updated plugin Jetpack Protect version 2.0.0

2024-02-08 12:31:43 +00:00
parent ce653dd56c
commit 8d5e7cc070
192 changed files with 5244 additions and 2003 deletions
--- a/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/.phpcs.dir.phpcompatibility.xml
+++ b/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/.phpcs.dir.phpcompatibility.xml
@ -1,6 +0,0 @@
-<?xml version="1.0"?>
-<ruleset>
-	<!-- Some code here runs outside of WordPress code. -->
-	<!-- TODO: Split that by directory or something so we can do this only for the non-WordPress code. -->
-	<rule ref="Jetpack-Compat-NoWP" />
-</ruleset>
--- a/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/.phpcsignore
+++ b/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/.phpcsignore
@ -1 +0,0 @@
-rules/
--- a/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/CHANGELOG.md
+++ b/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/CHANGELOG.md
@ -5,6 +5,28 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

+## [0.12.4] - 2024-01-18
+### Fixed
+- Optimize how the web application firewall checks for updates on admin screens. [#34820]
+
+## [0.12.3] - 2024-01-02
+### Changed
+- Internal updates.
+
+## [0.12.2] - 2023-12-25
+### Changed
+- Improve top-level WP-CLI command description [#34745]
+
+## [0.12.1] - 2023-11-21
+
+## [0.12.0] - 2023-11-20
+### Changed
+- Updated required PHP version to >= 7.0. [#34192]
+
+## [0.11.15] - 2023-11-14
+
+## [0.11.14] - 2023-10-30
+
 ## [0.11.13] - 2023-10-10
 ### Fixed
 - Escape email address when output in HTML. [#33536]
@ -235,6 +257,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 - Core: do not ship .phpcs.dir.xml in production builds.

+[0.12.4]: https://github.com/Automattic/jetpack-waf/compare/v0.12.3...v0.12.4
+[0.12.3]: https://github.com/Automattic/jetpack-waf/compare/v0.12.2...v0.12.3
+[0.12.2]: https://github.com/Automattic/jetpack-waf/compare/v0.12.1...v0.12.2
+[0.12.1]: https://github.com/Automattic/jetpack-waf/compare/v0.12.0...v0.12.1
+[0.12.0]: https://github.com/Automattic/jetpack-waf/compare/v0.11.15...v0.12.0
+[0.11.15]: https://github.com/Automattic/jetpack-waf/compare/v0.11.14...v0.11.15
+[0.11.14]: https://github.com/Automattic/jetpack-waf/compare/v0.11.13...v0.11.14
 [0.11.13]: https://github.com/Automattic/jetpack-waf/compare/v0.11.12...v0.11.13
 [0.11.12]: https://github.com/Automattic/jetpack-waf/compare/v0.11.11...v0.11.12
 [0.11.11]: https://github.com/Automattic/jetpack-waf/compare/v0.11.10...v0.11.11
--- a/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/SECURITY.md
+++ b/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/SECURITY.md
@ -4,11 +4,20 @@ Full details of the Automattic Security Policy can be found on [automattic.com](

 ## Supported Versions

-Generally, only the latest version of Jetpack has continued support. If a critical vulnerability is found in the current version of Jetpack, we may opt to backport any patches to previous versions. 
+Generally, only the latest version of Jetpack and its associated plugins have continued support. If a critical vulnerability is found in the current version of a plugin, we may opt to backport any patches to previous versions. 

 ## Reporting a Vulnerability

-[Jetpack](https://jetpack.com/) is an open-source plugin for WordPress. Our HackerOne program covers the plugin software, as well as a variety of related projects and infrastructure.
+Our HackerOne program covers the below plugin software, as well as a variety of related projects and infrastructure:
+
+* [Jetpack](https://jetpack.com/)
+* Jetpack Backup
+* Jetpack Boost
+* Jetpack CRM
+* Jetpack Protect
+* Jetpack Search
+* Jetpack Social
+* Jetpack VideoPress

 **For responsible disclosure of security issues and to be eligible for our bug bounty program, please submit your report via the [HackerOne](https://hackerone.com/automattic) portal.**

--- a/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/composer.json
+++ b/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/composer.json
@ -4,15 +4,16 @@
 	"type": "jetpack-library",
 	"license": "GPL-2.0-or-later",
 	"require": {
-		"automattic/jetpack-connection": "^1.58.1",
-		"automattic/jetpack-constants": "^1.6.23",
-		"automattic/jetpack-ip": "^0.1.6",
-		"automattic/jetpack-status": "^1.18.5",
+		"php": ">=7.0",
+		"automattic/jetpack-connection": "^2.2.0",
+		"automattic/jetpack-constants": "^2.0.0",
+		"automattic/jetpack-ip": "^0.2.1",
+		"automattic/jetpack-status": "^2.1.0",
 		"wikimedia/aho-corasick": "^1.0"
 	},
 	"require-dev": {
 		"yoast/phpunit-polyfills": "1.1.0",
-		"automattic/jetpack-changelogger": "^3.3.11",
+		"automattic/jetpack-changelogger": "^4.0.5",
 		"automattic/wordbless": "@dev"
 	},
 	"suggest": {
@ -51,7 +52,7 @@
 			"link-template": "https://github.com/Automattic/jetpack-waf/compare/v${old}...v${new}"
 		},
 		"branch-alias": {
-			"dev-trunk": "0.11.x-dev"
+			"dev-trunk": "0.12.x-dev"
 		}
 	},
 	"config": {
--- a/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-compatibility.php
+++ b/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-compatibility.php
@ -186,7 +186,7 @@ class Waf_Compatibility {
 		$brute_force_allow_list = Jetpack_Options::get_raw_option( 'jetpack_protect_whitelist', false );
 		if ( false !== $brute_force_allow_list ) {
 			$waf_allow_list = self::merge_ip_allow_lists( $waf_allow_list, $brute_force_allow_list );
-			update_option( Waf_Initializer::NEEDS_UPDATE_OPTION_NAME, 1 );
+			update_option( Waf_Initializer::NEEDS_UPDATE_OPTION_NAME, true );
 		}

