View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
15280 | Development | Security | public | 2019-09-14 11:20 | 2020-01-21 14:48 |
Reporter | DenisChenu | Assigned To | c_schmitz | ||
Priority | none | Severity | partial_block | ||
Status | assigned | Resolution | open | ||
Product Version | 3.x | ||||
Summary | 15280: Security fix hidden until release | ||||
Description | It's not a security issue : it's about our way to fix security issue. We disclose security issue before release : then limesurvey can have 0-day bug during more than one day even with a update each minute LimeSUrvey. I think we must find a way to avoid this. | ||||
Steps To Reproduce | See : https://github.com/LimeSurvey/LimeSurvey/commit/973959b0566c50dd12ca62b7c84d7e2b64c4254e All updated LimeSurvey (via ComfortUpdate) have the issue during 7 days. https://github.com/LimeSurvey/LimeSurvey/releases/tag/3.17.14%2B190902 There are some other. | ||||
Additional Information | I muts check how other floss tool process. But i think we must have a 1. master_security branch (private) on github (must give money, and unusure we can have a _private branch_ only) or any other git system (own or gitlab, **maybe best solution**) 2. core dev push security fix in the private branch 3. this branch are always uptodate with master 4. just before release : the security private branch was merged with master I want to quick speak of this on Friday … but no time (i hate Eurowings …) | ||||
Tags | No tags attached. | ||||
Set to major ? All security related must be major ;) | |
https://wordpress.org/about/security/ https://www.drupal.org/drupal-security-team |
|
(14:47:54) ollehar: shnoulle: Can you start the page about https://manual.limesurvey.org/How_to_fix_a_security_issue, please? (14:48:02) ollehar: Basics: Report private bug on mantis (14:48:05) ollehar: CVS not needed. |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2019-09-14 11:20 | DenisChenu | New Issue | |
2019-09-14 11:20 | DenisChenu | Status | new => assigned |
2019-09-14 11:20 | DenisChenu | Assigned To | => c_schmitz |
2019-09-14 11:22 | DenisChenu | Severity | minor => partial_block |
2019-09-14 11:22 | DenisChenu | Note Added: 53570 | |
2020-01-21 14:46 | DenisChenu | Note Added: 55405 | |
2020-01-21 14:48 | DenisChenu | Note Added: 55406 |