-
Bug
-
Resolution: Won't Fix
-
Medium
-
Severity 3 - Minor
Issue Summary
When a developer publishes a new version of an app, an /installed event is triggered for all the installed apps, also the ones that have no active license (customers who have unsubscribed but didn’t uninstall the app).
This is reproducible on Data Center: (no)
Steps to Reproduce
- Either disable and installed app, or wait for it to be disabled for non-payment
- Check the logs
Expected Results
No app activity is present in the logs
Actual Results
App activity is visible in the logs and /installed events are sent for the app.
Workaround
No workaround available (other than uninstalling the app, when possible/applicable).
![[Ecosystem JIRA] New Feature - A new feature of the product, which has yet to be developed.](https://ecosystem.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/15311?size=medium "[Ecosystem JIRA] New Feature - A new feature of the product, which has yet to be developed."){kind=small}
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[MP-5] Stop running version upgrade jobs against inactive entitlements
Hey Team,
Changed the status of this ticket from 'Closed' to 'Needs Triage' since we started rolling back the changes.
To fix the failed /installed issue, we introduced checks and allowed only apps with active licenses to be auto-upgraded to new version.
In case of inactive licenses, when the customer resubscribes to the app and license becomes active, the auto upgrade works as usual.
Why are we reverting the change?
This change stopped partners from pushing security fixes among other updates to the unlicensed paid connect apps. To solve this, we would be rolling back the changes. This would be done in a phased manner rolling back 20% each day, until March 23.
By March 23, 2024, changes will be rolled back from all the customer instances.
What’s the impact of the reversion?
Reverting the changes will mean the auto upgrades run smoothly for all the apps including the ones with inactive licenses. Unfortunately, this takes us to the previous state which led to partners receiving failed /installed events for unlicensed paid connect apps.
What next ?
We would take this up later and explore further on how this can be addressed without impacting the security fixes of the unlicensed apps.
Changelog for the same has been published here.
Implementing the fix will effectively prevent Partners from deploying security updates for unlicensed paid connect apps. It is crucial to avoid obstructing Partners from releasing app updates in light of security concerns. Therefore, we have decided not to address this issue.