Actions

Difference between revisions of "Developer Area/Plugins/Third party"

From Mahara Wiki

< Developer Area‎ | Plugins
m
Line 37: Line 37:
 
|-
 
|-
 
| style="font-weight:bold;" |ADODB
 
| style="font-weight:bold;" |ADODB
|^5.21.1<br />
 
 
|5.22.0
 
|5.22.0
|Yes 🚧
+
|5.22.0
 +
|Done✅
 
|Yes 8.1
 
|Yes 8.1
 
| style="color:#333;" |Security - 5.21.4<br />- pgsql: authentication bypass in connect <br />functions (CVE-2021-3850)
 
| style="color:#333;" |Security - 5.21.4<br />- pgsql: authentication bypass in connect <br />functions (CVE-2021-3850)
Line 271: Line 271:
 
|-
 
|-
 
| style="font-weight:bold;" |jQuery UI
 
| style="font-weight:bold;" |jQuery UI
|=1.12.1
 
 
|1.13.1
 
|1.13.1
|Yes 🚧
+
|1.13.1
 +
|Done✅
 
|n/a
 
|n/a
 
|In maintenance state<br />Only security and compatibility fixes
 
|In maintenance state<br />Only security and compatibility fixes
Line 297: Line 297:
 
|-
 
|-
 
| style="font-weight:bold;" |JS Color
 
| style="font-weight:bold;" |JS Color
|^2.4.5
 
 
|2.4.7
 
|2.4.7
|Yes 🚧
+
|2.4.7
 +
|Done✅
 
|n/a
 
|n/a
 
|None
 
|None
Line 375: Line 375:
 
|-
 
|-
 
| style="font-weight:bold;" |TinyMCE<br />Mathslate
 
| style="font-weight:bold;" |TinyMCE<br />Mathslate
|=1.1
 
 
|1.1
 
|1.1
|
+
|1.1
 +
|Done✅
 
|n/a
 
|n/a
 
|None
 
|None
Line 583: Line 583:
 
|-
 
|-
 
| style="font-weight:bold;" |TinyMCE
 
| style="font-weight:bold;" |TinyMCE
|^5.8.2
 
 
|5.10.2
 
|5.10.2
|Yes 🚧
+
|5.10.2
 +
|Done✅
 
|n/a
 
|n/a
 
|Major security patch - XSS
 
|Major security patch - XSS

Revision as of 10:32, 10 March 2022

A list of the third party plugins within Mahara.

A helpful way to update this list is to go:

 find ./htdocs -type f -iname "README.Mahara" -exec grep 'Version' -B1 {} \; -print

on the current codebase.

Note: another thing to keep in sync is the country names we use for 'Country' dropdowns. To check what the current state of play is

 perl -MLocale::Country -le 'print join("\n", sort map { country2code($_) . " => " . country2code($_, LOCALE_CODE_ALPHA_3) . ", // " . $_ } all_country_names())'

and check the results against htdocs/lib/country.php and htdocs/lang/en.utf8/mahara.php files For any confusion you can also check against https://www.iso.org

Legend

  • PHP8 = is the latest version of this plugin compatible with PHP8?
  • Upgrades = what upgrades are available for this plugin?
  • Security = is there a new security patch available?
  • 22.04 column: Yes = will need to be updated for this version
  • SemVer Info - explaining the symbols in the Mahara version column
  • Inactive: Maintained but not actively making releases
  • Deprecated: All maintainers have left and site may not exist in extreme cases.
  • 🚧: In progress/there is a working patch in gerrit
Name Mahara
version
Latest
version
22.04 PHP8 Upgrades Support Security Notes README.Mahara
(./htdocs/...)
URL License
ADODB 5.22.0 5.22.0 Done✅ Yes 8.1 Security - 5.21.4
- pgsql: authentication bypass in connect
functions (CVE-2021-3850)
End 5.20.20 Yes News: https://twitter.com/ADOdb_announce first.
Wishlist: extract our $SESSION
php 8.0 ready.
.../lib/adodb/ - https://adodb.org/dokuwiki/doku.php
- https://github.com/ADOdb/ADOdb
BSD 3-Clause
LGPL
Bootstrap ~4.6.0 5.1.3 n/a Major e.g. 5.1.2 Updated JS Sanitizer to add
sms in the SAFE_URL_PATTERN
Ends 4.x (LTS)
- 01 Nov 2022
.../lib/bootstrap/assets/javascripts/
- https://getbootstrap.com/
- https://github.com/twbs/release
MIT License
Bootstrap
Datetimepicker
=4.17.47 4.17.49

