Patchman fix marked as changed file

  • Resolved jefromcanada

    (@jefromcanada)


    5 years, 6 months ago

    I received a warning from my hosting company about a serious security flaw in WordPress 4.11. Patchman had provided a back port of a fix from WordPress 5.2.3 that affected four files in the WordPress core.

    WordFence detected the Patchman updates and is reporting them as file changes from the WordPress core. I think WordFence should be ignoring the Patchman updates by default.

    WordFence reports the following Patchman files as being modified:
    wp-admin/js/updates.js
    wp-admin/js/updates.min.js
    wp-includes/js/wp-sanitize.js
    wp-includes/js/wp-sanitize.min.js

    • This topic was modified 5 years, 6 months ago by jefromcanada.
Viewing 1 replies (of 1 total)

  • Hi @jefromcanada,

    Wordfence (or any plugin that monitors file changes) is unable to know which plugin/process made the file change.

    And because you’re still on version 4.11, Wordfence will compare the files on the official WordPress repository for version 4.11 with the files currently on your system.

    At this time, we’re not comparing files from Patchman, but I’ll let the team know about this and see what they think about it.

    Dave

Viewing 1 replies (of 1 total)
  • The topic ‘Patchman fix marked as changed file’ is closed to new replies.