Closed Bug 248919 Opened 21 years ago Closed 21 years ago

Not showing newest versions

Categories

(addons.mozilla.org Graveyard :: Public Pages, defect, P1)

Product:
addons.mozilla.org Graveyard
Component:
Public Pages
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: Bugzilla-alanjstrBugs, Assigned: wolf)

References

(
URL
)

Details

(Whiteboard: fixed-development)

Looking at the full extension list, as well as the specific item page and Other Versions page, it is listing the older version. Perhaps the database sort isn't working right. Not sure what we're using right now, but might want to try vID DESC if the version string itself isn't sorting right.
probably related to bug 248625
*** Bug 249228 has been marked as a duplicate of this bug. ***
In case the severity of this bug isn't obvious from he description: the way things are now, people could be installing older versions of extensions that contain security holes and/or do damage to current version of Firefox, Mozilla or Thunderbird. Presumably, most people install extensions from the category pages and these pages do not link to the latest extension versions so this bug could easily be affecting most installs. If an easy fix of this bug is not possible, a stop-gap solution would be to link the latest version from the individual extension pages, and put a warning stating that the version they are on is not the most recent. This warning should probably be big and red and right beside the install link in case the latest version provides a fix to a security exploit. In fact, the above stop-gap should probably be there anyway, in case someone links externally to an older version of an extension.
Yes, I had the same problem with GMailCompose. when 0.5 was the latest, the Misc category showed version 0.2.2. Now 0.5.3 is shown correctly. The other problem with this is the "Most Popular" section which causes users to download old version of extensions (i.e. AIO, IEView, etc.). Like the author above mentions, these versions could have bugs and/or security issues.
Given that this bug has security implications, and doesn't seem to be making much headway, maybe you could provide the source code to update.mozilla for download so extension authors could provide a patch. I suspect quite a number of extensions authors are adept at PHP/MySQL programming, and a few more eyes on the source code could root out other security vulnerabilities.
Blocks: 247638
Removing blockage, since they're not really related.
No longer blocks: 247638
Confirming this for Enigmail extension. Category page reports 0.84.10001 : http://update.mozilla.org/extensions/showlist.php?type=E&application=thunderbird&category=Privacy&numpg=10 Other versions reports latest version is 0.84.2 : http://update.mozilla.org/extensions/moreinfo.php?id=71&vid=121&category=Privacy&page=releases Even worse, 0.85.0 has been ready to upload for a few days now: http://bugzilla.mozilla.org/show_bug.cgi?id=252901 0.85.0 should be available there. This extension's author assures me it's a permission issue at update.mozilla.org.
No, updating enigmail is bug 252901. To prove that we haven't done it yet, you don't see it listed on http://update.mozilla.org/extensions/moreinfo.php?id=71&vid=121&category=Privacy&page=releases
alanjstr: looking at the update.mozilla.org site and several comments in bug reports requesting updates I just noticed it's a manual process. Enigmail latest version has not been uploaded yet, however this bug can still be reproduced. The "Category: Privacy" and "Other vesions" pages of Enigmail still give the wrong information.
In case anyone else is thinking of trying this: The obvious workaround to this problem is to put a little blurb in your description telling people to install the latest version and give that version number. If you are thinking of doing this, don't bother. I tried it an it doesn't work, only 1 in 10 people are installing the latest version of StumbleUpon with the extra blurb, the rest are still installing the older version that is linked from the Directory page. I suspect this is because people just assume that they must be on the latest version already. I think I've mentioned this before, but I'm more than willing to fix this bug if someone sends me the database schema and the relevant php source code. It would be a net time-saver for me, I have to respond to emails every day from people who are confused as to why they don't have the latest version when they just installed today.
Status: NEW → ASSIGNED
OS: Windows XP → All
Priority: -- → P1
Hardware: PC → All
I've got a fix for this working mostly (needs more testing to be sure, but results are good so far for both extensions and themes.) on my development server, so i'm marking that in the status whiteboard. The fix for this bug and several others, with this status will likely land at once. :-)
Whiteboard: fixed-development
This appears to be a problem with biobar as well as pointed out in the recent update. The current version is 1.1 but the version on the update.mozilla.org page still shows version 1.0.
OK, I decided since I had this fix in a seperate "patch" to go ahead and land it. It's up now, I need you guys to give me feedback on if it works right or causes regressions.. any regressions need to be reported here. Marking as fixed.. Will mark as verified once I get some feedback. :-)
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Works for me. Tested with Enigmail extension. However, in a slightly related matter, since the previous Enigmail version was popular in the downloads, it appears listed there and could lead people to download it. Should we open another bug to have *cumulative* downloads determining what extensions are popular ?
Eventually the install routine will check whether it is the latest version or not. I agree that the "popular" causes a problem, and that's a separate bug.
(In reply to comment #14) > Should we open another bug to have *cumulative* downloads > determining what extensions are popular ? No, that bug has already been fixed on my development copy. So opening another bug would be pointless. It's not a seperate issue from this. Just that part of the fix probably got left out. (It'll make it along with the rest of the fixes before 1.0PR) :-)
Does not seem fixed yet. On update.mozilla.org biobar still shows version 1.0 whereas the other versions will show up as 1.1. http://update.mozilla.org/extensions/showlist.php?type=E&application=firefox&category=Search%20Tools&numpg= The problem obviously is that over a 1000 people have downloaded the older version.
Component: Update → Web Site
Product: mozilla.org → Update
Version: other → unspecified
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.