Contrib.social

drupal.org e-mails should use encryption in transit (TLS)

Open on Drupal.org β†’
Created on 2 March 2016, over 8 years ago
Updated 21 November 2023, 10 months ago

The incoming e-mails from drupal.org (at least the ones coming from the contact form) are not encrypted in transit.

For security and privacy they should use TLS: https://support.google.com/mail/answer/6330403

πŸ› Bug report
Status

Fixed

Component

Servers

Created by

πŸ‡§πŸ‡·Brazil Mac_Weber

Live updates comments and jobs are added and updated live.
  • Security improvements

    It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment over 1 year ago β†’
    πŸ‡¦πŸ‡ΊAustralia dpi Perth, Australia

    This looks to have been resolved later in 2016. Anything else remaining?

  • Issue was unassigned.
  • Comment 11 months ago β†’
    πŸ‡§πŸ‡ͺBelgium BramDriesen Belgium πŸ‡§πŸ‡ͺ

    I double checked an email I got recently from my own contact form and it's using TLS as encryption (grey lock icon). So my guess this has actually been fixed indeed somewhere close after @basic contacted the hosting/relay provider in 2016.

    Changing the tag to Security Improvements as there is currently no security issue. Tagging it with security flags it as a security issue on the infrastructure project page, which looks a bit odd. (been cleaning up a few of those).

    I think the appropriate status actually is fixed for this one, wouldn't close it as outdated as it was actually fixed, albeit a long time ago.

  • Status changed to Fixed 10 months ago
  • Comment 10 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States drumm NY, US

    Confirmed this is resolved. Emails from www.drupal.org servers are now encrypted in transit.

  • Comment 10 months ago β†’
    System Message

    Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024