Contrib.social

Can we switch site from 2.0.0-apha2 to 8.x-1.7?

Open on Drupal.org →
Created on 30 September 2024, 6 months ago

If a site is using 2.0.0-alpha2 is it possible to switch to the 8.x-1.7 branch which is the recommended release?

Anyone know or tried it? Should it be ok?

Andy

💬 Support request
Status

Active

Version

2.0

Component

Documentation

Created by

🇬🇧United Kingdom arcaic Milton Keynes

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @arcaic
  • Comment 5 months ago
    🇺🇸United States cmlara

    Doing so is not formally tested, however to my knowledge there were no update hooks in in 2.0.0-alpha2 that are not in 8.x-1.x to cause concerns and the config schema and user data schema are compatible with each other.

    I would of course suggest you validate in a dev lab first to be sure.

    In the dev lab I frequently install 2.x and then checkout 8.x-1.x to test code or work on 8.x-1.x features and have not hit significant failures (other than Drupal container refresh for services missing) however when I do so I often am not exercising 100% of the code at any time or hitting all edge cases.

    While not asked adding the following for additional context for dev branch users:
    Switching from 2.x dev branch would be more complex as we have made a number of additional update hooks since Alpha2, some that have not been (and will not be) back-ported. The two branches have begun to diverge significantly and direct data compatibility is less likely to be maintained going forward.

  • Comment 5 months ago
    🇮🇳India bhanu951

    If a site is using 2.0.0-alpha2 is it possible to switch to the 8.x-1.7 branch which is the recommended release?

    I tried this earlier and this broke functionality to skip TFA for administrators.

  • Comment 5 months ago
    🇺🇸United States cmlara

    I tried this earlier and this broke functionality to skip TFA for administrators

    8.x-1.1 by default disabled admin ability to skip TFA . It needs to be enabled in settings manually (reset_pass_skip_enable). This setting does not exist in 2.x. UI or schema. That was SA-CONTRB-2023-030 which 2.0.0-alpha2 is known vulnerable to

    That could be the cause of your experience.

  • Comment 8 days ago
    🇦🇺Australia acbramley

    I've just tested this on an existing project, downgrading from 2.0.0-alpha4 to 1.10.0.

    Everything worked as expected, the only gotcha is to make sure you run
    composer require drupal/tfa:^1.10 -W

    Without the -W (--with-all-dependencies) flag, the paragonie/constant_time_encoding library was removed because it kept me on christian-riesen/otp 2.3.0. On 2.x the paragonie/constant_time_encoding dependency comes from spomky-labs/otphp instead.

    TFA 1.x should probably explicitly require paragonie/constant_time_encoding to avoid this situation given it's a hard dependency for the TfaTotpValidation plugin.

  • Comment 8 days ago
    🇺🇸United States cmlara
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024