Consulta sobre versiones actualizadas de PHP y Elasticsearch

[Gabriel Queijo]

Hola, que tal?

Tuve una reunión con la gente de Sistemas de mi institución para plantearles la instalación de AtoM en su última versión y me dicen que no pueden hacerlo porque el AtoM corre versiones desactualizadas de PHP y Elasticsearch, lo que generaría fallas de seguridad.

Quiero presguntarles si se tiene planificado llevar el software base a la ultima versión más especificamente: 

-    Elasticsearch 5.x (liberada en marzo de 2019) Versiones como la 6.0 y superiores no son soportadas. (Actualmente Elasticsearch va en la versión 8.13 y no funciona en Oracle Linux 8 o superiores.)

-    PHP 7.4 ( liberado en enero de 2019, fue discontinuado en noviembre de 2022 )

https://www.php.net/releases/#7.4.33

El resto de los productos requeridos, se encuentran aún en soporte o no se indica la versión que requiere por lo que se considera que funcionan en la actualidad.

Muchas gracias por su tiempo

[Dan Gillean]

Hola Gabriel, 

Our Maintainers announced in this user forum post our plans for AtoM 2.9, which should address these major dependencies: 

• https://groups.google.com/g/ica-atom-users/c/uShs0qcwpGY/m/RlfFYRGOAgAJ
  

As far as I am aware, this remains the plan for the 2.9 release, though it will still be some time before it is ready for release. The team intends to upgrade: 

• Ubuntu to version 22.04
• PHP to version at least 8.1

Additionally, the older Bootstrap 2.x library will be fully removed in release 2.9, and the new Bootstrap 5-based Dominion theme (currently available in AtoM 2.7 and 2.8 releases) will become the new default theme. This also means that any custom theme plugins built by extending the older Bootstrap 2.x Dominion theme will no longer work - users will need to upgrade their custom theme plugins to use BS5 and extend from the new Dominion BS5 theme.

Finally, there is the issue of Elasticsearch. As you may know, after release 7.0 Elastic changed their license to something that Artefactual does not find compatible with our values around open source, and due to some of the ambiguity included in the licensing path they chose, could harm the AtoM project if included. This has been one of the reasons we have not upgraded in some time. A number of community forks have been created from the base ES 7.0 since, and our Maintainers have also been exploring new alternative open source libraries. I do not know yet what they have decided for the release, but the plan is that 2.9 will likely either replace Elasticsearch, or at minimum upgrade to version 7.0, before the license was changed, as an interim step to future changes. 

As of yet, we do not have a target release date for 2.9, but work has already begun. In the meantime, our team of Maintainers do actively monitor for security vulnerabilities, and we will release 2.8.x patch releases to address any issues found that might compromise security. We also have a defined security reported policy, here: 

• https://github.com/artefactual/atom/blob/qa/2.x/SECURITY.md
  

I hope this helps! 

Cheers, 

Dan Gillean, MAS, MLIS
AtoM Program Manager
Artefactual Systems, Inc.
604-527-2056

@accesstomemory

he / him

--
You received this message because you are subscribed to the Google Groups "AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/a25809b3-d539-4e2e-b28a-af9e73f6d304n%40googlegroups.com.