Make WordPress Core

#56532 closed task (blessed) (fixed)

Update branches 3.7 - 4.0 update notices

Reported by: peterwilsoncc's profile peterwilsoncc Owned by: peterwilsoncc's profile peterwilsoncc
Milestone: 6.1 Priority: normal
Severity: normal Version:
Component: Security Keywords: has-patch fixed-major
Focuses: Cc:

Description (last modified by peterwilsoncc)

The WordPress Security Team will cease providing updates for WordPress versions 3.7 – 4.0 as of December 1, 2022.

To aid with this the update notification needs to be updated in these versions to warn site administrators their site is no longer receiving security updates. The proposed string is:

<?php
sprintf(
  /* translators: 1: WordPress version number, 2: Link to update WordPress */
  __( 'Important! Your version of WordPress (%1$s) is no longer supported, you will not receive any security updates for your website. To keep your site secure, please <a href="%2$s">update to the latest version of WordPress</a>.' ),
  get_bloginfo( 'version', 'display' ),
  network_admin_url( 'update-core.php' )
);

For users without the update-core capability, I suggest the second link go to the wordpress.org downloads page.

An additional string will be required to allow for dropping additional versions of WordPress in the future.

Important! Your version of WordPress (X.X.X) will stop receiving security updates in the near future. To keep your site secure, please update to the latest version of WordPress.

Attachments (4)

56532-37.diff (3.8 KB) - added by peterwilsoncc 20 months ago.
56532-38.diff (3.1 KB) - added by peterwilsoncc 20 months ago.
56532-39.diff (2.8 KB) - added by peterwilsoncc 20 months ago.
56532-40.diff (2.8 KB) - added by peterwilsoncc 20 months ago.

Download all attachments as: .zip

Change History (49)

#1 follow-up: @costdev
21 months ago

Technically speaking, to keep their site secure, they only need to update to 4.1. Not saying this to be a ~fun~, just that if a user hasn't updated their site to the latest version from 4.0, it's less likely that they want to jump to the latest version.

For example:

Important! Your version of WordPress (X.X.X) will stop receiving security updates in the near future. To keep your site secure, your site should use WordPress 4.1 or later. However, it's recommended to update to the latest version of WordPress.

#2 @costdev
21 months ago

That said, this would require an update to the API to provide the latest supported version. An update to ServeHappy for example, but this was only introduced in WordPress 5.1.

It might be something useful for later, but not necessary now.

Last edited 21 months ago by costdev (previous) (diff)

This ticket was mentioned in PR #3213 on WordPress/wordpress-develop by robinwpdeveloper.


21 months ago
#3

  • Keywords has-patch added

Security notice added for 4.0 or older version.

Trac ticket: https://core.trac.wordpress.org/ticket/56532

#4 in reply to: ↑ 1 @chesio
21 months ago

Replying to costdev:

Technically speaking, to keep their site secure, they only need to update to 4.1. Not saying this to be a ~fun~, just that if a user hasn't updated their site to the latest version from 4.0, it's less likely that they want to jump to the latest version.

As long as the official policy is to support only latest version of WordPress, I think this could be a bit misleading (although technically correct). That said I would love for the policy to be made more specific with regard to support of past versions. But I reckon this had been discussed before with no actual outcome.

robinwpdeveloper commented on PR #3213:


21 months ago
#5

Thanks @rudlinkon . Requested changes are made and pushed.

robinwpdeveloper commented on PR #3213:


21 months ago
#6

Thanks @mukeshpanchal27 . Code updated.

qasumitbagthariya commented on PR #3213:


20 months ago
#7

I have tested this PR in WordPress 3.9.37 and it is working as expected, Please note I have manually put the PR code in the src/wp-admin/update-core.php file. Please check the video.

Environment
OS: Windows 10
Web Server: nginx/1.16.5
PHP: 7.4.27
WordPress: 3.9.37
Theme: Twentytwentytwo

Browsers:
Chrome - Version 105.0.5195.127 (Official Build) (64-bit)

https://user-images.githubusercontent.com/67687255/191986979-8664227c-7599-4bfa-a534-a23425aca816.mp4

https://i0.wp.com/user-images.githubusercontent.com/67687255/191987080-8f6d065c-1bcf-4b8c-a5e8-762f6a8a227c.png
https://i0.wp.com/user-images.githubusercontent.com/67687255/191987362-2dca8a14-9217-45f7-a882-b1b8c639874d.png

rudlinkon commented on PR #3213:


20 months ago
#8

I have tested this PR in WordPress 3.9.37 and it is working as expected, Please note I have manually put the PR code in the src/wp-admin/update-core.php file. Please check the video.

