View Issue Details

IDProjectCategoryView StatusLast Update
15280Development Securitypublic2020-01-21 14:48
ReporterDenisChenu Assigned Toc_schmitz  
PrioritynoneSeveritypartial_block 
Status assignedResolutionopen 
Product Version3.x 
Summary15280: Security fix hidden until release
DescriptionIt's not a security issue : it's about our way to fix security issue.
We disclose security issue before release : then limesurvey can have 0-day bug during more than one day even with a update each minute LimeSUrvey.
I think we must find a way to avoid this.
Steps To ReproduceSee : https://github.com/LimeSurvey/LimeSurvey/commit/973959b0566c50dd12ca62b7c84d7e2b64c4254e
All updated LimeSurvey (via ComfortUpdate) have the issue during 7 days. https://github.com/LimeSurvey/LimeSurvey/releases/tag/3.17.14%2B190902

There are some other.
Additional InformationI muts check how other floss tool process. But i think we must have a

1. master_security branch (private) on github (must give money, and unusure we can have a _private branch_ only) or any other git system (own or gitlab, **maybe best solution**)
2. core dev push security fix in the private branch
3. this branch are always uptodate with master
4. just before release : the security private branch was merged with master

I want to quick speak of this on Friday … but no time (i hate Eurowings …)
TagsNo tags attached.

Activities

DenisChenu

DenisChenu

2019-09-14 11:22

developer   ~53570

Set to major ? All security related must be major ;)
DenisChenu

DenisChenu

2020-01-21 14:46

developer   ~55405

https://wordpress.org/about/security/
https://www.drupal.org/drupal-security-team
DenisChenu

DenisChenu

2020-01-21 14:48

developer   ~55406

(14:47:54) ollehar: shnoulle: Can you start the page about https://manual.limesurvey.org/How_to_fix_a_security_issue, please?
(14:48:02) ollehar: Basics: Report private bug on mantis
(14:48:05) ollehar: CVS not needed.

Issue History

Date Modified Username Field Change
2019-09-14 11:20 DenisChenu New Issue
2019-09-14 11:20 DenisChenu Status new => assigned
2019-09-14 11:20 DenisChenu Assigned To => c_schmitz
2019-09-14 11:22 DenisChenu Severity minor => partial_block
2019-09-14 11:22 DenisChenu Note Added: 53570
2020-01-21 14:46 DenisChenu Note Added: 55405
2020-01-21 14:48 DenisChenu Note Added: 55406