 Add `allowed_classes` to `maybe_unserialize` When WordPress is running on PHP 7+ normal normal Awaiting Review enhancement has-patch 09/13/2017
#23165 Admin validation errors on form nonce element IDs (_wpnonce) normal normal Awaiting Review enhancement has-patch 01/14/2020
#39656 Create a submenu item under About admin bar for security normal normal Awaiting Review enhancement 01/23/2017
#40237 Educate users about modern password best-practices normal normal Awaiting Review enhancement 02/09/2018
#43320 Harden API requests against man-in-the-middle attacks low minor Awaiting Review enhancement 02/18/2018
#38262 Task: Opt in SSL Improvements normal normal Awaiting Review enhancement 02/05/2020
#43779 Update ca-bundle.crt to support newest certificate authorities normal normal Awaiting Review enhancement 06/08/2018
#37941 add rel="noopener noreferrer" to any target="_blank" nicolapeluchetti normal normal Awaiting Review enhancement has-patch 01/28/2020
#36177 default htaccess should include security measures normal normal Awaiting Review enhancement 02/05/2020
#44011 link to gmpg.org for XFN should now be https everywhere in core and core themes normal normal Awaiting Review enhancement has-patch 05/08/2018
#45022 Add a wp-ajax.php at the root of wordpress normal normal Awaiting Review feature request needs-docs 01/16/2019
#43215 Allow wp_kses to pass allowed CSS properties normal normal Awaiting Review feature request 02/02/2018
#38536 Hook/Function to Set Content-Security-Policy normal normal Awaiting Review feature request 06/04/2019

Candidates for Closure (5 matches)

Ticket Summary Owner Priority Severity Milestone Type Workflow Modified
#46792 CPANEL Directory Privacy DoesNOT work With WordPress Admin Directory normal blocker Awaiting Review defect (bug) reporter-feedback 04/05/2019
#44637 Escape strings in wp-admin/themes.php normal normal Awaiting Review defect (bug) reporter-feedback 07/24/2018
#31686 wp_authenticate_username_password() should check for a WP_Error object normal normal Awaiting Review defect (bug) reporter-feedback 08/06/2019
#37670 wp_validate_redirect fails when running WordPress on a port normal normal Awaiting Review defect (bug) reporter-feedback 06/04/2019
#47440 add_header X-Frame-Options normal normal Awaiting Review enhancement close 05/31/2019

Tickets Needing Feedback (5 matches)

Ticket Summary Owner Priority Severity Milestone Type Workflow Modified
#15394 Ancient "Are you sure you want to do this" now confusing normal minor Future Release defect (bug) dev-feedback 05/17/2019
#16483 Visibility: password-protected exposes multiple pages normal normal Future Release defect (bug) dev-feedback 09/26/2018
#37000 Support for the SameSite cookie attribute normal normal Future Release enhancement dev-feedback 02/10/2020
#29429 Support frame-ancestors directive over X-Frame-Options normal normal Future Release enhancement dev-feedback 07/29/2019
#21022 Use bcrypt for password hashing; updating old hashes normal major Future Release enhancement dev-feedback 09/18/2019

Tickets with Patches (4 matches)

Ticket Summary Owner Priority Severity Milestone Type Workflow Modified
#39941 Allow using Content-Security-Policy without unsafe-inline johnbillion* normal normal Future Release enhancement dev-feedback 07/11/2019
#38474 wp_signups.activation_key stores activation keys in plain text SergeyBiryukov normal normal Future Release enhancement has-patch 01/08/2019
#37604 'Password Lost/Changed' emails should give indication of the strength of the new password normal normal Future Release feature request dev-feedback 04/09/2018
#20140 Ask old password to change user password normal normal Future Release feature request dev-feedback 06/04/2019

Unpatched Bugs (3 matches)

Ticket Summary Owner Priority Severity Milestone Type Workflow Modified
#34041 Tying nonces to sessions breaks when users are switched normal major Future Release defect (bug) 06/04/2019
#48955 WP 5.3.1 changes cause potential backwards compatibility breakage with kses normal normal Future Release defect (bug) 02/24/2020
#5272 WordPress allows anonymous user to see slug for private post by guessing post number pishmishy normal normal Future Release defect (bug) needs-unit-tests 02/14/2020

Unpatched Enhancements (4 matches)

Ticket Summary Owner Priority Severity Milestone Type Workflow Modified
#28521 FORCE_SSL constant for really forcing SSL normal normal Future Release enhancement 07/01/2019
#44058 Include security sniffs in PHPCS ruleset normal normal Future Release enhancement 05/16/2018
#36087 Migration plan from insecure RNG fallback normal normal enhancement 01/30/2020
#32067 Remove inline javascript from WP-Core to allow CSP protection johnbillion* normal normal Future Release feature request 01/09/2019
Note: See TracReports for help on using and creating reports.