Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixing issues reported by hex audit (updating all hex packages automa… #453

Closed
wants to merge 1 commit into from
Closed

Fixing issues reported by hex audit (updating all hex packages automa… #453

wants to merge 1 commit into from

Conversation

vraravam
Copy link

…tically).

Fixes #451

@happysalada
Copy link

updating xain to the latest version, breaks everything. You can't edit anymore, all links show up as escaped markup language. (I'm not a maintainer nor a contributor, just letting you know)

@vraravam
Copy link
Author

thanks @happysalada - i'm not sure how to fix those - since the CI builds have been broken for quite some time now. I guess we have to take a closer look at latest xain - most likely the issue is there?

@happysalada
Copy link

so the update on xain was a security update. I'm not sure, how exactly xain is used here, but most likely usage here needs to be updated.

On another note, this repo hasn't been active for more than 6 months. The owner is likely busy with other stuff now and not accepting any new maintainers. I would say that unfortunately no PR is ever going to be accepted (even if we fix the xain issue). There is currently 270 forks of this project, but nobody really taking the lead in trying to replace this existing repo.

I would say your best bet, is to wait that the owner comes back or that a fork of this project takes the lead in fixing all the issues.

If your project is working fine right now, just don't update I would say. (unfortunately)

@susana-garcia
Copy link

We did some internal fixes to get ExAdmin to work with the newest version of xain. There's still a lot of problems and most of it is untested, but it'll be a good starting point:

569b849

@susana-garcia
Copy link

PS: This is caused by #451

@vraravam
Copy link
Author

I'm thinking of forking this codebase, reverting back to the last known green build and continuing from there. Since the license is MIT, I don't think there would be any licensing issues.

I would welcome at least 2-3 others who can form part of the core group of volunteers to ensure that the same state of affairs is not repeated.

I actually love ex_admin and would like to call out a special thanks to @smpallen99 for writing this package. (I'm thinking of calling the new project as phoenix_admin

@Preen
Copy link

Preen commented Oct 26, 2018

We are about to release a new admin soon. Will let you know once we have it in public.

@vraravam
Copy link
Author

@Preen - any ETA? or is the repo something we can look at right now? Will it be OSS?

@Preen
Copy link

Preen commented Nov 20, 2018

@vraravam https://github.com/FLEWID-AB/alkemist

We have released the Beta to the public now. The documentation is somewhat lacking but we thought it would be better to release it now than wait.

@vraravam
Copy link
Author

@Preen - AWESOME! I was creating a starter project for phoenix 1.4 just this past weekend - I will incorporate alkemist into that and take it for a spin!

@Preen
Copy link

Preen commented Nov 20, 2018

@vraravam Awesome!!! :)

@vraravam vraravam closed this Mar 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[URGENT] XSS Security Vulnerability
4 participants
@vraravam @happysalada @susana-garcia @Preen