securitydrupalorg

Open on Drupal.org →Open on Drupal GitLab →

Created on 24 May 2010, about 15 years ago

Maintained by

🇺🇸United States drumm
Drupal Security Team
🇺🇸United States greggles
🇺🇸United States mlhess
🇺🇸United States pwolanin
🇨🇦Canada scor
🇺🇸United States xjm

🇺🇸United States
84%

🇬🇧United Kingdom
8%

🇧🇪Belgium
3%

🇮🇹Italy
1%

🇪🇸Spain
1%

🏴‍☠️🇦🇺 🇭🇺 🇸🇰 🏴‍☠️ 🇳🇱
3%

Top 10 contributors

DM13 Security LLC 14%
- 🇺🇸 @cmlara
Lullabot 13%
- 🇺🇸 @yesct
Acquia 5%
- 🇬🇧 @mcdruid
Tag1 Consulting 4%
- 🇺🇸 @benjifisher
- 🇬🇧 @catch
DUG BE vzw (Drupal User Group Belgium) 3%
- 🇧🇪 @BramDriesen
Drupal Association 2%
- 🇺🇸 @drumm
- 🇪🇸 @fjgarlin
SciShield 2%
- 🇺🇸 @benjifisher
- 🇺🇸 @pwolanin
nLightened Development LLC 1%
- 🇺🇸 @nicxvan
Performant Labs 1%
- 🇺🇸 @aangel
PreviousNext 1%
- 🇦🇺 @larowlan

+10

and 5 individuals ( 51% )

@cilefen
🇺🇸 @damienmckenna
🇺🇸 @greggles
🇮🇹 @apaderno
🇺🇸 @mlhess

Merge Requests

!13Create CVEs for July 2, 2025
Open
Show issue
🇺🇸United States greggles
updated 1 day ago
!12Create CVEs for June 25, 2025
Merged
Show issue
🇺🇸United States greggles
updated 7 days ago
!11Allow filtering the All Issues view by version
Open
Show issue
🇺🇸United States damienmckenna
updated 8 days ago
!10Create CVEs for May 21, 2025
Merged
Show issue
🇺🇸United States yesct
updated 20 days ago
!8Create CVEs for May 21, 2025
Closed
Show issue
🇺🇸United States yesct
updated 21 days ago
!9Create CVEs for May 21, 2025
Merged
Show issue
🇺🇸United States yesct
updated 22 days ago

