[Vtigercrm-developers] Vtiger 7.0.0 Published
Błażej Pabiszczak
b.pabiszczak at yetiforce.com
Thu May 25 12:10:50 GMT 2017
It's been a while since I last posted so let me chip in.
The fact that Vtiger was about to release a new version was easy to
guess even without any official notice, you just have to observe GIT.
That's why I don't get why you're surprised. The time needed for bug
reporting was also pretty long, so once again I'm surprised why some of
you didn't manage to report them. Waiting with a new version just
because the partners didn't start to adjust their modules is also lame.
For more than 10 years Vtiger has been skipping many critical errors and
hasn't been testing their new versions, not to mention unit tests and
automated tests, so it shouldn't come as a surprise that the new version
is published with many bugs. ODOO does exactly the same thing [1500+
errors] and SuiteCRM [500+ errors, including many critical ones]
whenever they publish a new version [also the ones marked as LTS]
Suggestions that you should migrate to SuiteCRM really make my day - as
if the situation there was any better. Apart from the fact that SuiteCRM
code quality is really poor, is not compatible with standards, has never
gone through any security audit [and even if they have, they didn't
comply with the audit's guidelines], they additionally can't accept any
criticism, especially substantive criticism. Please tell me how can you
publish an LTS version when you got 500 bug reports and many of them are
critical?
Once again I see that someone wants to make a fork... Unfortunately when
you become the producer you have to switch your priorities, first of all
you have to ask yourself if you want to provide your client with a
modern and safe system, or you want to concentrate on the quantity
instead of the quality. Unfortunately most of the systems [I'll only
enumerate the ones i know from the inside] will never be implemented in
any large company:
Vtiger7:
* SensioLabs: 623 Critical 4917 Major 14513 Minor 16996 Info
* Lines of code: 735,594
* Nb of violations: 37049
SuiteCRM:
* SensioLabs: 493 Critical 9872 Major 6212 Minor 13188 Info
* Lines of code: 626,362
* Nb of violations: 29765
CoreBOS:
* SensioLabs: 637 Critical 10301 Major 7608 Minor 16274 Info
* Lines of code: 527,438
* Nb of violations: 34820
YetiForce
* SensioLabs: 510 Major 1287 Minor 1250 Info
* Lines of code: 262,278
* Nb of violations: 3047
How is it possible that coreBOS, that has only been "improving" Vtiger
5.4 for the past 3 years has an error every 15 lines of the code?! How
is it possible that Vtiger has 470.000 more code lines than YetiForce,
but has significantly fewer features? It even came to this that Vtiger,
when introducing changes to the Reports module, started using structural
programming?!? It's unbelievable that you can nowadays write code of
this low quality.
How comes nobody patches the critical security threats in the system?
The Mobile, Webform, and MailManager modules should've been removed 5
years ago, they are so full of holes, and so poorly written that it's a
waste of time explaining all the flaws. Additionally, the system itself
has a ton of bugs, including critical ones, eg. :XSS [in several dozen
places, for example modules\MailManager\views\Relation.php],
SQLInjection [also several dozen places, for example
modules\Settings\Picklist\actions\SaveAjax.php].
You also have to remember about all the errors in the system layer:
* Import is not moved out of webroot,
* ZIP files are not properly parsed, which allows for uploading any
PHP file and executing it,
* Mail attachments stored in app folder are available without
authorization,
* Incorrect HTML parsing,
* No brute force attacks protection,
* You can display users without being logged in,
* No separation between admin panel and user panel,
* Uploading external JS files and sending confidential info about the
system to external servers,
* and so on.
Security is a process, a very expensive one. It took a very long time
for my two best programmers to fix the errors inherited after Vtiger.
The worst, though, is that since you are Vtiger's partners, all you
focus on is selling some pseudo modules for a couple of dollars to small
companies.
---
Z poważaniem / Regards
BŁAŻEJ PABISZCZAK
_Chief Executive Officer_
M: +48.884999123
E: b.pabiszczak at yetiforce.com
W dniu 2017-05-25 09:09, IT-Solutions4You napisał(a):
> Sorry, but SuiteCRM ?
>
> I have chcek demo and this layout is terrible for me and I'm really lost in this system.
>
> Matus
>
> Dňa 24. 5. 2017 o 18:28 Doug napísal(a):
>
>> Hmmm. At this point planning on telling clients either:
>> 1) Now is a good time to Migrate to SuiteCRM
>> 2) 7.0 is actually a Release Candidate
>>
>> Doug
>>
>> S/V Kerberos Corsair 28R #100
>> Welcome to the dark side... We have cookies.
