Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

removed assetic #27679

Merged
merged 3 commits into from Apr 24, 2017

Conversation

@peterprochaska
Copy link
Contributor

commented Apr 19, 2017

Description

Removed Assetic because of some security issues

Motivation and Context

Make owncloud more secure

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@DeepDiver1975 DeepDiver1975 added this to the 10.0 milestone Apr 20, 2017

.htaccess Outdated
@@ -74,3 +74,7 @@ Options -Indexes
<IfModule pagespeed_module>
ModPagespeed Off
</IfModule>
#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####

This comment has been minimized.

Copy link
@DeepDiver1975

DeepDiver1975 Apr 20, 2017

Member

please do not commit htaccess - thx

@DeepDiver1975

This comment has been minimized.

Copy link
Member

commented Apr 20, 2017

if i remember correctly there is a repairstep related to assets - maybe a occ command as well? THX

@PVince81

This comment has been minimized.

Copy link
Member

commented Apr 20, 2017

How dangerous to put this in that close to the release ?

In the future it would be nice to address library changes at the beginning of a milestone.

@DeepDiver1975

This comment has been minimized.

Copy link
Member

commented Apr 20, 2017

In the future it would be nice to address library changes at the beginning of a milestone.

sure - but sec scanner revealed this last week ....

@DeepDiver1975

This comment has been minimized.

Copy link
Member

commented Apr 20, 2017

@Peter-Prochaska composer.lokc also need changes afaik

@PVince81

This comment has been minimized.

Copy link
Member

commented Apr 20, 2017

Ok, then please get this reviewed and merged before this evening.

The current code changes look fine.

@PVince81

This comment has been minimized.

Copy link
Member

commented Apr 20, 2017

If this is really important, please finish this as soon as possible. Thanks.

@peterprochaska peterprochaska force-pushed the delete-assetic branch from c9d5966 Apr 21, 2017

@PVince81

This comment has been minimized.

Copy link
Member

commented Apr 21, 2017

@Peter-Prochaska please always ping after updating so I can get a notification that this is ready again, else it gets lost forever in the dark abyss of ticket overflow

@PVince81

This comment has been minimized.

Copy link
Member

commented Apr 21, 2017

I setup OC and it still seems to work fine 👍

@PVince81 PVince81 force-pushed the delete-assetic branch to bb7d742 Apr 21, 2017

@PVince81

This comment has been minimized.

Copy link
Member

commented Apr 21, 2017

rebased for CI... mysql mb4 docker times out again in multiple PRs...

@peterprochaska

This comment has been minimized.

Copy link
Contributor Author

commented Apr 21, 2017

it gets lost forever in the dark abyss of ticket overflow

wow ;-)

@PVince81

This comment has been minimized.

Copy link
Member

commented Apr 21, 2017

some weird dependency issues on Travis: https://travis-ci.org/owncloud/core/jobs/224313100

php build/composer.phar install --dev

You are using the deprecated option "dev". Dev packages are installed by default now.

Loading composer repositories with package information

Installing dependencies (including require-dev) from lock file

Your requirements could not be resolved to an installable set of packages.

  Problem 1

    - Installation request for ocramius/package-versions 1.1.2 -> satisfiable by ocramius/package-versions[1.1.2].

    - ocramius/package-versions 1.1.2 requires php ~7.0 -> your PHP version (5.6.5) does not satisfy that requirement.

  Problem 2

    - Installation request for ocramius/proxy-manager 2.0.4 -> satisfiable by ocramius/proxy-manager[2.0.4].

    - ocramius/proxy-manager 2.0.4 requires php 7.0.0 - 7.0.5 || ^7.0.7 -> your PHP version (5.6.5) does not satisfy that requirement.

  Problem 3

    - ocramius/proxy-manager 2.0.4 requires php 7.0.0 - 7.0.5 || ^7.0.7 -> your PHP version (5.6.5) does not satisfy that requirement.

    - sensiolabs/behat-page-object-extension v2.0.1 requires ocramius/proxy-manager ^1.0||^2.0 -> satisfiable by ocramius/proxy-manager[2.0.4].

    - Installation request for sensiolabs/behat-page-object-extension v2.0.1 -> satisfiable by sensiolabs/behat-page-object-extension[v2.0.1].

make: *** [lib/composer/phpunit] Error 2

@DeepDiver1975 DeepDiver1975 force-pushed the delete-assetic branch from bb7d742 to 9f5960f Apr 24, 2017

@DeepDiver1975 DeepDiver1975 merged commit 9b212be into master Apr 24, 2017

2 of 4 checks passed

continuous-integration/travis-ci/pr The Travis CI build failed
Details
continuous-integration/jenkins/pr-head This commit is being built
Details
Scrutinizer 1 updated code elements
Details
license/cla Contributor License Agreement is signed.
Details

@DeepDiver1975 DeepDiver1975 deleted the delete-assetic branch Apr 24, 2017

@@ -73,4 +73,4 @@ AddDefaultCharset utf-8
Options -Indexes
<IfModule pagespeed_module>
ModPagespeed Off
</IfModule>
</IfModule>

This comment has been minimized.

Copy link
@PVince81

PVince81 Apr 24, 2017

Member

Next time please don't modify random files, thanks.

Regression: dbb37e7

There is core that appends line in htaccess and it creates a syntax error if the newline is missing.

@ghost ghost referenced this pull request Oct 6, 2017
@ghost

This comment has been minimized.

Copy link

commented Oct 6, 2017

FWIW is stuff is removed / dropped it would make sense to create an issue in the documentation tracker to remove all related stuff: owncloud/documentation#3438

@lock

This comment has been minimized.

Copy link

commented Aug 2, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Aug 2, 2019

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
3 participants
You can’t perform that action at this time.