Skip to content
This repository has been archived by the owner on Oct 15, 2024. It is now read-only.

Fix/latest versions security #88

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Conversation

etobi
Copy link
Member

@etobi etobi commented Jul 15, 2017

I did refactor Jorgen/Jigals patch from #76 and added a basic unit test.

As I didnt get the intention of the "$major > $latestLts" comparsion, I just removed that part.

Also, if a major version just has regular releases, but no security releases yet, the "latest security" version would fallback to the PATCH version ".0".

@etobi etobi requested a review from IchHabRecht July 15, 2017 17:08
@etobi
Copy link
Member Author

etobi commented Jul 15, 2017

@jvanderkroon could you please review this new patch to make sure it matches your initial intention?

@etobi
Copy link
Member Author

etobi commented Jul 15, 2017

also related to #63 and TYPO3-Caretaker/caretaker_instance#56

@etobi
Copy link
Member Author

etobi commented Jul 17, 2017

NOT NOT MERGE (yet)

Jigal suggested some changes/additions via mail and i'm going to add some more tests to cover thoses cases.

@etobi etobi removed the request for review from IchHabRecht July 17, 2017 21:29
Copy link
Member

@IchHabRecht IchHabRecht left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This gives the unsupported version 8.6.1 as security version for 8 LTS. I would expect at least the minimum regular release to be the security version

@IchHabRecht
Copy link
Member

See IchHabRecht@01c8e80

@etobi
Copy link
Member Author

etobi commented Aug 1, 2017

Jigals comment about the versioning

For the major version > latestLTS:

  • only the latest minor version gets security releases
  • if a new minor version is released that may contain security fixes
  • security fixes are not applied to earlier minor versions
    So, if a new minor version is released it should be counted as the latest security release.

For major versions <= latestLTS

  • major and minor versions are fixed
  • the latest bugfix release that is marked as security release is the latest security release for that major version
  • if no bugfix release is marked as security release then the x.x.0 version should be counted as latest security release

@etobi
Copy link
Member Author

etobi commented Aug 1, 2017

i'm going to extend the tests to cover these cases.
WIP

$stable = array();
$security = array();
foreach ($releases as $major => $details) {
if (is_array($details) && !empty($details['latest'])) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if (!empty($details['latest'])) is sufficient here

$max[$major] = $details['latest'];
}

if (is_array($details) && !empty($details['stable'])) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if (!empty($details['stable'])) is sufficient here

if (is_array($details) && !empty($details['stable'])) {
$stable[$major] = $details['stable'];
}
if (is_array($details) && is_array($details['releases'])) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if (!empty($details['releases'])) is sufficient here

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants