[Vtigercrm-developers] Roadmap and safety Vtiger & forks
Błażej Pabiszczak
b.pabiszczak at yetiforce.com
Fri May 13 09:55:31 GMT 2016
Every now and then we send information about security errors, not only
to Vtiger, but also to creators of Vtiger modules. In most of the cases,
these changes aren't fixed. I don't understand why security is a taboo
subject, and why nobody considers our comments [maybe we should report
each of these cases publicly? Or maybe we should record a video on how
to break into the OD version?] Any ideas?
The code that is currently added to Vtiger is of low quality, and since
releasing v6.0 nobody has been really dealing with the development as
far as quality and security are considered. Unfortunately, we inherited
a lot of code from Vtiger [it also applies to other forks - CoreBOS, VTE
CRM]. The majority of errors we point out are related to not clearing
the variables, and storing useless old files full of holes. Let's see
what the reaction to this post is, if you ignore it we won't publish
info like that anymore, it's a waste of our time. Take into
consideration that our system doesn't have many of the modules that are
in Vtiger because we wrote them from scratch, so the link below is not a
ready solution, it only points out part of the found errors. Vtiger
Therefore I suggest making a contest - how long does it take for serious
security errors to be fixed, and an update package to be released, after
publishing the errors on this mailing list.
*
https://github.com/YetiForceCompany/YetiForceCRM/commit/4746cda904c88a26cce22194fb76f64d3df9893d
---
Z poważaniem / Regards
BŁAŻEJ PABISZCZAK
_Chief Executive Officer_
M: +48.884999123
E: b.pabiszczak at yetiforce.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20160513/a38a5623/attachment.html>
More information about the vtigercrm-developers
mailing list