Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in
  • E extensions.typo3.org
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 79
    • Issues 79
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
  • Merge requests 5
    • Merge requests 5
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • services
  • t3o sites
  • extensions.typo3.org
  • extensions.typo3.org
  • Issues
  • #260

Closed
Open
Created Sep 30, 2017 by Jean Traullé@jtraulle

Add related security bulletin when an extension version is marked as insecure

What do you suggest?

When an extension version is marked as insecure, the background of the extension version appear red in the TER website, the download link is removed and the extension version does not appear anymore when searching in TYPO3 TER BE Module.

I think it could be relevant ta add a link to the particular Security Bulletin which led to flag that extension version as insecure (to get more information)

Maybe by replacing

Before After
ATTENTION: Use at your own risk ! ATTENTION : This extension version has been flagged as insecure by the TYPO3 Security Team, please checkout TYPO3-PSA-2017-001 security bulletin for more information.

Why?

It is always interesting to know why an extension version has been marked as insecure in my opinon.

Add an use case

For example, extension realurl_clearcache2 versions has been marked as insecure because of TYPO3-PSA-2017-001 security bulletin. A link to the security bulletin should be mentionned.

PS : when all versions available are flagged as insecure, Installation section shouldn't be hidden (as it allow to download last version) ?

PS2 : for this particular extension (realurl_clearcache2), why the proposed version in Installation section is 1.0.1 and not 2.0.0 ? Shouldn't be the last version proposed ?

Edited Sep 30, 2017 by Jean Traullé
Assignee
Assign to
Time tracking