More Merge Requests

Issues

📌
Create CVEs for July 2, 2025
Active
Code
Created 1 day ago
v1.0
🇺🇸United States greggles
1 day ago
📌
Create CVEs for May 21, 2025
Active
Code
Created 30 days ago
v1.0
🇺🇸United States yesct
6 days ago
📌
Create CVEs for June 11, 2025
Active
Code
Created 27 days ago
v1.0
🇺🇸United States yesct
6 days ago
📌
Create CVEs for May 21, 2025
Active
Code
Created 27 days ago
v1.0
🇺🇸United States yesct
7 days ago
📌
Create CVEs for June 25, 2025
Active
Code
Created 8 days ago
v1.0
🇺🇸United States greggles
7 days ago
📌
Create CVEs for June 18, 2025
Active
Code
Created 27 days ago
v1.0
🇺🇸United States yesct
8 days ago
🌱
More flexible language for git vetted status for co-maintainers of existing projects
Active
Code
Created over 2 years ago
v1.0
🇬🇧United Kingdom catch
8 days ago
✨
Allow filtering the All Issues view by version
Active
User interface
Created 8 days ago
v1.0
🇺🇸United States damienmckenna
8 days ago
💬
CVE Request for Webform Multiple File
Active
Code
Created about 1 month ago
v1.0
🇺🇸United States aangel
9 days ago
📌
Get an Open Source Security Foundation badge for Drupal (core? contrib?)
Needs review
Miscellaneous
Created over 3 years ago
v1.0
🇺🇸United States greggles
10 days ago
📌
Create CVEs for May 14, 2025
Active
Code
Created about 2 months ago
v1.0
🇺🇸United States greggles
13 days ago
📌
Create CVEs for June 4, 2025
Active
Code
Created 30 days ago
v1.0
🇺🇸United States yesct
28 days ago
✨
Publish Advisory -> CVE script to support better
Active
Code
Created about 2 months ago
v1.0
🇺🇸United States greggles
about 1 month ago
📌
Clarify the Drupal Security Team Disclosure Policy
Active
Code
Created about 1 month ago
v1.0
🇺🇸United States greggles
about 1 month ago
✨
Policy: Post CVE number / link on private issue
Active
Documentation
Created about 1 month ago
v1.0
🇺🇸United States damienmckenna
about 1 month ago
📌
Update links on the with wrong counts
Active
Documentation
Created over 1 year ago
v1.0
🇧🇪Belgium BramDriesen
3 months ago
📌
document how to publish a PSA for use by the autoupdate tool
Fixed
Documentation
Created over 5 years ago
v1.0
🇺🇸United States greggles
3 months ago
📌
Display members in an unordered list
Fixed
Code
Created over 3 years ago
v1.0
cilefen
3 months ago
📌
Review Coverity scan for Drupal core one time
Fixed
Code
Created over 8 years ago
v1.0
🇧🇪Belgium mallezie
3 months ago
📌
January 2025 CVEs
Active
Code
Created 6 months ago
v1.0
🇺🇸United States greggles
3 months ago
✨
Add blocks that show issue assignment status
Fixed
Code
Created almost 10 years ago
v1.0
🇳🇱Netherlands dokumori
3 months ago
🐛
Link to create and avisory for an issue is partially broken
Fixed
Code
Created almost 8 years ago
v1.0
pere orga
3 months ago
🐛
Unhide some fields so admins don't have so many extra clicks
Fixed
Code
Created over 10 years ago
v1.0
🇺🇸United States mlhess
3 months ago
✨
Create automated testing for core issues
Fixed
Code
Created over 11 years ago
v1.0
🇺🇸United States mlhess
3 months ago
📌
Add more examples about COi
Needs review
Code
Created about 7 years ago
v1.0
🇺🇸United States greggles
3 months ago
🐛
Drupal SA's missing CVE ID's
Active
Documentation
Created 10 months ago
v1.0
🇺🇸United States cmlara
3 months ago
📌
I helped prep for and/or presented at Drupalcon Atlanta
Active
Code
Created 3 months ago
v1.0
🇺🇸United States greggles
3 months ago
📌
Unsuported Modules: Establish timeline for publishing of vulnerability info to allow for possible CVE creation
Active
Documentation
Created 6 months ago
v1.0
🇺🇸United States cmlara
3 months ago
📌
Consider publishing sa data to Friends of PHP's repo
Postponed
Code
Created over 8 years ago
v1.0
🇺🇸United States joestewart
3 months ago
📌
Create system for issues that "need triage"
Closed: outdated
Code
Created almost 13 years ago
v1.0
🇺🇸United States greggles
3 months ago
📌
Show issues that a maintainer hasn't been added to by age
Closed: outdated
Code
Created almost 11 years ago
v1.0
🇺🇸United States greggles
3 months ago
✨
Auto-add maintainers to issues if an issue is open and they haven't been added within 2 days
Closed: outdated
Code
Created over 6 years ago
v1.0
🇺🇸United States greggles
3 months ago
📌
Run a static application security test (SAST) as part of core CI
Active
Code
Created 3 months ago
v1.0
🇺🇸United States greggles
3 months ago
✨
Display a block that lists assigned issues for security team members
Closed: outdated
Code
Created over 13 years ago
v1.0
🇳🇱Netherlands dokumori
3 months ago
✨
Manage block config using the Context or Features Extra module
Closed: outdated
Code
Created almost 10 years ago
v1.0
🇳🇱Netherlands dokumori
3 months ago
📌
Reduce the effort of a core security release
Closed: outdated
Code
Created over 2 years ago
v1.0
🇺🇸United States greggles
3 months ago
🐛
Remove reference to IRC nicknames and replace with slack username
Closed: outdated
Code
Created about 3 years ago
v1.0
🇺🇸United States mlhess
3 months ago
🐛
List of team members shows an irc nick, and requires it to display properly
Closed: won't fix
Code
Created almost 6 years ago
v1.0
🇺🇸United States greggles
3 months ago
✨
Make it easier to add new users to sdo via a security issue
Closed: duplicate
User interface
Created over 7 years ago
v1.0
🇺🇸United States damienmckenna
3 months ago
✨
Add a view for listing tagged nodes
Closed: outdated
Code
Created over 9 years ago
v1.0
