Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
It's no longer possible to build the hostmaster with drush, since views 6.x is no longer due to a security issue: [#2516688]. The current download for 6.x-2.4 is still functioning, but further releases will most like have an issue.
Is there plans on what to do with this issue?
Comments
Comment #1
ergonlogicThanks for the head's up, @googletorp! I'd seen the SA on VBO, and so had started planning a new release on the 2.x branch, but this'll mean quite a bit more work.
Let's start by evaluating to what extent this exposes Aegir deployments.
Comment #2
ergonlogicUnless I'm mistaken, we don't use any such user admin vbo pages. So there isn't a pressing security reason to do an immediate release.
AFAICT, the fix here would be to remove vbo from our make files and dependencies, and rebuild our views as regular table displays.
Comment #3
omega8cc CreditAttribution: omega8cc commentedThis doesn't really affect Aegir, but we need to decide what to do, because 6.x version is now removed from d.o, I think?
Comment #4
helmo CreditAttribution: helmo at Initfour websolutions commentedThey're looking for a new maintainer in #2516976: Fix security issue and make release to bring back D6 releases
Comment #5
Jon PughI've volunteered in the interim to maintain VBO 6.x.
Hopefully I have time today to patch devshop and Aegir to use something that doesn't break install, then, maybe get time to fix VBO itself.
Any help is appreciated!
Comment #7
Jon PughSwitching the version to 1.x seems to have done the trick.
I've pushed the change the 6.x-2.x branch.
Can someone give the install a whirl and mark as Fixed if it works?
Thanks!
Comment #8
helmo CreditAttribution: helmo at Initfour websolutions commentedI let Jenkins do an extra build, which succeeded - http://ci.aegirproject.org/job/P_Aegir_Puppet_Module_functional_test_Aeg...
However that test has not failed the last few days either...
Comment #9
helmo CreditAttribution: helmo at Initfour websolutions commentedIncluded in the 6.x-2.5 release