- π¦πΊAustralia thursday_bw
update issue and add recommendations with questions for the security team.
- πΊπΈUnited States greggles Denver, Colorado, USA
Questions:
- Clarification Needed: Could we get clarification on where the suggestion to use
hook_requirements()
originated? - Security Team Update: Given the critical nature of this issue, could the security team provide an update on why this hasn't been addressed?
- Action Plan: Considering that the Security Review module is not a guaranteed fix, this issue should remain open until a more concrete solution is implemented in the core.
Answers, in order:
- All the context for it is in comment #4.
- The Security Team determined this could be fixed in public. It's up to the community of people who care about issues like this to work on a fix for it.
- IMO it would also be fair to close the issue since the consequences appear to be not that significant. This issue has not been identified to the security team as a root cause of a site takeover.
I've removed these recommendations from the summary - they feel more appropriate to exist in a comment to me at this point.
- Clarification Needed: Could we get clarification on where the suggestion to use
- π¦πΊAustralia thursday_bw
"IMO it would also be fair to close the issue since the consequences appear to be not that significant. This issue has not been identified to the security team as a root cause of a site takeover." seems fair to me.
Should we just do it?