←back to thread

Secure Custom Fields by WordPress.org

(wordpress.org)
172 points ValentineC | 2 comments | 12 Oct 24 18:38 UTC | HN request time: 0.539s | source
Show context
CharlesW ◴[12 Oct 24 19:27 UTC] No.41821726[source]
So WordPress-the-org — which is effectively Matt, as far as I can tell — just Sherlocked a developer's plug-in using the developer's own code, ostensibly as retribution for a security issue that the developer had already fixed. https://www.advancedcustomfields.com/blog/acf-6-3-8-security...

What am I missing?

replies(5): >>41821790 #>>41821829 #>>41821872 #>>41821880 #>>41823351 #
photomatt ◴[12 Oct 24 19:41 UTC] No.41821829[source]
This release fixes a separate security vulnerability from the original update.
replies(5): >>41821983 #>>41822001 #>>41822749 #>>41823899 #>>41825727 #
NeonNautilus ◴[12 Oct 24 19:57 UTC] No.41821983[source]
Can anyone else prove this security vulnerability actually existed?
replies(2): >>41822049 #>>41825729 #
mirzap ◴[12 Oct 24 20:04 UTC] No.41822049[source]
It doesn't matter. Matt didn't have the right to hijack ACF.
replies(1): >>41822409 #
jnwatson ◴[12 Oct 24 20:45 UTC] No.41822409[source]
I'm not on Matt's side, but anyone has the right to fork a GPL project and call it something else.
replies(2): >>41822432 #>>41822469 #
1. mirzap ◴[12 Oct 24 20:53 UTC] No.41822469[source]
This is not a fork. He stole the original project plugin space, its reviews, download statistics, SEO traffic, etc. It has nothing to do with GPL.
replies(1): >>41822766 #
2. ankleturtle ◴[12 Oct 24 21:24 UTC] No.41822766[source]
Wow. I will never contribute anything to WordPress again.