The makefile of the Views Slideshow module currently downloads the master versions of the jquery.cycle and json2 libraries. As it is not downloading specific versions of these libraries, and we have no control over the commits being done to those repositories, a single malicious or erroneous commit would be all it takes to break the whole module or introduce a security issue.
This can also be a problem when troubleshooting issues in a specific release of the module, as different people may be using different versions of the library.
On the flipside, this may mean the Views Slideshow module has to release more often in order to include the right version of the libraries, but I am willing to help with this if needed!
Comment | File | Size | Author |
---|---|---|---|
#1 | views_slideshow-2334833-1.patch | 807 bytes | stefan.r |
Comments
Comment #1
stefan.r CreditAttribution: stefan.r commentedComment #2
stefan.r CreditAttribution: stefan.r commentedComment #3
NickDickinsonWildeGiven make's reducing usage (I think anyways), and the fact that there's been no release of jQuery Cycle for over 2 years that it's safe to do that. Really Cycle is deprecated: http://jquery.malsup.com/cycle2/ but anyways.
Thanks for the patch, applying, (well updated to latest json2).