Why the 2.0.0 was unpolished

  • Plugin Author malaiac

    (@malaiac)


    1 year, 12 months ago

    Short version : rushed version 2, full security scan, but missing a few users tests. Keep up with me and good things are coming ??

    I’ll keep it short. Nah, didn’t work

    The plugin was flagged in September for a potential remote security risk : nothing that could damage your WP installation, but there was a way to reveal third party information if you knew where to look.
    This issue was disclosed only to me as the developer, and I fixed the issue 2 days after.
    However, I did not bump the version, so any installed version of the script stayed the same for a few weeks (with the same potential security issue that was there for years but was never – to the best of knowledge – exploited)
    That was a mistake on my part.
    For the context, I lost two close members of my family in October, which greatly reduced my availability and probably explains a little why I was out of sync.

    Then I bumped the version to push the updates on all installations. But it was a little too late for the Automattic Plugins team who suspended the plugin for a few days.
    Due to the high exposure of WP plugins any suspended plugin needs to go through a full security scan before being published again.
    Now, I’m not sure this full security scan process is meant to be harsh to developers but it sure is tedious. There were a few days where I would fix all disclosed warnings (as full scans flags everything, even things that would never pose a problem in real life – or if they could, you’d have bigger problems like “if someone access admin status, he can do this and that with that security warning in your plugin – yes but if someone gain non legit admin status, you have bigger problems than those warnings”)… but then the replies were “oh yes there is also this one and that one”.

    Eventually, while dealing with those emails between paying bills for family vault and moving 50 cubic meters of furniture and stuff between family homes, I decided to dump the v1.7.x and go straight to the v2, which was in preparation the last few months. This version is more modern, uses an updated version of my framework for plugins, and was actually easier to push through the full security scan.
    However, as it was decided to publish a little earlier than planned, at a time when I have limited ressources, I did validate the security side of things with the Automattic Plugins team, but I skipped a few users tests. And that’s why you got the 2.0 then the 2.0.1 then the 2.0.2 then the 2.0.3 and finally the v2.0.4 that should work better.

    On the plus side of things, the refactored version of the plugin is meant to be safer, faster, easier to use with different multi lingual solutions. And the extended/premium version will be easier to maintain : for those of you who need meta fields translations, woocommerce products translation, etc., the updated premium version will be published on my website early 2023

    • This topic was modified 1 year, 12 months ago by malaiac.
Viewing 1 replies (of 1 total)

  • Hi, @malaiac

    Thanks for the effort.
    Finally only 2.0.2 (whit Polylang) is working here with some small bugs that force to refresh before translating after saving the draft (before it happened with 1.7.x).
    If at any time you want and need me to test future versions before releasing them don’t doubt to contact me.
    I wish you the best.

    • This reply was modified 1 year, 12 months ago by jrmora.
Viewing 1 replies (of 1 total)
  • The topic ‘Why the 2.0.0 was unpolished’ is closed to new replies.