The Root Certificate bundle maintained by Mozilla ships in WordPress to allow SSL certificates to be verified on hosts with incomplete, outdated, or invalid local SSL configurations.
This updates the `ca-bundle.crt` file to the latest version, which applies upstream changes from the bundle maintained by Mozilla and keeps all unexpired legacy 1024bit certificates which are kept for backward compatibility purposes (see [35919]).
Partially merges [59740] and [59969] to the 5.7 branch.
Props johnbillion, desrosj, whyisjake, ayeshrajans, SergeyBiryukov, swissspidy, skithund, barry.
See #62811, #62711.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@60013 602fd350-edb4-49c9-b593-d223f7449a82
This makes use of the new input added in [59635] that fixes tests on `ubuntu-24` in the 5.7 branch.
Props swissspidy, mukesh27.
See #62808.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@59639 602fd350-edb4-49c9-b593-d223f7449a82
This switches to using Git in the local Docker environment install script to check out a copy of the WordPress Importer plugin for use in unit tests.
Previously, SVN was used and the commands were not correctly run within the Docker container. The container does not actually have SVN installed, and the script was only working when the machine running the command had SVN present.
Merges [51179] to the 5.7 branch.
Reviewed by desrosj.
Props czapla, alexstine, jnylen0, francina, desrosj.
See #52909.
See #62280.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@59611 602fd350-edb4-49c9-b593-d223f7449a82
This changes the default values for `LOCAL_PHP` and `LOCAL_DB_VERSION` in the 5.7 branch from `latest` to `8.0-fpm` (with beta support) and `5.7`, respectively, to properly reflect the highest versions of PHP and MySQL that this branch will support.
See #61533.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@58666 602fd350-edb4-49c9-b593-d223f7449a82
This updates the 5.7 branch to utilize the new reusable workflows in trunk introduced in [58165].
This also includes backports for a some additional improvements and bug fixes that are necessary for the local development environment to continue working long term:
- The image and platform properties for the mysql container have been updated to always prefer `amd64` containers (#60822).
- `macos-13` is now pinned for MacOS jobs instead of `macos-latest` (#61340).
- Run E2E tests with and without SCRIPT_DEBUG (#58661).
- Migrating to Docker Compose V2 (#60901).
- Removing the version property from docker-compose.yml (#59416).
- Improvements to how artifacts and comments for Playground testing are generated.
- Removing SVN related commands causing failures (#61216).
- Updating the `actions/github-scripts` action to the latest version.
- Cache the results of `PHP_CodeSniffer` runs (#49783).
- A fix to `grunt clean` to prevent `script-loader-packages.php` from being deleted (#53606).
Merges [51355], [52179], [56113], [56114], [57918], [58157], [57124], [57125], [57249] to the 5.7 branch.
Props johnbillion, joemcgill, swissspidy, thelovekesh, narenin, mukesh27, JeffPaul, peterwilsoncc, zieladam, ockham, SergeyBiryukov, jorbin, Clorith, afragen, jrf.
See #48783, #61340, #60822, #61216, #60901, #61101, #59416, #59805, #61213, #58661, #53606.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@58598 602fd350-edb4-49c9-b593-d223f7449a82
Due to some changes on the WP.com side to compress the requested images on the fly, the exact image size in the response could be different between platforms.
This commit aims to make the affected tests more reliable.
Follow-up to [139/tests], [31258], [34568], [47142], [57903], [57904], [57924].
Merges [57931] to the 5.7 branch.
Props peterwilsoncc, jorbin.
See #60865.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@57994 602fd350-edb4-49c9-b593-d223f7449a82
- Install: When populating options, maybe_serialize instead of always serialize.
- Uploads: Check for and verify ZIP archives.
Merges [57388] and [57389] to the 5.7 branch.
Props costdev, peterwilsoncc, azaozz, tykoted, johnbillion, desrosj, afragen, jorbin, xknown.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@57398 602fd350-edb4-49c9-b593-d223f7449a82
- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- REST API: Limit `search_columns` for users without `list_users`.
- Prevent unintended behavior when certain objects are unserialized.
- Application Passwords: Prevent the use of some pseudo protocols in application passwords.
Merges [56833], [56834], [56835], [56836], [56837], and [56838] to the 5.7 branch.
Props xknown, jorbin, Vortfu, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, martinkrcho, paulkevan, dd32, antpb, rmccue.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@56886 602fd350-edb4-49c9-b593-d223f7449a82
This backports several changesets to GitHub Actions workflows. These changesets:
- address the deprecated notices related to save-output and set-output to ensure the workflows continue to run after these are removed.
- adds support for automatically retrying a failed workflow once.
- removes workflow files that are not applicable to the branch.
