Upgrade Open Atrium(Was: Security Assessment...)

[josereyero]

Looking into this update...

Summary: This is an access bypass issue, files deleted in revisioned content can still be downloaded after they are deleted from new revisions. Impact: Minor, since all our content / files are public anyway.

Resolution: Since a partial update of OA modules can cause compatibility issues with other modules, it seems not worth applying. Thus we'll be postponing this update untill a full OA release is available.

Security announcement: SA-CONTRIB-2014-099 - Open Atrium Core - Access bypass, https://www.drupal.org/node/2357295

[josereyero]

The new OA release is available, let's update to OA 7.x-2.23 However, it seems to include a lot of UI changes so it needs some testing first. Notes https://www.drupal.org/node/2365803

[josereyero]

Fixed multiple issues with the theme and the new OA version. (Updated theme in sites/all/themes) Deployed to PRE for testing, branch oa-update. Testing the update process on a fresh copy of production

Now fixing minor update issues:

• Theme logo, is a private file not accessible.
• Some features conflicts
• Updating tokens in user mail messages

[josereyero]

Fixed all these:

• Added new feature: TGD Home (Replaces OA Home)
• Added variable overrides in mixed features.

Pages, header, etc, fixed. Merged branch into develop.

[josereyero]

Testing new OA 7.x-2.25 (Security Update) https://www.drupal.org/node/2379261

[josereyero]

This was an important OA update, that replaces some theming and layout. Fixed broken bits and created a new layout similar to the old one. Testing on PRE. Note different column layout in Product, Corporate (equal column width) and People, Data (6-6-3, similar to old one). Compare and make a decision.

[josereyero]

Finally released with OA defaults for panels.