Regular forced updates

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support Raif Deari

    (@rdeari)

    2 years, 7 months ago

    Hi @tsso0120

    Thank you for the feedback. Yes, there are sometimes these “forced updates” however, they are to ensure that the plugin fixes any vulnerability that might have existed with the previous version.

    Is there any issue you are facing with the newest version? Please let us know and we are happy to help.

    Thank you!

    Thread Starter tsso0120

    (@tsso0120)

    2 years, 7 months ago

    We already found a way to set up our server to prevent this from happening in the future.

    Plugin Support Raif Deari

    (@rdeari)

    2 years, 7 months ago

    Hi @tsso0120

    Thank you for the update on the matter. While what you have done might prevent the updates, I would highly suggest not doing that, you can disable automatic updates but not prevent these crucial updates from time to time. Again, if there is something specific you are concerned about we are happy to listen 🙂

    Thread Starter tsso0120

    (@tsso0120)

    2 years, 7 months ago

    I wish I could I could prevent updates by just disabling automatic updates.

    It looks like its going to be much more complex upgrade to our setting but we need to ensure that no one can install anything without our consent.

    I gave you 1* to let others know that they should not rely on your plugin as it has too many unstable and unsecure versions.

    yet I would like to thank you for bringing that general vulnerability to my attention. As apparently automattic can do that with other plugins as well that issued should be solved on a different level.

    • This reply was modified 2 years, 7 months ago by tsso0120.
    Douglas I. a11n

    (@imodouglas)

    2 years, 7 months ago

    Hi @tsso0120,

    I understand your concern about the auto-updates.

    It would be good to note that for any software or plugin to stay valuable and secure, constant updates need to be made. In our case, we actively seek out possible vulnerabilities in our extensions (especially payment-related extensions) and release fixes for them ASAP to ensure that merchants are not affected by them.

    I understand that you would like to be notified of these updates rather than it being auto-updated hence your server setup to block all updates. However, these auto-updates help keep the site of merchants secure including those who may miss the update notifications or emails.

    I hope this helps clarify things. 🙂

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Regular forced updates’ is closed to new replies.