/
2022-03-24 Meeting notes

2022-03-24 Meeting notes

Owned by Axel Dörrer
Last updated: Jul 07, 2022 by Craig McNally

Date

Attendees

Discussion items

TimeItemWhoNotes
5 minChris Rutledge Onboarding

Craig

Where does this stand?

  • email distro list updated? Done
  • added to the slack channel?  Done
  • member list updated on wiki?  Done
  • Jira access updated? Done
  • anything else?
  • Craig McNally  to look about adding Chris to the Github groups

5 min

Update on FOLIO-3317 - Spike - investigate possible file upload vulnerability Open  

Axel
  • Axel Dörrer Should be removed from week to week agenda and Axel will monitor for progress and report back

Today:

  • MDEXP-487 has been verified and moved to an fixed version
  • MODEUS-139 has been moved to the next sprint
5-10 min

RMB-902 - Reject tenant with invalid characters and possibly sanitize Open

OKAPI-1081 - Reject invalid tenant ids Closed

Team

Notes from previous week:

Discussions are ongoing, currently blocked on a decision being made.

  • Document the options on the wiki to facilitate these discussions and the decision making process.
  • By this group?  By the TC?
  • How do we constrain the module names?  If so, where/how?
    • Various restrictions:  Postgres, Hosting infrastructure (Kubernetes/ECS/etc.)
  • What about the tenantId restrictions?
    • Also part of the above discussion/decision.

Today:

  • Further discussion once Julian finalizes the proposal, next week
5-10 min

STCLI-190 - Update dependencies (CVE-2021-3807) Closed

Team

Notes from previous week:

There's a PR that hasn't' moved in a while... What's the status?  How do we move this forward?

Was there another PR against stripes-testing?

Today:

  • Ryan discussed this with Zak and asked him to retest, we'll check back next week

*

Review the Kanban boardTeam

STRIPES-725 - Replace react-hot-loader Closed

John Coburn to touchbase with Michal Kuklis and Zak Burke where this stands


STRWEB-41 - Remove and archive react-githubish-mentions Closed

John Coburn to ask Zak Burke about that



Action items

  • Craig McNally to get Chris Rutledge setup with the various things mentioned above.
  • Julian Ladisch to document the options for restricting tenantId and module names on the wiki (Context: RMB-902 - Reject tenant with invalid characters and possibly sanitize Open / OKAPI-1081 - Reject invalid tenant ids Closed )

Related content