Updates to bundled binaries downloaded #4262
Comments
|
Could you give more details about this? The list of downloaded binaries is handmade updated making a PR to repository changing the version numbers. |
|
For example, the java it downloads is from a year ago. There have been quarterly releases for java since then that fix vulnerabilities. I'm not sure about the rest of the downloaded binaries. Wasn't sure if all of these were checked regularly to keep them updated for any vulnerabilities.
|
|
For now is necessary to do this handmade because are dependencies that come from a dependency manager system and because is necessary to get the newest URL to download a dependency. Every when is created a new release of dependencies, is necessary to change at the follow places to run the tests and check if all will work fine. libresign/lib/Service/Install/InstallService.php Lines 43 to 50 in 21b34e0 libresign/lib/Handler/JSignPdfHandler.php Line 23 in 21b34e0 Maybe a possible way to automatize this is creating a key/value list with the dependency name and the necessary data to download the dependency (url) and implement a function to each dependency checking if have a new release and put this scheduled into a GitHub Action that will be executed into a time interval, having updates, will change the dependencies file with the newest data and create a PR> |
|
I made the follow PR with updates of dependency versions: |
Hello,
Downloaded binaries are older versions and are not always kept up to date with oracle quarterly security updates and things. Can there be a built in updater button on the settings for this nextcloud app that checks for the most recent versions/security versions in the same release track?
The text was updated successfully, but these errors were encountered: