moderated Suspended by Zoom? #bug


Glenn Glazer
 

Got this when I logged in:



Best,

Glenn

--
PG&E Delenda Est


 

On Thu, Apr 21, 2022 at 9:23 AM Glenn Glazer <glenn.glazer@...> wrote:
Got this when I logged in:

[Suspended app screenshot removed]

Yes, I'm aware of this. At the end of last year, Zoom did a security audit (via a 3rd party) of all websites that had Zoom apps, including Groups.io. It came back with a couple of issues in Javascript libraries that we used. I upgraded a few, but one sticking point is that we use a version of Jquery that has some insecure functions. We don't use those functions, so it's not an issue for us. But they won't unsuspend us until I upgrade the library anyways. To upgrade Jquery would require a bunch of work, because other libraries that we use don't work with the latest, secure, version of Jquery. So I would need to find replacements for them, and do the work to integrate them.

I thought that the existing Zoom integration would continue to work for people during this, but I guess maybe that's not the case.

I have been trying to decide how best to proceed. I'd really like to upgrade the widget library we're using for the website (currently an old version of Bootstrap). If I do that, then the Jquery issue goes away, but it's also a huge amount of work.

Thanks,
Mark


Glenn Glazer
 

On 04/22/2022 09:15, Mark Fletcher wrote:
On Thu, Apr 21, 2022 at 9:23 AM Glenn Glazer <glenn.glazer@...> wrote:
Got this when I logged in:

[Suspended app screenshot removed]

Yes, I'm aware of this. At the end of last year, Zoom did a security audit (via a 3rd party) of all websites that had Zoom apps, including Groups.io. It came back with a couple of issues in Javascript libraries that we used. I upgraded a few, but one sticking point is that we use a version of Jquery that has some insecure functions. We don't use those functions, so it's not an issue for us. But they won't unsuspend us until I upgrade the library anyways. To upgrade Jquery would require a bunch of work, because other libraries that we use don't work with the latest, secure, version of Jquery. So I would need to find replacements for them, and do the work to integrate them.

I thought that the existing Zoom integration would continue to work for people during this, but I guess maybe that's not the case.

I have been trying to decide how best to proceed. I'd really like to upgrade the widget library we're using for the website (currently an old version of Bootstrap). If I do that, then the Jquery issue goes away, but it's also a huge amount of work.

Thanks,
Mark

Library dependencies are the worst. I code against a 15 year old, constantly evolving architecture at work that uses half a dozen or so different languages, each with their own set of third party libs and dependency trees and that's not even counting OS package dependencies.

Which is a (perhaps overly geeky) way of saying I feel your pain.

Best,

Glenn
P.S. I'm not a UI guy, so I don't have an informed opinion about widget libraries. The last time I wrote a UI, it was in Tkinter ;) and it was just a pop up window for an updater.

--
PG&E Delenda Est


Jack Heim
 

Sounds as if you're doing the best you can. My only suggestion would be to disable the feature in the mean time so people don't get the error message. That's a bad look.


On 4/22/22 12:08, Glenn Glazer wrote:
On 04/22/2022 09:15, Mark Fletcher wrote:
On Thu, Apr 21, 2022 at 9:23 AM Glenn Glazer <glenn.glazer@...> wrote:
Got this when I logged in:

[Suspended app screenshot removed]

Yes, I'm aware of this. At the end of last year, Zoom did a security audit (via a 3rd party) of all websites that had Zoom apps, including Groups.io. It came back with a couple of issues in Javascript libraries that we used. I upgraded a few, but one sticking point is that we use a version of Jquery that has some insecure functions. We don't use those functions, so it's not an issue for us. But they won't unsuspend us until I upgrade the library anyways. To upgrade Jquery would require a bunch of work, because other libraries that we use don't work with the latest, secure, version of Jquery. So I would need to find replacements for them, and do the work to integrate them.

I thought that the existing Zoom integration would continue to work for people during this, but I guess maybe that's not the case.

I have been trying to decide how best to proceed. I'd really like to upgrade the widget library we're using for the website (currently an old version of Bootstrap). If I do that, then the Jquery issue goes away, but it's also a huge amount of work.

Thanks,
Mark

Library dependencies are the worst. I code against a 15 year old, constantly evolving architecture at work that uses half a dozen or so different languages, each with their own set of third party libs and dependency trees and that's not even counting OS package dependencies.

Which is a (perhaps overly geeky) way of saying I feel your pain.

Best,

Glenn
P.S. I'm not a UI guy, so I don't have an informed opinion about widget libraries. The last time I wrote a UI, it was in Tkinter ;) and it was just a pop up window for an updater.

--
PG&E Delenda Est
-- Jack Heim, john@...