Progress Report - November 2024
Another busy month at Backpack HQ. This month was dominated by a security issue, our Black Friday promo and our work on Backpack v7. Le...
Cristian Tabacitu
Share:
Another busy month at Backpack HQ. This month was dominated by a security issue, our Black Friday promo and our work on Backpack v7. Le...
Another busy month at Backpack HQ. This month was dominated by a security issue, our Black Friday promo and our work on Backpack v7. Let's get into it!
If you're subscribed to our security newsletter (as you should), you already know this. But just in case, here goes:
Vladislav Gladkiy at Positive Technologies has discovered a security vulnerability in Backpack/FileManager. This could allow a malicious actor to execute remote code on your server! Yes, it would involve some social engineering - your admin needs to be involved or tricked, but... you really don't want that to be possible. Please run composer update backpack/filemanager to get the latest version!
Let this be your reminder - you should regularly run composer update for ALL packages, in ALL your projects. While this vulnerability was big enough that it was worth bugging you about it - we also fix many smaller problems, all the time. Not many of them are security-related, since we're blessed with a stable and solid codebase. But some of our dependencies - Laravel, Livewire etc - have also reported and fixed critical security vulnerabilities, in the past 2 months. So please make it a habit to run composer update on your project. Like me, you can use Recurrr to remind the team lead to do that every 3 months. I found that strikes a good balance.
Pedro has been pushing fixes, but not as much as usual. Our code is rock-solid already, so we've started spending more time on the new features in Backpack v7. Here are the more visible stuff this month:
Jorge & Karan have been answering your inquiries a lot easiler this month (thanks to our AI), so they've also delved into issues that have gone unanswered for a long long time.
Our Backpack AI Bot has already become a valuable community member. It's giving answers left and right... and 90% of the time, it's surprisingly helpful. So much so... that our AI has already become No 1 in the community leaderboard. Github Discussions's metrics are deeply flawed... but hey... it makes for a good headline, right? 😅
Notes:
New articles on our blog in November:
If you haven't already, subscribe to our blog article digest to get these articles as soon as they're out. We've active on Twitter too - follow us for a daily dose of Laravel and PHP tips & tricks.
If you're reading this on Sunday or Monday... you still have a change to snap up Backpack for a big discount! Check out the discount codes here. If they're all gone - here's an extra coupon just for you, as a token of appreciation for reading our progress report! Use the HIDDENBPNOV24 for 30% off 😱 Only 20 such discounts available, only this week.
It's a GREAT time to buy Backpack. Not only are you getting it for a discount... you're getting it for a discount at the current price. And as we mentioned in that other article... when we launch Backpack v7, we plan to bump the prices. Of course, as always, your v6 purchase will give you 12 months of updates AND upgrades, so... yeah. It's a particularly good time to buy Backpack.
If you haven't given us a star on Github, please spare 3 seconds and give us one. It could help more people discover our project. We only have around 3000 stars - which is not a lot for a project of our size and history - we never paid attention to this number. So let's fix that - let's get that number where it's supposed to be 💪 Give a star to this repo.
Thanks for using Backpack. We love doing this for you.
Cheers!
Subscribe to our "Article Digest". We'll send you a list of the new articles, every week, month or quarter - your choice.
What do you think about this?
Wondering what our community has been up to?
