Project

General

Profile

Actions

Bug #1221

closed

Update CAC Featured Content Plugin on WP Repo

Added by Matt Gold about 13 years ago. Updated about 13 years ago.

Status:
Resolved
Priority name:
Normal
Assignee:
Category name:
WordPress (misc)
Target version:
Start date:
2011-10-08
Due date:
% Done:

0%

Estimated time:
Deployment actions:

Description

Per the email sent from WP on 9/26 "Security issue with your wordpress.org plugin"

http://wordpress.org/extend/plugins/cac-featured-content/

Your plugin is bundled with a vulnerable version of TimThumb. We have reason to believe that your plugin is being actively exploited on sites.

Please update the plugin immediately with the latest version of TimThumb, or remove TimThumb, and release a new version of the plugin.

The latest version of TimThumb is http://code.google.com/p/timthumb/source/browse/trunk/timthumb.php.

When releasing a security update, we want users to be as comfortable as possible. To encourage them to update, we suggest:
  • Don’t bundle new enhancements or features in your version.
  • Update the minor version, for example 2.1.7 to 2.1.8, rather than 2.1.7 to 3.0.
  • Include an “Update Notice” in the readme.txt file, informing them their site may be insecure and they need to update immediately. See http://wordpress.org/extend/plugins/about/readme.txt.
Actions

Also available in: Atom PDF