Bug #35671
closed
Reports module should not show warnings for "excludeFromUpdates" extensions
100%
Description
If an extension is marked as insecure, the reports module shows a warning and suggests to update the extension.
This happens also for extensions which have the "excludeFromUpdates" state.
Extensions with this state are meant to be hosted independently from TER. Therefore in reports module neither a warning about TER updates nor insecure version make sense.
Solution is to exclude these extensions from the reports submodule of the em sysext.
Updated by Gerrit Code Review over 12 years ago
- Status changed from New to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10152
Updated by Gerrit Code Review over 12 years ago
Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10152
Updated by Georg Ringer over 12 years ago
- Status changed from Under Review to On Hold
IMO this should be first discussed with the security team!
I mark extensions as "exclude from updates" if I change inside it something. Still I would like to see if there is a security issue in the version I use. If I have fixed it locally , then I just need to increase the version number too and everything is fine!
furtheremore an extension author can even set this state himself.
if you wanna exclude your own versions of ter extensions, just use as version number 999.99.0 and you are save but don't change the securiy related behaviour
Updated by Helmut Hummel over 12 years ago
I agree with all points Georg made here.
Updated by Marcus Krause over 12 years ago
The same with me; please do not change the current behaviour!
Updated by Georg Ringer over 12 years ago
- Status changed from On Hold to Rejected
- % Done changed from 0 to 100
steffen: please abort the change in gerrit
Updated by Steffen Müller over 12 years ago
The problem is that in most cases extension from forge svn/git have a lower version number than ter releases have. Most ext developers do not care about version numbers in forge repositories (even extension-news lacks of proper version ;-)
Of course I could change the version in ext_emconf.php myself, but that leads to ugly untracked changes in git/svn or even conflicts once something changes in remote/origin.
Not satisfying.
Updated by Georg Ringer over 12 years ago
you explain it yourself: the problem is not in the core but lazy developers/wrong extensions. so please open an issue at their bugtracker and push a change there instead of for the core. I will do that btw for news in a minute
Updated by Georg Ringer over 12 years ago
- Status changed from Rejected to Closed