Yeah, this looks like a forced update for security reasons pushed by (or with facilitation from) the WordPress.org team.
Or the auto-update function settings were broken. It surprises me that part of a forced update (assuming this is what it is) doesn’t include communication about it (and I recommend that to any WordPress.org team member reading).
Their changelog doesn’t say anything about security update. 2 things only and they’re pretty lame to force an update on folks. Not to mention that the IPs that accessed our clients are all over the place. They’re not one repo IP.
It’s something rogue about this all.
I don’t know about the first line, but the second line in the changelog about sanitization and escaping is a security fix (that’s what sanitization and escaping improve). They could (and should) make it a lot more clear, though, obviously!
7.4.1 – 2023-05-30
- Fix – Add Order Key Validation.
- Fix – Add sanitization and escaping some outputs.
That I saw, but that’s pretty standard. I was expecting a huge, like, “oops, we blew it and we left a backdoor open and oh well” it was something else. You don’t go and force your way into hundreds of thousands of sites I’m sure for a sanitizing issue, unless it was sticking :o)
We’ll probably never get the truth either. Hopefully we do.
Hey @serafinnyc, good to see your avatar again but not under ideal circumstances.
Thanks for reaching out, I can appreciate the surprise seeing that the WooCommerce Stripe Payment Gateway had updated when auto updates were disabled.
There are occasions for updates where plugins have the option to override the default setting, but this is not something the Woo team can do ourselves and this must be authorized and handled by the Plugin Review team.
There will be an email sent to the Stripe account holder with more details – we wanted to ensure sites were updated before sharing more information about this.
Please know this wasn’t an update taken lightly. This was a required release that needed to be updated on all sites.
Thanks,
@dougaitken my brotha from another motha. Miss you man. How are you?
Appreciate that update and look forward to the response from Stripe team as well. Take care.
Hi @serafinnyc
You are most welcome! 🙂
Meanwhile, I will be marking this thread as resolved. Should you have further inquiries, kindly create a new topic here.
Thanks!