Opened 2 years ago
Closed 2 years ago
#56532 closed task (blessed) (fixed)
Update branches 3.7 - 4.0 update notices
Reported by: | peterwilsoncc | Owned by: | peterwilsoncc |
---|---|---|---|
Milestone: | 6.1 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Security | Keywords: | has-patch fixed-major |
Focuses: | Cc: |
Description (last modified by )
The WordPress Security Team will cease providing updates for WordPress versions 3.7 – 4.0 as of December 1, 2022.
To aid with this the update notification needs to be updated in these versions to warn site administrators their site is no longer receiving security updates. The proposed string is:
<?php sprintf( /* translators: 1: WordPress version number, 2: Link to update WordPress */ __( 'Important! Your version of WordPress (%1$s) is no longer supported, you will not receive any security updates for your website. To keep your site secure, please <a href="%2$s">update to the latest version of WordPress</a>.' ), get_bloginfo( 'version', 'display' ), network_admin_url( 'update-core.php' ) );
For users without the update-core
capability, I suggest the second link go to the wordpress.org downloads page.
An additional string will be required to allow for dropping additional versions of WordPress in the future.
Important! Your version of WordPress (X.X.X) will stop receiving security updates in the near future. To keep your site secure, please update to the latest version of WordPress.
Attachments (4)
Change History (49)
#2
@
2 years ago
That said, this would require an update to the API to provide the latest supported version. An update to ServeHappy for example, but this was only introduced in WordPress 5.1.
It might be something useful for later, but not necessary now.
This ticket was mentioned in PR #3213 on WordPress/wordpress-develop by robinwpdeveloper.
2 years ago
#3
- Keywords has-patch added
Security notice added for 4.0 or older version.
Trac ticket: https://core.trac.wordpress.org/ticket/56532
#4
in reply to:
↑ 1
@
2 years ago
Replying to costdev:
Technically speaking, to keep their site secure, they only need to update to 4.1. Not saying this to be a ~fun~, just that if a user hasn't updated their site to the latest version from 4.0, it's less likely that they want to jump to the latest version.
As long as the official policy is to support only latest version of WordPress, I think this could be a bit misleading (although technically correct). That said I would love for the policy to be made more specific with regard to support of past versions. But I reckon this had been discussed before with no actual outcome.
robinwpdeveloper commented on PR #3213:
2 years ago
#5
Thanks @rudlinkon . Requested changes are made and pushed.
robinwpdeveloper commented on PR #3213:
2 years ago
#6
Thanks @mukeshpanchal27 . Code updated.
qasumitbagthariya commented on PR #3213:
2 years ago
#7
I have tested this PR in WordPress 3.9.37 and it is working as expected, Please note I have manually put the PR code in the src/wp-admin/update-core.php
file. Please check the video.
Environment
OS: Windows 10
Web Server: nginx/1.16.5
PHP: 7.4.27
WordPress: 3.9.37
Theme: Twentytwentytwo
Browsers:
Chrome - Version 105.0.5195.127 (Official Build) (64-bit)
rudlinkon commented on PR #3213:
2 years ago
#8
I have tested this PR in WordPress 3.9.37 and it is working as expected, Please note I have manually put the PR code in the
src/wp-admin/update-core.php
file. Please check the video.
Environment OS: Windows 10 Web Server: nginx/1.16.5 PHP: 7.4.27 WordPress: 3.9.37 Theme: Twentytwentytwo
Browsers: Chrome - Version 105.0.5195.127 (Official Build) (64-bit)
56532.add.notice.by.robinwpdeveloper.Pull.Request.3213.WordPress_wordpress-develop.-.Google.Chrome.-.23.September.2022.mp4
Thank you @qasumitbagthariya for testing the PR
#9
follow-up:
↓ 12
@
2 years ago
@peterwilsoncc can you please review this one and if everything works fine, then can we ship it to 6.1?
Thanks
#10
@
2 years ago
I had some thoughts on approach here.
For trunk
and the branches 4.1 onwards, the new strings can be placed at the bottom of the about page (after the return
) where a number of strings that may be used in future releases are maintained, source code reference.
