#55366 closed defect (bug) (invalid)
WordPress auto-updated plugin with auto-updates disabled
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | Plugins | Keywords: | |
| Focuses: | Cc: |
Description
Hello,
As there are some updates that can break our site, we have automatic updates disabled for all plugins. Today, the plugin "Woocommerce" updated from version 6.3.0 to 6.3.1 automatically, causing a critical issue on our site. I looked at the changelog for this version, and it appears there was a fix for a security issue. So I am wondering if there is some criteria that would allow an automatic update of a plugin even if automatic updates are disabled. We understand the need to keep plugins up to date, I'm just curious if security was the reason for this unexpected behavior or if it's a bug.
Change History (3)
Note: See
TracTickets for help on using
tickets.
The default setting for auto-updates is not "disabled". The default is to follow the recommendation of the WordPress.org systems. So yes, an automatic update was enabled for WooCommerce starting today for the security issue. https://developer.woocommerce.com/2022/03/10/woocommerce-3-5-10-6-3-1-security-releases/
WordPress has had auto-updating for plugins since WordPress 3.7. You can read more about this here: https://make.wordpress.org/plugins/2015/03/14/plugin-automatic-security-updates/