Jilism slot casino login philippines.Makakuha ng libreng 700pho sa bawat deposito

Resolved anugrahjaya1
(@anugrahjaya1)

1 year, 1 month ago
I have a question regarding WordPress allowing users to upload webp format since WordPress 5.8 (https://make.www.ads-software.com/core/2021/06/07/wordpress-5-8-adds-webp-support/). This article said, “In WordPress, the lossless WebP format is only supported when the hosting server uses Imagick (the PHP library) until LibGD adds support.” WordPress uses Imagick. and Imagick is a PHP extension that uses ImageMagick right

Also, I found an article on how to add WebP support for ImageMagick. (https://github.com/ImageMagick/ImageMagick/discussions/5812)

Based on that, I found the article about a vulnerability in the popular “libwebp”. (https://therecord.media/libwebp-vulnerability-more-widespread-than-expected). in this article said “The vulnerable library was “found in several popular container images’ latest versions, collectively downloaded and deployed billions of times, such as Nginx, Python, Joomla, WordPress, Node.js, and more.””

The question is, does WordPress use libwebp to allow users to upload WebP format?
- This topic was modified 1 year, 1 month ago by anugrahjaya1.
The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)

Moderator Yui
(@fierevere)

永子

1 year, 1 month ago

Yes it does (but not directly).

WordPress > PHP ( GD or Imagick extension ) > libwebp

You should update your server OS package libwebp as a fix and then restart PHP (apache2 or php-fpm or whatever your PHP is running as)
If you are on shared/managed hosting, perhaps server system admins already did that for you.

Thread Starter anugrahjaya1
(@anugrahjaya1)

1 year, 1 month ago

to fix vulnerability libwebp only need to update package libwebp or better update php version? example from 8.2.3 to 8.2.11? which one better?
Moderator Yui
(@fierevere)

永子

1 year, 1 month ago
1. Your question is not directly related to WordPress.
2. Updating libwebp is usually enough, then restart all programs that are using it.
3. It is always better to run latest PHP version in supported branch
Also note, there are some software that bundle their own libwebp or link it statically, this can include Windows Web stack (like OpenServer), LiteSpeed (which is using own build tree), binary programs supplied with some plugins (i.e. image optimization plugins), you have to track that programs yourself and check for newest version. This also goes for any Docker images that can contain and use libwebp

Most UNIX (and Linux) distributions already have updated their libwebp packages and most packages link to dynamic libraries, so updating the library and restart program using it is enough to fix.

I’m marking this topic as resolved as there is no direct issue with WordPress.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘vulnerability in popular ‘libwebp’’ is closed to new replies.

vulnerability in popular ‘libwebp’

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics