WordPress 5.2 build will ship with offline digital signatures for core updates as a defense measure against possible supply-chain attacks. The new feature complements the automatic update mechanism WordPress introduced with the 3.7 version released on October 24, 2013. It makes it possible to prevent threat actors from issuing a mass update pushing malicious code onto all installations after taking control of the WordPress infrastructure. Such an attack would lead to the immediate infection of approximately 33,8% of all websites on the Internet.
Source: https://www.bleepingcomputer.com/news/security/wordpress-52-to-come-with-supply-chain-attack-protection/