Got the Warning - DEPRECATION WARNING - Node.js 8.x

[rebootcode]

Got the below warning during installation -

DEPRECATION WARNING

Node.js 8.x LTS Carbon is no longer actively supported!

You will not receive security or critical stability updates for this version.

You should migrate to a supported version of Node.js as soon as possible. Use the installation script that corresponds to the version of Node.js you wish to install. e.g.

• https://deb.nodesource.com/setup_10.x — Node.js 10 LTS "Dubnium" (recommended)

• https://deb.nodesource.com/setup_12.x — Node.js 12 LTS "Erbium"

  Please see https://github.com/nodejs/Release for details about which version may be appropriate for you.

  The NodeSource Node.js distributions repository contains information both about supported versions of Node.js and supported Linux distributions. To learn more about usage, see the repository: https://github.com/nodesource/distributions

[ffdixon]

Yes, we're on nodejs 8.x for BigBlueButton 2.2. Were moving to node 12.x for BigBlueButton 2.3.

We've pretty much finished the development cycle for 2.2, so we're focused on getting 2.3 out as soon as possible and resolve this issue in that release.

[rebootcode]

Is there any work on performance improvement as well? Like one can start with just 1GB RAM server as well, just like Jitsi meet?

[sujaysreedhar]

+1

[ffdixon]

BigBlueButton has a lot of server components, see http://docs.bigbluebutton.org/2.2/architecture.html. We're always working on improving the product, but getting it to run within 1G of RAM is not one of our goals. :-)

[jelmd]

Yes, we're on nodejs 8.x for BigBlueButton 2.2. Were moving to node 12.x for BigBlueButton 2.3.

Wondering, whether 12.x is really needed? Asking because Ubuntu bionic (18.04) comes with 8.x and focal (20.04) with 10.x.

Boring details: As a sysadmin I prefer the system packages instead of monolithic/static linked binaries which are definitely not in sync with the system and always introduce sooner or later big security problems (and fool users around by pretending to be secure, but are not). E.g. nodejs LTS releases are maintained for a pretty short time only - max. 2.5 years. So no wonder, why there is no secure BBB installation available. Even bionic would not be secure, because nodejs 8.x is unmaintained as well (unless one could use the packages provided by the distro vendor). Or even if a BBB package for the most recent ubuntu would be available (released this week), when it uses external nodesource packages, after 2 years it will be a security risk for the next 8 years - for a communication server this IMHO very bad (and especially such servers have a much bigger half-life than 2 years ...).

So BTW: Please try to re-use as much as possible system packages, even if they are a little bit outdated.

[slater0013]

you can add :

export NODE_NO_DEPRECATION=1 export NODE_NO_WARNINGS=1

before executing bbb-install.sh and the deprecation message will still show up for a few seconds instead of waiting for user input.

Might be added to bbb-install.sh directly ?!

GS

[cod3r0k]

Yes, we're on nodejs 8.x for BigBlueButton 2.2. Were moving to node 12.x for BigBlueButton 2.3.

We've pretty much finished the development cycle for 2.2, so we're focused on getting 2.3 out as soon as possible and resolve this issue in that release.

Do we need done any thing for migrating?

[mbakkokom]

Can we manually swap the nodejs with any newer version? Would it break any components?

If it's just a matter of doing npm i after installation, it should be fine I think. Then again, it should have been the default behaviour of the install script.

[devZer0]

i'm getting this on 2021/03/29, so does that mean my bbb installation is unsecure after using the install script ?

[ffdixon]

We encourage you to try out 2.3-dev (currently in beta-1) as it has a much newer version of nodejs. See https://docs.bigbluebutton.org/dev/dev23.html.

[cod3r0k]

We encourage you to try out 2.3-dev (currently in beta-1) as it has a much newer version of nodejs. See https://docs.bigbluebutton.org/dev/dev23.html.

Dear @ffdixon , How can we update to the latest version? I used wget -qO- https://ubuntu.bigbluebutton.org/bbb-install.sh | bash -s -- -v bionic-230-dev -s .... command, but it doesn't update to the beta-1 version.

[ffdixon]

Use -v bionic-230 (see forum post on 2.3-beta-1).

[cod3r0k]

Use -v bionic-230 (see forum post on 2.3-beta-1).

Wow, Thanks :)

I think the documentation must be a bit update. Thanks a lot.

[cod3r0k]

We encourage you to try out 2.3-dev (currently in beta-1) as it has a much newer version of nodejs. See https://docs.bigbluebutton.org/dev/dev23.html.

Dear @ffdixon , How can we update to the latest version? I used wget -qO- https://ubuntu.bigbluebutton.org/bbb-install.sh | bash -s -- -v bionic-230-dev -s .... command, but it doesn't update to the beta-1 version.

For any other users which get an error like me, you can follow this posts https://groups.google.com/g/bigbluebutton-dev/c/xAU3MZIWt_U/m/iDvpGTtpBAAJ.

As @ffdixon said, to emphasize, to install the 2.3-beta-1 (or upgrade from an alpha release), use bbb-install.sh with the following new parameter -v bionic-230 This switches you to the beta packages. If you want to install a previous alpha build (on a clean Ubuntu 18.04 server), you can use one of the following parameters

-v bionic-230-dev-alpha1 -v bionic-230-dev-alpha2 -v bionic-230-dev-alpha3 -v bionic-230-dev-alpha4 -v bionic-230-dev-alpha5 -v bionic-230-dev-alpha6 -v bionic-230-dev-alpha7 -v bionic-230-dev-alpha8

[devZer0]

ok, thanks. i tried bionic-230 and it works for me and we can test if bbb fits our needs.

but i'm wondering - for now i can only choose between a stable release with insecure components and an EOL'ed linux base - and a beta release not ready for primetime ?

did you know that bbb getting very negative press because of long term pending issues like this ? see https://www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html for example.

is there a planned release date for 2.3 stable release? need to make a decision regaring production install....

thank you (and keep on the good work)!

[Turakar]

Is this issue still relevant for BBB 2.4?