The makefile of the Views Slideshow module currently downloads the master versions of the jquery.cycle and json2 libraries. As it is not downloading specific versions of these libraries, and we have no control over the commits being done to those repositories, a single malicious or erroneous commit would be all it takes to break the whole module or introduce a security issue.

This can also be a problem when troubleshooting issues in a specific release of the module, as different people may be using different versions of the library.

On the flipside, this may mean the Views Slideshow module has to release more often in order to include the right version of the libraries, but I am willing to help with this if needed!

CommentFileSizeAuthor
#1 views_slideshow-2334833-1.patch807 bytesstefan.r
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

stefan.r’s picture

stefan.r CreditAttribution: stefan.r commented
FileSize
views_slideshow-2334833-1.patch807 bytes
stefan.r’s picture

stefan.r CreditAttribution: stefan.r commented
Status: Active » Needs review
NickDickinsonWilde’s picture

NickDickinsonWilde
He/Him/His
Primary language English
Location Victoria, BC (T'So-uke lands)
CreditAttribution: NickDickinsonWilde at BriarMoon Design commented
Status: Needs review » Fixed

Given make's reducing usage (I think anyways), and the fact that there's been no release of jQuery Cycle for over 2 years that it's safe to do that. Really Cycle is deprecated: http://jquery.malsup.com/cycle2/ but anyways.
Thanks for the patch, applying, (well updated to latest json2).

  • NickWilde committed 1a85653 on 7.x-3.x authored by stefan.r 
    Issue #2334833 by stefan.r, NickWilde: Makefile downloads the master...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.