eZ Community » Blogs » Community Project Board » The Week in Review: Community...

By

The Week in Review: Community Updates, Httpoxy Vulnerability, Extending eZ Studio and More

Friday 22 July 2016 4:11:07 pm

  • Currently 3 out of 5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

This weeks news brings you updates from the eZ Community Board, a recent security vulnerability called Httpoxy, how to extend eZ Studio with new blocks, and of course our regular sections such as Social, Events and Resources.

News

Community Board update

The eZ Community Board gathers every 2 or 3 weeks. In our last meeting we have come to a final solution for eZ Platform with Legacy. Stay tuned at the Community Board blog, as details will be published within a week.

Our next topic of discussion/action, will be our community platform, share.ez.no. With all the (recent) developments around Slack, and the building of a developer hub on ezplatform.com, we will be looking at how and where to improve the overall experience. The board will work closely with product and marketing, to provide the community with a cohesive platform.

A first iteration of a community metrics dashboard has also been implemented. This will provide our community manager, and eZ staff, with a lot of insight to developer community metrics such as Jira, GitHub, Stack Exchange, and hopefully also Slack.

Httpoxy vulnerability hits PHP installs using FastCGI with PHP-FPM, HHVM

Jani Tarvainen - Professional Services Consultant at eZ - provides us with more information on a recent security issue.

“A generic vulnerability in web services using CGI has surfaced. Branded as "httpoxy" the vulnerability is at the HTTP layer level and can be exploited when using libraries that make outbound requests from the server where a request is made.”

This security issues does not affect eZ Platform directly. It can however affect one of our dependencies: GuzzleHttp. Read the security advisory on share.ez.no (account required).

In other news:

Social media

As some of you know, eZ Platform is using the YUI Javascript Library. We have seen the question on Slack, and now Bruno CHIREZ raises the same question on Twitter: why persist with the deprecated YUI library? André Romcke from eZ Engineering replies:

@andrerom: because moving to for instance angular1 2 years ago would have been wrong. Now we have alternatives, & we are evaluating them. favs?

Follow us on Twitter, Facebook, LinkedIn, Google+, or YouTube.

Events

Resources

Extending eZ Studio with new blocks

Last week, we were able to read on how to extend the eZ Platform Dashboard. This week, Piotr Nalepa from eZ Engineering, shares how to extend eZ Studio with new blocks.

“The eZ Studio's Landing Page feature lets you compose powerful, dynamic pages from easily customizable blocks. While a number of useful, universal blocks are provided out-of-the-box, sometimes you might need a new Landing Page block that has not been implemented yet. In this tutorial I explain how to do just that.”

Piotr takes you through a complete example, including Block definition, template, and code. Read the full article on share.ez.no.

Each week, we publish a roundup of highlights from the eZ ecosystem on share.ez.no, which we republish here on the eZ Blog. If you have any news or events to share, please contact me.

(Lead image credit: Jinx, CC)

Proudly Developed with from