Starting in September conflict between Automattic and WP Engine received an unexpected continuation. Automattic, which oversees the development of the WordPress platform and the official plug-in catalog WordPress.org, announced the creation of a fork of one of the most popular plugins – acf (Advanced Custom Fields), developed by WP Engine. The plugin has over 2 million installations and is distributed under the GPLV2 license. This action initiated the user transition to the fork by replacing the original ACF pages on WordPress.org.
The reason cited for this action was concern for security and the need to address a vulnerability in the ACF version available through the WordPress.org catalog. The announcement advised users to refrain from updating to the proposed ACF version until the vulnerability is addressed. It was also mentioned that the developers of ACF had announced a change in the delivery of plugin updates, opting to provide updates from their own site instead of through WordPress.org. This decision was influenced by legal disputes with WP Engine, the developers of the ACF plugin.
Prior to the announcement of the fork, Automattic had blocked ACF developers’ access to WordPress.org, preventing them from publishing an update to fix the vulnerability. Despite this, ACF developers had released a fix on their website and recommended users to install it manually or through the WP Engine catalog. The security update for ACF had been prepared five days before Automattic’s announcement of the fork.
The conflict between WP Engine and Matthew Mullenweg, founder