Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-12390

Released packages MUST NOT contain vendor tests or other non-library code

    Details

    • Type: Task
    • Status: Unverified Fix
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 3.1.0-b2
    • Fix Version/s: 3.1.0-b3
    • Component/s: None
    • Labels:
      None

      Description

      ... as including these may (probably will) lead to security issues such as arbitrary code execution.

        Issue Links

          Activity

          Hide
          bantu Andreas Fischer added a comment -

          The build.xml file should take care of deleting any unnecessary files before generating packages.
          The composer.json should have a note pointing to build.xml.
          The release todo list should contain a point for double checking this.

          Show
          bantu Andreas Fischer added a comment - The build.xml file should take care of deleting any unnecessary files before generating packages. The composer.json should have a note pointing to build.xml. The release todo list should contain a point for double checking this.

            People

            • Assignee:
              nickvergessen Joas Schilling
              Reporter:
              bantu Andreas Fischer
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development