From 4f251924cd40aeacc8ff47827e7496dc51cbd706 Mon Sep 17 00:00:00 2001 From: acaptutorials Date: Sun, 16 Feb 2025 05:01:07 +0800 Subject: [PATCH 1/2] docs: note upcoming security fixes by the new acap lead --- docs/pages/announcements/firebase-storage-2024.mdx | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/pages/announcements/firebase-storage-2024.mdx b/docs/pages/announcements/firebase-storage-2024.mdx index f6dc5694..d5198f0a 100644 --- a/docs/pages/announcements/firebase-storage-2024.mdx +++ b/docs/pages/announcements/firebase-storage-2024.mdx @@ -137,9 +137,11 @@ _All Firebase components service usage (including those not used by ACAP) will o Yes. Some of the latest core deliverables implemented for ACAP in its [2.0](/changelog/#version-2-acap-20) version [**introduced security flaws**](/changelog#acap-2-security-debts) not present in the initial ([1.0](/changelog/#version-1-acap-10)) version, which had strictly followed [security guidelines](/security) and adhered to best practices in web development security, effectively preventing these issues. Based on the following criteria, the new security flaws introduced in version 2.0 resulted in a **60% reduction in the established security from version 1.0**. -> With ACAP 2.0+, a new code maintainer and lead programmer took over core development. You can check the [ACAP repository](https://github.com/amia-cis/acap-v2/issues/57) for more details. +> With ACAP 2.0+, a new code maintainer and lead programmer took over core development and made changes to improve development speed. As part of this effort, they introduced a more flexible Firestore database setup, which streamlined workflows. But it also loosened security rules. > -> To speed up development, they introduced a more flexible Firestore database setup. However, this also loosened security rules, raising concerns not present in version 1.0. The same lead programmer is aware of the trade-offs, and since they made these changes, they’re the best person to contact for security updates and fixes. +> While these adjustments enhanced agility, they also introduced security concerns not present in version 1.0. This lead programmer is aware of these trade-offs, and since they made these changes, they remain the best point of contact for security updates and fixes. +> +> For more details on these changes, refer to this GitHub [issue](https://github.com/amia-cis/acap-v2/issues/57) in the parent **acap-v2** repository, where the new lead programmer discusses the upcoming fixes and improvements. | Criteria | Purpose | ACAP [1.0](/changelog/#version-1-acap-10) | ACAP [2.0](/changelog/#version-2-acap-20) | From 5b62201ffb500e1cd9a38208e7a6127328292139 Mon Sep 17 00:00:00 2001 From: acaptutorials Date: Sun, 16 Feb 2025 06:22:09 +0800 Subject: [PATCH 2/2] chore: update text content --- docs/pages/announcements/firebase-storage-2024.mdx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/pages/announcements/firebase-storage-2024.mdx b/docs/pages/announcements/firebase-storage-2024.mdx index d5198f0a..a3371d95 100644 --- a/docs/pages/announcements/firebase-storage-2024.mdx +++ b/docs/pages/announcements/firebase-storage-2024.mdx @@ -134,14 +134,14 @@ _All Firebase components service usage (including those not used by ACAP) will o
-Yes. Some of the latest core deliverables implemented for ACAP in its [2.0](/changelog/#version-2-acap-20) version [**introduced security flaws**](/changelog#acap-2-security-debts) not present in the initial ([1.0](/changelog/#version-1-acap-10)) version, which had strictly followed [security guidelines](/security) and adhered to best practices in web development security, effectively preventing these issues. Based on the following criteria, the new security flaws introduced in version 2.0 resulted in a **60% reduction in the established security from version 1.0**. +Yes. Some of the latest core deliverables implemented for ACAP in its [2.0](/changelog/#version-2-acap-20) version [**introduced security considerations**](/changelog#acap-2-security-debts) not present in the initial ([1.0](/changelog/#version-1-acap-10)) version, which followed a more rigid [security](/security) model that adhered to best practices in web development security. The security changes in **version 2.0** resulted in a **measured reduction in coverage compared to version 1.0, based on established criteria.** -> With ACAP 2.0+, a new code maintainer and lead programmer took over core development and made changes to improve development speed. As part of this effort, they introduced a more flexible Firestore database setup, which streamlined workflows. But it also loosened security rules. +> With **ACAP 2.0+**, core development transitioned to a new lead programmer who made changes to improve development speed. As part of this effort, they introduced a more flexible Firestore database setup, which streamlined workflows. While these adjustments optimized workflows, they also altered security rules, introducing new considerations that require further refinements to align with [best practices](/security). > -> While these adjustments enhanced agility, they also introduced security concerns not present in version 1.0. This lead programmer is aware of these trade-offs, and since they made these changes, they remain the best point of contact for security updates and fixes. +> The lead programmer is aware of these trade-offs, and since they made these changes, they remain the best point of contact for security updates and fixes. > -> For more details on these changes, refer to this GitHub [issue](https://github.com/amia-cis/acap-v2/issues/57) in the parent **acap-v2** repository, where the new lead programmer discusses the upcoming fixes and improvements. +> For more details on these changes, refer to this GitHub [issue](https://github.com/amia-cis/acap-v2/issues/57) in the parent **acap-v2** repository, which provides a summary of the lead programmer's upcoming fixes and improvements. | Criteria | Purpose | ACAP [1.0](/changelog/#version-1-acap-10) | ACAP [2.0](/changelog/#version-2-acap-20) |