<!-- 
RSS generated by JIRA (9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b) at Mon Feb 12 01:08:19 CET 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>Magnolia - Issue tracker</title>
    <link>https://jira.magnolia-cms.com</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-uk</language>    <build-info>
        <version>9.4.2</version>
        <build-number>940002</build-number>
        <build-date>19-01-2023</build-date>
    </build-info>


<item>
            <title>[DOCU-354] Document the process to report a security bug in Magnolia</title>
                <link>https://jira.magnolia-cms.com/browse/DOCU-354</link>
                <project id="10190" key="DOCU">Documentation</project>
                    <description>&lt;p&gt;I believe I have found a security bug in Magnolia&apos;s software, but I can&apos;t find the proper way/place to report the problem. I&apos;m assuming that you&apos;ve got a process to report bugs in private, but I can&apos;t find it. I suggest writing some some documentation on how to report security bugs.&lt;/p&gt;

&lt;p&gt;I found this old one &lt;a href=&quot;http://jira.magnolia-cms.com/browse/MAGNOLIA-590&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;http://jira.magnolia-cms.com/browse/MAGNOLIA-590&lt;/a&gt; and asked on that if it was the proper way to report security issues but got no response.&lt;/p&gt;</description>
                <environment></environment>
        <key id="26742">DOCU-354</key>
            <summary>Document the process to report a security bug in Magnolia</summary>
                <type id="4" iconUrl="https://jira.magnolia-cms.com/secure/viewavatar?size=xsmall&amp;avatarId=10890&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="6" iconUrl="https://jira.magnolia-cms.com/images/icons/priorities/neutral.gif">Neutral</priority>
                        <status id="6" iconUrl="https://jira.magnolia-cms.com/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="1">Fixed</resolution>
                                        <assignee username="ahietala">Antti Hietala</assignee>
                                    <reporter username="greggles">Greg Knaddison</reporter>
                        <labels>
                    </labels>
                <created>Mon, 3 Dec 2012 16:20:54 +0100</created>
                <updated>Thu, 6 Dec 2012 13:54:09 +0100</updated>
                            <resolved>Wed, 5 Dec 2012 10:32:24 +0100</resolved>
                                                                    <component>content</component>
                        <due></due>
                            <votes>0</votes>
                                    <watches>0</watches>
                                                                                                                <comments>
                            <comment id="54428" author="had" created="Wed, 5 Dec 2012 09:28:54 +0100"  >&lt;p&gt;Hi Greg,&lt;/p&gt;

&lt;p&gt;yes, you right the process should be documented more visible and we will make sure it is.&lt;/p&gt;

&lt;p&gt;The comments on the issues are forwarded by mail to the reporter and assignee of the issue, however first is no longer with Magnolia and second is the community member so he might not have felt obliged to respond.&lt;/p&gt;

&lt;p&gt;As for the issue itself, if you want to report it in private you can do so by sending details of the issue to support &lt;span class=&quot;error&quot;&gt;&amp;#91;at&amp;#93;&lt;/span&gt; magnolia &lt;span class=&quot;error&quot;&gt;&amp;#91;dash&amp;#93;&lt;/span&gt; cms &lt;span class=&quot;error&quot;&gt;&amp;#91;dot&amp;#93;&lt;/span&gt; com e-mail address.&lt;/p&gt;

&lt;p&gt;Regards,&lt;br/&gt;
Jan&lt;/p&gt;</comment>
                            <comment id="54437" author="ahietala" created="Wed, 5 Dec 2012 10:32:24 +0100"  >&lt;p&gt;Reporting security bugs &lt;a href=&quot;http://documentation.magnolia-cms.com/contribute.html#Reportbugs&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://documentation.magnolia-cms.com/contribute.html#Reportbugs&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="54512" author="greggles" created="Wed, 5 Dec 2012 17:32:13 +0100"  >&lt;p&gt;Thanks - issue submitted.&lt;/p&gt;

&lt;p&gt;I suggest making that text link from the last bit (about releases being available) to the place where your security advisories/releases are made available.&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                            <customfield id="customfield_14166" key="com.okapya.jira.checklist:checklist">
                        <customfieldname>Acceptance criteria</customfieldname>
                        <customfieldvalues>
                            
        <checklist>
        <![CDATA[
                            




                
                                    <div class="o-completion" style="display: flex; flex-shrink: 0;"><span  class="aui-lozenge aui-lozenge-complete" style="font-size: 12px; font-weight: normal; display: flex; flex-direction: row; align-items: center;" ><span style="padding-right: 4px; vertical-align: middle;"><svg width="15" height="15" viewBox="0 0 15 15" xmlns="http://www.w3.org/2000/svg" fill="white"><path clip-rule="evenodd" d="m10.41037,3.42544l-7.86501,0c-0.72395,0 -1.31084,0.58688 -1.31084,1.31084l0,7.86508c0,0.7239 0.58689,1.3108 1.31084,1.3108l7.86501,0c0.724,0 1.3109,-0.5869 1.3109,-1.3108l0,-7.86508c0,-0.72396 -0.5869,-1.31084 -1.3109,-1.31084zm-7.86501,-0.65542c-1.08593,0 -1.96626,0.88032 -1.96626,1.96626l0,7.86508c0,1.0859 0.88033,1.9662 1.96626,1.9662l7.86501,0c1.086,0 1.9663,-0.8803 1.9663,-1.9662l0,-7.86508c0,-1.08594 -0.8803,-1.96626 -1.9663,-1.96626l-7.86501,0z" fill-rule="evenodd"/><path d="m5.09049,10.18526l-1.82767,-1.82766l-0.78479,0.78479l2.61246,2.61246l5.38758,-5.38754l-0.78483,-0.78479l-4.60275,4.60274z"/></svg></span><span>Empty</span></span></div>
                        ]]>
    </checklist>


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10111" key="com.atlassian.jira.toolkit:reporterdomain">
                        <customfieldname>Company</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>gmail.com</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10031" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 5 Dec 2012 09:28:54 +0100</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_12730" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_14151" key="com.atlassian.jira.toolkit:message">
                        <customfieldname>Docu info</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10061" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comm is not jira-dev</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10071" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last participant</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>mmuehlebach</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_13136" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            11 years, 11 weeks, 4 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10020" key="com.atlassian.jira.toolkit:attachments">
                        <customfieldname>Number of attachments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10150" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname>Number of comments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>3.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>ahietala</customfieldvalue>
            <customfieldvalue>greggles</customfieldvalue>
            <customfieldvalue>had</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                <customfield id="customfield_10833" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i03sdb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10244" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>22206</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14145" key="com.intenso.jira.issue-templates:issue-templates-customfield">
                        <customfieldname>Template</customfieldname>
                        <customfieldvalues>
                            


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_15131" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Time in Discovery</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10032" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        </customfields>
    </item>
</channel>
</rss>