>>
>> On Wed, May 24, 2017 at 12:15 PM, IT-Solutions4You <info at its4you.sk <mailto:info at its4you.sk>> wrote:
>>
>> So, we have all to tell our Clients that there is a new 7.0.0
>> version but don't use it (this version is only joke) and wait for
>> 7.0.1 ? You think is really easy to communicate with clients this way ?
>>
>> Matus.
>>
>> Dňa 24. 5. 2017 o 8:48 Satish Dvnk napísal(a):
>>
>> Hi All,
>>
>> We believe that we had fixed all the blocker issues reported by
>> community. If you feel we slipped any of blockers please bring
>> to our notice so that we can proceed for a patch(7.0.1).
>>
>> Currently we are taking all the feedback from our community and
>> will schedule for 7.0.1
>>
>> *regards,
>> Satish.Dvnk*
>>
>> On Wed, May 24, 2017 at 7:07 AM, Doug
>> <sailsfast at gmail.com
>> <mailto:sailsfast at gmail.com>
>> <mailto:sailsfast at gmail.com
>> <mailto:sailsfast at gmail.com>>> wrote:
>>
>> Unfortunately the Yetti guy is a different problem. I'm moving
>> people to SuiteCRM as it makes sense. Suite is also a
>> sugar derivative
>>
>> On May 23, 2017 8:05 PM, "Tony Sandman"
>> <tonysandman999 at gmail.com
>> <mailto:tonysandman999 at gmail.com>
>> <mailto:tonysandman999 at gmail.com
>> <mailto:tonysandman999 at gmail.com>>> wrote:
>>
>> @lajeesh - you seems to have a very specific sense of
>> humor.... :-)
>>
>> As it was said before by many guys, this seems to be
>> only kind
>> of carrot and marketing
>> thing. Funny thing actually, but also scary,
>> I wish collaboration model with yetiforce will be
>> fairly set, so
>> we at least have a base to move over it.
>> But even there is not easy...
>>
>> On Wed, May 24, 2017 at 4:21 AM, Manuel
>> <ptdesigner at gmail.com
>> <mailto:ptdesigner at gmail.com>
>> <mailto:ptdesigner at gmail.com
>> <mailto:ptdesigner at gmail.com>>> wrote:
>>>
>>> I can tell you one,
>>>
>>> A non admin user can mess with all system if goes
>> into Module
>> Mobile.
>>>
>>> More detailed explanation is not possible due to the
>> fact
>> that some systems are going live and will be vulnerable.
>>>
>>>
>>>
>>> Best Regards.
>>>
>>> Manuel
>>>
>>> No dia 23/05/2017, às 17:40, Conrado Maggi
>> <comaggi at gmail.com
>> <mailto:comaggi at gmail.com>
>> <mailto:comaggi at gmail.com
>> <mailto:comaggi at gmail.com>>> escreveu:
>>>
>>> Just curious, which are the blockers?
>>>
>>> About missing features, vt7 is vtiger 6.5 with a
>> nicer theme
>> I don't think you will find more features in 6 than 7.
>> But maybe
>> I am wrong
>>>
>>>
>>>
>>> El El mar, 23 may 2017 a las 18:34, Doug
>> <sailsfast at gmail.com
>> <mailto:sailsfast at gmail.com>
>> <mailto:sailsfast at gmail.com
>> <mailto:sailsfast at gmail.com>>>
>> escribió:
>>>>
>>>> There is a difference between a release with bugs
>> and one
>> with blockers, basic functionality not working, etc.
>>>>
>>>> On May 23, 2017 12:27 PM, "Conrado Maggi"
>> <comaggi at gmail.com
>> <mailto:comaggi at gmail.com>
>> <mailto:comaggi at gmail.com
>> <mailto:comaggi at gmail.com>>> wrote:
>>>>>
>>>>> I agree with a Chris, no release ever is bug free.
