Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
[FEATURE REQUEST] - Show Extras that have updates available in home of dashboard #14182
Create a widget in the main (home) dashboard to show plugins/extras with available updates or in the MODX dashboard navigation menu (NOT IN A DROP DOWN) for better visibility when there are updates that are present... especially security updates.
Why is it needed?
More visibility into knowing when plugins have been updated for features or, more importantly, security updates. Many times the installer section is not a section that is visited unless there is a specific action that a user is looking to take, ie... Add or remove an extra.
Add a dashboard widget to the main dashboard view or add some sort of notification within the MODX Dashboard Navbar
@OptimusCrime I see your point, but from coming from a security background, each extra is the potential for an exploit. I'm not going to say all extras need to be part of the core CMS, that would be ignorant, but something like this where you don't have immediate visibility of out of date plugins can cost a company using MODX a lot of money unless you have someone going to the installer section every day to see if there's an update.
Example, I had a client who patched the MODX 2.6.4 vulnerability and upgraded to MODX 2.6.5 as well as all of their plugins a few days after the announcement, but they were also using the Gallery extra which had not been updated in about 4 years. The plugin was updated about a week and a half later to patch the vulnerability but since there's no kind of notification that tells users that an update is available the site got compromised months later as a result. Thankfully the results of the compromise were not visible to front-end users, but the attackers were able to do things on the server. But the attacker could have defaced the site and cause the company a lot and hurt their brand. Had there been some notification of an out-of-date plugin this could have prevented. Since now I have the knowledge of this plugin I have absolutely installed it for that visibility, but me personally I don't think this extra should be an extra it should be in the core because of how vital it is.
Additionally, it's impossible for someone maintaining a site to know every plugin/extra for MODX so if someone does not know about this extra like myself, they are missing out on some vital information that most CMS's include in their core.
@Alroniks - Cheers for, hopefully, implementing this into the core soon, I'm sure MODX users around the world will love you for that.
@daygon2007 Sure, you have a valid point, and perhaps this is one of the cases where putting it in the core is justifiable. I am just, generally, against bloating the core with more and more features. The MODX core is already gigantic, and I personally think it does way more than it have to. An ideal core in my opinion would provide us with features that everyone would always use, and features that are 100% necessary.
For example, this dashboard widget would be redundant for our workflow. We monitor extras using other services, like SiteDash, and other tools. The customers themselves are never supposed to update the extras, as this might result in unpredicted behavior, bugs or errors. It is our task to make sure the sites are not vulnerable to attacks.
The Gallery exploit in particular is something that was discussed a lot in the community, and we were made aware of this in many channels. Perhaps more people would have upgraded Gallery if they saw that an update was available, but I also think that few people update every single extra that has an available update all the time. Unless it was somehow made clear that this was a very important update for Gallery, I think that most people would just skip updating it. A new dashboard widget would not fix this.
Regardless, I am not going to fight a battle against making this a part of the core. If most people are positive to this, then fine by me. I would just personally prefer to make a good extra out of it, and allow people to make it a part of their default setup, if they chose to, instead of forcing it on everyone.
Perhaps this approach make more sense in a framework, instead of a CMS, like MODX.
@Jako Update methods for extras already exists, we are debating whether or not we have to place it on the dashboard for everyone to see, including customers that have no technological understanding, and might be confused over what it means. Naturally, it can be hidden, but it seem like extra work for something that should be opt-in in my opinion.
@OptimusCrime Ok, it is necessary to put a check for a core update in the core, too (wherever it is displayed). And some webservice where the current available version is requested. Updater and simpleUpdater have their own webservice and UpgradeMODX relies on GitHub which is a bit annoying. I don't see any reason, why this should stay in an extra, that has to be promoted/found and installed separate from the core.