Make WordPress Core

Opened 3 months ago

Closed 3 months ago

#61777 closed defect (bug) (worksforme)

Windows defender Trojan error for wp-includes\dist\block-library\style.min.css

Reported by: aka1337's profile aka1337 Owned by:
Milestone: Priority: normal
Severity: normal Version: 6.6.1
Component: Editor Keywords: has-screenshots has-patch
Focuses: Cc:

Description

Hi there,

Just downloaded and unpacked the latest version (6.6.1) from https://wordpress.org/download/ and windows defender removed wp-includes\dist\block-library\style.min.css stating it was a trojan.

https://i.imgur.com/lV0VFPh.png

I'm running Windows 11 Pro for Workstations version 10.0.22631 Build 22631.

Looking at the css content of this file on your github (https://github.com/WordPress/WordPress/blob/master/wp-includes/css/dist/block-library/style.min.css), I can see that this version is referring to external sources at
www.w3.org
but over http://
instead of https://

Windows defender might have an issue with that.
I copied the raw code from github into a new file on my computer but manually changed http to https before saving the file.

Then I ran a new scan in Defender and it no longer found any threats.

Attachments (1)

defender-warning.png (17.8 KB) - added by aka1337 3 months ago.
Defender notification screenshot

Download all attachments as: .zip

Change History (5)

@aka1337
3 months ago

Defender notification screenshot

#1 @narenin
3 months ago

  • Keywords has-patch added

Hi @aka1337

Thanks for sharing the detailed information.

I have shared the patch along with details on https://github.com/WordPress/gutenberg/pull/64018

This ticket was mentioned in Slack in #meta by macmanx. View the logs.


3 months ago

#3 in reply to: ↑ description @Otto42
3 months ago

  • Component changed from Security to Editor

Replying to aka1337:

Looking at the css content of this file on your github (https://github.com/WordPress/WordPress/blob/master/wp-includes/css/dist/block-library/style.min.css), I can see that this version is referring to external sources at
www.w3.org
but over http://
instead of https://

Windows defender might have an issue with that.

Thank you for the report, however, that is not how XML namespaces actually work. There is a reason for it to be HTTP only.

Basically, it is not a URL, it is a namespace identifier. Changing it to have the s in there, breaks the identifier, and essentially breaks the reason for having it in the first place.

I'm sure that they will realize this upstream, but just to inform you, this fix will not work and will not happen.

#4 @johnbillion
3 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to worksforme
  • Status changed from new to closed

Closing as per https://github.com/WordPress/gutenberg/pull/64018 . There's nothing to be done about this in WordPress core.

Note: See TracTickets for help on using tickets.