🇳🇱Netherlands dokumori
3 months ago
✨
Change the project title in the status block to a link to the project
Closed: outdated
Code
Created almost 10 years ago
v1.0
🇺🇸United States cashwilliams
3 months ago
📌
Email new nodes to a configurable email address
Closed: outdated
Code
Created over 10 years ago
v1.0
🇺🇸United States mlhess
3 months ago
📌
Allow team members to pull bakery users
Closed: outdated
Code
Created over 12 years ago
v1.0
🇺🇸United States mlhess
3 months ago
✨
Let distro maintainers or trusted persons see security issue count in dependent modules
Closed: outdated
Code
Created over 11 years ago
v1.0
🇺🇸United States coltrane
3 months ago
✨
Invoke hook to create account if account is not on local site.
Closed: outdated
Code
Created almost 11 years ago
v1.0
🇺🇸United States mlhess
3 months ago
📌
Create a survey for the community priori to Drupalcon
Active
Code
Created 4 months ago
v1.0
🇺🇸United States greggles
4 months ago
📌
Switch to CVSS scoring
Active
Code
Created about 1 year ago
v1.0
cilefen
4 months ago
📌
Create CVEs for contributed projects in 2024
Active
Code
Created 7 months ago
v1.0
🇺🇸United States greggles
4 months ago
🐛
issues_by_followup_date view should default to Open status
Active
Code
Created 4 months ago
v1.0
🇬🇧United Kingdom mcdruid
4 months ago
📌
Update CNA scope
Needs review
Code
Created 8 months ago
v1.0
🇺🇸United States greggles
5 months ago
✨
Prohibit the ability to adopt a project
Active
Code
Created about 1 year ago
v1.0
🇺🇸United States cmlara
5 months ago
✨
Require in-person identity confirmation to receive security opt-in role.
Active
Code
Created about 1 year ago
v1.0
🇺🇸United States cmlara
6 months ago
📌
[META|POLICY] Think of a way to make it less easy to become a (co-) maintainer
Active
Security Working Group (policy questions)
Created 6 months ago
v1.0
🇧🇪Belgium BramDriesen
6 months ago
💬
greggles dealing with organization credit attribution limitations
Postponed
Miscellaneous
Created about 1 year ago
v1.0
🇺🇸United States greggles
6 months ago
📌
Create CVEs for SA-CORE-2024-003, 004, 005, 006, 007, 008
Active
Code
Created 7 months ago
v1.0
🇺🇸United States greggles
6 months ago
🐛
Update 'Security team process' link in Quicklinks to point to d.o
Fixed
Code
Created almost 9 years ago
v1.0
🇺🇸United States cashwilliams
6 months ago
🐛
"My security issues" block's "more" link is redirecting to the wrong url
Active
Code
Created 7 months ago
v1.0
🇧🇪Belgium BramDriesen
7 months ago
📌
Create CVEs for
Active
Code
Created 8 months ago
v1.0
🇺🇸United States greggles
7 months ago
📌
Create a cve for diff
Active
Code
Created 9 months ago
v1.0
🇺🇸United States greggles
7 months ago
📌
Develop and publish policy regarding missed SA notices
Active
Security Working Group (policy questions)
Created over 3 years ago
v1.0
🇺🇸United States cmlara
7 months ago
📌
Improve Security Risk Levels Defined docs page
Active
Documentation
Created almost 2 years ago
v1.0
🇺🇸United States damienmckenna
7 months ago
✨
Security Tracker Emails: Strip the Body Field Or Encrypt with Recipient's Pubic GPG Key
Closed: won't fix
Code
Created over 10 years ago
v1.0
🇺🇸United States rickmanelius
7 months ago
📌
Collect CVE related details as part of Security Issue
Active
Code
Created 9 months ago
v1.0
🇺🇸United States cmlara
7 months ago
📌
Automate publishing of CVE's
Active
Code
Created 9 months ago
v1.0
🇺🇸United States cmlara
9 months ago
💬
Publication of CVE-2024-45440 by MITRE
Active
Security Working Group (policy questions)
Created 10 months ago
v1.0
🇺🇸United States cmlara
10 months ago
✨
Update policy to explicitly state security issues will be handled privately
Active
Security Working Group (policy questions)
Created almost 3 years ago
v1.0
🇺🇸United States damienmckenna
10 months ago
📌
Expand the ability of module maintainers to mark a particular release as security.
Active
Code
Created about 1 year ago
v1.0
🇺🇸United States nicxvan
about 1 year ago
🌱
[META] Increase Security of Project Ownership Transfer Process
Active
Code
Created about 1 year ago
v1.0
🇺🇸United States cmlara
about 1 year ago
📌
Remove riskcalc, replaced with www.drupal.org
Fixed
Code
Created about 1 year ago
v1.0
🇺🇸United States drumm
about 1 year ago
📌
Document the process for updating an "unsupported" SA due to new adoption
Active
Documentation
Created almost 2 years ago
v1.0
🇺🇸United States damienmckenna
over 1 year ago
📌
Review and fix up message templates
Fixed
Documentation
Created over 1 year ago
v1.0
🇺🇸United States greggles
over 1 year ago
🐛
Link to create SA in the sidebar info section doesn't work
Fixed
Code
Created over 1 year ago
v1.0
🇧🇪Belgium kristiaanvandeneynde
over 1 year ago
✨
Change SA opt-in to differentiate between "not opted in (yet)" vs "opted out"
Active
User interface
Created over 1 year ago
v1.0
🇺🇸United States damienmckenna
over 1 year ago
📌
Update security issue version field for semantic versioning & Drupal 9
Active
User interface
Created over 4 years ago
v1.0
🇺🇸United States drumm
over 1 year ago
📌
Create new documentation guide & pages that clearly documents what issues are not considered security issues
Active
Miscellaneous
Created over 3 years ago
v1.0
🇺🇸United States damienmckenna
almost 2 years ago
✨
Adjust order for editing SA fields to match s.d.o and the display on d.o
Fixed
sahtml
Created over 6 years ago
v1.0
🇺🇸United States greggles
about 2 years ago

