• Went to download CFDB to install on a new WordPress site, but WordPress says the plugin does not exist. I can’t find any way to download it from the website.

Viewing 15 replies - 1 through 15 (of 24 total)
  • Plugin Author Michael Simpson

    (@msimpson)

    Thread Starter trec-r

    (@trec-r)

    Thanks for the help. Why has it been removed from wordpress.org?

    @msimpson Please try to get the plugin re-listed at repository, would have to remove it from many customer sites otherwise. Getting notified about updates from github and manually update plugin is not an option for me and many others.

    Your plugin is well known and well respected, don’t hide it from its biggest userbase, only because of some unfortunate communication.

    Thanks for the great plugin and for (re)considering importance of things in life.

    @msimpson Do you need help getting the fix done so you can get relisted? I’d be happy to help. Send me an email Josh@CalderaWP.com or Shelob9 on WordPress.org Slack

    Thanks guys! Was nearly devastated to see it disappear too! Great Plugin Michael. Thanks so much for keeping it live.

    @msimpson — the removal of the plugin from the repository is a big concern for me and for my clients’ sites as well. Can you help us understand what’s up? Anything we can do to help?

    I’d also like to mention that having the plugin in the WordPress plugin repository is a requirement for my client work, so while it is great to see development is continuing, and as much as I love Github, it is not a viable alternative to being able to bundle the plugin with my theme installs.

    @msimpson This was a great and standard plugin for me. Why it was removed from WP? Is there anything we can do to help?

    Plugin Author Michael Simpson

    (@msimpson)

    It was removed due to a security concern. That has largely been addressed. There was a valid vulnerability that I fixed within 24 hours. The rest is more theoretical (you would have to be logged in as an administrator to do it…and if you are an admin, you can do whatever you want anyway). But the WP person won’t re-list until I re-code that.

    That code has always been like that way, yet all of a sudden WP yanks the plugin without fully understanding where the safeguards are in the code. I would have preferred that they kept it listed so people get the update that fixes the real vulnerability, then give me some time to change other code to the standard that they want to suddenly impose.

    The WP person has been really condescending to me on all the communications and I got fed up with dealing with that. I want clarification on exactly how they want things coded. You would think that the WP people would take a positive attitude toward helping plugin authors keep their plugins up to standards so they can keep contributing to the community (for free!). Instead I’m treated with contempt. I ask myself why should I bother continuing with this?

    To reassure you, I plan to get it re-listed at some point. But I have to muster the time and energy to deal with people like this. In the meantime, you can find it on GitHub.

    Thank you @msimpson for this plugin, if I had any clue how I would use GitHub. I do hope you will reconsider getting it listed with wp again. Many thanks

    • This reply was modified 7 years, 10 months ago by HopeWes.
    Plugin Author Michael Simpson

    (@msimpson)

    You can just download it form GitHub then upload it from your plugins page.

    @msimpson

    What you are saying here is not entirely accurate. The first attempt you made to fix this, with the release of version 2.10.29, did not fully resolve the originally reported vulnerability. We contacted you the day after you released it to inform you of the remaining issues and we also left a message on the thread about the vulnerability mentioning that we had contacted you several days afterwards. So if the plugin had been left up at that point, people would have been updating to a version that didn’t actually resolve that vulnerability and others could have been installing a plugin that was known to be insecure at that point.

    We agree with you that review process done by WordPress before a plugin can return to the Plugin Directory needs improvement, as it can cause delays in getting fixed versions out, while at the same allowing plugins with vulnerabilities that have not actually been fixed to return.

    Plugin Author Michael Simpson

    (@msimpson)

    @pluginvulnerabilities I don’t object the process so much to as to the unprofessional way your person communicates to me in email. Can you assign someone more professional to my case that I can actually work with?

    Thread Starter trec-r

    (@trec-r)

    @pluginvulnerabilities I do object to how the process works. If a plugin has an issue, don’t delist it. When I see a plugin is delisted I have no idea what happened to it. It would be much better if it was still listed by also flagged. Flags could include Not Maintained, Vulnerability, along with other statuses. The end users need to know is or isn’t happening with the plugins they depend on.

    @msimpson

    We are not part of WordPress, so it isn’t our person and we can’t do anything about what they do. Our only involvement is frequently being the ones that notify them of security vulnerabilities in plugins.

Viewing 15 replies - 1 through 15 (of 24 total)
  • The topic ‘Is CFDB gone?’ is closed to new replies.