Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The lack of a point release causes this module to have a "This project is not covered by Drupal’s security advisory policy." warning at the top of the project page. Considering there are almost 200k reported installs, this now seems like a major issue.
I'm not sure any of the child issues are required for a 1.0 release - seems like there's enough users already to justify a 1.0. We could move any important issues back to a 2.0 release if needed.
mpotterCreditAttribution: mpotter at Phase2 commented
I agree on this. Some clients have security policies, and the new warning at the top of module pages have made the lack of security coverage more obvious to clients. This is a major module and needs to opt-in to security coverage and roll a 1.0 release. It's been years since the rc3.
Chris MatthewsCreditAttribution: Chris Matthews commented
Is anyone able to provide an update re: the full 7.x-1.0 release? 7.x-1.0-rc3 was released in July 2015 and since then there have been a lot of commits on 7.x-1.x-dev.
@Chris Matthews Looping back to this. The current public opinion is that #1853144: Store created date/time is to be closed as a duplicate of #1396446: Redirects deleted too early which contains the patch from Store Created date/time as a part of a critical fix for redirect cleanup logic.
Chris MatthewsCreditAttribution: Chris Matthews commented
Pinging this thread to see if there are any committers following. If so, is there any chance 7.x-1.0 (or at least -rc4) could be tagged in the near future? 7.x is not dead, yet :)
Chris MatthewsCreditAttribution: Chris Matthews commented
Priority:
Major
» Critical
@pifagor, if you haven't already, can you contact Dave Reid and/or contact Sascha Grossenbacher to see if we can get some movement on this issue? Thanks!
Chris MatthewsCreditAttribution: Chris Matthews commented
And 7.x-2.x we leave for the next v7.x-2.0.
I'm not 100% sure what you mean as there has yet to be a tagged release for the 2.x branch. Which brings up the question, when should the 2.x branch become the recommended release instead of the 1.x branch?
As previously stated, 1.x and 2.x are currently the same. No difference has yet been added to the 2.x branch. I would recommend removing the 2.x branch until it is needed.
I propose now to intensively test the branch "7.x-1.x". With maximum community involvement.
And if everything is ok then on February 9, I will be creating a new release "7.x-1.0-rc4" from branch "7.x-1.x"
Setting back to "Needs review" so that we can gather feedback from additional reviewers.
@andralex Can you please add some details about the aspects that you tested/reviewed? There have been some major changes, and (in my opinion) a simple "works for me" isn't sufficient in this case.
jimmykoCreditAttribution: jimmyko as a volunteer commented
I've reviewed the branch 7.x-1.x
Here is what I've reviewd:
1. coding standard - Looks good and glad to see that the label text, readme and code comment are well corrected.
2. basic functions - I tested the basic functions on simplytest.me, including redirect creations and different options.
3. test running - I run the test once and seems all passed.
I didn't test the drush command, will do if I got time later.
@pifagor I tried the basic functionality that I use (adding/using/deleting redirects), and it seems to work fine. I did notice a couple coding standards things on my own and using PHP Intelliphense:
1. redirects.view -- should this file be a .php file or something? I don't know what a .view file is.
2. redirect.admin.inc calls redirect_build_filter_query($query, array('w.message'), $keys);. I get the following error from Intelliphense:
Expected type 'QueryAlterableInterface'. Found 'QueryExtendableInterface'.
So maybe redirect_build_filter_query should have a different parameter type hint?
3. redirect.install
// Limit the number of characters used by the index.
// That allows avoiding the risk to have a PDOException
// caused the DB index limitations of some databases.
As for me, the listed issues in the last comment doesn't break Drupal coding standards. Here is a separate issue for coding standards https://www.drupal.org/project/redirect/issues/2850121. So let's move the listed findings into that.
+ 1 I guess quite a few of us is going to have D7 around until at least jan 2025 and beyond as we are working through backlogs getting sites to D10/11. I am mostly worried for PHP comparability against newer versions of PHP as PHP 7.x is EOL and infrastructure is getting upgraded around us.
Comments
Comment #1
DamienMcKennaComment #2
kscheirerThe lack of a point release causes this module to have a "This project is not covered by Drupal’s security advisory policy." warning at the top of the project page. Considering there are almost 200k reported installs, this now seems like a major issue.
