[TASK] Add (almost) all security bulletins for TYPO3 community extensions#126
Conversation
Author
|
I am not sure if it is right that I only used branch "master" here. |
Author
|
…nsions hosted on TER" This commit adds almost every security bulletin for every community extension of the CMS "TYPO3" hosted on TYPO3's "TYPO3 extension repository" (TER). About 70 security bulletins are not included in this pull request. As these bulletins need some more manual work all missing security bulletins will be pushed in the next days if this commit is accepted. 'php validator.php' notes that all included packages are 'Invalid composer package'. As far as I can see this is caused by the fact that TER hosted TYPO3 extensions are not hosted on packagist.org but on TYPO3's own composer repository at https://composer.typo3.org/. I hope it is possible to use this security advisories anyway. Some information about that can be found at composer.typo3.org.
Member
|
@mostwanted1976 looks like that problem is somewhat related to #107 (though here we still have Composer packagist but not hosted on packagist.org) |
Member
There was a problem hiding this comment.
we generally write them as <1.2.1 (where 1.2.1 is the release containing the fix)
Author
There was a problem hiding this comment.
The version number containing the fix is not noted in the of the TYPO3 project's security bulletins. It would be really a lot of work to identify those release numbers. Therefore I would be happy if <= would also do the job.
Member
|
@mostwanted1976 see #127 for my proposal about packages on custom composer repositories |
kirtixs
pushed a commit
to kirtixs/security-advisories
that referenced
this pull request
Apr 27, 2016
…ow custom repositories
kirtixs
pushed a commit
to kirtixs/security-advisories
that referenced
this pull request
Apr 27, 2016
…ow custom repositories
fabpot
added a commit
that referenced
this pull request
Feb 1, 2017
This PR was squashed before being merged into the master branch (closes #128). Discussion ---------- Check any Composer repository This is an attempt to implement #127 (and would allow #126 to pass). I haven't used the `ComposerRepository` class before, but couldn't see a simple way to consistently find out if a repository knew a particular package name, so it's doing a search then cycling through the results. Commits ------- 0cfad5a Check any Composer repository
Member
|
Now that we support external Composer repository, anyone willing to finish this one? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This commit adds almost (!) all security bulletins for every community extension
of the CMS "TYPO3" hosted on TYPO3's "TYPO3 extension repository" (TER).
About 70 security bulletins are not included in this pull request. As these
bulletins need some more manual work all missing security bulletins will be
pushed in the next days if this commit is accepted.
'php validator.php' notes that all included packages are 'Invalid composer
package'. As far as I can see this is caused by the fact that TER hosted
TYPO3 extensions are not hosted on packagist.org but on TYPO3's own composer
repository at https://composer.typo3.org/. I hope it is possible to use this
security advisories anyway.
Some information about that can be found at composer.typo3.org.