n/a Has pivoted to no longer require Bootstrap
v6.0.0-beta2https://github.com/Eonasdan/tempus-dominus
v4 not maintained
v5/6 active
v4 runs using bootstrap and moment.js .../js/bootstrap-datetimepicker/ https://getdatepicker.com/
https://github.com/tempusdominus/
bootstrap-4
MIT License
Chart.js 3.7.1 3.7.1 Done✅ n/a .../js/chartjs/ http://www.chartjs.org MIT License
Clipboard js ^2.0.8 2.0.10 Yes 🚧 n/a Patch fix Active .../js/clipboard/ https://clipboardjs.com/ MIT License
Cookie
consent
=3.1.1 4.0 n/a None New updates are
proprietary.
Site talks about versions 2021.6 and 2021.2.3
which are not available on GitHub.
💡Check if we should keep using this - licences.
.../js/cookieconsent/ - https://www.osano.com/cookieconsent
- https://github.com/osano/cookieconsent
MIT License
CSS Tidy ~1.7.3 2.0.1 Yes 🚧 Yes 2.0.1 released 22 Feb 2022
PHP8 compatible
.../lib/csstidy/ https://github.com/Cerdic/CSSTidy LGPL
Dragon-drop ^3.2.1 3.2.1 n/a None
Pre-release minor
changelog not available.
Active 3.6.1 in the making but in pre-release stages. ..../js/dragondrop/ https://github.com/schne324/dragon-drop MIT License
Datatables ^1.10.20 1.11.4 Yes 🚧 n/a Patch fix Active
.../js/DataTables/ https://datatables.net/
https://datatables.net/download/index
MIT License
Dropzone ^5.7.6 5.9.3 Yes 🚧 n/a Minor Active 6.0.0 in beta .../js/dropzone/ https://github.com/dropzone/dropzone/releases MIT License
Dwoo =1.3.7 1.3.7 No Replace Deprecated
.../lib/dwoo/ http://dwoo.org/
https://github.com/dwoo-project/dwoo
LGPL
Elastic Search >6.1.0 7.17.0 No WIP - Gold Active
PHP 8 has a milestone. .../lib/elasticsearch/ https://github.com/elastic/elasticsearch-php Apache v2.0
LGPL v2.1
fancybox3 3.5.7 4.0.26 n/a Removed from Mahara 11/2021 Inactive
- v3 deprecated
- v4 in beta stage
Only exists in branch versions 20.10, 21.04, 21.10
Only backport security fixes
.../js/fancybox/ https://github.com/fancyapps/ui - in BETA stage
https://fancyapps.com/docs/ui/installation
https://fancyapps.com/next/
Notifications: https://twitter.com/thefancyapps
CC BY-SA 4.0
gridstack >0.6.4 5.0.0 n/a WIP - Robert
Active https://gridstackjs.com .../js/gridstack/ https://github.com/gridstack/gridstack.js MIT License
HTML Purifier =4.13.0 4.14.0 Yes🚧 Yes None 4.14 includes PHP8 support https://github.com/ezyang/htmlpurifier/ .../lib/htmlpurifier/ http://www.htmlpurifier.org/ LGPL v2.1+
Javascript
templates
=3.19.0 3.20.0 Yes 🚧 n/a None Inactive, 2020 .../js/javascript-templates/ https://github.com/blueimp/
JavaScript-Templates
MIT License
jQuery ^3.6.0 3.6.0 n/a Minor Active https://blog.jquery.com/2021/03/02/
jquery-3-6-0-released/
News: - QA: https://forum.jquery.com/
Twitter: https://twitter.com/jquery
.../js/jquery/ http://jquery.com/
