Where does wordpress gets its core and plugin updates

The context:
I have a customer for whom I’ve installed WordPress in an internal network, behind several layers of the firewall.

I need to have this WP installation updated on a regular basis
The machine where it’s installed is behind a proxy (all proxy parameters are set in WordPress)

But in order for my WP installation to actually reach the update servers, they need to be allowed by the proxy (which works on the principle that everything is closed excepted what’s explicitly allowed)

So we come to the question: What are the names/urls/Ips of the WordPress updates servers/repositories which I need to ask to be whitelisted on that proxy? – (core and plugins).

Failing the list itself, what would be a good way to try and get those addresses by myself?

I’ve searched in vain for an official list on WordPress.org, and googled that search in various forms, without obtaining a satisfactory answer.

Please bear in mind that the list should be as complete as possible, since my customer being a big organization, this kind of request takes weeks to be reviewed, then implemented.

Any help on that would be greatly appreciated. Thanks in advance

Solutions Collecting From Web of "Where does wordpress gets its core and plugin updates"

Why would you even want n automatic update in such a setting? bit orgs rarely allow just random software being installed without testing it first.

In any case, this is unlikely to be achievable in a sane way unless you limit yourself only to plugins from the wordpress.org repository as any “pro” type of plugin and theme will require making more “holes” for its update server.

Unsupervised automated updates are always a bad idea, but to reduce general security to support them is just unthinkable from a security POV.