Pornography bug in Version 14

[John Fidel]

Just went to update my stable version running 14.0.2 and got this:

 

 

Even worse, when I updated my Aleph version I got the bonga Cam website. I thought this was fixed!! This is NOT good. Please fix this.

 

Thanks

[R. Mansfield]

5 minutes ago, Rich said:

 

Hey Rick — I find no evidence of the Mac Accordance app using Electron at all.   I have 11 apps on my Mac that use Electron — and I can very quickly tell you each of them (both from UX and by peeking into their frameworks / resource contents).  I doubled checked and in Accordance 14 — I see no Electron utilization.

 

You may be right. As I've always said, I'm not a programmer, so I may be mis-remembering. @Silas Marrs could probably answer for certain. 

Nevertheless, there's got to be some connection with that same site showing up when I clicked on the link in Slack today. The actual URL was intercepted and went to the same site that showed up in the installer according to the thread in the beta section of the forums. That can't just be a coincidence. 

[Abram K-J]

@R. Mansfield, you clicked the Slack link when on your Windows computer, the one with 14.0.3?

[R. Mansfield]

1 minute ago, Abram K-J said:

@R. Mansfield, you clicked the Slack link when on your Windows computer, the one with 14.0.3?

 

All on the Mac. I run Windows in Parallels and the two platforms share common file folders. 

[Abram K-J]

Ah, I see. So same machine (Mac) you’d downloaded Accordance 14.0.3 onto (Windows, via Parallels). 
 

I wonder if this means now that pornographic content can actually infiltrate a device via Accordance, showing up elsewhere on a user’s machine? That explanation at least fits the data. 

[Jordan Gowing]

5 hours ago, Sean Nelson said:

On the forums however, comments are only held for moderation if the poster has a warning associated with their account, so occasionally a spam post will slip through.

Are new forum profiles automatically flagged for review/moderation? That may be an easy way to address this issue in the future. Those who create new forum profiles in the future would have to go through moderation at first, but their profile could be "unflagged" after a handful of legitimate posts.

[Jordan Gowing]

edit

Edited December 19, 2022 by Jordan Gowing
multiple posts

[Abram K-J]

12 minutes ago, Jordan Gowing said:

Are new forum profiles automatically flagged for review/moderation? That may be an easy way to address this issue in the future. Those who create new forum profiles in the future would have to go through moderation at first, but their profile could be "unflagged" after a handful of legitimate posts.

Great idea. 
 

@Sean Nelson, that same user recreated a profile, FYI. Same name. 

[Michel Gilbert]

2 hours ago, John Fidel said:

Just went to update my stable version running 14.0.2 and got this

 

Mine is even worse; I'm running 14.0.3 and it says 14.0.1 is the newest version available.

 

It's the "one step forward, two steps back" rollout.

 

[Abram K-J]

The issue mentioned in the original post has been known since Friday morning. And it seems to persist. 
 

Any update from anyone on staff as to when users can expect a fix? @David Lang, do you have any insight on this?

[Mike Garrity]

17 hours ago, Michel Gilbert said:

 

Mine is even worse; I'm running 14.0.3 and it says 14.0.1 is the newest version available.

 

It's the "one step forward, two steps back" rollout.

 

While transitioning away from the old servers, we temporarily reverted the "latest" Accordance version available to minimize interaction with the InApp Update dialog.

Edited December 20, 2022 by Mike Garrity

[John Fidel]

Mike, I still cannot update from 4.0.2. Is this not fixed yet?

[Mike Garrity]

14 minutes ago, John Fidel said:

Mike, I still cannot update from 4.0.2. Is this not fixed yet?

I am not sure what you mean, PM sent

[Joe Weaks]

On 12/18/2022 at 10:33 AM, circuitrider said:

…everyone should be aware that there is some sort of bug in Version 14 that is linking(?) to pornographic material.

 

I assume we're talking about the sexcapades in the Jacob narrative, or maybe the spicy bits in Song of Solomon? 

[HansK]

2 hours ago, Joe Weaks said:

 

I assume we're talking about the sexcapades in the Jacob narrative, or maybe the spicy bits in Song of Solomon? 

 

This is what I like about you. Things that are Orange, and possibly Blue. This is Biblical! 

[circuitrider]

@Mike Garrity

Appreciate you all working on the issue.  I saw the announcement about the server migration and was hoping that was part of the solution (?).

Can we get a post or notice of some type when the issue has been resolved, please?  The steps being taken to ‘minimize’ it are good but I’d rather wait until it has been quashed before redownloading 14 and giving it a go.  
Or any feedback from those who experienced the bug would be great also. 
 

Thank you 

[Dr. Nathan Parker]

From reading the beta forums, I believe this issue has been resolved. If it’s not, someone please clarify. At the moment, I haven’t seen the issue in my end.

[brazyl]

On 12/19/2022 at 2:35 PM, Rich said:

 

Hey Rick — I find no evidence of the Mac Accordance app using Electron at all.   I have 11 apps on my Mac that use Electron — and I can very quickly tell you each of them (both from UX and by peeking into their frameworks / resource contents).  I doubled checked and in Accordance 14 — I see no Electron utilization.

 

Yeah, I was also surprised to read that Accordance uses Electron.  (Perhaps they are working on a future version that uses Electron, but I'm also extremely suspicious of the claim that version 14 is currently using Electron.)

 

[brazyl]

On 12/19/2022 at 5:40 AM, jlm said:

But since they were using http, they went ahead and asked the porn server to send them the file at the URL of the release notes. It didn't have any file by that name, and could have sent back an error message, but instead of losing what it could be a potential client, it redirected them to its home page. So the CDN server took that to be the release notes, and sent it out to everyone who tried to download the release notes through it, and that's how the porn site's webpage wound up being displayed in place of the release notes.

 

This is a good lesson in why to always use https for everything.   If I understand the situation, that one step would have prevented everything else from doing any damage.
If you didn't understand the details of the problem, just remember that one simple lesson. 

However, since the bug was not in Accordance itself, it seems wise to change the title (and URL slug) of this thread to no longer imply that there was such a bug.   I think we would all rather not have unfounded rumors lingering and causing people to unnecessarily freak out at the thought of what might happen if they use Accordance.  

[R. Mansfield]

50 minutes ago, brazyl said:

 

Yeah, I was also surprised to read that Accordance uses Electron.  (Perhaps they are working on a future version that uses Electron, but I'm also extremely suspicious of the claim that version 14 is currently using Electron.)

 

Accordance does not use Electron. That was my error. I was thinking of Sparkle, which I believe it still uses. 

[brazyl]

23 minutes ago, R. Mansfield said:

Accordance does not use Electron. That was my error. I was thinking of Sparkle, which I believe it still uses. 

 

 

 

Ahhhh, yes.  I'm 99% confident that it uses Sparkle.  There was something in the output of 

defaults read -app "Accordance"

that mentioned Sparkle