Hi,
This thread is already a 7 month "discussion", actually a vote. But I don't remember another about this point (not releasing the plugins). So I reuse
it, with a security perspective.
The last CVEs we had are possible because of ecommerce. A bunch of others were
related to Solr, etc.
I believe we would have much secure OFBiz releases if indeed we did not include
the more fragile plugins.
On the other hand when we fix these plugins vulnerabilities we also secure
their usage by our users.
But for ecommerce the problem is you can create an user without being signed on. Because it's about open ecommerce. We can't seriously change that,
can we?
Also I wonder how much people are using all the plugins. For some of them I
guess not much.
So what do you thing about Jacopo's proposition?
Jacques
Le 02/11/2023 à 11:18, Jacopo Cappellato a écrit :
Yes, the plugins are included in all the releases of 18.12; for newer
release branches we can definitely revisit this decision (in fact I
think it would be nice to have framework only distributions).
