[TYPO3-dev] Actual changes in security releases of extensions
Lorenz Ulrich
lorenz-typo3 at visol.ch
Wed Oct 2 11:17:06 CEST 2013
Hi there
As we all know, extensions with security-related bugs either get banned
from TER or get a new version containing the bugfix.
Other than the core, not all extension maintainers have reliable change
logs or use a VCS, therefore it can be impossible to see what actually
changed. This comes to a problem when one cannot update to the security
release because an installation depends on an older major version of an
extension that isn't compatible with the current major version.
Wouldn't it be possible to publish more details about the security bugs
(or would that make our ecosystem more insecure because security by
obscurity doesn't work anymore)?
Thanks for sharing your opinion.
Best regards,
Lorenz
More information about the TYPO3-dev
mailing list