For the affected branches, some changes are required for the CSS to make the update notification more prominent. I've attached some patches that use the colour scheme for the Browse Happy widget in the dashboard.
I've uploaded a number of patches with the version number they apply to as a suffix.
For users with permissions to update core, the link takes them to the update screen within the admin. For users without that permission the link takes them to the wordpress.org download page.
peterwilsoncc commented on PR #3213:
2 years ago
#11
As mentioned on trac, for versions trunk and versions 4.0 and above the strings can be added to the collection of release related strings after the return
statement.
This will allow the translation team to begin translating them without the need for additional code wrapped in the conditional.
There are two strings that need to be added to the about page:
{{{php
/* translators: 1: WordPress version number, 2: Link to update WordPress */
( 'Important! Your version of WordPress (%1$s) is no longer supported, you will not receive any security updates for your website. To keep your site secure, please <a href="%2$s">update to the latest version of WordPress</a>.' );
/* translators: 1: WordPress version number, 2: Link to update WordPress */
( 'Important! Your version of WordPress (%1$s) will stop receiving security updates in the near future. To keep your site secure, please <a href="%2$s">update to the latest version of WordPress</a>.' );
}}}
On the ticket, I've uploaded some patches for WordPress 3.7 - 4.0 that include the CSS changes required to make the update notice more prominent.
#12
in reply to:
↑ 9
@
2 years ago
- Milestone changed from Awaiting Review to Future Release
Replying to robinwpdeveloper:
@peterwilsoncc can you please review this one and if everything works fine, then can we ship it to 6.1?
Thanks
I could be wrong, but I think the idea is that these changes would be merged and then released in all branches at the same time. When a new major version is released, new minor versions are not packaged at the same time.
@peterwilsoncc was your intention to include these strings in 6.1, and then backport for a future minor release? I've marked it Future Release
for now.
#13
@
2 years ago
- Keywords changes-requested added
- Milestone changed from Future Release to 6.1
@desrosj I'd like to include the strings in 6.1 but outside of execution following the return
on the about page. This will allow them to be included in the translation packages prior to the support policy changes.
I've put this on the 6.1 milestone for the trunk
changes only.
@robinwpdeveloper Do you have availability to modify your existing pull request with the notes above? I'm happy to make the changes if you do not.
#14
@
2 years ago
@peterwilsoncc I have made suggested changes.
I hope I have done it right!
Please review in your free time.
Thanks
robinwpdeveloper commented on PR #3213:
2 years ago
#15
Thanks @peterwilsoncc
Code updated as per your suggestion.
#16
@
2 years ago
- Keywords commit added; changes-requested removed
For the purposes of getting the strings in trunk, I think the linked pull request is ready as of 5e6c64746.
I'll get these committed prior to the next beta.
peterwilsoncc commented on PR #3213:
2 years ago
#18
Merged in https://core.trac.wordpress.org/changeset/54322 / 1de72e40208fcf45e44b26ad79a1fd3322ca1a2e
#19
@
2 years ago
- Keywords fixed-major added; commit removed
Marking fixed-major
as it's been merged into trunk
. After allowing a bit of time for any polyglot feedback that may surface, it should be safe to backport at any time to other branches.
#44
@
2 years ago
- Owner set to peterwilsoncc
- Status changed from new to assigned
The new strings have been committed to all branches from 3.7 and upwards to be made available to translators. None of the strings are used for display as yet.
The ticket remains open so they can be added to 3.7 - 4.0 and displayed to users once security support for those versions of WordPress is dropped.
#45
@
2 years ago
- Description modified (diff)
- Resolution set to fixed
- Status changed from assigned to closed
Having discussed this with another contributor, I'll close this ticket as fixed and work for displaying the messages on older versions of WordPress can be completed in a follow up, see #56786.
This is to allow for the display of the strings to be done on a different milestone.
Technically speaking, to keep their site secure, they only need to update to 4.1. Not saying this to be a ~fun~, just that if a user hasn't updated their site to the latest version from 4.0, it's less likely that they want to jump to the latest version.
For example: