Matt is stepping up the pettiness weaponizing wordpress.org security CVE system now
He knows full well he has blocked WPEngine from updating their plugins on wordpress.org.
They've deleted the tweet now, but it was a tweet that should have never been made by Automattic and will likely just add further weight to the complaints against Matt and Automattic by WP Engine.
Here are backup image:
And here's Matt being a smarmy self-righteous ****:
To put this in perspective, 30 days is generally the minimum time alloted to fix CVE, but it is done as a courtesy rather as any strict rule. Large companies or projects often get longer (60, 90, 120 or rarely 180 days) because the fallout of critical exploits can be detrimental to end users. Wordpress (and WooCommerce) often get longer lead times on CVE, because they've often been slow with fixing issues.
More importantly, Advanced Custom Fields cannot be updated, as Wordpress.org banned their access in doing so, so this is literally just a PR move on their part, to make the company look bad or incompetent.
This is also not something that should have been done on the Automattic Twitter, but through Wordpress Foundation, or Wordpress.org as they are all separate entities, even though they are all controlled by Matt.
The post should have never been made, should never have been through Automattic (who is already being sued for multiple things this will be used as evidence for), and the fact that it has now been deleted is going to look worse on them.
this is more entertaining than any movie released in years.