View Issue Details

IDProjectCategoryView StatusLast Update
15280Development Securitypublic2020-01-21 14:48
ReporterDenisChenu Assigned Toc_schmitz  
Status assignedResolutionopen 
Product Version3.x 
Summary15280: Security fix hidden until release

It's not a security issue : it's about our way to fix security issue.
We disclose security issue before release : then limesurvey can have 0-day bug during more than one day even with a update each minute LimeSUrvey.
I think we must find a way to avoid this.

Steps To Reproduce

See :
All updated LimeSurvey (via ComfortUpdate) have the issue during 7 days.

There are some other.

Additional Information

I muts check how other floss tool process. But i think we must have a

  1. master_security branch (private) on github (must give money, and unusure we can have a private branch only) or any other git system (own or gitlab, maybe best solution)
  2. core dev push security fix in the private branch
  3. this branch are always uptodate with master
  4. just before release : the security private branch was merged with master

I want to quick speak of this on Friday … but no time (i hate Eurowings …)

TagsNo tags attached.




2019-09-14 11:22

developer   ~53570

Set to major ? All security related must be major ;)



2020-01-21 14:46

developer   ~55405



2020-01-21 14:48

developer   ~55406

(14:47:54) ollehar: shnoulle: Can you start the page about, please?
(14:48:02) ollehar: Basics: Report private bug on mantis
(14:48:05) ollehar: CVS not needed.

Issue History

Date Modified Username Field Change
2019-09-14 11:20 DenisChenu New Issue
2019-09-14 11:20 DenisChenu Status new => assigned
2019-09-14 11:20 DenisChenu Assigned To => c_schmitz
2019-09-14 11:22 DenisChenu Severity minor => partial_block
2019-09-14 11:22 DenisChenu Note Added: 53570
2020-01-21 14:46 DenisChenu Note Added: 55405
2020-01-21 14:48 DenisChenu Note Added: 55406