I'm not sure any of the child issues are required for a 1.0 release - seems like there's enough users already to justify a 1.0. We could move any important issues back to a 2.0 release if needed.
Comment #3
mpotter CreditAttribution: mpotter at Phase2 commentedI agree on this. Some clients have security policies, and the new warning at the top of module pages have made the lack of security coverage more obvious to clients. This is a major module and needs to opt-in to security coverage and roll a 1.0 release. It's been years since the rc3.
Going to go close some dup issues for this now.
Comment #4
Chris Matthews CreditAttribution: Chris Matthews commentedIs anyone able to provide an update re: the full 7.x-1.0 release? 7.x-1.0-rc3 was released in July 2015 and since then there have been a lot of commits on 7.x-1.x-dev.
Comment #5
nironan CreditAttribution: nironan commented+1! The current recommended version is over 3 years old, and dev contains a lot of important fixes...
Comment #6
Chris Matthews CreditAttribution: Chris Matthews commentedAre all of the current child issues referenced below true blockers to a full release? If not, can we update accordingly?
#905914: Merge global redirect functions into Redirect module
#1441488: Don't call entity_get_info() from inside hook_field_extra_fields()
#1853144: Store created date/time
#1899174: Automatically create a redirect when a file is saved with a new URI
#2074647: Re-add support for the global redirect for entity viewing
#2118419: Redirect does many unecessary entity_load() when having many redirects with query strings
#2476067: Code to workaround core issue, now fixed, should probably be removed from redirect
Comment #7
lukedekker CreditAttribution: lukedekker commented@Chris Matthews Looping back to this. The current public opinion is that #1853144: Store created date/time is to be closed as a duplicate of #1396446: Redirects deleted too early which contains the patch from Store Created date/time as a part of a critical fix for redirect cleanup logic.
Comment #8
solideogloria CreditAttribution: solideogloria commentedCould we at least get another release candidate released? It's been several years, and #1263884: Avoid redirect field and form injection on entities that have a path but where this makes no sense (like comments) still hasn't been in a release yet, even though it's been fixed for a while.
Also, how does one create nice issue links that are formatted like in the comment before mine?
Comment #9
kscheireryou format it like [ # 1263884 ] without the spaces
Comment #10
Chris Matthews CreditAttribution: Chris Matthews commentedPinging this thread to see if there are any committers following. If so, is there any chance 7.x-1.0 (or at least -rc4) could be tagged in the near future? 7.x is not dead, yet :)
Comment #11
solideogloria CreditAttribution: solideogloria commentedI would prefer having a release in the meantime, since there are still a bunch of Needs Review child issues.
Comment #12
euk CreditAttribution: euk as a volunteer commentedSupport the above.
Please, release -1.0 or -rc4.
Comment #13
euk CreditAttribution: euk as a volunteer commentedI just applied patches from all "Needs review" child issues on top of 7.x-1.x-dev - all seems to be working fine.
Two things though:
- I did not test #1899174: Automatically create a redirect when a file is saved with a new URI
- Patch #2074647: Re-add support for the global redirect for entity viewing seems to not have any effect whatsoever on a fresh install.
Comment #14
pifagorWe have also task - https://www.drupal.org/project/redirect/issues/2804737
Comment #15
euk CreditAttribution: euk as a volunteer commented@pifagor, I am not following. -rc4 is overdue. Some of the fixes are quite old.
Comment #16
Chris Matthews CreditAttribution: Chris Matthews commented@pifagor, if you haven't already, can you contact Dave Reid and/or contact Sascha Grossenbacher to see if we can get some movement on this issue? Thanks!
Comment #17
pifagorHello. I did it.
Comment #18
Chris Matthews CreditAttribution: Chris Matthews commentedThanks, IMO D7 still has a lot of "life" left in it so hopefully D7 redirect will get some attention soon.
Comment #19
ciss CreditAttribution: ciss at yousign GmbH commentedImo #3095724: Mismatch between install and update schema needs to be resolved as well before a new release can be created.
Comment #20
pifagorHello.
https://www.drupal.org/project/redirect/issues/2804737#comment-13276875
It should also be noted that I do not have access to edit the module version (https://www.drupal.org/node/3287/edit/releases). @Dave Reid can implement this.
Comment #21
DamienMcKenna@pifagor: You have the "administer releases" permission, are you not able to create a new tag and then create a new release from the tag?
