Julian Ladisch has created a few JIRAs for this – he's still working on this.
He also wrote a script to list the affected modules - runs periodically
The edge modules are probably the most critical - 3 of them are affected. The related POs are aware.
Should these fixes be backported to Kiwi?
Prevailing thought is that it should since Kiwi is the latest release and Lotus isn't official yet.
Craig McNally will communicate this recommendation to the Capacity Planning group, and possibly Oleksii Petrenko.
Additional communication will be made once the path forward is clear.
Today:
This conversation has started, but Craig McNally needs to provide them with additional information about FOLIO's exposure/risk here. WIll post an update in slack later today or tomorrow.
5 min
Update on
FOLIO-3317
-
Getting issue details...STATUS
Axel
Axel Dörrer Should be removed from week to week agenda and Axel will monitor for progress and report back
The level of exposure is not clear at this point. Julian Ladisch will look into it and get back to us. This information will feed back into conversations with capacity planning group wrt backporting to kiwi/lotus/etc. Indications are that there will not be a Kiwi HF3, so it may be that this only gets into Lotus HF1 and Morning Glory.
Ryan Berger to bring up the react-hot-loader dependency at stripes architecture - is it possible to move this dependency to a central location?
We're not using react-hotloader anymore. A new approach is used now. See stripes-webpack for details.
If someone tries to use react-hotloader, it winds up being a no-op and a recommendation is shown to use the new approach.
The prevailing thought is to remove this since it doesn't provide any value.
At this point there is no security concern here. This is really just a technical debt issue.
Action items
Julian Ladisch to document the options for restricting tenantId and module names on the wiki (Context:RMB-902
-
Getting issue details...STATUS
/
OKAPI-1081
-
Getting issue details...STATUS)