Project

General

Profile

Actions
Copy link

Bug #1221

closed

Update CAC Featured Content Plugin on WP Repo

Added by Matt Gold about 13 years ago. Updated about 13 years ago.

Status:
Resolved
Priority name:
Normal
Assignee:
Boone Gorges
Category name:
WordPress (misc)
Target version:
Not tracked
Start date:
2011-10-08
Due date:
% Done:

0%

Estimated time:
Deployment actions:

Description

Per the email sent from WP on 9/26 "Security issue with your wordpress.org plugin"

http://wordpress.org/extend/plugins/cac-featured-content/

Your plugin is bundled with a vulnerable version of TimThumb. We have reason to believe that your plugin is being actively exploited on sites.

Please update the plugin immediately with the latest version of TimThumb, or remove TimThumb, and release a new version of the plugin.

The latest version of TimThumb is http://code.google.com/p/timthumb/source/browse/trunk/timthumb.php.

When releasing a security update, we want users to be as comfortable as possible. To encourage them to update, we suggest:
  • Don’t bundle new enhancements or features in your version.
  • Update the minor version, for example 2.1.7 to 2.1.8, rather than 2.1.7 to 3.0.
  • Include an “Update Notice” in the readme.txt file, informing them their site may be insecure and they need to update immediately. See http://wordpress.org/extend/plugins/about/readme.txt.
Actions
Copy link
 #1

Updated by Boone Gorges about 13 years ago

  • Status changed from Assigned to Resolved
Actions
Copy link
 #2

Updated by Matt Gold about 13 years ago

Thanks, Boone.

Actions
Copy link

Also available in: Atom PDF