> The currently recommended certificate chain as presented to Let’s Encrypt ACME clients when new certificates are issued contains an intermediate certificate (ISRG Root X1) that is signed by an old DST Root CA X3 certificate that expires on 2021-09-30. In some cases the OpenSSL 1.0.2 version will regard the certificates issued by the Let’s Encrypt CA as having an expired trust chain.
>
> Most up-to-date CA cert trusted bundles, as provided by operating systems, contain this soon-to-be-expired certificate. The current CA cert bundles also contain an ISRG Root X1 self-signed certificate. This means that clients verifying certificate chains can find the alternative non-expired path to the ISRG Root X1 self-signed certificate in their trust store.
>
> Unfortunately this does not apply to OpenSSL 1.0.2 which always prefers the untrusted chain and if that chain contains a path that leads to an expired trusted root certificate (DST Root CA X3), it will be selected for the certificate verification and the expiration will be reported.
References:
* [https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2]
* [https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ DST Root CA X3 Expiration (September 2021)]
Follow-up to [25224], [25426], [25569], [27307], [30491], [30765], [34283], [35919], [36570], [46094].
Props bradleyt, fierevere, SergeyBiryukov, peterwilsoncc.
Merges [51883] to the 5.6 branch.
Fixes#54207. See #50828.
Built from https://develop.svn.wordpress.org/branches/5.6@52098
git-svn-id: http://core.svn.wordpress.org/branches/5.6@51690 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Update `lodash` to the latest version `4.17.21`.
- Disable some attributes for rich text.
- Use hashed/deterministic moduleIDs in webpack config.
Props ellatrix, peterwilsoncc, get_dave, mcsf, talldanwp, youknowriad, desrosj, nerrad, gziolo.
Merges [50940-50941,50984-50985,51426] to the 5.6 branch.
Built from https://develop.svn.wordpress.org/branches/5.6@51751
git-svn-id: http://core.svn.wordpress.org/branches/5.6@51359 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The reorganization of the PHPUnit workflow in [50441] unintentionally caused the tests to be run for every `push` event, even for forks and private mirrors.
Previously, the second job required the first one to pass, and the conditional check on the first prevented both from running. Because the first job is no longer required for the second, both jobs must have the appropriate conditional check.
Merges [50670] to the 5.6 branch.
Fixes#52983.
Built from https://develop.svn.wordpress.org/branches/5.6@50672
git-svn-id: http://core.svn.wordpress.org/branches/5.6@50284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This backports several build and test tool improvements to the 5.6 branch. Most notably, this includes:
- The changes required to allow each workflow to be triggered by the `workflow_dispatch` event so that tests can be run on a schedule [50590].
- The ability to run PHPUnit tests from `src` instead of `build` [50441-50443].
- Splitting single site and multisite tests into parallel jobs [50379].
- Split slow tests into separate, parallel jobs for PHP 5.6 [50444].
- Better branch and path scoping for GitHub Action workflows when running on `pull_request` [50432,50479].
- Several `devDependency` updates.
Merges [50267,50299,50379,50387,50413,50416,50432,50435-50436,50441-50444,50446,50473-50474,50476,50479,50485-50487,50545,50579,50590,50592,50598] to the 5.6 branch.
See #50401, #51734, #51801, #51802, #52548, #52608, #52612, #52623, #52624, #52625, #52645, #52653, #52658, #52660, #52667, #52786.
Built from https://develop.svn.wordpress.org/branches/5.6@50602
git-svn-id: http://core.svn.wordpress.org/branches/5.6@50215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, jQuery 1.12.4 was added to the WordPress SVN repo in order to backport an upstream security patch from jQuery 3.4.0.
Now that WordPress includes an unmodified version of jQuery 3.5.1 and no longer needs to maintain a fork, it can be removed from the SVN repo and installed via NPM again as part of the build.
Follow-up to [45342], [49101].
Props peterwilsoncc, SergeyBiryukov.
Merges [50445] to the 5.6 branch.
Fixes#52647.
Built from https://develop.svn.wordpress.org/branches/5.6@50459
git-svn-id: http://core.svn.wordpress.org/branches/5.6@50070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates several packages to their latest patch versions to fix bugs discovered in the 5.6 branch.
`@wordpress/block-directory` to `1.17.8`
`@wordpress/block-editor` to `5.1.7`
`@wordpress/block-library` to `2.26.8`
`@wordpress/components` to `11.1.5`
`@wordpress/core-data` to `2.24.4`
`@wordpress/edit-post` to `3.25.8`
`@wordpress/editor` to `9.24.7`
`@wordpress/format-library` to `1.25.7`
`@wordpress/list-reusable-blocks` to `1.24.5`
`@wordpress/media-utils` to `1.18.1`
`@wordpress/nux` to `3.23.5`
`@wordpress/reusable-blocks` to `1.0.7`
`@wordpress/server-side-render` to `1.19.5`
Props isabel_brison, talldanwp, youknowriad, freewebmentor, sterndata, inc2734, itsjonq, jorgefilipecosta, aristath, nosolosw, mattwiebe, addiestavlo, kevin940726, noisysocks, aaronrobertshaw, glendaviesnz, gwwar, bernhard-reiter, paaljoachim.
Fixes#52396, #52449, #52553.
