Project

General

Profile

Bug #1221

Update CAC Featured Content Plugin on WP Repo

Added by Matt Gold almost 8 years ago. Updated almost 8 years ago.

Status:
Resolved
Priority name:
Normal
Assignee:
Category name:
WordPress (misc)
Target version:
Start date:
2011-10-08
Due date:
% Done:

0%

Estimated time:

Description

Per the email sent from WP on 9/26 "Security issue with your wordpress.org plugin"

http://wordpress.org/extend/plugins/cac-featured-content/

Your plugin is bundled with a vulnerable version of TimThumb. We have reason to believe that your plugin is being actively exploited on sites.

Please update the plugin immediately with the latest version of TimThumb, or remove TimThumb, and release a new version of the plugin.

The latest version of TimThumb is http://code.google.com/p/timthumb/source/browse/trunk/timthumb.php.

When releasing a security update, we want users to be as comfortable as possible. To encourage them to update, we suggest:
  • Don’t bundle new enhancements or features in your version.
  • Update the minor version, for example 2.1.7 to 2.1.8, rather than 2.1.7 to 3.0.
  • Include an “Update Notice” in the readme.txt file, informing them their site may be insecure and they need to update immediately. See http://wordpress.org/extend/plugins/about/readme.txt.

History

#1 Updated by Boone Gorges almost 8 years ago

  • Status changed from Assigned to Resolved

#2 Updated by Matt Gold almost 8 years ago

Thanks, Boone.

Also available in: Atom PDF