Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Latest TER Changes parses outdated extensions as insecure #81

Closed
ghost opened this issue Aug 4, 2020 · 1 comment
Closed

Latest TER Changes parses outdated extensions as insecure #81

ghost opened this issue Aug 4, 2020 · 1 comment

Comments

@ghost
Copy link

ghost commented Aug 4, 2020

Due to the latest ter release in 01.08.2020 outdated extensions are getting review_state -2.
We stumbled upon this since we monitor a few older 7.6 instances.
Even the latest caretaker extension itself is now shown as insecure.
Those extensions are now flagged as insecure due to this changes:

https://git-t3o.typo3.org/t3o/ter/-/commit/9e153c5033c165b8c5f3a128cba4f98b510bc587#bed6f0022ede9bd16f1f4e64c908e4aae1ba7640
https://gitlab.typo3.org/t3o/ter/-/blob/develop/extensions/ter_fe2/Classes/Domain/Model/Version.php#L139

I would propose to ignore the outdated version and only trigger if insecure is flagged.
T3O confirmed this behaviour as outdated is only a notice, but no indicator for insecure. If an outdated version gets reported and shows security issues, its flagged again as -1.
@TehTux TehTux transferred this issue from TYPO3-Caretaker/caretaker Aug 4, 2020
TehTux added a commit that referenced this issue Aug 4, 2020
@TehTux
[BUGFIX] Fix test service for insecure extensions (#81)
03c4bbc 
The review state "-2" is for outdated extensions and should not be considered when checking for insecure extensions.
TehTux added a commit that referenced this issue Aug 4, 2020
@TehTux
[BUGFIX] Fix test service for insecure extensions (#81)
4a5b437 
The review state "-2" is for outdated extensions and should not be considered when checking for insecure extensions.
TehTux added a commit that referenced this issue Aug 4, 2020
@TehTux
[BUGFIX] Fix test service for insecure extensions (#81)
1ad56fc 
The review state "-2" is for outdated extensions and should not be considered when checking for insecure extensions.
TehTux added a commit that referenced this issue Aug 4, 2020
@TehTux
[BUGFIX] Fix test service for insecure extensions (#81)
5fa408b 
The review state "-2" is for outdated extensions and should not be considered when checking for insecure extensions.
TehTux added a commit that referenced this issue Aug 4, 2020
@TehTux
[BUGFIX] Fix test service for insecure extensions (#81)
825bc8d 
The review state "-2" is for outdated extensions and should not be considered when checking for insecure extensions.
TehTux added a commit that referenced this issue Aug 4, 2020
@TehTux
[BUGFIX] Fix test service for insecure extensions (#81)
9189c19 
The review state "-2" is for outdated extensions and should not be considered when checking for insecure extensions.
TehTux added a commit that referenced this issue Aug 4, 2020
@TehTux
[BUGFIX] Fix test service for insecure extensions (#81)
617a126 
The review state "-2" is for outdated extensions and should not be considered when checking for insecure extensions.
TehTux added a commit that referenced this issue Aug 5, 2020
@TehTux
[BUGFIX] Fix test service for insecure extensions (#81)
be3686b 
The review state "-2" is for outdated extensions and should not be considered when checking for insecure extensions.
TehTux added a commit that referenced this issue Aug 5, 2020
@TehTux
[BUGFIX] Fix test service for insecure extensions (#81)
2d6d240 
The review state "-2" is for outdated extensions and should not be considered when checking for insecure extensions.
TehTux added a commit that referenced this issue Aug 5, 2020
@TehTux
[BUGFIX] Fix test service for insecure extensions (#81)
2e8ec85 
The review state "-2" is for outdated extensions and should not be considered when checking for insecure extensions.
TehTux added a commit that referenced this issue Aug 5, 2020
@TehTux
[BUGFIX] Fix test service for insecure extensions (#81)
2313be9 
The review state "-2" is for outdated extensions and should not be considered when checking for insecure extensions.
TehTux added a commit that referenced this issue Aug 5, 2020
@TehTux
[BUGFIX] Fix test service for insecure extensions (#81)
4fd3299 
The review state "-2" is for outdated extensions and should not be considered when checking for insecure extensions.
TehTux added a commit that referenced this issue Aug 5, 2020
@TehTux
[BUGFIX] Fix test service for insecure extensions (#81)
ceafaa6 
The review state "-2" is for outdated extensions and should not be considered when checking for insecure extensions.
TehTux added a commit that referenced this issue Aug 5, 2020
@TehTux
[BUGFIX] Fix test service for insecure extensions (#81)
722d676 
The review state "-2" is for outdated extensions and should not be considered when checking for insecure extensions.
@TehTux
Copy link
Member

TehTux commented Aug 5, 2020

Fixed:

  • 3.0.3 => TYPO3 v9-10
  • 2.1.3 => TYPO3 v8-9
  • 1.1.1 => TYPO3 v7-8
  • 0.8.2 => TYPO3 v6-7
  • 0.6.1 => TYPO3 v4-6

@TehTux TehTux closed this as completed Aug 5, 2020
LegoMany pushed a commit to in2code-de/caretaker_instance that referenced this issue Aug 10, 2020
@TehTux
[BUGFIX] Fix test service for insecure extensions (TYPO3-Caretaker#81)
356a32b 
The review state "-2" is for outdated extensions and should not be considered when checking for insecure extensions.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@TehTux