Beginning with WordPress 5.2, the WordPress team will digitally sign its update packages using the ED25519 public-key signature system. This will allow a local installation to verify the update package’s authenticity before applying it to a local site and can even help prevent supply-chain attacks on all WordPress sites.
https://www.techradar.com/news/wordpress-revamped-with-new-security-features
origin - https://www.pipiscrew.com/2019/05/wordpress-v5-2-with-new-security-features/ wordpress-v5-2-with-new-security-features