Environment OS: Windows 10 Web Server: nginx/1.16.5 PHP: 7.4.27 WordPress: 3.9.37 Theme: Twentytwentytwo

Browsers: Chrome - Version 105.0.5195.127 (Official Build) (64-bit)

56532.add.notice.by.robinwpdeveloper.Pull.Request.3213.WordPress_wordpress-develop.-.Google.Chrome.-.23.September.2022.mp4

https://i0.wp.com/user-images.githubusercontent.com/67687255/191987080-8f6d065c-1bcf-4b8c-a5e8-762f6a8a227c.png https://i0.wp.com/user-images.githubusercontent.com/67687255/191987362-2dca8a14-9217-45f7-a882-b1b8c639874d.png

Thank you @qasumitbagthariya for testing the PR

#9 follow-up: @robinwpdeveloper
20 months ago

@peterwilsoncc can you please review this one and if everything works fine, then can we ship it to 6.1?

Thanks

#10 @peterwilsoncc
20 months ago

I had some thoughts on approach here.

For trunk and the branches 4.1 onwards, the new strings can be placed at the bottom of the about page (after the return) where a number of strings that may be used in future releases are maintained, source code reference.

For the affected branches, some changes are required for the CSS to make the update notification more prominent. I've attached some patches that use the colour scheme for the Browse Happy widget in the dashboard.

I've uploaded a number of patches with the version number they apply to as a suffix.

For users with permissions to update core, the link takes them to the update screen within the admin. For users without that permission the link takes them to the wordpress.org download page.

peterwilsoncc commented on PR #3213:


20 months ago
#11

As mentioned on trac, for versions trunk and versions 4.0 and above the strings can be added to the collection of release related strings after the return statement.

This will allow the translation team to begin translating them without the need for additional code wrapped in the conditional.

https://github.com/WordPress/wordpress-develop/blob/8f3254d794ca4e8b8e0ec8254e5886be840a60c6/src/wp-admin/about.php#L342-L378

There are two strings that need to be added to the about page:

{{{php
/* translators: 1: WordPress version number, 2: Link to update WordPress */
( 'Important! Your version of WordPress (%1$s) is no longer supported, you will not receive any security updates for your website. To keep your site secure, please <a href="%2$s">update to the latest version of WordPress</a>.' );

/* translators: 1: WordPress version number, 2: Link to update WordPress */
( 'Important! Your version of WordPress (%1$s) will stop receiving security updates in the near future. To keep your site secure, please <a href="%2$s">update to the latest version of WordPress</a>.' );
}}}

On the ticket, I've uploaded some patches for WordPress 3.7 - 4.0 that include the CSS changes required to make the update notice more prominent.

#12 in reply to: ↑ 9 @desrosj
20 months ago

  • Milestone changed from Awaiting Review to Future Release

Replying to robinwpdeveloper:

@peterwilsoncc can you please review this one and if everything works fine, then can we ship it to 6.1?

Thanks

I could be wrong, but I think the idea is that these changes would be merged and then released in all branches at the same time. When a new major version is released, new minor versions are not packaged at the same time.

@peterwilsoncc was your intention to include these strings in 6.1, and then backport for a future minor release? I've marked it Future Release for now.

#13 @peterwilsoncc
20 months ago

  • Keywords changes-requested added
  • Milestone changed from Future Release to 6.1

@desrosj I'd like to include the strings in 6.1 but outside of execution following the return on the about page. This will allow them to be included in the translation packages prior to the support policy changes.

I've put this on the 6.1 milestone for the trunk changes only.

@robinwpdeveloper Do you have availability to modify your existing pull request with the notes above? I'm happy to make the changes if you do not.

#14 @robinwpdeveloper
20 months ago

@peterwilsoncc I have made suggested changes.
I hope I have done it right!

