WordPress 5.2: Mitigating Supply-Chain Attacks Against 33% of the Internet

WordPress 5.2: Mitigating Supply-Chain Attacks Against 33% of the Internet

WordPress 3.7 was released on October 24, 2013 and introduced an automatic update mechanism to ensure security fixes would be automatically deployed on all WordPress sites, in an effort to prevent recently-patched vulnerabilities from being massively exploited in the wild. For the first release, WordPress will (by default) soft-fail if the signature is not valid. In addition to the security enhancements to the WordPress core, the inclusion of sodium_compat on WordPress 5.2 means that plugin developers can start to migrate their custom cryptography code away from mcrypt (deprecated in PHP 7.1, removed in PHP 7.2) and towards libsodium (introduced in PHP 7.2, polyfilled by sodium_compat).

Source: paragonie.com