[DOCU-354] Document the process to report a security bug in Magnolia Created: 03/Dec/12  Updated: 06/Dec/12  Resolved: 05/Dec/12

Status: Closed
Project: Documentation
Component/s: content
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Neutral
Reporter: Greg Knaddison Assignee: Antti Hietala
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

I believe I have found a security bug in Magnolia's software, but I can't find the proper way/place to report the problem. I'm assuming that you've got a process to report bugs in private, but I can't find it. I suggest writing some some documentation on how to report security bugs.

I found this old one http://jira.magnolia-cms.com/browse/MAGNOLIA-590 and asked on that if it was the proper way to report security issues but got no response.



 Comments   
Comment by Jan Haderka [ 05/Dec/12 ]

Hi Greg,

yes, you right the process should be documented more visible and we will make sure it is.

The comments on the issues are forwarded by mail to the reporter and assignee of the issue, however first is no longer with Magnolia and second is the community member so he might not have felt obliged to respond.

As for the issue itself, if you want to report it in private you can do so by sending details of the issue to support [at] magnolia [dash] cms [dot] com e-mail address.

Regards,
Jan

Comment by Antti Hietala [ 05/Dec/12 ]

Reporting security bugs http://documentation.magnolia-cms.com/contribute.html#Reportbugs

Comment by Greg Knaddison [ 05/Dec/12 ]

Thanks - issue submitted.

I suggest making that text link from the last bit (about releases being available) to the place where your security advisories/releases are made available.

Generated at Mon Feb 12 01:08:19 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.