>> I agree
>> that now that is out there the bug reporting and
>> fixing will
>> move faster
>>>>>
>>>>> About that iOS bug I submitted a merge request and
>> it's fix
>> in the released version. Same thing with modules
>> updates that
>> was broken
>>>>>
>>>>>
>>>>> Conrado
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> El El mar, 23 may 2017 a las 17:12, Chris Thompson
>> <cthompson at moderas.org
>> <mailto:cthompson at moderas.org>
>> <mailto:cthompson at moderas.org
>> <mailto:cthompson at moderas.org>>>
>> escribió:
>>>>>>
>>>>>> I'm torn. If you wait for all the bugs to be
>> fixed we may
>> never see a
>>>>>> release. I'm hopeful the release will shine a
>> light on
>> the things that need
>>>>>> to be resolved and as we all are looking at
>> adoption we
>> may uncover even
>>>>>> more. In a perfect world all bugs would be
>> eliminated but
>> I have to be
>>>>>> honest, I don't recall a bug free release of any
>> product
>> ever. Now in
>>>>>> fairness this sounds a bit buggier than most are
>> comfortable with, I mean I
>>>>>> heard the other day it doesn't work on iOS
>> platforms and
>> that's pretty maj.
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From:
>> vtigercrm-developers-bounces at lists.vtigercrm.com
>> <mailto:vtigercrm-developers-bounces at lists.vtigercrm.com>
>> <mailto:vtigercrm-developers-bounces at lists.vtigercrm.com
>> <mailto:vtigercrm-developers-bounces at lists.vtigercrm.com>>
>>>>>>
>> [mailto:vtigercrm-developers-bounces at lists.vtigercrm.com
>> <mailto:vtigercrm-developers-bounces at lists.vtigercrm.com>
>> <mailto:vtigercrm-developers-bounces at lists.vtigercrm.com
>> <mailto:vtigercrm-developers-bounces at lists.vtigercrm.com>>]
>> On Behalf Of Alan
>>>>>> Lord
>>>>>> Sent: Tuesday, May 23, 2017 10:40 AM
>>>>>> To:
>> vtigercrm-developers at lists.vtigercrm.com
>> <mailto:vtigercrm-developers at lists.vtigercrm.com>
>> <mailto:vtigercrm-developers at lists.vtigercrm.com
>> <mailto:vtigercrm-developers at lists.vtigercrm.com>>
>>>>>> Subject: Re: [Vtigercrm-developers] Vtiger 7.0.0
>> Published
>>>>>>
>>>>>> It isn't ready.
>>>>>>
>>>>>> Why release it with so many open bugs?
>>>>>>
>>>>>> Al
>>>>>>
>>>>>> On 23/05/17 15:26, Satish Dvnk wrote:
>>>>>>> Hi Developers,
>>>>>>>
>>>>>>> With the help of your contributions we moved
>> ahead. Now
>> we are happy
>>>>>>> to announce that we have published Vtiger Open
>> Source
>> 7.0.0 in
>>>>>>> sourceforge.net <http://sourceforge.net>
>> <http://sourceforge.net>
>> <https://sourceforge.net/projects/vtigercrm/
>> <https://sourceforge.net/projects/vtigercrm/>
>> <https://sourceforge.net/projects/vtigercrm/
>> <https://sourceforge.net/projects/vtigercrm/>>> and
>>>>>>> vtiger.com <http://vtiger.com> <http://vtiger.com>
>>>>>>>
>> <https://www.vtiger.com/open-source-crm/download-open-source/
>> <https://www.vtiger.com/open-source-crm/download-open-source/>
>> <https://www.vtiger.com/open-source-crm/download-open-source/
>> <https://www.vtiger.com/open-source-crm/download-open-source/>>>
>> website.
>>>>>>> We are pleased with your efforts and happy to
>> share the
>> news in our
>>>>>>> developer forum.
>>>>>>>
>>>>>>> Please review and update your extension for our V7.
>>>>>>>
>>>>>>> *regards,
>>>>>>> Satish.Dvnk*
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> http://www.vtiger.com/
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> http://www.vtiger.com/
>>>>>>
>>>>>> _______________________________________________
>>>>>> http://www.vtiger.com/
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> http://www.vtiger.com/
>>>>
>>>> _______________________________________________
>>>> http://www.vtiger.com/
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>>
>>>
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>
>> _______________________________________________
>> http://www.vtiger.com/
>>
>> _______________________________________________
>> http://www.vtiger.com/
>>
>> _______________________________________________
>> http://www.vtiger.com/
>>
>> _______________________________________________
>> http://www.vtiger.com/
>>
>> _______________________________________________
>> http://www.vtiger.com/
>
> _______________________________________________
> http://www.vtiger.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20170525/3b9ebcd6/attachment-0001.html>
More information about the vtigercrm-developers
mailing list