The Root Certificate bundle maintained by Mozilla ships in WordPress to allow SSL certificates to be verified on hosts with incomplete, outdated, or invalid local SSL configurations.
This updates the `ca-bundle.crt` file to the latest version, which applies upstream changes from the bundle maintained by Mozilla and keeps all unexpired legacy 1024bit certificates which are kept for backward compatibility purposes (see [35919]).
Partially merges [59740] and [59969] to the 5.7 branch.
Props johnbillion, desrosj, whyisjake, ayeshrajans, SergeyBiryukov, swissspidy, skithund, barry.
See #62811, #62711.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@60013 602fd350-edb4-49c9-b593-d223f7449a82
- Install: When populating options, maybe_serialize instead of always serialize.
- Uploads: Check for and verify ZIP archives.
Merges [57388] and [57389] to the 5.7 branch.
Props costdev, peterwilsoncc, azaozz, tykoted, johnbillion, desrosj, afragen, jorbin, xknown.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@57398 602fd350-edb4-49c9-b593-d223f7449a82
- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- REST API: Limit `search_columns` for users without `list_users`.
- Prevent unintended behavior when certain objects are unserialized.
- Application Passwords: Prevent the use of some pseudo protocols in application passwords.
Merges [56833], [56834], [56835], [56836], [56837], and [56838] to the 5.7 branch.
Props xknown, jorbin, Vortfu, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, martinkrcho, paulkevan, dd32, antpb, rmccue.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@56886 602fd350-edb4-49c9-b593-d223f7449a82
This changeset adds two additional translation strings in the changelog file, for use when releasing the final version of WordPress on a particular branch.
Props peterwilsoncc, audrasjb, mukesh27.
Merges [55350] to the 5.7 branch.
Fixes#57216.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@55375 602fd350-edb4-49c9-b593-d223f7449a82
Add strings for use in future maintenance/security releases to indicate the security support status of the version of WordPress.
Two strings are introduced:
* indicating the version of WordPress is not receiving security updates, and,
* indicating the version of WordPress will shortly stop receiving security updates.
This change does not make use of the strings, the purpose is to make them available to translators prior to dropping support of selected versions of WordPress.
Props costdev, chesio, robinwpdeveloper, desrosj, rudlinkon, mukesh27, sumitbagthariya16.
Merges [54322] to the 5.7 branch.
See #56532.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@54433 602fd350-edb4-49c9-b593-d223f7449a82
This updates the "jquery-query" library from version 2.1.7 to 2.2.3.
Props jorbin, peterwilsoncc, xknown, audrasjb, jorgefilipecosta.
Merges [52844] to the 5.7 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@52849 602fd350-edb4-49c9-b593-d223f7449a82
> The currently recommended certificate chain as presented to Let’s Encrypt ACME clients when new certificates are issued contains an intermediate certificate (ISRG Root X1) that is signed by an old DST Root CA X3 certificate that expires on 2021-09-30. In some cases the OpenSSL 1.0.2 version will regard the certificates issued by the Let’s Encrypt CA as having an expired trust chain.
>
> Most up-to-date CA cert trusted bundles, as provided by operating systems, contain this soon-to-be-expired certificate. The current CA cert bundles also contain an ISRG Root X1 self-signed certificate. This means that clients verifying certificate chains can find the alternative non-expired path to the ISRG Root X1 self-signed certificate in their trust store.
>
> Unfortunately this does not apply to OpenSSL 1.0.2 which always prefers the untrusted chain and if that chain contains a path that leads to an expired trusted root certificate (DST Root CA X3), it will be selected for the certificate verification and the expiration will be reported.
References:
* [https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2]
* [https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ DST Root CA X3 Expiration (September 2021)]
Follow-up to [25224], [25426], [25569], [27307], [30491], [30765], [34283], [35919], [36570], [46094].
Props bradleyt, fierevere, SergeyBiryukov, peterwilsoncc.
Merges [51883] to the 5.7 branch.
