By Michael Babker on 2017-11-29 00:00 in Production


  • Michael Babker - Department Coordinator
  • Allon Moritz - Media Manager Team Lead
  • Armen Mnatsian - Accessibility Team Lead (part day)
  • David Jardin - Security Team Lead
  • Dimitris Grammatiko - JavaScript Working Group Lead
  • George Wilson - Framework Working Group Lead
  • Marco Dings - Joomla! X Working Group Lead
  • Niels Braczek - Bug Squad Lead
  • Philip Walton - CMS Release Team Lead (part day)
  • Puneet Kala - GSoC Team Lead
  • Roland Dalmulder - CMS Maintenance Team Lead

Department Coordinator

  • Shared updates from OSM Board Meeting (
  • Discussion about our development strategy and managing third party dependencies, especially as it relates to major version bumps
    • In general, it is difficult to establish a general policy on this due to the wide variety of use cases and implementations of our dependencies
    • Some areas it is easier to manage this because of work to encapsulate implementations (i.e. custom elements for JavaScript)
    • For now policy will be to essentially handle each dependency and use case on a case-by-case basis
  • Questions about consolidating Developer Network into another subdomain
    • Right now the site is one of the best performing on the network thanks to a renewed focus on publishing relevant content and making things easier to find
    • Decided to let web team focus on other properties for cleanup instead

Automated Testing

  • Jenkins testing platform ended up not working out due to unforeseen complications and known issues with the platform
  • Drone has seen several improvements since this effort started and is looking to be a better option now to use for our testing platform
  • Working to split test packages to separate repos and improve organization, emphasis is on test structure for the 4.0 branch
  • PR Testing Platform (GSoC project) has had initial review and the team feels it is ready to be integrated into the network
  • Work from GSoC Parallel Testing project is ready to be integrated into existing test suites

Bug Squad

  • Discussed focus areas for the Joomla in Action session
  • The member list has been consolidated. Nearly a third of the members has been removed due to inactivity. The new rules about members and contributors seems to work out.

CMS Release Team

  • 3.8.3 targeted for first part of December
  • 3.8.4 will shift releases toward the second half of the month to avoid releasing so close to the December/January holiday period


  • Decided to deprecate the Framework’s Form package
  • Roadmap for 2.0 Stable release
    • Beta releases will begin soon
    • Will need to update repo branching strategy
  • Working on a process to integrate package documentation into the website
    • Consolidates all resources into one easy-to-use location
    • Forces an emphasis on writing proper documentation
  • LGPL conversion


  • Project updates/review from 2017
    • Several CMS projects are in a ready to review state for consideration to merge into 4.0
    • Other projects integrating into network are also in a ready to review state
      • Teams will provide hosting specifications for each project so the Webmasters Team can get the appropriate resources allocated
  • Starting efforts on 2018 program application and call for ideas
  • Discussing future potential participation in Google Code-In


  • Plan for supporting ES6 code structures
    • Workflow is more complex for PRs right now
    • Investigate a way to use CI to help with compiling resources
  • Discussing support for PWAs and service workers and how this can be done with the Joomla architecture
  • Continuing to look at ways to improve testing architecture


  • Working to recruit and onboard new members
  • ORM concept has been tested on real life applications
  • Concepts and ideas are being published under GitHub organization
    • Use of “joomla-x” namespace is meant to indicate experimental efforts, accepted and stable implementations will be moved to the appropriate repo/resource (i.e. become a Framework package or integrated into the CMS)

Media Manager

  • Shared projected schedule for next six months of effort, including projected milestones and efforts involving other teams (UX and accessibility)


  • Quick report about the recent security issues that we experienced in Joomla core to get everyone up to date
  • Joomla is part of the SIWECOS project, a security project funded by the German Government that targets to improve the security of SME sites. As part of that project, a cooperation between major webhosts and multiple FOSS CMS security teams got established, where the CMS teams share information about new security vulnerabilities and possible server-side filtering possibilities with the hosts.
  • In both, core CMS and extensions the primary types of vulnerabilities are SQLi and XSS. The reason for this is, that our current API explicitly requires a developer to think about security and call the required methods (escape/quote) before passing user input, instead of making security the default. For SQLi this would mean a switch to prepared statements, for XSS a switch to a different template engine (Twig, Blade etc) or at least the implementation of CSP would be required. David will organize a prepared-statements sprint, George is working on a CSP implementation.
  • A German company offers a static code analysis tool to be used for open source projects free of charge. Robert will investigate implementing the tool in the core’s CI process, David will talk with the JED team to embed it in the JED checker.