Closed
Bug 1081712
Opened 10 years ago
Closed 9 years ago
Upgrade Semantic extensions
Categories
(Websites :: wiki.mozilla.org, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
2015-Q1
People
(Reporter: GPHemsley, Assigned: jd)
References
Details
(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/177] [dev=2015-01-08] [stage=2015-01-08] [prod=2015-01-15])
A lot of our existing sec bugs are due to problems in the Semantic extensions. However, we don't appear to be running the latest versions of them. * Semantic MediaWiki https://semantic-mediawiki.org/ * Semantic Forms https://www.mediawiki.org/wiki/Extension:Semantic_Forms * Semantic Watchlist https://www.mediawiki.org/wiki/Extension:Semantic_Watchlist * SMWAskAPI http://sourceforge.net/projects/smwaskapi/ It's possible that upgrading them would eliminate some of our sec bugs.
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1592] → [kanban:https://kanbanize.com/ctrl_board/4/1593]
Updated•10 years ago
|
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-16]
Target Milestone: --- → 2014-Q4
Updated•10 years ago
|
Assignee: nobody → gphemsley
Updated•10 years ago
|
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-16] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-23]
Comment 2•10 years ago
|
||
> * Semantic MediaWiki > https://semantic-mediawiki.org/ This should be upgraded to 2.0: https://packagist.org/packages/mediawiki/semantic-media-wiki#2.0 > * Semantic Forms > https://www.mediawiki.org/wiki/Extension:Semantic_Forms Upgrade to 2.7: https://git.wikimedia.org/commit/mediawiki%2Fextensions%2FSemanticForms.git/8820cb92e4010200252be3fdaf3df00c76bdb719 > * Semantic Watchlist > https://www.mediawiki.org/wiki/Extension:Semantic_Watchlist Upgrade to 0.2.2: https://github.com/SemanticMediaWiki/SemanticWatchlist/releases/tag/0.2.2 > * SMWAskAPI > http://sourceforge.net/projects/smwaskapi/ We're already at the most recent version of this (0.9a), so no need to upgrade.
Updated•10 years ago
|
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-23] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-30]
Reporter | ||
Comment 3•10 years ago
|
||
Hey C, can you elaborate on what pushed this out?
Flags: needinfo?(cliang)
Comment 4•10 years ago
|
||
Too many things on the plate to get it done last week. Doing an import of the DB into dev takes roughly 30 minutes and, during that time, we can't do anything *else* to dev.
Flags: needinfo?(cliang)
Assignee | ||
Comment 5•10 years ago
|
||
I have upgraded these in dev. We get these from: https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Semantic* and the version 2.0 for SemanticMediawiki is not there yet so I have set it to track the 1.9.x branch. The versions are set as follows: Semantic MediaWiki 1.9.x Semantic_Forms 2.8 Semantic Watchlist 0.2.2 nb: SemanticMediawiki can not track the HEAD^ of REL1_23 brnach as it breaks the site.
Assignee: nobody → jcrowe
Reporter | ||
Comment 6•10 years ago
|
||
(In reply to C. Liang [:cyliang] from comment #4) > Too many things on the plate to get it done last week. Doing an import of > the DB into dev takes roughly 30 minutes and, during that time, we can't do > anything *else* to dev. That's cool. I'm just an idiot and didn't notice you were pushing out from last week rather than from this week. (In reply to Jason Crowe [:jd] from comment #5) > nb: SemanticMediawiki can not track the HEAD^ of REL1_23 brnach as it breaks > the site. Can you elaborate as to why? By design, that's not supposed to happen.
Reporter | ||
Updated•10 years ago
|
Flags: needinfo?(jcrowe)
Assignee | ||
Comment 7•10 years ago
|
||
(In reply to Gordon P. Hemsley [:GPHemsley] from comment #6) > > nb: SemanticMediawiki can not track the HEAD^ of REL1_23 brnach as it breaks > > the site. > > Can you elaborate as to why? By design, that's not supposed to happen. Unfortunately I did not save the error message, however when I set it to track HEAD the site would not load and had an error. If you want the error I can change it to track HEAD and collect the actual error. Let me know
Flags: needinfo?(jcrowe)
Reporter | ||
Comment 8•10 years ago
|
||
(In reply to Jason Crowe [:jd] from comment #7) > (In reply to Gordon P. Hemsley [:GPHemsley] from comment #6) > > > nb: SemanticMediawiki can not track the HEAD^ of REL1_23 brnach as it breaks > > > the site. > > > > Can you elaborate as to why? By design, that's not supposed to happen. > > Unfortunately I did not save the error message, however when I set it to > track HEAD the site would not load and had an error. If you want the error I > can change it to track HEAD and collect the actual error. > > Let me know Sure, might as well. It's only dev. :)
Comment 9•10 years ago
|
||
(In reply to Jason Crowe [:jd] from comment #5) > I have upgraded these in dev. We get these from: > https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Semantic* > and the version 2.0 for SemanticMediawiki is not there yet so I have set it > to track the 1.9.x branch. Why the source listed above for SemanticMediaWiki and not this one, which is listed by maintainers as canonical? https://github.com/SemanticMediaWiki/SemanticMediaWiki/releases/tag/2.0 I can't quite tell what's supposed to be at the gerrit.wikimedia.org link since no results are listed.
