Secure Custom Fields by WordPress.org

(wordpress.org)

172 points ValentineC | 2 comments | 12 Oct 24 18:38 UTC | HN request time: 0.536s | source

Show context

akira2501 ◴[12 Oct 24 19:28 UTC] No.41821735[source]▶

> This update is as minimal as possible to fix the security issue.

> This is a rare and unusual situation brought on by WP Engine’s legal attacks, we do not anticipate this happening for other plugins.

So.. is this fixing a security issue.. or is this because of WP Engine?

> and are forking Advanced Custom Fields (ACF) into a new plugin

And stealing their place in the plugin store. A fork generally implies that you are going to set off on your own, and not inhabit the dead flesh of the project you just killed.

Matt Mullenweg is the biggest child I have ever seen in operation.

replies(3): >>41821760 #>>41822423 #>>41822651 #

throw16180339 ◴[12 Oct 24 20:47 UTC] No.41822423[source]▶

>>41821735 #

> So.. is this fixing a security issue.. or is this because of WP Engine?

AFAIK, here's the timeline.

1. Automattic announced that there was a security issue in ACF.

2. WP Engine fixes it immediately.

3. Automattic bans the WP Engine developers from Wordpress.org, so they can't deploy the fix. This places millions of users at risk, but that's how they roll.

4. Automattic forks ACF, removes the commercial upgrade, and renames it.

replies(2): >>41823350 #>>41828573 #

1. claudiulodro ◴[12 Oct 24 22:39 UTC] No.41823350[source]▶

>>41822423 #

Your timeline is rearranging some things around[1]. WP Engine was banned before the security issue.

[1] https://duerrenberger.dev/blog/2024/10/08/timeline-of-the-wo...

replies(1): >>41823717 #

2. throw16180339 ◴[12 Oct 24 23:33 UTC] No.41823717[source]▶

>>41823350 (TP) #

Good catch! Sadly it's too late to edit my comment.

↑