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024

securitydrupalorg

Top 10 contributors

and 10 other organisations

and 5 individuals ( 51% )

Merge Requests

!13Create CVEs for July 2, 2025Open Show issue

!12Create CVEs for June 25, 2025Merged Show issue

!11Allow filtering the All Issues view by versionOpen Show issue

!10Create CVEs for May 21, 2025Merged Show issue

!8Create CVEs for May 21, 2025Closed Show issue

!9Create CVEs for May 21, 2025Merged Show issue

Issues

Create CVEs for July 2, 2025ActiveCode Created 1 day ago

Create CVEs for May 21, 2025ActiveCode Created 30 days ago

Create CVEs for June 11, 2025ActiveCode Created 27 days ago

Create CVEs for May 21, 2025ActiveCode Created 27 days ago

Create CVEs for June 25, 2025ActiveCode Created 8 days ago

Create CVEs for June 18, 2025ActiveCode Created 27 days ago

More flexible language for git vetted status for co-maintainers of existing projectsActiveCode Created over 2 years ago

Allow filtering the All Issues view by versionActiveUser interface Created 8 days ago

CVE Request for Webform Multiple FileActiveCode Created about 1 month ago

Get an Open Source Security Foundation badge for Drupal (core? contrib?)Needs reviewMiscellaneous Created over 3 years ago

Create CVEs for May 14, 2025ActiveCode Created about 2 months ago

Create CVEs for June 4, 2025ActiveCode Created 30 days ago

Publish Advisory -> CVE script to support betterActiveCode Created about 2 months ago

Clarify the Drupal Security Team Disclosure PolicyActiveCode Created about 1 month ago

Policy: Post CVE number / link on private issueActiveDocumentation Created about 1 month ago

Update links on the with wrong countsActiveDocumentation Created over 1 year ago

document how to publish a PSA for use by the autoupdate toolFixedDocumentation Created over 5 years ago

Display members in an unordered listFixedCode Created over 3 years ago

Review Coverity scan for Drupal core one timeFixedCode Created over 8 years ago

January 2025 CVEsActiveCode Created 6 months ago

Add blocks that show issue assignment statusFixedCode Created almost 10 years ago

