New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Got the Warning - DEPRECATION WARNING - Node.js 8.x #109
Comments
Yes, we're on nodejs 8.x for BigBlueButton 2.2. Were moving to node 12.x for BigBlueButton 2.3. We've pretty much finished the development cycle for 2.2, so we're focused on getting 2.3 out as soon as possible and resolve this issue in that release. |
Is there any work on performance improvement as well? |
+1 |
BigBlueButton has a lot of server components, see http://docs.bigbluebutton.org/2.2/architecture.html. We're always working on improving the product, but getting it to run within 1G of RAM is not one of our goals. :-) |
Wondering, whether 12.x is really needed? Asking because Ubuntu bionic (18.04) comes with 8.x and focal (20.04) with 10.x. Boring details: As a sysadmin I prefer the system packages instead of monolithic/static linked binaries which are definitely not in sync with the system and always introduce sooner or later big security problems (and fool users around by pretending to be secure, but are not). E.g. nodejs LTS releases are maintained for a pretty short time only - max. 2.5 years. So no wonder, why there is no secure BBB installation available. Even bionic would not be secure, because nodejs 8.x is unmaintained as well (unless one could use the packages provided by the distro vendor). Or even if a BBB package for the most recent ubuntu would be available (released this week), when it uses external nodesource packages, after 2 years it will be a security risk for the next 8 years - for a communication server this IMHO very bad (and especially such servers have a much bigger half-life than 2 years ...). So BTW: Please try to re-use as much as possible system packages, even if they are a little bit outdated. |
you can add : export NODE_NO_DEPRECATION=1 before executing bbb-install.sh and the deprecation message will still show up for a few seconds instead of waiting for user input. Might be added to bbb-install.sh directly ?! GS |
Do we need done any thing for migrating? |
Can we manually swap the nodejs with any newer version? Would it break any components? If it's just a matter of doing |
i'm getting this on 2021/03/29, so does that mean my bbb installation is unsecure after using the install script ? |
We encourage you to try out 2.3-dev (currently in beta-1) as it has a much newer version of nodejs. See https://docs.bigbluebutton.org/dev/dev23.html. |
Dear @ffdixon , How can we update to the latest version? I used |
Use |
Wow, Thanks :) I think the documentation must be a bit update. Thanks a lot. |
For any other users which get an error like me, you can follow this posts https://groups.google.com/g/bigbluebutton-dev/c/xAU3MZIWt_U/m/iDvpGTtpBAAJ. As @ffdixon said, to emphasize, to install the 2.3-beta-1 (or upgrade from an alpha release), use bbb-install.sh with the following new parameter -v bionic-230-dev-alpha1 |
ok, thanks. i tried bionic-230 and it works for me and we can test if bbb fits our needs. but i'm wondering - for now i can only choose between a stable release with insecure components and an EOL'ed linux base - and a beta release not ready for primetime ? did you know that bbb getting very negative press because of long term pending issues like this ? see https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html for example. is there a planned release date for 2.3 stable release? need to make a decision regaring production install.... thank you (and keep on the good work)! |
Is this issue still relevant for BBB 2.4? |
Got the below warning during installation -
DEPRECATION WARNING
Node.js 8.x LTS Carbon is no longer actively supported!
You will not receive security or critical stability updates for this version.
You should migrate to a supported version of Node.js as soon as possible.
Use the installation script that corresponds to the version of Node.js you
wish to install. e.g.
Please see https://github.com/nodejs/Release for details about which
version may be appropriate for you.
The NodeSource Node.js distributions repository contains
information both about supported versions of Node.js and supported Linux
distributions. To learn more about usage, see the repository:
https://github.com/nodesource/distributions
The text was updated successfully, but these errors were encountered: