[QGIS-Developer] Unblock legacy db-manager plugin

Lova Andriarimalala lova at kartoza.com
Tue Jun 23 22:38:21 PDT 2026


Hi Nyall,

I have unblocked the version from security flags and made it ready for
review and approval. The "Security issue detected" badge is still shown but
it won't block approval.

Hopefully, we will deploy
https://github.com/qgis/QGIS-Plugins-Website/pull/316 soon so plugins
authors can properly skip specific checks. We are still waiting for some
authors to confirm their email by the 10 July expiration date so we can
communicate this properly.
Until then, please let me know if a new version of this plugin is coming
that needs to be unblocked from flagged security issues.

Best regards,

Lova Andriarimalala


*QGIS Full Stack Developer   *
*T *: +27(0) 87 809 2702          *E *: lova at kartoza.com          *W* :
kartoza.com



*This email and any attachments are confidential and intended solely for
the use of the individual or entity to whom they are addressed. If you *
*have received this email in error, please notify the sender immediately
and delete it from your system. Unauthorised use, disclosure, or copying*
*of the contents is prohibited.*


On Wed, 24 Jun 2026 at 01:40, Nyall Dawson via QGIS-Developer <
qgis-developer at lists.osgeo.org> wrote:

> Hi list,
>
> In order to implement the demotion of db manager to a community plugin
> (See
> https://github.com/qgis/QGIS-Enhancement-Proposals/blob/master/qep-426-demote_dbmanager.md)
> I need to be able to push a current version of that plugin to the plugin
> repository.
>
> I've tried this at https://plugins.qgis.org/plugins/db_manager/, but the
> plugin is flagged with over 100 security issues due to extensive use of
> exec and SQL injection risks.
>
> Short story: I'm not going to fix these. (And it's a little ironic that
> we've got more stringent requirements on 3rd party plugins then a
> previously default-installed official plugin 😂😂😂😂)
>
> Can someone with appropriate rights allow-list this plugin to skip the
> security scan for now?
>
> Nyall
>
> _______________________________________________
> QGIS-Developer mailing list
> QGIS-Developer at lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20260624/bac9f1b8/attachment.htm>


More information about the QGIS-Developer mailing list