Link to create and avisory for an issue is partially brokenFixedCode Created almost 8 years ago

Unhide some fields so admins don't have so many extra clicksFixedCode Created over 10 years ago

Create automated testing for core issues FixedCode Created over 11 years ago

Add more examples about COiNeeds reviewCode Created about 7 years ago

Drupal SA's missing CVE ID'sActiveDocumentation Created 10 months ago

I helped prep for and/or presented at Drupalcon AtlantaActiveCode Created 3 months ago

Unsuported Modules: Establish timeline for publishing of vulnerability info to allow for possible CVE creationActiveDocumentation Created 6 months ago

Consider publishing sa data to Friends of PHP's repoPostponedCode Created over 8 years ago

Create system for issues that "need triage" Closed: outdatedCode Created almost 13 years ago

Show issues that a maintainer hasn't been added to by ageClosed: outdatedCode Created almost 11 years ago

Auto-add maintainers to issues if an issue is open and they haven't been added within 2 daysClosed: outdatedCode Created over 6 years ago

Run a static application security test (SAST) as part of core CIActiveCode Created 3 months ago

Display a block that lists assigned issues for security team membersClosed: outdatedCode Created over 13 years ago

Manage block config using the Context or Features Extra moduleClosed: outdatedCode Created almost 10 years ago

Reduce the effort of a core security releaseClosed: outdatedCode Created over 2 years ago

Remove reference to IRC nicknames and replace with slack usernameClosed: outdatedCode Created about 3 years ago

List of team members shows an irc nick, and requires it to display properlyClosed: won't fixCode Created almost 6 years ago

Make it easier to add new users to sdo via a security issueClosed: duplicateUser interface Created over 7 years ago

Add a view for listing tagged nodesClosed: outdatedCode Created over 9 years ago

Change the project title in the status block to a link to the projectClosed: outdatedCode Created almost 10 years ago

Email new nodes to a configurable email addressClosed: outdatedCode Created over 10 years ago

Allow team members to pull bakery usersClosed: outdatedCode Created over 12 years ago

Let distro maintainers or trusted persons see security issue count in dependent modulesClosed: outdatedCode Created over 11 years ago

Invoke hook to create account if account is not on local site. Closed: outdatedCode Created almost 11 years ago

Create a survey for the community priori to DrupalconActiveCode Created 4 months ago

Switch to CVSS scoringActiveCode Created about 1 year ago

Create CVEs for contributed projects in 2024ActiveCode Created 7 months ago

issues_by_followup_date view should default to Open statusActiveCode Created 4 months ago

Update CNA scopeNeeds reviewCode Created 8 months ago

Prohibit the ability to adopt a projectActiveCode Created about 1 year ago

Require in-person identity confirmation to receive security opt-in role.ActiveCode Created about 1 year ago

[META|POLICY] Think of a way to make it less easy to become a (co-) maintainerActiveSecurity Working Group (policy questions) Created 6 months ago

greggles dealing with organization credit attribution limitationsPostponedMiscellaneous Created about 1 year ago

Create CVEs for SA-CORE-2024-003, 004, 005, 006, 007, 008 ActiveCode Created 7 months ago

Update 'Security team process' link in Quicklinks to point to d.oFixedCode Created almost 9 years ago

"My security issues" block's "more" link is redirecting to the wrong urlActiveCode Created 7 months ago

Create CVEs for ActiveCode Created 8 months ago

Create a cve for diffActiveCode Created 9 months ago

Develop and publish policy regarding missed SA noticesActiveSecurity Working Group (policy questions) Created over 3 years ago

Improve Security Risk Levels Defined docs pageActiveDocumentation Created almost 2 years ago

Security Tracker Emails: Strip the Body Field Or Encrypt with Recipient's Pubic GPG KeyClosed: won't fixCode Created over 10 years ago

Collect CVE related details as part of Security IssueActiveCode Created 9 months ago

Automate publishing of CVE'sActiveCode Created 9 months ago

Publication of CVE-2024-45440 by MITREActiveSecurity Working Group (policy questions) Created 10 months ago

