> The currently recommended certificate chain as presented to Let’s Encrypt ACME clients when new certificates are issued contains an intermediate certificate (ISRG Root X1) that is signed by an old DST Root CA X3 certificate that expires on 2021-09-30. In some cases the OpenSSL 1.0.2 version will regard the certificates issued by the Let’s Encrypt CA as having an expired trust chain.
>
> Most up-to-date CA cert trusted bundles, as provided by operating systems, contain this soon-to-be-expired certificate. The current CA cert bundles also contain an ISRG Root X1 self-signed certificate. This means that clients verifying certificate chains can find the alternative non-expired path to the ISRG Root X1 self-signed certificate in their trust store.
>
> Unfortunately this does not apply to OpenSSL 1.0.2 which always prefers the untrusted chain and if that chain contains a path that leads to an expired trusted root certificate (DST Root CA X3), it will be selected for the certificate verification and the expiration will be reported.
References:
* [https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2]
* [https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ DST Root CA X3 Expiration (September 2021)]
Follow-up to [25224], [25426], [25569], [27307], [30491], [30765], [34283], [35919], [36570], [46094].
Props bradleyt, fierevere, SergeyBiryukov, peterwilsoncc.
Merges [51883] to the 5.5 branch.
Fixes#54207. See #50828.
Built from https://develop.svn.wordpress.org/branches/5.5@52099
git-svn-id: http://core.svn.wordpress.org/branches/5.5@51691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Update `lodash` to the latest version `4.17.21`.
- Disable some attributes for rich text.
- Use hashed/deterministic moduleIDs in webpack config.
Props ellatrix, peterwilsoncc, get_dave, mcsf, talldanwp, youknowriad, desrosj, nerrad, gziolo.
Merges [50940-50941,50984-50985,51426] to the 5.5 branch.
Built from https://develop.svn.wordpress.org/branches/5.5@51752
git-svn-id: http://core.svn.wordpress.org/branches/5.5@51360 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The reorganization of the PHPUnit workflow in [50441] unintentionally caused the tests to be run for every `push` event, even for forks and private mirrors.
Previously, the second job required the first one to pass, and the conditional check on the first prevented both from running. Because the first job is no longer required for the second, both jobs must have the appropriate conditional check.
Merges [50670] to the 5.5 branch.
Fixes#52983.
Built from https://develop.svn.wordpress.org/branches/5.5@50673
git-svn-id: http://core.svn.wordpress.org/branches/5.5@50285 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This backports several build and test tool improvements to the 5.5 branch. Most notably, this includes:
- The changes required to allow each workflow to be triggered by the `workflow_dispatch` event so that tests can be run on a schedule [50590].
- The ability to run PHPUnit tests from `src` instead of `build` [50441-50443].
- Splitting single site and multisite tests into parallel jobs [50379].
- Split slow tests into separate, parallel jobs for PHP 5.6 [50444].
- Better branch and path scoping for GitHub Action workflows when running on `pull_request` [50432,50479].
- Several `devDependency` updates.
Merges [50267,50299,50379,50387,50413,50416,50432,50435-50436,50441-50444,50446,50473-50474,50476,50479,50485-50487,50545,50579,50590,50592,50598] to the 5.5 branch.
See #50401, #51734, #51801, #51802, #52548, #52608, #52612, #52623, #52624, #52625, #52645, #52653, #52658, #52660, #52667, #52786.
Built from https://develop.svn.wordpress.org/branches/5.5@50603
git-svn-id: http://core.svn.wordpress.org/branches/5.5@50216 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit merges the workflow files required to run automated testing on GitHub Actions.
In addition, [49836] and [50285] have been included in order to keep the local Docker environment consistent across all branches.
Merges [49162,49168-49169,49175,49204,49227-49228,49244,49369,49371,49548,49781-49784,49786,49836,49938,50268,50285,50298] to the 5.5 branch.
See #50401.
Built from https://develop.svn.wordpress.org/branches/5.5@50302
git-svn-id: http://core.svn.wordpress.org/branches/5.5@49947 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates the 5.5 branch to support the latest LTS version of NodeJS (currently 14.x) in an effort to allow the same version of NodeJS to be used across all WordPress branches receiving security updates as a courtesy.
In addition to backporting the package updates that happened after branching 5.5, dependencies that were removed in future releases have also been updated to their latest versions.
Props desrosj, dd32, netweb, jorbin.
Merges [48705,49636,49933,49937,49939-49940,49983,49989-49990,50016-50017,50126,50176,50185] to the 5.5 branch.
See #52341.
Built from https://develop.svn.wordpress.org/branches/5.5@50188
git-svn-id: http://core.svn.wordpress.org/branches/5.5@49866 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings consistency between single site and multisite in REST API plugin installation tests.
Previously, multisite tests were unnecessarily downloading the plugin from WordPress.org on each test run, causing external HTTP requests and leading to failures in case of a timeout.
Follow-up to [48242], [49491], [49913].
Merges [49951] to the 5.5 branch.
See #51669.
Built from https://develop.svn.wordpress.org/branches/5.5@50086
git-svn-id: http://core.svn.wordpress.org/branches/5.5@49786 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [49162], GitHub Action workflow configuration files were introduced to run all of Core’s automated testing with the intent to fully transition after some time was allowed for testing.
After two full months of testing, the time to finish this transition has come.
We thank TravisCI for testing the codebase through nearly 20 major and many more minor releases.
Merges [49876] to the 5.5 branch.
See #52161. See #50401.
Built from https://develop.svn.wordpress.org/branches/5.5@49878
git-svn-id: http://core.svn.wordpress.org/branches/5.5@49597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Appveyor was added to Core in [44594] to ensure that NPM and the WordPress build tools continue to work correctly on Windows systems as changes are made. Using an additional service for this was required at the time, TravisCI did not support testing on Windows.
[49162] introduced a GitHub Action workflow that performed the same testing. Since all automated testing is moving to GitHub Actions, using Appveyor is no longer necessary, and it’s preferable to have all automated testing in one location as much as possible.
Props ayeshrajans.
Merges [49779] to the 5.5 branch.
See #51968.
Built from https://develop.svn.wordpress.org/branches/5.5@49810
git-svn-id: http://core.svn.wordpress.org/branches/5.5@49533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit brings the changes in [49452] to the 5.5 branch.
If reinstalling WordPress, there is a condition where tables would exist in the database. Ensures that when that is the case, the install process can carry along without issue.
Fixes#51676.
Props xknown, garubi, mukesh27, desrosj, johnbillion, metalandcoffee, davidbaumwald, whyisjake.
Built from https://develop.svn.wordpress.org/branches/5.5@49453
git-svn-id: http://core.svn.wordpress.org/branches/5.5@49212 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This introduces the `LOCAL_PHPUNIT` environment variable, which allows the desired version of PHPUnit to be specified when running the PHP tests within the local Docker environment.
Because support for newer versions of PHPUnit is not backported, some versions of PHP need the ability to run multiple versions of PHPUnit for different branches. This adds the flexibility needed to use the Docker environment within those older branches to run the PHP tests.
Props johnbillion, SergeyBiryukov.
Merges [49362] to the 5.5 branch.
See #50042.
Built from https://develop.svn.wordpress.org/branches/5.5@49363
git-svn-id: http://core.svn.wordpress.org/branches/5.5@49123 1a063a9b-81f0-0310-95a4-ce76da25c4cd