Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in
  • E extensions.typo3.org
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 79
    • Issues 79
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
  • Merge requests 5
    • Merge requests 5
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • services
  • t3o sites
  • extensions.typo3.org
  • extensions.typo3.org
  • Issues
  • #462

Closed
Open
Created Jul 31, 2020 by Torben Hansen@derhansenDeveloper0 of 1 task completed0/1 task

Add security team notice on extension upload page

Describe the task

Some extension authors publish extensions containing security fixes to TER, that have not been reviewed by the TYPO3 Security Team.

Further details

Extension uploads with security fixes must be coordinated with the TYPO3 security team, so patches can be reviewed/verified and the community can be informed about vulnerabilities in extensions.

What does success look like, and how can we measure that?

A notice right below the current info alert box on the extension upload page would be best to make extension authors aware of not uploading un-reviewed extensions.

image

<div class="alert alert-warning">
Do not upload extensions with security fixes that have not been coordinated with the TYPO3 security team. Instead please <a href="https://typo3.org/community/teams/security/contact-us" target="_blank">contact</a> the TYPO3 security team at <a href="mailto:security@typo3.org">security@typo3.org</a>
</div>

Also a link to the Extension Security Policy (https://typo3.org/community/teams/security/extension-security-policy) should be placed "somewhere" on TER (e.g. on this https://extensions.typo3.org/faq/publish-an-extension/ page)

Acceptence Criterias

  • Must be fullfilled

Links / references

Assignee
Assign to
Time tracking