View Issue Details

IDProjectCategoryView StatusLast Update
15280Development Securitypublic2020-01-21 14:48
ReporterDenisChenu Assigned Toc_schmitz  
Status assignedResolutionopen 
Product Version3.x 
Summary15280: Security fix hidden until release
DescriptionIt's not a security issue : it's about our way to fix security issue.
We disclose security issue before release : then limesurvey can have 0-day bug during more than one day even with a update each minute LimeSUrvey.
I think we must find a way to avoid this.
Steps To ReproduceSee :
All updated LimeSurvey (via ComfortUpdate) have the issue during 7 days.

There are some other.
Additional InformationI muts check how other floss tool process. But i think we must have a

1. master_security branch (private) on github (must give money, and unusure we can have a _private branch_ only) or any other git system (own or gitlab, **maybe best solution**)
2. core dev push security fix in the private branch
3. this branch are always uptodate with master
4. just before release : the security private branch was merged with master

I want to quick speak of this on Friday … but no time (i hate Eurowings …)
TagsNo tags attached.




2019-09-14 11:22

developer   ~53570

Set to major ? All security related must be major ;)


2020-01-21 14:46

developer   ~55405


2020-01-21 14:48

developer   ~55406

(14:47:54) ollehar: shnoulle: Can you start the page about, please?
(14:48:02) ollehar: Basics: Report private bug on mantis
(14:48:05) ollehar: CVS not needed.

Issue History

Date Modified Username Field Change
2019-09-14 11:20 DenisChenu New Issue
2019-09-14 11:20 DenisChenu Status new => assigned
2019-09-14 11:20 DenisChenu Assigned To => c_schmitz
2019-09-14 11:22 DenisChenu Severity minor => partial_block
2019-09-14 11:22 DenisChenu Note Added: 53570
2020-01-21 14:46 DenisChenu Note Added: 55405
2020-01-21 14:48 DenisChenu Note Added: 55406