Opened 3 months ago
Closed 3 months ago
#61777 closed defect (bug) (worksforme)
Windows defender Trojan error for wp-includes\dist\block-library\style.min.css
Reported by: | aka1337 | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 6.6.1 |
Component: | Editor | Keywords: | has-screenshots has-patch |
Focuses: | Cc: |
Description
Hi there,
Just downloaded and unpacked the latest version (6.6.1) from https://wordpress.org/download/ and windows defender removed wp-includes\dist\block-library\style.min.css stating it was a trojan.
I'm running Windows 11 Pro for Workstations version 10.0.22631 Build 22631.
Looking at the css content of this file on your github (https://github.com/WordPress/WordPress/blob/master/wp-includes/css/dist/block-library/style.min.css), I can see that this version is referring to external sources at
www.w3.org
but over http://
instead of https://
Windows defender might have an issue with that.
I copied the raw code from github into a new file on my computer but manually changed http to https before saving the file.
Then I ran a new scan in Defender and it no longer found any threats.
Attachments (1)
Change History (5)
#1
@
3 months ago
- Keywords has-patch added
Hi @aka1337
Thanks for sharing the detailed information.
I have shared the patch along with details on https://github.com/WordPress/gutenberg/pull/64018
This ticket was mentioned in Slack in #meta by macmanx. View the logs.
3 months ago
#3
in reply to:
↑ description
@
3 months ago
- Component changed from Security to Editor
Replying to aka1337:
Looking at the css content of this file on your github (https://github.com/WordPress/WordPress/blob/master/wp-includes/css/dist/block-library/style.min.css), I can see that this version is referring to external sources at
www.w3.org
but overhttp://
instead ofhttps://
Windows defender might have an issue with that.
Thank you for the report, however, that is not how XML namespaces actually work. There is a reason for it to be HTTP only.
Basically, it is not a URL, it is a namespace identifier. Changing it to have the s in there, breaks the identifier, and essentially breaks the reason for having it in the first place.
I'm sure that they will realize this upstream, but just to inform you, this fix will not work and will not happen.
#4
@
3 months ago
- Milestone Awaiting Review deleted
- Resolution set to worksforme
- Status changed from new to closed
Closing as per https://github.com/WordPress/gutenberg/pull/64018 . There's nothing to be done about this in WordPress core.
Defender notification screenshot