[Bug 1078718] New: Deleting Zend Framework from Factory
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 Bug ID: 1078718 Summary: Deleting Zend Framework from Factory Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: kbabioch@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- openSUSE:Factory and hence openSUSE:Leap:15.0 still contain very old versions of Zend Framework (1.12.20, php7-ZendFramework). These are no longer maintained upstream since Sep 2016. There are open issues for Zend Framework (see #1017629 #1044027 #1052785) with security implications. It is not even clear whether the old 1.12.x branch is actually affected by the 2.2.x. Is anyone interested in bumping the version to the 3.x branch? Otherwise I would submit a deletion request, since upstream seems to be rather dead anyway (last release in 2016, no active development going on) and there are no dependencies on it. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718
Karol Babioch
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c1
--- Comment #1 from Karol Babioch
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c2
--- Comment #2 from Johannes Weberhofer
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718
Johannes Weberhofer
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c3
--- Comment #3 from Eric Schirra
Karol, I fully support removing the package. It was requested by maintainers of nagvis. Nagvis should migrate to a newer version then we could remove that package. Maintainers are @ecsos and @lrupp.
nagvis is needed for some other applications. Nagios or icingaweb2-module. But i'm not shure if we can remove zendframework. And i have no no change to test it at the moment. Lars, can you do that? Bumping to version 3 was very nice. :-) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c4
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c5
Andreas Stieger
It's need for icingaweb2-module-nagvis
I do not see icingaweb2-module-nagvism in the distribution. Where is it? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c6
--- Comment #6 from Eric Schirra
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c7
Andreas Stieger
participants (1)
-
bugzilla_noreply@novell.com