On Wed, Jul 19, 2017 at 08:55:09AM +0200, Florian Tham wrote: > Same problem here. It seems 51degrees close-sourced the trie > algorithm, see > https://github.com/51Degrees/Device-Detection/blob/master/data/TRIE.txt: > > "The 51Degrees 'trie' algorithm is not open source and is only made > available through a proprietary license.". > > The github repo history has been rewritten. There are now only 2 > commits in master, "Initial commit" dating from 2017-06-27.
Pffff... Guys, you broke all the stable series *AGAIN* ? So let me check, that also means that branch 3.2.5 documented as being necessary to build 1.6 was removed as well! Good! I prefer to imagine it's a mistake, but anyway it is totally unprofessional and simply shows how much you care about your users. So in the end, haproxy 1.6 and 1.7 users who are relying on your lib simply cannot upgrade to latest haproxy security fixes simply because you unilateraly broke your library again, preventing them from building an updated version! > Building haproxy with the pattern algorithm still works. I wonder how long :( I agree, we cannot trust such an external component at all with such a track record, it's the second time it happens :-( I just found a fork of the github repo here which I think could possibly work, it even contains the v3.2.5 branch : https://github.com/aerendil/device-detection-nginx-fix It would be a good idea to clone it before it disappears. Now if there is no sign of a quick fix for this situation which puts our users at risk again, I think the only option will be to definitely remove and blacklist this code from haproxy. It will still piss off all of its users but they were already betrayed twice. However it will limit the risk of making new victims. I can't believe it.... Willy