removed assetic

[peterprochaska]

Description

Removed Assetic because of some security issues

Motivation and Context

Make owncloud more secure

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• All new and existing tests passed.

[DeepDiver1975]

please do not commit htaccess - thx

[DeepDiver1975]

if i remember correctly there is a repairstep related to assets - maybe a occ command as well? THX

[PVince81]

How dangerous to put this in that close to the release ?

In the future it would be nice to address library changes at the beginning of a milestone.

[DeepDiver1975]

In the future it would be nice to address library changes at the beginning of a milestone.

sure - but sec scanner revealed this last week ....

[DeepDiver1975]

@Peter-Prochaska composer.lokc also need changes afaik

[PVince81]

Ok, then please get this reviewed and merged before this evening.

The current code changes look fine.

[PVince81]

If this is really important, please finish this as soon as possible. Thanks.

[PVince81]

@Peter-Prochaska please always ping after updating so I can get a notification that this is ready again, else it gets lost forever in the dark abyss of ticket overflow

[PVince81]

I setup OC and it still seems to work fine 👍

[PVince81]

rebased for CI... mysql mb4 docker times out again in multiple PRs...

[peterprochaska]

it gets lost forever in the dark abyss of ticket overflow

wow ;-)

[PVince81]

some weird dependency issues on Travis: https://travis-ci.org/owncloud/core/jobs/224313100

php build/composer.phar install --dev

You are using the deprecated option "dev". Dev packages are installed by default now.

Loading composer repositories with package information

Installing dependencies (including require-dev) from lock file

Your requirements could not be resolved to an installable set of packages.

  Problem 1

    - Installation request for ocramius/package-versions 1.1.2 -> satisfiable by ocramius/package-versions[1.1.2].

    - ocramius/package-versions 1.1.2 requires php ~7.0 -> your PHP version (5.6.5) does not satisfy that requirement.

  Problem 2

    - Installation request for ocramius/proxy-manager 2.0.4 -> satisfiable by ocramius/proxy-manager[2.0.4].

    - ocramius/proxy-manager 2.0.4 requires php 7.0.0 - 7.0.5 || ^7.0.7 -> your PHP version (5.6.5) does not satisfy that requirement.

  Problem 3

    - ocramius/proxy-manager 2.0.4 requires php 7.0.0 - 7.0.5 || ^7.0.7 -> your PHP version (5.6.5) does not satisfy that requirement.

    - sensiolabs/behat-page-object-extension v2.0.1 requires ocramius/proxy-manager ^1.0||^2.0 -> satisfiable by ocramius/proxy-manager[2.0.4].

    - Installation request for sensiolabs/behat-page-object-extension v2.0.1 -> satisfiable by sensiolabs/behat-page-object-extension[v2.0.1].

make: *** [lib/composer/phpunit] Error 2

[PVince81]

Next time please don't modify random files, thanks.

Regression: dbb37e7

There is core that appends line in htaccess and it creates a syntax error if the newline is missing.

[ghost]

FWIW is stuff is removed / dropped it would make sense to create an issue in the documentation tracker to remove all related stuff: owncloud-archive/documentation#3438

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.