Comment #22
Chris Matthews CreditAttribution: Chris Matthews commentedBelow is a list of the issues fixed on 7.x-1.x-dev since 7.x-1.0-rc3 was released on July 8, 2015.
Would everyone be OK with releasing -rc4 with all of these commits before a full 7.x-1.0 release?
After -rc4 is released then we can target the open 7.x-1.x-dev issue that are blockers to the full release.
One other question is...how are the 7.x-1.x and 7.x-2-x branches similar / different? Should the primary focus be the 1.x or 2.x branch?
#1768530: Use autocomplete if Multi-path autocomplete (mpac.module) is available (and list it in the "Recommended Modules" section on the project page).
#1961530: redirect_cron() expiration isn't scalable
#2541304: update 7101 failing
#2574593: Wrong watchdog parameters
#2790205: Provide option to disable deletion of redirects by source path
#2820766: Vulnerability: redirect_goto() leads to the blank page due to translation flow
#2843258: Implement support for entity_language function
#2057615: Increase size of source field to hold long URLs
#1525554: Provide instructions in the README.txt
#2604418: Recognize 'status' field in redirect views
#1116408: Support migrate module: Destination handler class
#2828083: Fields 'redirect_options', 'source_options' should be BLOB not TEXT
#1817764: Does not work with more than 2 query parameters
#1712062: Translatable string review
#2595199: Remove message "action cannot be undone" when bulk Disabling/Enabling redirects
#2789203: 404 fix pages needs domain filter
#1551224: redirect url with string that includes /? strips / upon save
#2211279: Alterable redirect_load_by_source db_select
#2194099: Create database index on the redirect column
#1301594: Provide add-redirect command for drush
Comment #23
pifagorI can create a tag, but I can't add new release for the module because I don't have access "update project".
https://www.drupal.org/project/redirect/maintainers.json
This access has @Berdir and @Dave Reid
Comment #24
DamienMcKenna@pifagor: Maybe try again? Per the project's maintainers list you have "administer releases", and the docs say:
Comment #25
solideogloria CreditAttribution: solideogloria commentedI ran
git diff origin/7.x-1.x origin/7.x-2.x
, and there is no difference.Comment #26
pifagor@DamienMcKenna
Sorry, yes, I can add a new release. Thank you for your attention.
Comment #27
pifagorFor v7.x-1.0 We should use 7.x-1.x.
And 7.x-2.x we leave for the next v7.x-2.0.
Comment #28
Chris Matthews CreditAttribution: Chris Matthews commentedCool, so what's the plan for the 1.x branch?
Release 7.x-1.0-rc4 based on current -dev? Or, try to get some other key issues fixed before -rc4? If so, which ones?
After -rc4, what issues are blockers to a full 7.x-1.0 release (that actually have a chance of getting committed, unlike issue #905914: Merge global redirect functions into Redirect module)
Comment #29
pifagor- yes
- no, this should be left to the next stage, with a clear test plan
Comment #30
Chris Matthews CreditAttribution: Chris Matthews commentedI'm not 100% sure what you mean as there has yet to be a tagged release for the 2.x branch. Which brings up the question, when should the 2.x branch become the recommended release instead of the 1.x branch?
Comment #31
pifagorThere is no answer to this question right now. I suggested using branches according to the name release
Comment #32
solideogloria CreditAttribution: solideogloria commentedAs previously stated, 1.x and 2.x are currently the same. No difference has yet been added to the 2.x branch. I would recommend removing the 2.x branch until it is needed.
Comment #33
Chris Matthews CreditAttribution: Chris Matthews commented@pifagor, can you advise when 7.x-1.0-rc4 might be released?
Comment #34
pifagorHello @Chris Matthews.
I propose now to intensively test the branch "7.x-1.x". With maximum community involvement.
And if everything is ok then on February 9, I will be creating a new release "7.x-1.0-rc4" from branch "7.x-1.x"
Comment #35
andralex CreditAttribution: andralex at EPAM Systems commentedI've reviewed the branch "7.x-1.x" and it looks ready to go to release "7.x-1.0-rc4".
Comment #36
andralex CreditAttribution: andralex at EPAM Systems commentedComment #37
ciss CreditAttribution: ciss at yousign GmbH commentedSetting back to "Needs review" so that we can gather feedback from additional reviewers.
