Skip to content

v1.17.2: Security release for composer
Compare
Choose a tag to compare
@rfay rfay released this 30 Apr 13:12
· 1828 commits to master since this release
v1.17.2
1d8f037
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Most of what you want to know is in the v1.17.0 release notes so please check there... Make sure you read the Caveats.

Installation/Upgrade

See the installation instructions for details, but it's easy:

  • macOS Homebrew and Linux Linuxbrew: brew install drud/ddev/ddev or brew upgrade drud/ddev/ddev ). (You may need a brew update for homebrew to find the new release.). This works on Apple Silicon Homebrew as well.
  • Windows: Use choco upgrade -y ddev to get this one, or download the ddev_windows_installer below.
  • Linux and macOS with the install_ddev.sh script: Download the script, make it executable, and run it: ./install_ddev.sh or curl -LO https://raw.githubusercontent.com/drud/ddev/master/scripts/install_ddev.sh && bash install_ddev.sh
  • And anywhere, you can just download the tarball or zipball, untar or unzip it, and place the executable in your path where it belongs.
  • Consider ddev delete images after upgrading to free up disk space used by previous docker image versions. This does no harm.
  • In the past, a ddev poweroff was required; now ddev itself detects that you have a new version and asks for permission to do a poweroff.

Key changes for v1.17.2

The primary reason for this release is a composer supply-chain security report. We want to make sure everybody has the fixed version of composer (2.0.13) in ddev composer.

  • Please see the v1.17.0 release notes of course.
  • Update default composer 2 in web container and ddev composer to 2.0.13
  • Improve the example hosting provider integration for Pantheon.
  • Add ddev status as an alias for ddev describe
  • Remove obsolete DDEV-Live integration and docs

Caveats

  • The "live" command script (formerly .ddev/commands/web/live ) is no longer generated, and can be removed (rm .ddev/commands/web/live) - please remove it, as it's obsolete since DDEV-Live has shut down.
  • Please see the Caveats in v1.17.0 release notes.

Commits since v1.17.1

1d8f037 Bump upstream version for v1.17.2 (#2977)
20ac1db Remove ddev-live docs and integration, etc (#2976)
efdf7a1 Update README to have correct roadmap link
dc41cb5 Add tests to check for expiring apt keys in images (#2958)
1fc0b95 gitpod: Install docker buildx so we can build images (#2960)
db7efa4 Add ddev status as alias of ddev describe for #2195 (#2955)
e41c2f0 Change pantheon pull to use terminus backup:get (#2957)
6da3008 Clarify Pantheon provider documentation for D6/7 (#2956) [skip ci][ci skip]
5c10806 Delete FUNDING.yml [skip ci][ci skip]

Assets 26