Add blacklist to stop bad behaving versions of an adapter

[TA2k]

I suggest to implement a json blacklist which is fetch by the js-controller every 24h. This json includes adaper, version range and blacklist reason. The js-controller can stop the specific version of the adapter and prevent restarting to enforce an update by the user. Reason for blacklisting are:

• overloading of an backend
• wrong implemented api usage
• copyright infringement
• malicious code

[Apollon77]

I like this idea!

Question is if we have this as a separate file or as part of the repo. When I remember correctly then admin triggers the repo update also once a day or ?! @GermanBluefox

[Apollon77]

I would propose to include this info into the repository data. Normally admin triggers to fetch the repo once a day (or on need).

Basic concept is that the "io-package.json" could contain a new field common.blockedVersions (or such) with an array of semver rules. So something like this would be possible: ["<= 3.17.4"] or also ["3.14.x", "3.15.x", "3.16.x"]

The js-controller checks the repo data for all installed (and running) adapters after every update and checks the local versions. If a running version is in the blockedVersions list the adapter will be disabled and a message is logged and maybe an additional notification is stored to be shown on next admin start.

Additionally we should merge the most current repo blockedVersions list into the instance objects (when we update object to disable it) and add an other check for adapterstart that also here the instance object is checked (so we do not have the poverhead to read repo from object).

[GermanBluefox]

I absolutly agree and before js-controller will do that, I would implement it in admin

[GermanBluefox]

Instead of ["3.14.x", "3.15.x", "3.16.x"] use ["~3.14.0", "~3.15.0", "~3.16.0"] - normal semver notation.