fbpx
Welcome, Guest
Username: Password: Remember me

TOPIC: Security issue on All Templates

Security issue on All Templates 1 year 6 months ago #20734

  • nobicycle
  • nobicycle's Avatar
  • Offline
  • Junior Member
  • Posts: 32
  • Karma: 0
This post like most of my posts is about Joomdev support for php and publishing of exactly what you support.

The lateness to upgrade support for php is a security issue..
Even Kidzone template phphas to be downgraded to php 7.2
To install this on Debian Linux I need to go to an unofficial repository and by-pass security checks! See below:

"The repository 'packages.sury.org/php Kyria Release' does not have a Release file.
Updating from such a repository can't be done securely, and is therefore disabled by default."


What is your policy about php new releases? 6 months, 1 year, 2 years?

Please also publish clearly what you support to save developers using php that Joomdev does not yet support.

Thanks


I have a high opinion of Joomdev but this is ridiculous and dangerous. Can't you keep up within 1 year of php new releases? 6 months would be more reasonable.

Lastly, please post somewhere on your website the software versions you support. Otherwise developers are losing time and getting stressed.
The administrator has disabled public write access.

Security issue on All Templates 1 year 6 months ago #20739

  • admin
  • admin's Avatar
  • Offline
  • Administrator
  • Posts: 4489
  • Thank you received: 646
  • Karma: 115
Hello,

Thanks for your post and using our products for your projects. I can understand what you may be going through since I have had to face similar issues sometimes when we are using 3rd party extensions and there are no updates from the developer.

As far as an update policy is concerned, there is nothing set but we are working to put together a schedule for the same.
Two of our products (JD builder & Astroid nearly all our templates revolve around these) are going through a major overhaul to make them compatible with Joomla 4.0. Astroid is already done and we are in the middle of testing. Once done; we'll release the update and upgrade all our templates to Latest version of Astroid, JD Builder & Joomla.

Newer version of astroid is compatible Upto PHP 7.4. If you'd like you can download it here: github.com/joomdev/Astroid-Framework/archive/dev.zip, it works fine with new installs (on Joomla 3 and 4) and we are just working to make the upgrades work from existing older Astroid installs.

If you have some suggestions, feel free to let me know, I am all ears.
and yes, here is a page that lists all the templates and the minimum PHP version required www.joomdev.com/compatibility

Thank You again,
Chetan
Thank You,
If you like our support and products, tweet us at joomdev and let the world know about it.
The administrator has disabled public write access.
The following user(s) said Thank You: nobicycle

Security issue on All Templates 1 year 6 months ago #20741

  • nobicycle
  • nobicycle's Avatar
  • Offline
  • Junior Member
  • Posts: 32
  • Karma: 0
Looks like the situation will be corrected soon.

The compatibility page simply says 5.6.31+ for PHP, whereas, it should actually say 5.6 - 7.2

You realise most of Linux is now running 7.4 (Arch, Debian ...) released 3 months ago.
7.2.0 was released 30 Nov 2017, nearly 3 years ago.
www.php.net/releases/index.php

Apart from frameworks, please consider also publishing beta versions of your products to subscribers.
I would prefer that to having to deal with "7.2 pain".

How is the Joomla4 migration going?
Will you release something when the official (there is a nightly beta already) Joomla4 beta begins?

Best wishes
The administrator has disabled public write access.

Security issue on All Templates 1 year 6 months ago #20748

  • admin
  • admin's Avatar
  • Offline
  • Administrator
  • Posts: 4489
  • Thank you received: 646
  • Karma: 115
I have always seen almost all of the compatibly page list the minimum required version since majority of software works on newer versions already (Astroid doesn't for the moment).

We are very well aware of the PHP 7.4 release. We plan to put together a blog post with a nightly build inviting all users to test as soon as it's ready.

Will keep you posted.
Thank you,
Chetan
Thank You,
If you like our support and products, tweet us at joomdev and let the world know about it.
The administrator has disabled public write access.
Time to create page: 0.545 seconds
Cron Job Starts