WordPress.org

Make WordPress Core

Opened 5 months ago

Closed 5 months ago

Last modified 5 months ago

#49004 closed defect (bug) (duplicate)

WordPress core and all plugin updates having error: The authenticity of wordpress-5.3.1-partial-0.zip could not be verified as no signature was found.

Reported by: toggerybob Owned by:
Milestone: Priority: normal
Severity: major Version: 5.3.1
Component: Upgrade/Install Keywords:
Focuses: Cc:

Description

For many releases of WordPress now, we continue to receive the error when updating both WordPress core and plugins.

We're at the point that we no longer feel safe installing these updates.

Can someone please address the recurring error:

SUCCESS: WordPress was successfully updated to WordPress 5.3.1

UPDATE LOG
==========

WordPress 5.3.1


Updating to WordPress 5.3.1
Downloading update from https://downloads.wordpress.org/release/wordpress-5.3.1-partial-0.zip...
The authenticity of wordpress-5.3.1-partial-0.zip could not be verified as no signature was found.
Unpacking the update...
Verifying the unpacked files...
Preparing to install the latest version...
Enabling Maintenance mode...
Copying the required files...
Disabling Maintenance mode...
Upgrading database...
WordPress updated successfully

---
Thanks.

Change History (5)

#2 @toggerybob
5 months ago

  • Resolution set to invalid
  • Status changed from new to closed

Not seeing any resolution on that provided link...

#3 @garrett-eclipse
5 months ago

  • Keywords needs-privacy-review removed

The message to my understanding is currently informational. In 5.2 the signature verifications were rolled back due to some issues with incompatible PHP versions. The messaging was left but can be safely ignored. In future those verifications will be re-enabled.

Related: #45806, #39309, #47343

#4 @desrosj
5 months ago

  • Milestone Awaiting Review deleted

Hi @toggerybob,

Signature verification is not yet enabled, so this message is expected to be displayed.

[44954] introduced experimental package signature verification. However, there were some difficult problems identified that need to be solved in order to securely use this feature in practice. You can read more about this here https://make.wordpress.org/core/2019/08/16/ssl-for-auto-updates/.

#5 @SergeyBiryukov
5 months ago

  • Resolution changed from invalid to duplicate

Duplicate of #47343.

Note: See TracTickets for help on using tickets.