Closed Bug 778945 Opened 13 years ago Closed 13 years ago

upgrade django to fix security issues

Categories

(Input :: General, defect)

Product:
Input
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: willkg, Unassigned)

Details

https://bugzilla.mozilla.org/show_bug.cgi?id=777976 https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/ The current input.mozilla.org is using Django 1.2 (assuming I'm reading this correctly). According to James, that's affected by the list of security issues announced today however they're not doing a 1.2 update. So we're caught in this weirdo state where we either: 1. ignore it until we push out the new input (2-3 months from now) 2. backport patches for Django 1.2 (I think James implied he would help with this if needed) and apply to existing site now
James: I'm inclined to grumble and go with option 2. Any preferences?
Talked to Luke. MDN is just going to upgrade to 1.3 or 1.4 and not deal with 1.2. Talked to James. He correctly points out that the patches are attached to bug 777976 and the blog post and that backporting to 1.2 should be pretty straight forward. I'll start working on that tonight unless someone says that's a terrible idea and offers a better alternative.
Summary: upgrade django → upgrade django to fix security issues
Scratch that... input-lib has 1.3.1. It's only the WAY OUTDATED requirements file that mentions 1.2. So, this is straight-forward. I'll just upgrade to 1.3.2.
Fixed in input-lib in 6e3a9bf627d22ee93de62b9fa2b75e3afa4e1b21.
Theoretically, we pushed this to production in https://bugzilla.mozilla.org/show_bug.cgi?id=778989 . Bunch of problems with schematic, though. So I ended up commenting those lines out of scripts/update_prod.sh . That should get looked at if we have to do another input.mozilla.org push. Marking this as FIXED.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
These bugs are all resolved, so I'm removing the security flag from them.
Group: websites-security
You need to log in before you can comment on or make changes to this bug.