Dion Hulse 2:45 am on March 26, 2026
Tags: ,   

Access to jobs.wordpress.net

Can I please get SSHSSH Secure SHell - a protocol for securely connecting to a remote system in addition to or in place of a password. access to jobs.wordpress.net?

I need access to update themes: https://github.com/WordPress/wordpress.org/pull/575

#prio2 #access

Scott Reilly 9:52 pm on March 24, 2026
Tags:   

Account for visitor language in Browse Happy caching

There have been recent reports of cached language contamination for Browse Happy. Locales that don’t necessary match the visitor’s preference are being presented to some visitors (depends on what language version of the site happened to warm the cache and what the visitor’s preferred language is).

That first set of reports indicated Chinese was served, despite being en_US in California. Later, others reported incorrectly seeing Hebrew. I checked and saw Hebrew myself, then shortly thereafter saw English. Currently I see Portuguese.

This appears to be a page-cache keying issue. The site is serving cached HTMLHTML HTML is an acronym for Hyper Text Markup Language. It is a markup language that is used in the development of web pages and websites. (X-CACHE: HIT) and only advertises Vary: Accept-Encoding, which is not sufficient for language negotiation. The application chooses locale from the Accept-Language request headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes. (unless an explicit ?locale= is provided). If the cache key for / does not vary by language, whichever language variant warms that cache entry can be served to subsequent visitors until expiry or purge.

Additional testing shows /?locale=he is also cached (X-CACHE: HIT), which suggests query-string variants are cached separately. So it seems the primary gap is handling of Accept-Language for plain / requests.

I haven’t seen reports of this until now, and the site hasn’t changed in years (other than coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. WP). Not sure if caching was changed/implemented somewhat recently, or if just no one has reported it (though I had never seen it myself but have certainly done so a few times in the last couple days).

Solution considerations:

A. Add Accept-Language to the cache key for HTML (or otherwise ensure cached responses vary by it). The raw Accept-Language is noisy (en-US,en;q=0.9en-GB,en;q=0.8, etc.), so keying on the full header will create many cache variants, though that would be necessary for correctness. Normalization might seem attractive (e.g. bucketing by the first language tag), but preference is expressed with q values, so “first tag in header order” is not always the same as the app’s choice after sorting by q. Implementing this as Vary: Accept-Encoding, Accept-Language on HTML (if the cache honors it) is equivalent in intent to including the header in the cache key. Even with increased cache variants, visitors should at least get a response consistent with their negotiated language.

B. The site could (but currently doesn’t) set a cookie which would set the language (e.g. bh_locale=en_US) and could be used as part of the cache key, but that requires allowing first requests to pass through to the site for that determination. This would result in one uncached resolution per new visitor, then cache hits keyed by cookie.

C. Or, caching could be disabled. The site only has its root page, which though it loads WP, does not make any additional queries for content. Static assets could still be cached.

Testing:

The site should serve different versions of the front page (check the content) based on the Accept-Language header for each of these (English, Hebrew, and Chinese, respectively). (You can compare obvious differences as seen when using ?locale= in query to get the same language, e.g. https://browsehappy.com/?locale=he-IL.)

curl -H "Accept-Language: en-US" https://browsehappy.com
curl -H "Accept-Language: he-IL" https://browsehappy.com
curl -H "Accept-Language: zh-CH" https://browsehappy.com

#prio1

Konstantin Obenland 10:09 pm on March 16, 2026
Tags:   

Hi, could I ask for…

Hi, could I ask for my MacBook SSHSSH Secure SHell - a protocol for securely connecting to a remote system in addition to or in place of a password. key to be updated on my sandbox please? It looks like the ssh key management doesn’t extend to dotorg sandboxes. Thank you!

#prio1

Dion Hulse 1:41 am on March 13, 2026
Tags: ,   

Themes pre-commit hook update

Report: https://wordpress.slack.com/archives/C02QB8GMM/p1773343027847289

The themes pre-commit version-check branch is not properly anchored to the Version headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes., matching Other Version: as well. As a result, it matches https://themes.trac.wordpress.org/browser/blocksy/2.1.35/style.css?marks=15 and fails the commit.

themedropbox can bypass the checks, as it’s targeting direct theme-author SVNSVN Apache Subversion (often abbreviated SVN, after its command name svn) is a software versioning and revision control system. Software developers use Subversion to maintain current and historical versions of files such as source code, web pages, and documentation. Its goal is to be a mostly compatible successor to the widely used Concurrent Versions System (CVS). WordPress core and the wordpress.org released code are all centrally managed through SVN. https://subversion.apache.org/. commits.

(edit: The code is broken here, something is eating characters. See https://gist.github.com/dd32/0902af28065c1e28df4397dcc8efae54 for source)

The Regex on line 118 for STYLECSS_VERSION needs to be changed:

- grep -iEo 'version:.+' | awk -F '[: ]+' '{print $2}'
+ grep -iEo '^[/<em>#@[:blank:]]</em>version:.+' | awk -F ':[\t ]+' '{print $2}'

This matches enough of the get_file_data() regex in core: https://github.com/WordPress/wordpress-develop/blob/202a1f3309de780b826b3d68593698616eeeffd2/src/wp-includes/functions.php#L6976
I don’t see the need to support the pre and post <?php & ?> in there.