Assignee | ||
Comment 10•10 years ago
|
||
(In reply to Christie Koehler [:ckoehler] from comment #9) > (In reply to Jason Crowe [:jd] from comment #5) > > I have upgraded these in dev. We get these from: > > https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Semantic* > > and the version 2.0 for SemanticMediawiki is not there yet so I have set it > > to track the 1.9.x branch. > > Why the source listed above for SemanticMediaWiki and not this one, which is > listed by maintainers as canonical? > https://github.com/SemanticMediaWiki/SemanticMediaWiki/releases/tag/2.0 > > I can't quite tell what's supposed to be at the gerrit.wikimedia.org link > since no results are listed. Beats me. I am happy to switch them to something else if you like. As long as it is git based and web accessible. Just give me the URLs you want me to use and I will switch things around.
Reporter | ||
Comment 11•10 years ago
|
||
(In reply to Jason Crowe [:jd] from comment #10) > (In reply to Christie Koehler [:ckoehler] from comment #9) > > (In reply to Jason Crowe [:jd] from comment #5) > > > I have upgraded these in dev. We get these from: > > > https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Semantic* > > > and the version 2.0 for SemanticMediawiki is not there yet so I have set it > > > to track the 1.9.x branch. > > > > Why the source listed above for SemanticMediaWiki and not this one, which is > > listed by maintainers as canonical? > > https://github.com/SemanticMediaWiki/SemanticMediaWiki/releases/tag/2.0 > > > > I can't quite tell what's supposed to be at the gerrit.wikimedia.org link > > since no results are listed. > > Beats me. I am happy to switch them to something else if you like. As long > as it is git based and web accessible. Just give me the URLs you want me to > use and I will switch things around. Indeed, Gerrit is Wikimedia's code review tool. I don't think it is intended to be the canonical repository for anything. This SHOULD be where it's safe to pull from: https://git.wikimedia.org/log/mediawiki%2Fextensions%2FSemanticMediaWiki.git/refs%2Fheads%2FREL1_23 However, it seems SMW has decided to buck the trend and live outside the MediaWiki ecosystem. I think the GitHub link that Christie provided is the latest available. Nevertheless, proceed with caution.
Assignee | ||
Comment 12•10 years ago
|
||
For reference, this query is necessary for this update: ALTER TABLE swl_groups ADD COLUMN group_custom_texts BLOB NULL; As noted here: http://www.mediawiki.org/wiki/Extension:Semantic_Watchlist#Updating_from_version_0.1
Reporter | ||
Comment 13•10 years ago
|
||
FWIW, I just discovered Semantic Bundle, which packages all these related extensions (and more?) together: https://www.mediawiki.org/wiki/Semantic_Bundle Regardless, we should push whatever we can through the pipeline ASAP. If we can't get SMW updated to the latest version, we should file a separate bug for it and follow up later.
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-30] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-30] [stage=2014-11-13]
Assignee | ||
Comment 14•10 years ago
|
||
I pulled it in from the github location. I am hoping to get some time tomorrow to hopefully finish the dev site restructuring and once that works this will follow.
Reporter | ||
Comment 15•10 years ago
|
||
(In reply to Jason Crowe [:jd] from comment #14) > I pulled it in from the github location. I am hoping to get some time > tomorrow to hopefully finish the dev site restructuring and once that works > this will follow. Good to know, especially because I just noticed that roughly half of our (known) security bugs will be fixed by these upgrades.
Updated•10 years ago
|
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-30] [stage=2014-11-13] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-30] [stage=2014-11-20]
Comment 16•10 years ago
|
||
This is pending JDs re-work of deployment configuration. Rescheduling for next week.
Assignee | ||
Comment 17•9 years ago
|
||
This is wrapped up in the new deployment model and is going out as part of that deployment process. Dev is already updated. If all goes well stage will be updated tomorrow with prod to follow in one week.
Reporter | ||
Updated•9 years ago
|
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-30] [stage=2014-11-20] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2015-01-07] [stage=2015-01-07] [prod=2015-01-14]]
Reporter | ||
Updated•9 years ago
|
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2015-01-07] [stage=2015-01-07] [prod=2015-01-14]] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2015-01-08] [stage=2015-01-08] [prod=2015-01-15]]
Reporter | ||
Updated•9 years ago
|
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2015-01-08] [stage=2015-01-08] [prod=2015-01-15]] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2015-01-08] [stage=2015-01-08] [prod=2015-01-15]
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2015-01-08] [stage=2015-01-08] [prod=2015-01-15] → [kanban:https://webops.kanbanize.com/ctrl_board/2/177] [dev=2015-01-08] [stage=2015-01-08] [prod=2015-01-15]
Assignee | ||
Comment 18•9 years ago
|
||
This has been deployed to production.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Updated•9 years ago
|
Target Milestone: 2014-Q4 → 2015-Q1
Reporter | ||
Updated•9 years ago
|
Group: websites-security
You need to log in
before you can comment on or make changes to this bug.
Description
•