Closed brynwhyman closed 4 years ago
Screenshot for reference of the report and (clicked) button
Hey @Cheddam and @brynwhyman,
sorry for the slow turn around on the issue with the silverstripe-composer-security-checker. It's merged now!
Peter
Thanks @spekulatius!
Related to this, do you have any thoughts on whether the following would be a suitable enhancement? https://github.com/bringyourownideas/silverstripe-composer-security-checker/issues/52
I'm going to close this issue. I think the best step forward is looking at bringyourownideas/silverstripe-composer-security-checker#52
Overview
This recipe is recommended for all CWP sites and site owners are suggested to use the installed modules report to keep up to date with disclosed security vulnerabilities for modules being used on their site.
Expected result
When accessing this report, and clicking the 'Check for updates' button I'd expect it to run and eventually automatically populate the report with the following information (should any be true):
Actual results
After clicking the 'Check for updates' button, I will eventually see (1) the installed dependancies and (2) the latest version, but I do not see the report populated with any security notices even though I know my site to be running vulnerable versions.
Versions and environments
a. I've tested this locally, with
silverstripe/recipe-reporting-tools 1.3.0
,silverstripe/cms 4.4.0
and do not see the security vulnerabilities in the report until I manually runsake dev/tasks/SecurityAlertCheckTask
b. I've tested this on CWP platform, with
silverstripe/recipe-reporting-tools 1.5.0-rc1
,silverstripe/cms 4.5.0-rc1
and do not see the security vulnerabilities in the report. Attempting to manually run the following through the CMS Jobs section results in the job pausing due to an error:BringYourOwnIdeas\SecurityChecker\Jobs\SecurityAlertCheckJob
Help
I'm unsure if any additional set up is required to have this check perform correctly on a production website. I'm hoping for some assistance in confirming if my expected result should be what is actually expected.
Pull requests