- backports some Docker environment related tooling updates for the sake of consistency across branches.
Merges [53736], [53737], [53940], [53947], [54039], [54096], [54108], [54293], [54313], [54342], [54343], [54373], [54511], [54649], [54650], [54651], [54674], [54750], [54852], [55152], [55487] to the 5.8 branch.
See #55652, #56407, #56528, #54695, #56820, #56816, #56793, #56820, #57572.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@55518 602fd350-edb4-49c9-b593-d223f7449a82
This changeset adds two additional translation strings in the changelog file, for use when releasing the final version of WordPress on a particular branch.
Props peterwilsoncc, audrasjb, mukesh27.
Merges [55350] to the 5.7 branch.
Fixes#57216.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@55375 602fd350-edb4-49c9-b593-d223f7449a82
Remove wordpress.org as an external dependency testing `WP_HTTP::handle_redirects()`.
This refactors and reenables an existing test to call the `WP_HTTP::handle_redirects()` method directly with a mocked array of HTTP headers containing multiple location headers.
The test is moved from the external-http group to the http test group as it no longer makes an HTTP request.
Follow up to [54955].
Props SergeyBiryukov, dd32, peterwilsoncc.
Merges [54968] to the 5.7 branch.
Fixes#57306.
See #56793.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@54978 602fd350-edb4-49c9-b593-d223f7449a82
The `Europe/Kiev` timezone has been deprecated in PHP 8.2 and replaced with `Europe/Kyiv`.
The tests updated in this commit are testing the WordPress date/time functionality. They are **not** testing whether WP or PHP can handle deprecated timezone names correctly.
To ensure the tests follow the original purpose, the use of `Europe/Kiev` within these tests is now replaced with the `Europe/Helsinki` timezone, which is within the same timezone as `Europe/Kyiv`. This should ensure that these tests run without issue and test what they are supposed to be testing on every supported PHP version (unless at some point in the future `Europe/Helsinki` would be renamed, but that's a bridge to cross if and when).
Note: Separate tests should/will be added to ensure that relevant date/time related functions handle a deprecated timezone correctly, but that is not something ''these'' tests are supposed to be testing.
Follow-up to [45853], [45856], [45876], [45882], [45887], [45908], [45914], [46577], [46154], [46580], [46864], [46974], [54207].
Props jrf, costdev, SergeyBiryukov.
Merges [54217] to the 5.7 branch.
See #56468.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@54515 602fd350-edb4-49c9-b593-d223f7449a82
Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.
Two strings are introduced:
* indicating the version of WordPress is not receiving security updates, and,
* indicating the version of WordPress will shortly stop receiving security updates.
This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.
Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 5.7 branch.
See #56532.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@54433 602fd350-edb4-49c9-b593-d223f7449a82
This backports several changesets that are required to remove the reliance on the `workflow_run` event for posting Slack notifications.
The Slack notification workflow will now be called as a reusable one, which has several benefits (see [53591]).
Several other minor GitHub Actions related updates are also being backported in this commit to maintain tooling consistency across branches that still receive security updates as a courtesy when necessary.
Merges [50446], [50473], [50704], [50796], [50930], [51341], [51355], [51498], [51511], [51535], [51924], [51925], [51937], [52002], [52130], [52183], [52233], [53112], [53581], [53582], [53592] to the 5.7 branch.
See #56095.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@53598 602fd350-edb4-49c9-b593-d223f7449a82
This updates the "jquery-query" library from version 2.1.7 to 2.2.3.
Props jorbin, peterwilsoncc, xknown, audrasjb, jorgefilipecosta.
Merges [52844] to the 5.7 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@52849 602fd350-edb4-49c9-b593-d223f7449a82
> The currently recommended certificate chain as presented to Let’s Encrypt ACME clients when new certificates are issued contains an intermediate certificate (ISRG Root X1) that is signed by an old DST Root CA X3 certificate that expires on 2021-09-30. In some cases the OpenSSL 1.0.2 version will regard the certificates issued by the Let’s Encrypt CA as having an expired trust chain.
>
> Most up-to-date CA cert trusted bundles, as provided by operating systems, contain this soon-to-be-expired certificate. The current CA cert bundles also contain an ISRG Root X1 self-signed certificate. This means that clients verifying certificate chains can find the alternative non-expired path to the ISRG Root X1 self-signed certificate in their trust store.
>
> Unfortunately this does not apply to OpenSSL 1.0.2 which always prefers the untrusted chain and if that chain contains a path that leads to an expired trusted root certificate (DST Root CA X3), it will be selected for the certificate verification and the expiration will be reported.
References:
* [https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2]
* [https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ DST Root CA X3 Expiration (September 2021)]
Follow-up to [25224], [25426], [25569], [27307], [30491], [30765], [34283], [35919], [36570], [46094].
