Automatic Update

I had the same problem: emails were sent saying that the plugin was updated automatically, even though automatic update was definitely NOT set. However, I did manually update the plugin. So, is the problem that the plugin has confused manual update with automatic update? Or is the problem that the plugin is doing an automatic update even when WP is not set to perform automatic updates?

Note, in addition, that I have manually updated multiple other plugins at the same time and none of those other plugins generated any email about being automatically updated. So the issue is specific to this plugin.

I just put in for the same. This isn’t good at all. Without any tracking even on some of our client’s sites.

Hey @toulip @josiah-s-carberry

Thanks for reaching out, I can appreciate the surprise seeing that the WooCommerce Stripe Payment Gateway had updated when auto updates were disabled.

There are occasions for updates where plugins have the option to override the default setting, but this is not something the Woo team can do ourselves and this must be authorized and handled by the Plugin Review team.

There will be an email sent to the Stripe account holder with more details – we wanted to ensure sites were updated before sharing more information about this.

Please know this wasn’t an update taken lightly. This was a required release that needed to be updated on all sites.

Thanks,

Hello @dougaitken,

Thanks for your reply and explanation here.

Let me ask you. Is this about a plugin vulnerability? And if yes, can you please provide us with a link to read more?

Thanks in advance,

George.

@toulip We do not state such things in public in order to protect you. After all, if we tell everyone a version has a security issue, then hackers will jump all over it. :/

For now, as painful as this is to hear, you have to accept that this was done for a reason and details will be provided as soon as possible.

As Doug told you:

There will be an email sent to the Stripe account holder with more details – we wanted to ensure sites were updated before sharing more information about this.

So please, wait patiently. ??

(FWIW the plugin team doesn’t do this on our own – the plugin developers have to present a case for this sort of thing and then we may push. We try not to unless we absolutely have to. It’s normal, and nothing to worry about as long as the update worked on your site.)

• This reply was modified 1 year, 5 months ago by Ipstenu (Mika Epstein).

For the precise reason that your plugin is at the nexus of customer satisfaction and financial gain, I have a test environment. I never update anything in the production environment until I have first deployed the change and tested in in the test environment. By performing an update without my permission you short circuit my operational processes, processes that most IT professionals would consider to be of critical importance.

I can understand why the publishers of WP might want to protect users lacking the technical knowledge needed to run a commercial web site. But do they also take responsibility if a critically urgent patch turns out to introduce new bugs???

I would like to address this part. Almost certainly this topic may get closed to new replies.

But do they also take responsibility if a critically urgent patch turns out to introduce new bugs???

No. Nor does any developer here on www.remarpro.com have to and nor should they. There is a big difference between a mistake and malicious intent. I have no knowledge of the security issue but I am not aware of any ill will from the developer or their support volunteers.

100% of every plugin, every theme and WordPress itself is free and opensource code. All of it. No one here is anyone’s customer and no user here is owed anything at all.

At best all users are opensource collaborators helping to make the code better for the community.

It is fantastic when developers work for free and on their own time to support users but no one, including anyone from WooCommerce owes anyone here anything. Not even a reply.

Please set your expectations appropriately.

By performing an update without my permission you short circuit my operational processes, processes that most IT professionals would consider to be of critical importance.

@josiah-s-carberry — If you cannot afford to let www.remarpro.com auto-update, and I fully understand there are many valid reasons you might not be able to do that, then you should make the effort to ensure your site does not auto-update anything.

If you haven’t yet, you should read the doc on auto-updates.

Specifically the part about filtering for plugins and themes.

Hello @ipstenu,

Thanks for your reply. I really appreciate it.

Please excuse me for my previous question. I was just curious because this plugin has to do with payments.

Of course, I will be waiting for Stripe’s email.

Finally, I appreciate all the work all developers in the WP community do in order to protect us. I really do.

Best Regards,

Hi @toulip

You are most welcome here! ??

Meanwhile, I will be marking this thread as resolved. Should you have further inquiries, kindly create a new topic here.

Thanks!

Thank you for the reference on how to disable automatic updates. I hope that works.