"On behalf of the WordPress security team, ..." and then many mentions of "fixing a security issue" without specifying what it is. (The patch is, presumably, public since the plugin is OSS and PHP?)
https://wordpress.org/news/2024/10/secure-custom-fields/
I don't have an opinion on the broader Wordpress situation, but seeing a security exception used to wield power in a broader controversy is extremely worrying.
Open source communities trust security teams with exceptional powers, and weakening that trust damages everyone.
Filippo Valsorda
npub1jz…yjnwm
2024-10-12 20:12:39 UTC
Author Public Key
npub1jzt0dcdqdhz0dmf3xk8fjn56kt45dqemtaz6rqzm9ycyz25p0nzqryjnwmSeen on
wss://relay.momostr.pinkPublished at
2024-10-12 20:12:39 UTCEvent JSON
{
"id": "6cf42f15a310cf35e5725b8cc7bc350bed71635662912f8754db7eefa5ffdbb2",
"pubkey": "9096f6e1a06dc4f6ed31358e994e9ab2eb46833b5f45a1805b2930412a817cc4",
"created_at": 1728763959,
"kind": 1,
"tags": [
[
"proxy",
"https://abyssdomain.expert/@filippo/113296274824465034",
"web"
],
[
"proxy",
"https://abyssdomain.expert/users/filippo/statuses/113296274824465034",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://abyssdomain.expert/users/filippo/statuses/113296274824465034",
"pink.momostr"
],
[
"-"
]
],
"content": "\"On behalf of the WordPress security team, ...\" and then many mentions of \"fixing a security issue\" without specifying what it is. (The patch is, presumably, public since the plugin is OSS and PHP?)\n\nhttps://wordpress.org/news/2024/10/secure-custom-fields/\n\nI don't have an opinion on the broader Wordpress situation, but seeing a security exception used to wield power in a broader controversy is extremely worrying.\n\nOpen source communities trust security teams with exceptional powers, and weakening that trust damages everyone.",
"sig": "16fcb1859f072b8dbb0646d2c6b17fe78c26f1069aab234c69ce24d6c6c336943fd77f5fa59805cb16caa8f39a0f8d974ea65eab234aa656ae093cc7aa325e60"
}