Open JortJacobs opened 2 days ago
Just wanted to chime in: the above only applies to buckets created on or after April 2023. Newly created buckets can be configured to enable ACLs, but ACLs no longer fall into S3's recommended security best practices. The SDK still sets a default ACL of private
in the ObjectUploader
class, which is legacy behavior that still works. We left this in place for backward compatibility reasons. S3 still allows private
ACLs.
It sounds like OctoberCMS has a high-level filesystem abstraction over the SDK/S3 that relies on ACLs. If they are defaulting to anything other than private
, they'll need to change that.
Describe the bug
Creating a folder via OctoberCMS results in ACL complaints since it is not being supported anymore. This is related to the following file + line-item, containing 'ACL' statements: https://github.com/aws/aws-sdk-php/blob/058611bd22a81c873b1399892672861848e1d466/src/S3/ObjectUploader.php#L89.
Please remove that.
Regression Issue
Expected Behavior
ObjectUploader to work.
Current Behavior
It does not work.
Reproduction Steps
Call the function.
Possible Solution
No response
Additional Information/Context
No response
SDK version used
Latest.
Environment details (Version of PHP (
php -v
)? OS name and version, etc.)8.3.6