Latest TER Changes parses outdated extensions as insecure

Question

Latest TER Changes parses outdated extensions as insecure

Closed this issue 4 years ago · 1 comments

Due to the latest ter release in 01.08.2020 outdated extensions are getting review_state -2.
We stumbled upon this since we monitor a few older 7.6 instances.
Even the latest caretaker extension itself is now shown as insecure.
Those extensions are now flagged as insecure due to this changes:

https://git-t3o.typo3.org/t3o/ter/-/commit/9e153c5033c165b8c5f3a128cba4f98b510bc587#bed6f0022ede9bd16f1f4e64c908e4aae1ba7640
https://gitlab.typo3.org/t3o/ter/-/blob/develop/extensions/ter_fe2/Classes/Domain/Model/Version.php#L139

I would propose to ignore the outdated version and only trigger if insecure is flagged.
T3O confirmed this behaviour as outdated is only a notice, but no indicator for insecure. If an outdated version gets reported and shows security issues, its flagged again as -1.

Answer 1 · 2020-08-05T10:48:06.000Z

Fixed:

3.0.3 => TYPO3 v9-10
2.1.3 => TYPO3 v8-9
1.1.1 => TYPO3 v7-8
0.8.2 => TYPO3 v6-7
0.6.1 => TYPO3 v4-6