Built from https://develop.svn.wordpress.org/branches/5.6@50376
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49987 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes improper triggering of the "Are you sure?" prompt when navigating away from the old, "classic" Edit Post screen and there are no changes.
The previous check did not account for Pages or any custom post types that don't have a Title, Content, or Excerpt field.
Follow-up to [50031].
Props hwk-fr, mukesh27, audrasjb, archon810, Clorith, ibiza69, tonysandwich, roger995, bartosz777, viablethought, dbtedg, worldedu, hmabpera, magnuswebdesign.
Merges [50232] to the 5.6 branch.
Fixes#52440.
Built from https://develop.svn.wordpress.org/branches/5.6@50366
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49977 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This merges several refinements to GitHub Action workflow files to the 5.6 branch.
It also includes [49836], which added the ability to replace `mysql` with `mariadb` when using the local Docker environment to ensure consistency of the tools across branches.
Props johnbillion.
Merges [49781-49784,49786,49836,49938,50268,50285] to the 5.6 branch.
See #50401.
Built from https://develop.svn.wordpress.org/branches/5.6@50296
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This brings consistency between single site and multisite in REST API plugin installation tests.
Previously, multisite tests were unnecessarily downloading the plugin from WordPress.org on each test run, causing external HTTP requests and leading to failures in case of a timeout.
Follow-up to [48242], [49491], [49913].
Merges [49951] to the 5.6 branch.
See #51669.
Built from https://develop.svn.wordpress.org/branches/5.6@50085
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Since a new version of Twenty Twenty-One will not be published in coordination with 5.6.1, this will prevent slight differences between the version of the theme that ships with 5.6.1 and the one users received when updating the theme to version `1.1`.
See #52212.
Built from https://develop.svn.wordpress.org/branches/5.6@50062
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These are backports coming for the 5.6.1 release.
Summary of the following issues:
* [#27970](https://github.com/WordPress/gutenberg/pull/27970) - Fix editor crash when registering a block pattern without `categories` Backport to WP Minor Release [Feature] Inserter [Feature] Patterns [Type] Bug
* [#27733](https://github.com/WordPress/gutenberg/pull/27733) - [Embed block]: Add html and reusable support back Backport to WP Minor Release [Block] Embed [Type] Regression
* [#27727](https://github.com/WordPress/gutenberg/pull/27727) - Add aria labels to box control component inputs/button Backport to WP Minor Release [Feature] UI Components [Package] Components [Type] Bug [a11y] Labelling
* [#27627](https://github.com/WordPress/gutenberg/pull/27627) - HTML Block: Fix editor styles Backport to WP Minor Release [Block] HTML [Type] Regression
* [#27526](https://github.com/WordPress/gutenberg/pull/27526) - Core Data: Normalize `_fields` value for use in `stableKey` Backport to WP Minor Release [Package] Core data [Type] Bug
* [#26705](https://github.com/WordPress/gutenberg/pull/26705) - Fix: Font size picker does not correctly handles big font sizes. Backport to WP Minor Release [Type] Bug
* [#26432](https://github.com/WordPress/gutenberg/pull/26432) - Edit Site: prevent inserter overscroll Backport to WP Minor Release First-time Contributor [Feature] Full Site Editing [Type] Bug
Packages updated:
@wordpress/block-directory@1.17.7
@wordpress/block-editor@5.1.6
@wordpress/block-library@2.26.7
@wordpress/components@11.1.4
@wordpress/core-data@2.24.3
@wordpress/edit-post@3.25.7
@wordpress/edit-site@1.15.7
@wordpress/edit-widgets@1.1.7
@wordpress/editor@9.24.6
@wordpress/format-library@1.25.6
@wordpress/interface@0.10.7
@wordpress/list-reusable-blocks@1.24.4
@wordpress/nux@3.23.4
@wordpress/reusable-blocks@1.0.6
@wordpress/server-side-render@1.19.4
Fixes#52391.
Props gziolo, whyisjake.
Built from https://develop.svn.wordpress.org/branches/5.6@50061
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, only the username was checked which caused a PHP warning in some server setups, for instance Shibboleth SSO, where the server only populates the PHP_AUTH_USER field.
This brings the changes from [49919] to the 5.6 branch.
Props MadtownLems, johnbillion, richard.tape, engahmeds3ed, TimothyBlynJacobs.
Fixes#52003.
Built from https://develop.svn.wordpress.org/branches/5.6@50045
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49746 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [49752] a check was added to prevent creating new Application Passwords if Basic Auth credentials were detected to prevent conflicts. This check takes place in WP-Admin, though a conflict would only arise if Basic Auth was used on the website's front-end.
This commit extracts the Basic Auth check into a reusable function, wp_is_site_protected_by_basic_auth(), which can be adjusted using a filter of the same name. This way, a site that uses Basic Auth to protect WP-Admin can still use the Application Passwords feature.
In the future, instead of requiring the use of a filter, WordPress could make a loopback request and check for a WWW-Authenticate header to make this detection more robust out of the box.
This brings the changes from [50006] to the 5.6 branch.
Props SeBsZ, archon810, aaroncampbell, ocean90, SergeyBiryukov, TimothyBlynJacobs.
Fixes#52066.
Built from https://develop.svn.wordpress.org/branches/5.6@50044
git-svn-id: http://core.svn.wordpress.org/branches/5.6@49745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
