Jump to content

Latest update and all is gone.

MPontiac

By MPontiac
in Vortex Support

 Share
Go to solution Solved by Tannin42,

Recommended Posts

Tannin42 Veteran

Tannin42

Posted
Posted

Rolling back a minor version(1.5.x, e.g. 1.5.8 -> 1.5.7) should be fine but you should not leave automatic updates disabled.

 

The reason this update was a bit rushed, which ended up falling on our feet, is that there is a security issue in electron (one of the backends we use) that needed to be addressed.

 

Information is a bit scarce so I'm not sure Vortex users would actually be affected but once a security issue becomes public knowledge, its abuse will skyrocket. Staying on an old version is simply not safe even if your functionally happy with the older version.

 

1.5.9 - which you will get from the auto-updater now - should fix the deployment issue.

Games no longer being discovered is "intentional" - as in: The past few versions of Vortex had a bug where games that were no longer present in the previous location were not being cleaned up.

Link to comment
Share on other sites
Guest deleted34304850

Guest deleted34304850

Posted
Posted

 

 

The reason this update was a bit rushed, which ended up falling on our feet, is that there is a security issue in electron (one of the backends we use) that needed to be addressed.

that's why i suggested not doing a fallback. been dealing with similar since that thing came out last week. total PITA. Congrats on getting 1.5.8 AND 1.5.9 out so quickly, that takes some doing!

Link to comment
Share on other sites
Rattledagger Community Regular

Rattledagger

Posted
Posted

Rolling back a minor version(1.5.x, e.g. 1.5.8 -> 1.5.7) should be fine but you should not leave automatic updates disabled.

Uhm, unless you disable updates, until a new version fixing the problem was released, wouldn't you basically get stuck in the infinite loop "install 1.5.7" --> "get upgraded to 1.5.8" --> "install 1.5.7" --> "get upgraded to 1.5.8" etc.

Link to comment
Share on other sites
  • Solution
Tannin42 Veteran

Tannin42

Posted
  • Solution
Posted

 

Uhm, unless you disable updates, until a new version fixing the problem was released, wouldn't you basically get stuck in the infinite loop "install 1.5.7" --> "get upgraded to 1.5.8" --> "install 1.5.7" --> "get upgraded to 1.5.8" etc.

 

 

I was careful with my wording saying "don't leave it disabled" ;)

How you achieve that is up to you: put an event in your calendar for 2 days later or something going "re-enable vortex updates", stick a post-it node to your monitor or whatever works for you as a reminder.

 

Apart from the potential of security issues through third-party software we may also have to change the API between vortex <-> nexusmods.com at which point older versions will start failing; and we may receive an amount of bug reports from outdated Vortex versions that could become problematic.

 

Currently we have the option to disable automatic updates because most of our users are sensible and keep Vortex updated but a scenario where a significant number of our users remains on older versions is not sustainable for a small team like ours. If it becomes a pattern we always have the option to cut off older versions from the api to force users to update.

We don't _want_ to do that but the option to ignore updates is only there as long as the vast majority of users doesn't use it. No one should consider it a long term solution to anything is my point.

Link to comment
Share on other sites
Guest deleted34304850

Guest deleted34304850

Posted
Posted

 

 

Uhm, unless you disable updates, until a new version fixing the problem was released, wouldn't you basically get stuck in the infinite loop "install 1.5.7" --> "get upgraded to 1.5.8" --> "install 1.5.7" --> "get upgraded to 1.5.8" etc.

 

 

I was careful with my wording saying "don't leave it disabled" :wink:

How you achieve that is up to you: put an event in your calendar for 2 days later or something going "re-enable vortex updates", stick a post-it node to your monitor or whatever works for you as a reminder.

 

Apart from the potential of security issues through third-party software we may also have to change the API between vortex <-> nexusmods.com at which point older versions will start failing; and we may receive an amount of bug reports from outdated Vortex versions that could become problematic.

 

Currently we have the option to disable automatic updates because most of our users are sensible and keep Vortex updated but a scenario where a significant number of our users remains on older versions is not sustainable for a small team like ours. If it becomes a pattern we always have the option to cut off older versions from the api to force users to update.

We don't _want_ to do that but the option to ignore updates is only there as long as the vast majority of users doesn't use it. No one should consider it a long term solution to anything is my point.

 

a question for you - related to this - i'm 100% in agreement with your stance here and i picked up on the words you used, which were right on point.

 

however - the fact that it is possible to go to the vortex page and download older versions and install them over the top of an existing install, surely negates all the care and consideration that is required when you're dealing with security vulnerabilities and the likes, and, as we've seen in these forums, you can get well meaning, but hopelessly wrong "advice" to go and pull down an older version and install it over the top of an existing install - despite not understanding what they're suggesting, and the potential damage that can do, not only to game set ups.

 

is there any ongoing review of what older versions remain available from the vortex page, or will they remain available despite the obvious pitfalls?

Link to comment
Share on other sites
Tannin42 Veteran

Tannin42

Posted
Posted

Good point, we currently don't. We've recently archived a large chunk of the older versions but by and large I left them available when uploading new versions.

 

The thing is that Vortex is open-source anyway, people can find it on github, re-upload it to different sites and so on, we can't _stop_ people from getting their hands on older versions.

 

But the official site has old versions clearly marked as such, in the default settings we automatically update and if you downgrade by a mayor version we warn about that, so users don't have an excuse that they didn't know there is an update. If you're running an outdated Vortex you explicitly opted into that.

 

I'd rather have people download Vortex from our site where the newest version is always highlighted - even if some dummies will then download an older version - instead of trying to enforce the update and then see those same dummies get their Vortex from a different site where

a) they may get a virus or other malware with it

b) the newest version may not even be available so they might not even notice they run an older version

Link to comment
Share on other sites
Guest deleted34304850

Guest deleted34304850

Posted
Posted

all good points, and yes, you cannot *stop* anyone from pulling any version of vortex and running it, regardless of how old it is.

I thought your point about blocking older versions via the API is a great idea, although sadly if any user decides for whatever reason that they want to go back to 1.3.5 then there's no words anyone can use to stop them, because they think they know better......

 

:)

 

Anyway thanks for the answers and well done on the recent updates around the vulnerability.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...