Fixes#54207. See #50828.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@52097 602fd350-edb4-49c9-b593-d223f7449a82
- Update `lodash` to the latest version `4.17.21`.
- Disable some attributes for rich text.
Merges [51426,50941] to the 5.7 branch.
Props ellatrix, peterwilsoncc, get_dave, mcsf, talldanwp, youknowriad, desrosj, nerrad.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@51750 602fd350-edb4-49c9-b593-d223f7449a82
When the XML-RPC endpoint is enabled, always return a HTTP `200 OK` status code in accordance with the XML-RPC specification. Continue to return an HTTP `405 Method Not Allowed` status code when the endpoint is disabled.
Props ariskataoka, johnbillion.
Merges [50954] in to the 5.7 branch.
Fixes#52958.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@50989 602fd350-edb4-49c9-b593-d223f7449a82
Do not auto-set new menus to all vacant locations on the Appearance > Menus screen in the dashboard.
Follow up to [48051].
Props Chouby, audrasjb, davidbaumwald, mukesh27.
Merges [50938] in to the 5.7 branch.
Fixes#52949.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@50988 602fd350-edb4-49c9-b593-d223f7449a82
Reduce the size of the space below the maintenance and security release log of the WP 5.7 about page.
Props dhrumil12, audrasjb, sabernhardt, ryelle.
Fixes#53067.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@50937 602fd350-edb4-49c9-b593-d223f7449a82
Commit built files stored in repo following package updates.
Props gziolo, noisysocks, isabel_brison, peterwilsoncc.
Follow up to [50719].
Fixes#52912.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@50720 602fd350-edb4-49c9-b593-d223f7449a82
Allow authenticated users to read the contents of password protected posts if they have the `edit_post` meta capability for the post.
Merges [50717] to the 5.7 branch.
Props xknown, zieladam, peterwilsoncc, swissspidy, timothyblynjacobs.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@50718 602fd350-edb4-49c9-b593-d223f7449a82
The supported status values for Site Health tests are `good`, `recommended`, and `critical`.
Follow-up to [50660].
Props TimothyBlynJacobs.
Merges [50710] to the 5.7 branch.
Fixes#52783.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@50711 602fd350-edb4-49c9-b593-d223f7449a82
Twenty Twenty-One: Bump version to 1.3
Twenty Seventeen: Bump version to 2.7
Props desrosj, mukesh27, peterwilsoncc.
Merges [50708] to the 5.7 branch.
Fixes#52859.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@50709 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that contrast between text color and background meets the WCAG 2.0 AA recommended value. The following locations were changed:
- Network List Tables: Use lighter background colors for site status indicator.
- Nav Menus: Use a lighter background color for invalid menu items.
- Pointers: Use a darker background for pointer header.
- Themes: Use darker background on filter button hover.
- Customizer: Use darker background for selected widget.
Follow-up to [50025], [50571].
Props kebbet, melchoyce, peterwilsoncc.
Merges [50687] to the 5.7 branch.
Fixes#52760.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@50688 602fd350-edb4-49c9-b593-d223f7449a82
Improve the check for sourceless or dimensionless media when determining if the lazy loading attribute should be added to iframes and images. Never include the lazy loading attribute on embeds of WordPress posts as the iframe is initially hidden.
Including `loading="lazy"` on initially hidden iframes and images can prevent the media from loading in some browsers.
Props adamsilverstein, fabianpimminger, flixos90, johnbillion, jonkastonka, joyously, peterwilsoncc, SergeyBiryukov, SirStuey, swissspidy.
Merges [50682], [50683] to the 5.7 branch.
Fixes#52768.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@50684 602fd350-edb4-49c9-b593-d223f7449a82
“Tested up to” is not displayed on the theme directory or within the WordPress dashboard, but should be updated to be accurate for anyone reading the theme’s source code.
Follow up to [50508].
Props desrosj.
Merges [50669] to the 5.7 branch.
Fixes#52982.
git-svn-id: https://develop.svn.wordpress.org/branches/5.7@50681 602fd350-edb4-49c9-b593-d223f7449a82