https://github.com/jquery/jquery
MIT License
jQuery mobile =1.5.0-alpha.1 1.5.0-rc1 n/a None Inactive, 2017 https://blog.jquerymobile.com
- lack of resources but wish to maintain.
❗Find out if we are still using this.
.../js/jquery/jquery-mobile/ http://jquerymobile.com MIT License
jQuery UI 1.13.1 1.13.1 Done✅ n/a In maintenance state
Only security and compatibility fixes
https://blog.jqueryui.com/2022/01/jquery-ui-1-13-1-released/ .../js/jquery/jquery-ui/ http://jqueryui.com/ MIT License
jQuery UI plugin
touch-punch
=0.2.3 0.2.3 n/a None Deprecated ❗Do we still need it - is it merged into jquery .../js/jquery/jquery-ui/
jquery-ui-touch-punch.min.js
http://touchpunch.furf.com/
https://github.com/furf/jquery-ui-touch-punch
MIT or GPL
Version 2 licenses
JS Color 2.4.7 2.4.7 Done✅ n/a None Active .../js/jscolor/ http://jscolor.com/ GPL 3
Json editor >=1.3.5 2.6.1 Yes 🚧 n/a Major 2.x Active Leave for for 22.04 .../js/jsoneditor/ https://github.com/json-editor/json-editor MIT License
jTLine =1.0 1.0 n/a None Inactive, 2018 https://twitter.com/naadydev .../js/jTLine/ https://naadydev.github.io/jTLine/ MIT License
Lodash ^4.17.15 4.17.21 n/a Patch fix Active - Lodash was brought in with gridstack v0.5.0
- Will be removed when gridstack 4+ gets merged.
.../js/lodash/ https://github.com/lodash/lodash MIT License
Marked ^2.1.3 4.0.12 Yes 🚧 n/a Minor - v2.1.1, v2.1.2, v2.1.3
Major 3.x - breaking changes
4.0.0 Major security fixes
Active Yes .../js/marked/ https://github.com/markedjs/marked MIT License
Masonry =4.2.2 4.2.2 n/a None Inactive, 2018 .../js/masonry/ https://masonry.desandro.com/
https://github.com/desandro/masonry
MIT License
TinyMCE
Mathslate
1.1 1.1 Done✅ n/a None Forked version, 2015 Our version is now forked to keep
make it work with Tinymce 5
.../js/tinymce/plugins/mathslate/ https://github.com/dthies/tinymce4-mathslate GPL 3
Moment.js ^2.29.1 2.29.1 n/a None Inactive, 2020 Connected with jquery date-picker .../js/momentjs/ http://momentjs.com/ MIT License
Oauth PHP =175 175 No Replace Archived, 2010 We should replace with an oauth2 php library
https://oauth.net/code/php
checkout what Moodle does (old comment)
.../webservice/libs/oauth-php/ https://code.google.com/archive/p/oauth-php/ MIT License
PDFjs ^2.9.359 2.12.313
Yes 🚧 n/a Minor Active .../artefact/file/blocktype/pdf/js/pdfjs/ http://mozilla.github.io/pdf.js/
getting_started/#download
https://github.com/mozilla/pdf.js
Apache License 2
PHPMailer ^6.5.1 6.5.4 Yes Yes Minor 6.5.0 - security release
Minor 6.5.1 - maintenance release
PHP8 support
Active
Yes .../lib/phpmailer/ https://github.com/PHPMailer/PHPMailer LGPL
Popper ^1.16.1 LTS 2.11.2 Yes n/a (Bootstrap 5 supports v2.x)
Major 2.x - breaking 2020 - 2.9.3
