mirror of
https://github.com/WordPress/WordPress.git
synced 2025-03-09 07:00:01 +00:00
6db739937a
The Root Certificate bundle maintained by Mozilla ships in WordPress to allow SSL certificates to be verified on hosts with incomplete, outdated, or invalid local SSL configurations. To date, updates have only been merged into Core when problems arise using a highly manual process. This introduces the `certificates:upgrade` Grunt task to automate the process of updating the included bundle with upstream changes using Composer to manage versioning. The legacy 1024bit certificates included for backwards compatibility are now maintained in a separate file that is prepended to the built version of the bundle during the relevant Grunt tasks. Some expired certificates from this list have been removed: - Cybertrust Global Root (expired 2021-12-15) - Thawte Server CA (expired 2020-12-31) - Thawte Premium Server CA (expired 2020-12-31) The Dependabot configuration has also been updated to open pull requests when new releases occur upstream. Going forward, the recommendation is to create a task ticket for updating these certificates with each release when an update is published. See #62811 for an example of this. Props johnbillion, desrosj, whyisjake, ayeshrajans, SergeyBiryukov, swissspidy, skithund, barry. Fixes #62812. See #62811, 50828. Built from https://develop.svn.wordpress.org/trunk@59740 git-svn-id: http://core.svn.wordpress.org/trunk@59082 1a063a9b-81f0-0310-95a4-ce76da25c4cd