@MichalKleiner In SS3, you simply prefixed the folder with an underscore. I believe the way to do it now is to prefix with a . (edited)

From a security-related thread I saw the other day, it's just a free-text field in the http://ss.org CMS

Cheers. Just found it odd that sometimes "silverstripe/framework" is ref'd explicitly, and at other times not.

Can anyone from SS HQ tell me if it's a reasonable assumption to make that no package-name given in a security advisory, infers "silverstripe/framework"? (Ref: https://www.silverstripe.org/download/security-releases/rss) (edited)

Looking at FriendsOfPHP/security-advisories, the SS advisories are well out of date. I'm wondering why it doesn't look at the official RSS feed instead: https://www.silverstripe.org/download/security-releases/rss

Could you make an issue for that on github? It's a very valid question, I don't have an answer though

👍 (1)

Done: https://github.com/FriendsOfPHP/security-advisories/issues/340 (edited)

Attachments:
phptek

Do you know if SS provide something similar for its own modules? I can imagine the maintainer of this package asking that given that is "supports" a small handful of other SS packages.

I believe this one does part of the job? https://github.com/bringyourownideas/silverstripe-maintenance (edited)

Attachments:
bringyourownideas/silverstripe-maintenance

https://github.com/bringyourownideas/silverstripe-maintenance...

...which uses...

https://github.com/bringyourownideas/silverstripe-composer-security-checker...

...which uses...

https://security.symfony.com/...

...which uses...

https://github.com/FriendsOfPHP/security-advisories...

...which uses...

a bunch of out of date YML files! https://github.com/FriendsOfPHP/security-advisories/tree/master/silverstripe/ (cms|framework|forum|useerforms)

I was meaning an RSS feed or similar. But thinking about it again - SS' RSS feed is exactly that. It carries information about non framework/cms packages. May be a moot point?

Incidentally; The maintainer of FriendsOfPHP/security-advisories gave me an interesting response in https://github.com/FriendsOfPHP/security-advisories/issues/340 (edited)

Attachments:
Symfony Security Monitoring  
Symfony Security Monitoring

What do people use for automated security advisory checking, for composer deps?

could be related? https://github.com/silverstripe/silverstripe-framework/issues/8548 (edited)

Attachments:
ScopeyNZ
👍 (1)

....via setDatetimeFormat() in the constructor .. (off the top of my head)

If you did want a side-wide setting, you could use Injector to switch out all instances of DatetimeField for MyDatetimeField (which subclassed DateTimeField) where the latter had your desired locale config.

@gorrie it doesn't seem to be possible - out of the box, but it is set by your system's locale settings