Issues to fix as part of next stable release (7.x-1.6)

I just commented in 🐛 create_function is deprecated in PHP 7.2 Fixed - there's a possible / theoretical vulnerability in this current stable release's use of create_function() that could perhaps be used as part of a chained attack.

I filed a private issue about this a long time ago, and it was agreed it could be discussed in public.

The fix for that was committed some time ago, but there's been no release since.

Would the maintainers consider doing another release (perhaps the final one?) in order to get that fix out?

There have not been many changes committed since 7.x-1.5 so it would seem fairly low risk.

On the other hand, do we want to address the issues listed here by @greggles before a new release is made?

I'd advocate for a 7.x-1.6 release to be made ASAP and the todo list here could be considered for a 7.x-1.7 if that ever happens?

I'd be willing to be added as a maintainer to help get the next release done - but would not be able to commit to devoting much time to the project other than pushing out a stable release with the existing changes that have already been committed.

I'm not maintaining this module any more.

#2441965-59: Broken updates due to Classes living in .module files → looks worth getting in so people on very old versions can update to any newer release.
🐛 exception 'DatabaseSchemaObjectExistsException' with message 'Table cache_entity_file already exists.' Postponed: needs info looks simple but not RTBC (although maybe it's fine depending on that test failure).

I would personally leave anything else at this point, at least for a 7.x-1.6. Will give @mcdruid co-maintainer permissions, creating a release will be more than any of the other existing maintainers are doing.

This is really minor, but I noticed that $lamdba is spelled wrong. It should be $lambda. It's misspelled in both places, though, so the code still works.

Also, I agree that the fix should be released. With just a couple minutes looking at the code, I see the problem. I have the patch applied, but I'm sure many sites don't.

https://www.drupal.org/project/entitycache/releases/7.x-1.6-rc1 →

I'll do a full 7.x-1.6 release in a couple of weeks if there are no problems.

https://www.drupal.org/project/entitycache/releases/7.x-1.6 →

Thanks everybody!

Automatically closed - issue fixed for 2 weeks with no activity.