Actions
Bug #1221
closedUpdate CAC Featured Content Plugin on WP Repo
Status:
Resolved
Priority name:
Normal
Assignee:
Category name:
WordPress (misc)
Target version:
Start date:
2011-10-08
Due date:
% Done:
0%
Estimated time:
Deployment actions:
Description
Per the email sent from WP on 9/26 "Security issue with your wordpress.org plugin"
http://wordpress.org/extend/plugins/cac-featured-content/
Your plugin is bundled with a vulnerable version of TimThumb. We have reason to believe that your plugin is being actively exploited on sites.
Please update the plugin immediately with the latest version of TimThumb, or remove TimThumb, and release a new version of the plugin.
The latest version of TimThumb is http://code.google.com/p/timthumb/source/browse/trunk/timthumb.php.
When releasing a security update, we want users to be as comfortable as possible. To encourage them to update, we suggest:- Don’t bundle new enhancements or features in your version.
- Update the minor version, for example 2.1.7 to 2.1.8, rather than 2.1.7 to 3.0.
- Include an “Update Notice” in the readme.txt file, informing them their site may be insecure and they need to update immediately. See http://wordpress.org/extend/plugins/about/readme.txt.
Actions