|
|
| Reporter | DenisChenu | Assigned To | c_schmitz | |
|---|
| Priority | none | Severity | partial_block | |
|---|
| Status | assigned | Resolution | open | |
|---|
| Product Version | 3.x | |
|---|
|
|
| Summary | 15280: Security fix hidden until release |
|---|
| Description | It's not a security issue : it's about our way to fix security issue.
We disclose security issue before release : then limesurvey can have 0-day bug during more than one day even with a update each minute LimeSUrvey.
I think we must find a way to avoid this. |
|---|
| Steps To Reproduce | See : https://github.com/LimeSurvey/LimeSurvey/commit/973959b0566c50dd12ca62b7c84d7e2b64c4254e
All updated LimeSurvey (via ComfortUpdate) have the issue during 7 days. https://github.com/LimeSurvey/LimeSurvey/releases/tag/3.17.14%2B190902
There are some other. |
|---|
| Additional Information | I muts check how other floss tool process. But i think we must have a
1. master_security branch (private) on github (must give money, and unusure we can have a _private branch_ only) or any other git system (own or gitlab, **maybe best solution**)
2. core dev push security fix in the private branch
3. this branch are always uptodate with master
4. just before release : the security private branch was merged with master
I want to quick speak of this on Friday … but no time (i hate Eurowings …) |
|---|
| Tags | No tags attached. |
|---|
|
|
