Opened 10 years ago
Closed 9 years ago
#29046 closed feature request (wontfix)
Plugin Vulnerability Notices
Reported by: | DoodleDogCody | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.9.1 |
Component: | Plugins | Keywords: | has-patch |
Focuses: | ui, administration | Cc: |
Description
Plugin Updates are set up great for maintenance and minor bug fixes, however it is lacking in critical updates.
I would like to suggest the ability for plugin authors to be able to tag an update as severe vulnerability fix or something of that nature. This would then give a big warning across all admin screens until the plugin is updated or the notice is dismissed.
They way it is now, a lot of people do not update plugins immediately and some don't update plugins at all. With a warning of this nature, most people would see the importance of updating a plugin that has security issues which could cause their site to go down.
Attachments (1)
Change History (7)
#3
@
10 years ago
- Keywords has-patch added
The idea behind this patch is that a plugin developer can add the 'security-update' tag to a release on the .org repo. This checks for that tag and displays a notice if its found.
To test this I changed 'security-update' to 'api' and installed different versions of Jetpack.
I think this would be a good tag to reserve for this because http://wordpress.org/plugins/tags/security-update returns nothing.
This ticket was mentioned in IRC in #wordpress-dev by nacin. View the logs.
10 years ago
#6
@
9 years ago
- Milestone Awaiting Review deleted
- Resolution set to wontfix
- Status changed from new to closed
Based on the above-linked feedback from @nacin in IRC 13 months ago, this seems to be wontfix territory:
what I'd kind of rather do is two-fold. one, get people conditioned to always update, so they're not picking-and-choosing (this is almost always a disaster)
two, to force-push security updates as much as possible, like what we did with jetpack
Something like update_nag() might be could for that http://i.imgur.com/gqtR14Z.png