Features - Less Critical - Denial of Service (DoS) - SA-CONTRIB-2016-020

https://www.drupal.org/node/2705637

Please update

Comments

el_reverend created an issue. See original summary.

el_reverend’s picture

el_reverend CreditAttribution: el_reverend commented
Priority: Normal » Major
onejam’s picture

onejam CreditAttribution: onejam commented

That is for 7.x-2.x version but this distro still uses 7.x-1.x version. Should it not be updated to 7.x-2.x version since 7.x-1.x version is no longer maintained or supported?
see: https://www.drupal.org/node/2706631

rootwork’s picture

rootwork
he/him
Primary language English
Location 🇺🇸 US-Pacific 🌎 Chinook (Multnomah, Clackamas) & Cowlitz lands 🌹 Portland, OR
CreditAttribution: rootwork commented

CK uses Features v2.8. Check the drupal-org.make file in the distro, or the features.info file in profiles/commerce_kickstart/modules/contrib/features

I agree Features should be updated to 2.10 in CK.

onejam’s picture

onejam CreditAttribution: onejam commented

Sorry, yes you're correct, it says:

projects[features][version] = 2.8

Thanks,

lsolesen’s picture

lsolesen CreditAttribution: lsolesen commented
Status: Needs work » Needs review
Issue tags: -Update for Features - Less Critical - Denial of Service (DoS) - SA-CONTRIB-2016-020

Work is going on here: https://github.com/commerceguys/commerce_kickstart/pull/196

el_reverend’s picture

el_reverend CreditAttribution: el_reverend commented

How can updates like this (Security updates specifically) be applied to a distro more efficiently? commerce_kickstart relies on a lot of contrib modules which when updates are released will eventually need updating.

Are the tie-ins that specific that it would prevent a 'normal' update?

  • lsolesen committed 872894c on 7.x-2.x 
    Issue #2707451 by el_reverend, rootwork, duvien: Update features for SA-...
  • lsolesen committed 9b4ce83 on 7.x-2.x
    Merge pull request #197 from commerceguys/features-210

Issue #2707451...
mglaman’s picture

mglaman
Primary language English
Location WI, USA
CreditAttribution: mglaman at Centarro commented
Status: Needs review » Fixed

How can updates like this (Security updates specifically) be applied to a distro more efficiently?

Write a patch, ping me in IRC.

While waiting for release, use your patch to build a patched distro.

rootwork’s picture

rootwork
he/him
Primary language English
Location 🇺🇸 US-Pacific 🌎 Chinook (Multnomah, Clackamas) & Cowlitz lands 🌹 Portland, OR
CreditAttribution: rootwork commented

Thanks for updating things Matt! (Though I feel silly for getting credit in the commit message for just agreeing, ha.)

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.