[DOCU-354] Document the process to report a security bug in Magnolia Created: 03/Dec/12 Updated: 06/Dec/12 Resolved: 05/Dec/12 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | content |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Neutral |
| Reporter: | Greg Knaddison | Assignee: | Antti Hietala |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Description |
|
I believe I have found a security bug in Magnolia's software, but I can't find the proper way/place to report the problem. I'm assuming that you've got a process to report bugs in private, but I can't find it. I suggest writing some some documentation on how to report security bugs. I found this old one http://jira.magnolia-cms.com/browse/MAGNOLIA-590 and asked on that if it was the proper way to report security issues but got no response. |
| Comments |
| Comment by Jan Haderka [ 05/Dec/12 ] |
|
Hi Greg, yes, you right the process should be documented more visible and we will make sure it is. The comments on the issues are forwarded by mail to the reporter and assignee of the issue, however first is no longer with Magnolia and second is the community member so he might not have felt obliged to respond. As for the issue itself, if you want to report it in private you can do so by sending details of the issue to support [at] magnolia [dash] cms [dot] com e-mail address. Regards, |
| Comment by Antti Hietala [ 05/Dec/12 ] |
|
Reporting security bugs http://documentation.magnolia-cms.com/contribute.html#Reportbugs |
| Comment by Greg Knaddison [ 05/Dec/12 ] |
|
Thanks - issue submitted. I suggest making that text link from the last bit (about releases being available) to the place where your security advisories/releases are made available. |