Last modified: 2014-11-15 06:08:32 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T64326, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 62326 - Upgrade express / connect or move to something else
Upgrade express / connect or move to something else
Status: PATCH_TO_REVIEW
Product: Parsoid
Classification: Unclassified
General (Other open bugs)
unspecified
All All
: Normal normal
: ---
Assigned To: Arlo Breault
techdebt
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-03-06 16:48 UTC by Gabriel Wicke
Modified: 2014-11-15 06:08 UTC (History)
5 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Gabriel Wicke 2014-03-06 16:48:50 UTC 
We have recently encountered several bugs in the old connect / express version we are using:

* error reporting recursion when setting headers after they are sent -- worked around in ParsoidService

* URL decoding breakage as in http://parsoid-lb.eqiad.wikimedia.org/zhwiki/Alcohol_120%

We should consider upgrading either to a newer express version, or use another similar framework like restify.

Things to consider / ensure:

* form data handling needs to support both urlencoded and multipart/form-data, and should not create temporary files
* need continued support for gzip encoding etc
* would be nice to have consistent JSON-based error reporting built in, but could also be implemented as a logging backend (although that might not handle errors in the framework)
Comment 1 Gabriel Wicke 2014-03-06 17:06:16 UTC 
Rashomon is using restify and busboy, which seems to be working fine.
Comment 2 C. Scott Ananian 2014-11-13 22:27:48 UTC 
http://expressjs.com/2x/ now has a big red banner on it which says, "nown and unknown security and performance issues in 2.x have not been addressed since the last update (29 June, 2012). It is highly recommended to upgrade to Express 3.x or to Express 4.x."

See also bug 73395.
Comment 3 Gerrit Notification Bot 2014-11-15 06:08:29 UTC 
Change 173481 had a related patch set uploaded by Arlolra:
(Bug 62326) WIP: Upgrade express

https://gerrit.wikimedia.org/r/173481
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links