Please review in your free time.
Thanks

robinwpdeveloper commented on PR #3213:


20 months ago
#15

Thanks @peterwilsoncc
Code updated as per your suggestion.

#16 @peterwilsoncc
20 months ago

  • Keywords commit added; changes-requested removed

For the purposes of getting the strings in trunk, I think the linked pull request is ready as of 5e6c64746.

I'll get these committed prior to the next beta.

#17 @peterwilsoncc
20 months ago

In 54322:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
See #56532.

peterwilsoncc commented on PR #3213:


20 months ago
#18

Merged in https://core.trac.wordpress.org/changeset/54322 / 1de72e40208fcf45e44b26ad79a1fd3322ca1a2e

#19 @desrosj
20 months ago

  • Keywords fixed-major added; commit removed

Marking fixed-major as it's been merged into trunk. After allowing a bit of time for any polyglot feedback that may surface, it should be safe to backport at any time to other branches.

#20 @peterwilsoncc
20 months ago

In 54430:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 6.0 branch.
See #56532.

#21 @peterwilsoncc
20 months ago

In 54431:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 5.9 branch.
See #56532.

#22 @peterwilsoncc
20 months ago

In 54432:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 5.8 branch.
See #56532.

#23 @peterwilsoncc
20 months ago

In 54433:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 5.7 branch.
See #56532.

#24 @peterwilsoncc
20 months ago

In 54434:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 5.6 branch.
See #56532.

#25 @peterwilsoncc
20 months ago

In 54435:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 5.5 branch.
See #56532.

#26 @peterwilsoncc
20 months ago

In 54436:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 5.4 branch.
See #56532.

#27 @peterwilsoncc
20 months ago

In 54437:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 5.3 branch.
See #56532.

#28 @peterwilsoncc
20 months ago

In 54438:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 5.2 branch.
See #56532.

#29 @peterwilsoncc
20 months ago

In 54439:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 5.1 branch.
See #56532.

#30 @peterwilsoncc
20 months ago

In 54440:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 5.0 branch.
See #56532.

#31 @peterwilsoncc
20 months ago

In 54451:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 4.9 branch.
See #56532.

#32 @peterwilsoncc
20 months ago

In 54452:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 4.8 branch.
See #56532.

#33 @peterwilsoncc
20 months ago

In 54453:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 4.7 branch.
See #56532.

#34 @peterwilsoncc
20 months ago

In 54454:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 4.6 branch.
See #56532.

#35 @peterwilsoncc
20 months ago

In 54455:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 4.5 branch.
See #56532.

#36 @peterwilsoncc
20 months ago

In 54456:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 4.4 branch.
See #56532.

#37 @peterwilsoncc
20 months ago

In 54457:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 4.3 branch.
See #56532.

#38 @peterwilsoncc
20 months ago

In 54458:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 4.2 branch.
See #56532.

#39 @peterwilsoncc
20 months ago

In 54459:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 4.1 branch.
See #56532.

#40 @peterwilsoncc
20 months ago

In 54460:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 4.0 branch.
See #56532.

#41 @peterwilsoncc
20 months ago

In 54461:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 3.9 branch.
See #56532.

#42 @peterwilsoncc
20 months ago

In 54462:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 3.8 branch.
See #56532.

#43 @peterwilsoncc
20 months ago

In 54463:

Security: Introduce strings to indicate support status.

Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.

Two strings are introduced:

  • indicating the version of WordPress is not receiving security updates, and,
  • indicating the version of WordPress will shortly stop receiving security updates.

This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.

Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 3.7 branch.
See #56532.

#44 @peterwilsoncc
20 months ago

  • Owner set to peterwilsoncc
  • Status changed from new to assigned

The new strings have been committed to all branches from 3.7 and upwards to be made available to translators. None of the strings are used for display as yet.

The ticket remains open so they can be added to 3.7 - 4.0 and displayed to users once security support for those versions of WordPress is dropped.

#45 @peterwilsoncc
20 months ago

  • Description modified (diff)
  • Resolution set to fixed
  • Status changed from assigned to closed

Having discussed this with another contributor, I'll close this ticket as fixed and work for displaying the messages on older versions of WordPress can be completed in a follow up, see #56786.

This is to allow for the display of the strings to be done on a different milestone.

Note: See TracTickets for help on using tickets.