@andralex Can you please add some details about the aspects that you tested/reviewed? There have been some major changes, and (in my opinion) a simple "works for me" isn't sufficient in this case.
Comment #38
Tolyan4ik CreditAttribution: Tolyan4ik at EPAM Systems commented#1301594: Provide add-redirect command for drush - we can create redirect with '/' at the beginning of path and it won't work (in UI this proble was fixed)
#2595199: Remove message "action cannot be undone" when bulk - work fine
#2790205: Provide option to disable deletion of redirects by source path - wirking fine
#2828083: Fields 'redirect_options', 'source_options' should be BLOB not TEXT - wirking fine
#1712062: Translatable string review - minor text fixes - working fine
#2843258: Implement support for entity_language function - minor fixes - wirking fine
Comment #39
pifagorDear @Chris Matthews, @solideogloria
Did you do the final testing?
Comment #40
jimmyko CreditAttribution: jimmyko as a volunteer commentedI've reviewed the branch 7.x-1.x
Here is what I've reviewd:
1. coding standard - Looks good and glad to see that the label text, readme and code comment are well corrected.
2. basic functions - I tested the basic functions on simplytest.me, including redirect creations and different options.
3. test running - I run the test once and seems all passed.
I didn't test the drush command, will do if I got time later.
Comment #41
Chris Matthews CreditAttribution: Chris Matthews commented@pifagor, I've been running 7.x-1.x-dev in production for about 2 weeks and have not come across any issues.
Comment #42
pifagorHello everyone.
If there are no comments from the community, we will soon make a new tag.
Comment #43
pifagorHello everyone.
Some discussion issues:
https://www.drupal.org/project/redirect/issues/1763436
https://www.drupal.org/project/redirect/issues/2194099
And important - https://www.drupal.org/project/redirect/issues/2815099
Comment #44
solideogloria CreditAttribution: solideogloria commented@pifagor I tried the basic functionality that I use (adding/using/deleting redirects), and it seems to work fine. I did notice a couple coding standards things on my own and using PHP Intelliphense:
1. redirects.view -- should this file be a .php file or something? I don't know what a .view file is.
2. redirect.admin.inc calls
redirect_build_filter_query($query, array('w.message'), $keys);
. I get the following error from Intelliphense:So maybe
redirect_build_filter_query
should have a different parameter type hint?3. redirect.install
Should this be
caused by DB index limitations
?Comment #45
andralex CreditAttribution: andralex at EPAM Systems commentedAs for me, the listed issues in the last comment doesn't break Drupal coding standards. Here is a separate issue for coding standards https://www.drupal.org/project/redirect/issues/2850121. So let's move the listed findings into that.
Comment #46
solideogloria CreditAttribution: solideogloria commentedI copied my comment there.
Comment #47
solideogloria CreditAttribution: solideogloria commentedI've been using 7.x-1.0-rc3+38-dev for quite a while now with no issues.
Comment #48
Dave Reid7.x-1.0-rc4 has been tagged and released.
Comment #49
Kristen PolAssigning to myself as I'm triaging all RTBC issues.
Comment #50
Kristen PolGiven where we are relative to D7EOL, I'm not sure how many people still want a 1.0 release. Please chime in, if so.
So far, there are no changes merged since rc4, but that doesn't mean there won't be in the coming months.
I've reviewed all the issues above to see what is still not closed and here's the list:
Needs review:
#1396446: Redirects deleted too early
#1899174: Automatically create a redirect when a file is saved with a new URI
#2118419: Redirect does many unecessary entity_load() when having many redirects with query strings
#2476067: Code to workaround core issue, now fixed, should probably be removed from redirect
Needs work:
#2074647: Re-add support for the global redirect for entity viewing
Postponed:
#905914: Merge global redirect functions into Redirect module
Comment #51
Kristen PolUnassigning for now.
Comment #52
Kristen PolMoving back to Active given rc4 is out and this issue is for 1.0.
Comment #53
steinmb CreditAttribution: steinmb at University Of Bergen commented+ 1 I guess quite a few of us is going to have D7 around until at least jan 2025 and beyond as we are working through backlogs getting sites to D10/11. I am mostly worried for PHP comparability against newer versions of PHP as PHP 7.x is EOL and infrastructure is getting upgraded around us.