May 18th Support Team Meeting Summary

Announcements

• WordPress 4.7.5 is out, get your security on!
• The Plugins SVNSVN Apache Subversion (often abbreviated SVN, after its command name svn) is a software versioning and revision control system. Software developers use Subversion to maintain current and historical versions of files such as source code, web pages, and documentation. Its goal is to be a mostly compatible successor to the widely used Concurrent Versions System (CVS). WordPress core and the wordpress.org released code are all centrally managed through SVN. https://subversion.apache.org/. seems to be back in working order, rejoice!
• WordPress is now on HackerOne for all of your security vulnerability report and bounty needs!

WordPress 4.7.5

We have nothing new to add to the known issues for 4.7 this week.

WordPress 4.8 BetaBeta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process. 1

WordPress 4.8 Beta 1 is here! Please make sure that you’re testing via something like the Beta Tester plugin or Varying Vagrant Vagrants.

If you have any other fun/easy beta testing methods to share, please do so in the comments below!

Handling Security Vulnerability Questions

When you encounter questions about security vulnerabilities, please keep in mind that we are representatives of WordPress. We should not be spreading any information about security vulnerabilities which have not been published at WordPress.org. We all agree that there are many great third-party resources out there, but our approach must be complimentary to WordPress’s desire for private disclosure.

For example, if someone asks “Is this security vulnerability fixed in 4.7.5?” we should remove the details of the vulnerability from their post (or ask a Moderator to do so) and then consult 4.7.5’s release post. If it has indeed been fixed, let them know and refer them to the release post. If it has not been fixed, refer them to the release post and ask them to report it via HackerOne (there’s no harm in duplicate reports).

(If you want to use your favorite third-party resource to help you find out if security vulnerabilities have been addressed, please of course do so, just don’t link to it. Overall, we should only link to security vulnerability information published at WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/.)

Checkin with International Support Liaisons

• The Russian, Italian, Hindi, and German support communities are doing well.
• The Portuguese support community is doing well and will be recruiting more folks at WordCamp Lisboa 2017 this weekend.

Attendance

@macmanx @bcworkz @vitormadeira @erricgunawan @bdbrown @t-p @anevins @cristianozanca @numeeja @sterndata @geoffreyshilling @stephencottontail @glorialchemica @tobifjellner @francescodicandia @keesiemeijer @fierevere @lasacco @pr0v4 @kidsguide @travel_girl @zoonini @pmfonseca @geost @sergeybiryukov @hardeepasrani @zodiac1978 attended

Read the meeting transcript in the Slack archives. (A Slack account is required)

#weekly-chat