Props bradleyt, fierevere, SergeyBiryukov, peterwilsoncc.
Merges [51883] to the 5.7 branch.
Fixes#54207. See #50828.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@52097 602fd350-edb4-49c9-b593-d223f7449a82
This unpins the version of PHP 5.6.20 used when testing the 5.6 branch of PHP.
Using 5.6.20 was an intentional decision in [49162], as that patch version is the oldest version of PHP 5.6 still supported by WordPress. However, as of September 30, 2021, the `5.6.20` image contains a version of OpenSSL with an expired certificate, sometimes resulting in an expired trust chain.
Props Clorith, hellofromTonya, SergeyBiryukov, desrosj.
Merges [51890] to the 5.7 branch.
See #54223.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@51932 602fd350-edb4-49c9-b593-d223f7449a82
In [51839], the test wrapper methods were not being called due to the names not being recognized as supported PHPUnit "hook" names for fixtures.
This commit:
- Fixes the problem by adding extra camelCase wrappers to the `WP_UnitTestCase` to call the methods in the right order.
- Adds wrappers for the `assertPreConditions()` and `assertPostConditions()` fixture methods to make the backport feature complete for the fixture wrappers.
Test wrapper methods call fix:
By adding method overloads for the PHPUnit native camelCase fixture methods and letting those call the (camelCase) parent method first and only calling the snake_case fixture methods after, the snake_case methods can be supported and the typical run order safeguarded.
As not all test classes will have declared snake_case fixture methods, the snake_case fixture methods are also declared in the `WP_UnitTestCase`. Why? This prevents having to wrap these method calls in `method_exists()` conditions checking for the existence of the snake_case methods in an unknown Test child class. And with the normal inheritance rules in combination with calling the method using `static`, the right method will be called anyway without fatal "calling undeclared method" errors.
Note: While it will be rare, there ''may'' be cases where a test class does not adhere to the normal execution order for fixtures, i.e. for the setup methods, parent first, own code second; and for the teardown methods, own code first, parent second. For example a test class which has "some code - `parent::setUp()` call - some more code" in their `setUp()` method. In those (rare) cases, the execution order of the code will now be changed, which may have side-effects. This rare case will be identified in the dev note.
Follow-up to [51839].
Props bjorsch, swissspidy, jrf, hellofromTonya.
See #53911.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@51862 602fd350-edb4-49c9-b593-d223f7449a82
This backports the PHPUnit Polyfills package and related test infrastructure changes to make it easier for developers to continue testing on multiple versions WordPress while adding tests for newer versions of PHP, which require more modern PHPUnit practices.
One of the changes included is the addition of wrappers for the new snake_case fixture methods in PHPUnit. This allows the native camelCase standard in PHPUnit to be used, but allows for developers to transition to the new naming conventions.
Props hellofromTonya, jrf, SergeyBiryukov, johnbillion, netweb, schlessera, jeherve, lucatume, desrosj.
Merges [51559,51560,51810-51813,51828] to the 5.7 branch.
See #53911.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@51839 602fd350-edb4-49c9-b593-d223f7449a82
- Update `lodash` to the latest version `4.17.21`.
- Disable some attributes for rich text.
Merges [51426,50941] to the 5.7 branch.
Props ellatrix, peterwilsoncc, get_dave, mcsf, talldanwp, youknowriad, desrosj, nerrad.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@51750 602fd350-edb4-49c9-b593-d223f7449a82
Further improves webpack configuration for editor files to use hashed module IDs in the compressed (`*.min.js`) production files.
Follow up to [50940].
Props @gziolo.
Merges [51035] to the 5.7 branch.
Fixes#53192.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@51036 602fd350-edb4-49c9-b593-d223f7449a82
When the XML-RPC endpoint is enabled, always return a HTTP `200 OK` status code in accordance with the XML-RPC specification. Continue to return an HTTP `405 Method Not Allowed` status code when the endpoint is disabled.
Props ariskataoka, johnbillion.
Merges [50954] in to the 5.7 branch.
Fixes#52958.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@50989 602fd350-edb4-49c9-b593-d223f7449a82
Do not auto-set new menus to all vacant locations on the Appearance > Menus screen in the dashboard.
Follow up to [48051].
Props Chouby, audrasjb, davidbaumwald, mukesh27.
Merges [50938] in to the 5.7 branch.
Fixes#52949.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@50988 602fd350-edb4-49c9-b593-d223f7449a82
Reduce the size of the space below the maintenance and security release log of the WP 5.7 about page.
Props dhrumil12, audrasjb, sabernhardt, ryelle.
Fixes#53067.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@50937 602fd350-edb4-49c9-b593-d223f7449a82
