Bug #75937: Updating global extensions via EM silently leaves potentially risky code on the server. - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #75937

closed

Updating global extensions via EM silently leaves potentially risky code on the server.

Added by Clemens Riccabona about 8 years ago. Updated about 4 years ago.

Status:

Rejected

Priority:

Must have

Assignee:

Category:

Extension Manager

Target version:

Candidate for patchlevel

Start date:

2016-04-27

Due date:

% Done:

Estimated time:

TYPO3 Version:

PHP Version:

7.0

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

Since EM in 6.2 does not provide any information about installation place of Extension (typo3/sysext, typo3/ext, typo3conf/ext) you won't notice that there is old code left on the server.
If you update an extension which is globally installed, EM silently installs to local directory, leaving the global directory untouched.

In case of security fixes in such extensions, the security-leak just remains silently on the server, no chance to find that out via TYPO3.

IMHO we should AT LEAST have information about this bad and potentially risky behaviour in the extension manager.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #75937

Updating global extensions via EM silently leaves potentially risky code on the server.

Updated by Clemens Riccabona about 7 years ago

Updated by Clemens Riccabona about 7 years ago

Updated by Clemens Riccabona about 7 years ago

Updated by Benni Mack about 7 years ago

Updated by Susanne Moog about 4 years ago