Skip to content

12 13 2021 Tech Team Report

Jump to bottom
qqmyers edited this page Dec 13, 2021 · 1 revision

12-13-2021

Logged Tasks

                            Date             Task Hours (Main) Hours (EOLS) Hours (PII)
6-Dec-2021 Check analytics on prod after #8020, report, start comparing QDR and IQSS to create PR for accessibility 6
7-Dec-2021 Merge ~5.9 again, continue creating commits to transfer accessibility changes to IQSS & sync QDR with changes, monitor S3 outage 5
8-Dec-2021 Investigate Drupal sec notices, update webforms on dev/stage, investigate change needed to deploy to older DV, continue accessibility PR 2
10-Dec-2021 ~Finish acc. PR transfer, start setting up testing, fix stage form alias, deploy sec. fixes to prod, deploy 9.3.0 to dev, investigate/remove nice_menus module, fix acc. Styling, final DV v5.9 merge, fix tests, minor bugfixes in menu logic, pub year->date from comparison, rename/update v5.8 branch for stage, deploy solr fix for CVE-2021-44228 6
11-Dec-2021 Investigate CVE, test & verify 1

#Dataverse

  • Merged v5.9, created v5.9 branch for deployment
  • Transferred accessibility fixes to community version
  • Copied minor fixes back from community version (found comparing code for accessibility)

#Drupal

  • Updated webforms security fix
  • Adapted css for footer changes from Dataverse
  • Investigated modules that are no longer maintained, removed nice-menus after not seeing any evidence that it is used.
  • Updated to core 9.3.0 on dev

#Operations

  • Deployed Drupal security fix to dev/stage for testing and then to prod
    • required a manual roll-back in the footer class to avoid having to deploy Dataverse at the same time (since I've only been maintaining a single Drupal branch - could create another branch as I do for Dataverse if this happens often.)
  • Updated google analytics file on dev/stage/prod to restore download kebab button tracking
  • Monitored AWS S3 slow-down/outage
  • Helped investigated log4j vulnerability (with support from GDCC), tested on QDR to confirm Dataverse/solr would call ldap with malicious queries, verified fix, deployed to all machines

Discussion

  • Accessibility Notes:
    • Improved the handling of the footer as part of merging/adapting for community version
  • Google analytics issue - single file downloads from the file table/kebab menu weren't getting recorded. The bug is ~2 years old and was accidentally introduced by IQSS as part of a fix for an earlier issue with tracking those downloads. Other buttons and download mechanisms, i.e. downloading all files or sets of selected files, etc. were not affected.
  • Drupal modules out of maintenance. Three of the modules that we were using, which were among those I had to add patches to to be D9 compatible, are now officially unmaintained. The only real change is that we now get warnings for those modules. It may be worth doing a little more work to suppress the warnings (e.g. changing the module names so they don't trigger checks at Drupal's website), but otherwise I don't think there's any other action to take.
    • nice-menus - as far as I can tell, we don't use this. I did more checking through our menus and blocks than I did when we upgraded to D9 and I don't see any content/code referencing them. So - I've removed the module on dev/stage. If you see any menu changes, let me know.
    • search-exclude-nid - this is a simple module that excludes hits from any nodes on the list when queries are made. This module is very simple, so my sense it is probably straight-forward to maintain it ourselves (aside from the usual module packaging, it works by adding ~where node id not in <list> to all queries, so not much to go wrong). There are other modules that handle search exclusion but they are more full-featured and I'm not sure that keeping up with their changes would make sense unless we need more than excluding a few nodes.
    • shibboleth - this is a big module, but we've maintained our own version for a while (SSO modifications and then updates to Drupal8/9), so the lack of updates at Drupal is not a big change. (FWIW - there are a few thousand sites using the module, but all but 20-30 are 2+ revs back at D7 or earlier.) We actually have updates that would help the community, but I'd have to remove our SSO changes and I don't think it's worth it unless/until other entities are ready to contribute to maintaining something at Drupal.

Plans

  • Dataverse
    • still want to investigate the guestbook responses re version info not being included.
    • need to test accessibility fixes/add a few color changes for the default community theme, and then submit issues/PRs for IQSS.
    • update to final v5.9 when testing is done
    • PR for ORCID improvement
  • Anno-Rep work
    • Help with deployment to dev
  • TBD: FRDR Security
  • Other tasks as discussed in strategic planning
Clone this wiki locally