 		return $waf_allow_list;
@ -213,7 +213,7 @@ class Waf_Compatibility {
 		$brute_force_allow_list = Jetpack_Options::get_raw_option( 'jetpack_protect_whitelist', false );
 		if ( false !== $brute_force_allow_list ) {
 			$waf_allow_list = self::merge_ip_allow_lists( $waf_allow_list, $brute_force_allow_list );
-			update_option( Waf_Initializer::NEEDS_UPDATE_OPTION_NAME, 1 );
+			update_option( Waf_Initializer::NEEDS_UPDATE_OPTION_NAME, true );
 		}

 		return $waf_allow_list;
--- a/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-waf-cli.php
+++ b/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-waf-cli.php
@ -11,7 +11,7 @@ use WP_CLI;
 use WP_CLI_Command;

 /**
- * Just a few sample commands to learn how WP-CLI works
+ * Set up the WAF, change its mode, or generate its rules.
 */
 class CLI extends WP_CLI_Command {
 	/**
--- a/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-waf-initializer.php
+++ b/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-waf-initializer.php
@ -155,7 +155,7 @@ class Waf_Initializer {
 			return;
 		}

-		update_option( self::NEEDS_UPDATE_OPTION_NAME, 1 );
+		update_option( self::NEEDS_UPDATE_OPTION_NAME, true );
 	}

 	/**
@ -197,9 +197,10 @@ class Waf_Initializer {
 				// just migrate the IP allow list used by brute force protection.
 				Waf_Compatibility::migrate_brute_force_protection_ip_allow_list();
 			}
+
+			update_option( self::NEEDS_UPDATE_OPTION_NAME, false );
 		}

-		update_option( self::NEEDS_UPDATE_OPTION_NAME, 0 );
 		return true;
 	}

--- a/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-waf-standalone-bootstrap.php
+++ b/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-waf-standalone-bootstrap.php
@ -80,7 +80,7 @@ class Waf_Standalone_Bootstrap {
 		if ( isset( $jetpack_autoloader_loader ) ) {
 			$class_file = $jetpack_autoloader_loader->find_class_file( Waf_Runner::class );
 			if ( $class_file ) {
-				$autoload_file = dirname( dirname( dirname( dirname( dirname( $class_file ) ) ) ) ) . '/vendor/autoload.php';
+				$autoload_file = dirname( $class_file, 5 ) . '/vendor/autoload.php';
 			}
 		}

@ -91,13 +91,13 @@ class Waf_Standalone_Bootstrap {
 		) {
 			$package_file = InstalledVersions::getInstallPath( 'automattic/jetpack-waf' );
 			if ( substr( $package_file, -23 ) === '/automattic/jetpack-waf' ) {
-				$autoload_file = dirname( dirname( dirname( $package_file ) ) ) . '/vendor/autoload.php';
+				$autoload_file = dirname( $package_file, 3 ) . '/vendor/autoload.php';
 			}
 		}

 		// Guess. First look for being in a `vendor/automattic/jetpack-waf/src/', then see if we're standalone with our own vendor dir.
 		if ( null === $autoload_file ) {
-			$autoload_file = dirname( dirname( dirname( dirname( __DIR__ ) ) ) ) . '/vendor/autoload.php';
+			$autoload_file = dirname( __DIR__, 4 ) . '/vendor/autoload.php';
 			if ( ! file_exists( $autoload_file ) ) {
 				$autoload_file = dirname( __DIR__ ) . '/vendor/autoload.php';
 			}
--- a/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-waf-stats.php
+++ b/wp-content/plugins/jetpack-protect/jetpack_vendor/automattic/jetpack-waf/src/class-waf-stats.php
@ -52,8 +52,12 @@ class Waf_Stats {
 	 * Get Rules version
 	 *
 	 * @return bool|string False if value is not found. The current stored rules version if cache is found.
+	 *
+	 * @deprecated 0.12.3 Use Automattic\Jetpack\Waf\Waf_Stats::get_automatic_rules_last_updated() to version the rules instead.
 	 */
 	public static function get_rules_version() {
+		_deprecated_function( __METHOD__, 'waf-0.12.3', 'Automattic\Jetpack\Waf\Waf_Stats::get_automatic_rules_last_updated' );
+
 		return get_option( Waf_Rules_Manager::VERSION_OPTION_NAME );
 	}