(bootstrap4) - Minor 1.16.1, Mar 2020
Popper is now floating-ui, built ontop of popper,
different releases for core/react-native/react-dom
Active v2
LTS 1.16.1
w/o warnings
https://dev.to/fezvrasta/smarter-tooltips-and
-popovers-with-popper-2-44bh
.../lib/popper/ https://popper.js.org/ MIT License
ReCaptcha ^1.2.4 1.2.4 In progress Patch Active This client supports both v2 and v3.
https://github.com/google/recaptcha/tree/php8-support
.../lib/recaptcha/ https://github.com/google/recaptcha BSD-3
simplesamlphp ^1.18.7 1.19.5 Yes Yes 8.1 Active /htdocs/auth/saml/extlib/
- Make a README.Mahara file
PHP 8 coming in v2.x. Sounds like it should work on 1.19.1 though.
../auth/saml/extlib/simplesamlphp/ https://github.com/simplesamlphp/
simplesamlphp
GPL 2.1
Select2 ^4.0.13 4.0.13 n/a Patch Active .../js/select2/ https://select2.org/ MIT License
Aurulent Sans
(font)
^2007.05.04 2007.05.04 n/a None Unknown .../lib/fonts/ http://www.fontsquirrel.com/fonts/
Aurulent-Sans
SIL OFL v1.10
Deja Vu Sans
(font)
^2.37 2.37 n/a Patch Unknown .../lib/fonts/ http://www.fontsquirrel.com/fonts/
DejaVu-Sans
DejaVu Fonts
License v1.00
Open Sans
(font)
^1.10 1.10 n/a None Unknown .../theme/raw/fonts/ https://www.google.com/fonts/
specimen/Open+Sans
Apache License
version 2.0
Roboto Slab
(font)
^1.9 1.100263 n/a Minor Unknown .../theme/raw/fonts/ https://www.google.com/fonts/
specimen/Roboto+Slab
MIT License
Fontawesome ^5.8.1 6.0.0 Yes 🚧 n/a Minor Active https://fontawesome.com/docs/web/setup/upgrade/ .../theme/raw/sass/lib/font-awesome/ http://fontawesome.io
https://github.com/FortAwesome/Font-Awesome
SIL OFL 1.1
Ghostscript
fonts
^8.11 9.54.0 n/a Major Active ❗What do we use it for? .../theme/raw/fonts/ - http://sourceforge.net/projects/gs-fonts/
- https://www.ghostscript.com/releases.html
AGPL
Charis SIL
(fonts)
^5.000 6.001 n/a Major Active .././lib/fonts/ - http://scripts.sil.org/cms/scripts/page.php
?item_id=CharisSIL
- https://software.sil.org/charis/download/
SIL OFL
TinyMCE 5.10.2 5.10.2 Done✅ n/a Major security patch - XSS Active Yes https://www.tiny.cloud/docs/changelog/
📲 Test on mobile when updating
https://www.tiny.cloud/blog/category/
news-and-updates/
.../js/tinymce/ https://www.tiny.cloud/
https://www.tiny.cloud/get-tiny/self-hosted
LGPL 2.1
Video.js 7.17.0 7.17.0 Done✅ n/a Active Pre-released 7.18.1 Feb 2022 .../artefact/file/blocktype/
internalmedia/videojs/
http://videojs.com/
https://github.com/videojs/video.js
Apache License 2.0
zxcvbn =4.4.2 4.4.2 n/a None Inactive, 2017 .../js/zxcvbn/ https://github.com/dropbox/zxcvbn MIT License
composer.json
dependencies
https://git.mahara.org
/mahara/mahara/-/blob/
master/external/composer.json
Check for updates in the .json file.