If you want full support, this will probably work:

grep -iEo '^([ \t]<em><\?php)?[/</em>#@[:blank:]]<em>version:[[:blank:]]</em>[^[:blank:]]+' | awk -F ':[[:blank:]]*' '{print $2}'

Worst case scenario headers:

<?php //*#    @Version:  1.0.0 ?>
@Other Version: 2.0

(The original regex is Props me)

#prio3 #svn

John Blackbourn 3:07 pm on March 9, 2026
Tags:   

Ref: https://core.trac.wordpress.org/ticket/64083#comment:61 A commit was…

Ref: https://core.trac.wordpress.org/ticket/64083#comment:61

A commit was made to the 6.0 branch of WordPress core last week. The commit only touched GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged by the repository owner. https://github.com/ Actions workflow files, but it resulted in the built files on this branch changing. The same change was committed to all branches between 4.7 and 6.9 yet none of the other branches produced a change to the built files.

Did something change on the build server since the last commit in November that would cause the built files to change? As far as we can tell, everything in the Node dependencies, webpack, browserslist, etc is pinned as it should be, and this is the only branch that produced a different build.

#prio3

Dion Hulse 3:14 am on March 4, 2026
Tags: ,   

HTTP/2 for downloads.wordpress.org

WordPress 6.4 was released with an issue that caused HTTPHTTP HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands./2 to fail with certain curl versions, this was later fixed with WordPress 6.4.1.
As a result, we disabled HTTP/2 for downloads.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ in deployDeploy Launching code from a local development environment to the production web server, so that it's available to visitors. rev 20924, which allowed sites to update to 6.4.1.

See: https://github.com/WordPress/Requests/issues/838#issuecomment-1802346004 and https://core.trac.wordpress.org/ticket/59842#comment:3

A note was added to revert the change after 6.4.1 was released, and since we’re now close to 7.0… and the low number of clients still on 6.4, we can probably remove that.. probably.

Note: We do support HTTP/3 on downloads already, which likely already benefits clients that would use http/2, such as playground in browsers.

#prio3 #downloads

Dion Hulse 3:15 am on February 11, 2026
Tags: ,   

Reprovision sandbox: dd32

Can I please have my sandbox reprovisioned with latest debian? This is needed for AI tools and VSCode which demand modern glibc.

I’ve taken a backup of any customizations on my sandbox.. I hope 🙂 I’ll perform a self-backup before signing off each day if I’m not online when pinged.

#prio1 #sandbox

Konstantin Obenland 4:49 pm on February 10, 2026
Tags: ,   

Hi there, could I request…

Hi there, could I request a wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ sandbox to work on MCP tools for the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party. directory? I should already have dotorg and metaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. commit. Would you be able to reuse my current Automattic SSHSSH Secure SHell - a protocol for securely connecting to a remote system in addition to or in place of a password. keys?

#prio2 #sandbox

Stephane Daury (stephdau) 6:23 pm on January 29, 2026  

Hey all. I was wondering…

Hey all. I was wondering if you knew why Claude Code might be getting 403s on core.tracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. and core.svn?

⏺ Fetch(https://core.trac.wordpress.org/ticket/54488)
  ⎿  Error: Request failed with status code 403

⏺ Fetch(https://core.svn.wordpress.org/trunk/wp-load.php)
  ⎿  Error: Request failed with status code 403

⏺ Fetch(https://core.trac.wordpress.org/browser/trunk/CONTRIBUTING.md)
  ⎿  Error: Request failed with status code 403

Doesn’t sound super useful to blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience., since the same code can be accessed on GH:

 ⏺ Fetch(https://github.com/WordPress/wordpress-develop/blob/trunk/CONTRIBUTING.md)                                      
  ⎿  Received 189.1KB (200 OK)

On the other hand, there is no equiv of https://core.trac.wordpress.org/ticket/54488 on GH, so we’re at a loss here.

Erica Varlese 1:26 pm on January 21, 2026
Tags:   

Proxy access follow-up: @evarlese

Hi there! A follow-up to this request: Would it be possible to add the following SSHSSH Secure SHell - a protocol for securely connecting to a remote system in addition to or in place of a password. key as well/instead?

ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJ/Ji17t0dx9xWFMmvitXfNfyh/Rkocg5ZJe8cu8ZhiKBKG9OLd925oESLBwM5ZxKmY5Czu7OSU0j1+rJxXXY20= AutoProxxy/H3XYCJCF2K

For context, the tools I was previously using to manage proxy stopped working for me. Let me know if there’s anything else you might need or if there’s any trouble. Thank you!

Profile: https://profiles.wordpress.org/evarlese/

#proxy