Disabled auto-update

  • Resolved wpandlpuser

    (@wpandlpuser)


    3 months ago

    Dear WooCommerce team,

    Although disabled, my plugin was also updated automatically to 10.5.3, causing a live site to lose certain custom WC modifications…

    I understand that a critical security issue was patched and it is important to cover issues.

    However, such critical security issues should not have been left uncovered, and they must have been filtered out during WC’s internal tests when that specific feature was developed.

    As the internal tests were weak, it is now causing every site admin/owner to manage unexpected site updates and their side effects.

    Please consider putting more effort into internal tests, or pushing only mandatory updates for files that require an update (i.e. not all plugin files).

    Thank you!

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Randolph GAMO

    (@randolphgamo)

    3 months ago

    Dear @wpandlpuser ,

    Thank you for taking the time to share your feedback. We understand how disruptive unexpected updates can be—especially when they impact custom modifications on a live site. We’re sorry for the inconvenience this caused you.

    Security releases are handled with urgency to protect stores and customer data, and in certain cases may be pushed automatically when a vulnerability is considered critical. That said, we fully appreciate that this can create challenges for sites with customizations in place.

    Your feedback regarding internal testing and more granular update mechanisms is valid and appreciated. We will share your concerns with the appropriate team so they can be taken into consideration for future improvements to the release process.

    Plugin Support Frank Remmy (woo-hc)

    (@frankremmy)

    3 months ago

    Hi @wpandlpuser,

    Thanks for sharing your experience, and I’m really sorry to hear that the automatic update caused issues on your live site. Even when auto‑updates are disabled, unexpected changes are understandably frustrating, especially when custom WooCommerce modifications are involved.

    In this case, the update to 10.5.3 was pushed as a forced security release to address a vulnerability that required immediate action across the ecosystem. Security patches of this type bypass the normal auto‑update settings because leaving sites unpatched would expose store owners and customers to significant risk. This is the same mechanism WordPress core uses for critical security releases.

    That said, your point about internal testing and update scope is absolutely heard. Security fixes should ideally be as minimal and isolated as possible, and they should never introduce regressions or break existing customizations. Feedback like yours helps highlight where our processes can be strengthened, both in automated testing and in ensuring that emergency patches remain tightly focused: https://woocommerce.com/feature-requests/woocommerce/

    If you’re still seeing issues after the update, feel free to share details and we’re happy to help.

    Thread Starter wpandlpuser

    (@wpandlpuser)

    3 months ago

    Dear @frankremmy and @randolphgamo ,

    Thank you for your quick feedback.
    The impact of having such a critical issue is clear and of course it has to be covered with a patch. However, I (and many other website operators) would appreciate to improve your testing OR deployment process.

    I won’t submit a a feature request for such, this should be an internal process improvement.

    Thank you!

    Plugin Support shahzeen(woo-hc)

    (@shahzeenfarooq)

    3 months ago

    Hi there!

    Thank you for sharing your feedback we completely understand where you’re coming from, and your concern is absolutely valid.

    Security and stability are both extremely important, and when a critical issue is identified, our team may need to release a patch quickly to protect stores and their customers. That said, feedback like yours regarding testing and deployment processes is valuable, and we do pass this along internally so the responsible teams can review and continue improving how updates are prepared and delivered.

    While urgent security releases sometimes require faster rollout timelines, the goal is always to minimize disruption while keeping sites secure. We truly appreciate you taking the time to share your perspective, as input from site owners helps inform ongoing improvements behind the scenes.

    Before you go, If you found WooCommerce helpful in setting up your store, we would really appreciate it if you could leave a five-star review here:https://ww.wp.xz.cn/support/plugin/woocommerce/reviews/#new-post. Your feedback helps us improve and lets other users know how WooCommerce can support their business.

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.