You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I conducted a small investigation and found the following: in com_finder, the library wamania/php-stemmer is used, which in turn uses the library voku/portable-utf8, which uses the library voku/portable-ascii.
Moreover, wamania/php-stemmer supports only some languages, namely Catalan, Danish, Dutch, English, Finnish, French, German, Italian, Norwegian, Portuguese, Romanian, Russian, Spanish, and Swedish.
Furthermore, the code of the wamania/php-stemmer library has not been updated for 3 years, and aside from dependency corrections, no other changes have been made. Issues requesting language support have also been unaddressed for 2 years.
It's also worth noting that the library that started it all, voku/portable-utf8, has already once led to a release block for Joomla 4.3.
As a result, we find that a feature in one component, that is available to only 14 out of 70 languages supported by Joomla relies on 3 third-party libraries.
I think that such use of third-party libraries is not rational, increasing the load on the security team and the risks of vulnerabilities.
Therefore, I suggest checking the use of libraries in components and reducing their use where possible.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I conducted a small investigation and found the following: in
com_finder, the librarywamania/php-stemmeris used, which in turn uses the libraryvoku/portable-utf8, which uses the libraryvoku/portable-ascii.Moreover,
wamania/php-stemmersupports only some languages, namely Catalan, Danish, Dutch, English, Finnish, French, German, Italian, Norwegian, Portuguese, Romanian, Russian, Spanish, and Swedish.Furthermore, the code of the
wamania/php-stemmerlibrary has not been updated for 3 years, and aside from dependency corrections, no other changes have been made. Issues requesting language support have also been unaddressed for 2 years.It's also worth noting that the library that started it all,
voku/portable-utf8, has already once led to a release block for Joomla 4.3.As a result, we find that a feature in one component, that is available to only 14 out of 70 languages supported by Joomla relies on 3 third-party libraries.
I think that such use of third-party libraries is not rational, increasing the load on the security team and the risks of vulnerabilities.
Therefore, I suggest checking the use of libraries in components and reducing their use where possible.
Beta Was this translation helpful? Give feedback.
All reactions