Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in
E
extensions.typo3.org
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 59
    • Issues 59
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
    • Iterations
  • Merge Requests 8
    • Merge Requests 8
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Security & Compliance
    • Security & Compliance
    • Dependency List
    • License Compliance
  • Operations
    • Operations
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Code Review
    • Insights
    • Issue
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • services
    • T
      t3o sites
  • extensions.typo3.org
  • extensions.typo3.org
  • Issues
  • #462

Closed
Open
Opened Jul 31, 2020 by Torben Hansen@derhansenContributor0 of 1 task completed0/1 task

Add security team notice on extension upload page

Describe the task

Some extension authors publish extensions containing security fixes to TER, that have not been reviewed by the TYPO3 Security Team.

Further details

Extension uploads with security fixes must be coordinated with the TYPO3 security team, so patches can be reviewed/verified and the community can be informed about vulnerabilities in extensions.

What does success look like, and how can we measure that?

A notice right below the current info alert box on the extension upload page would be best to make extension authors aware of not uploading un-reviewed extensions.

image

<div class="alert alert-warning">
Do not upload extensions with security fixes that have not been coordinated with the TYPO3 security team. Instead please <a href="https://typo3.org/community/teams/security/contact-us" target="_blank">contact</a> the TYPO3 security team at <a href="mailto:security@typo3.org">security@typo3.org</a>
</div>

Also a link to the Extension Security Policy (https://typo3.org/community/teams/security/extension-security-policy) should be placed "somewhere" on TER (e.g. on this https://extensions.typo3.org/faq/publish-an-extension/ page)

Acceptence Criterias

  • Must be fullfilled

Links / references

Assignee
Assign to
Sprint 6 (2020) - t3o remote day October
Milestone
Sprint 6 (2020) - t3o remote day October (Past due)
Assign milestone
Time tracking
None
Due date
None
Reference: services/t3o-sites/extensions.typo3.org/ter#462