Update policy to explicitly state security issues will be handled privatelyActiveSecurity Working Group (policy questions) Created almost 3 years ago

Expand the ability of module maintainers to mark a particular release as security.ActiveCode Created about 1 year ago

[META] Increase Security of Project Ownership Transfer ProcessActiveCode Created about 1 year ago

!13Create CVEs for July 2, 2025
Open
Show issue

!12Create CVEs for June 25, 2025
Merged
Show issue

!11Allow filtering the All Issues view by version
Open
Show issue

!10Create CVEs for May 21, 2025
Merged
Show issue

!8Create CVEs for May 21, 2025
Closed
Show issue

!9Create CVEs for May 21, 2025
Merged
Show issue

Create CVEs for July 2, 2025
Active
Code
Created 1 day ago

Create CVEs for May 21, 2025
Active
Code
Created 30 days ago

Create CVEs for June 11, 2025
Active
Code
Created 27 days ago

Create CVEs for May 21, 2025
Active
Code
Created 27 days ago

Create CVEs for June 25, 2025
Active
Code
Created 8 days ago

Create CVEs for June 18, 2025
Active
Code
Created 27 days ago

More flexible language for git vetted status for co-maintainers of existing projects
Active
Code
Created over 2 years ago

Allow filtering the All Issues view by version
Active
User interface
Created 8 days ago

CVE Request for Webform Multiple File
Active
Code
Created about 1 month ago

Get an Open Source Security Foundation badge for Drupal (core? contrib?)
Needs review
Miscellaneous
Created over 3 years ago

Create CVEs for May 14, 2025
Active
Code
Created about 2 months ago

Create CVEs for June 4, 2025
Active
Code
Created 30 days ago

Publish Advisory -> CVE script to support better
Active
Code
Created about 2 months ago

Clarify the Drupal Security Team Disclosure Policy
Active
Code
Created about 1 month ago

Policy: Post CVE number / link on private issue
Active
Documentation
Created about 1 month ago

Update links on the with wrong counts
Active
Documentation
Created over 1 year ago

document how to publish a PSA for use by the autoupdate tool
Fixed
Documentation
Created over 5 years ago

Display members in an unordered list
Fixed
Code
Created over 3 years ago

Review Coverity scan for Drupal core one time
Fixed
Code
Created over 8 years ago

January 2025 CVEs
Active
Code
Created 6 months ago

Add blocks that show issue assignment status
Fixed
Code
Created almost 10 years ago

Link to create and avisory for an issue is partially broken
Fixed
Code
Created almost 8 years ago

Unhide some fields so admins don't have so many extra clicks
Fixed
Code
Created over 10 years ago

Create automated testing for core issues
Fixed
Code
Created over 11 years ago

Add more examples about COi
Needs review
Code
Created about 7 years ago

Drupal SA's missing CVE ID's
Active
Documentation
Created 10 months ago

I helped prep for and/or presented at Drupalcon Atlanta
Active
Code
Created 3 months ago

Unsuported Modules: Establish timeline for publishing of vulnerability info to allow for possible CVE creation
Active
Documentation
Created 6 months ago

Consider publishing sa data to Friends of PHP's repo
Postponed
Code
Created over 8 years ago

Create system for issues that "need triage"
Closed: outdated
Code
Created almost 13 years ago

Show issues that a maintainer hasn't been added to by age
Closed: outdated
Code
Created almost 11 years ago

Auto-add maintainers to issues if an issue is open and they haven't been added within 2 days
Closed: outdated
Code
Created over 6 years ago

Run a static application security test (SAST) as part of core CI
Active
Code
Created 3 months ago

Display a block that lists assigned issues for security team members
Closed: outdated
Code
Created over 13 years ago

Manage block config using the Context or Features Extra module
Closed: outdated
Code
Created almost 10 years ago

Reduce the effort of a core security release
Closed: outdated
Code
Created over 2 years ago

Remove reference to IRC nicknames and replace with slack username
Closed: outdated
Code
Created about 3 years ago

List of team members shows an irc nick, and requires it to display properly
Closed: won't fix
Code
Created almost 6 years ago

Make it easier to add new users to sdo via a security issue
Closed: duplicate
User interface
Created over 7 years ago

Add a view for listing tagged nodes
Closed: outdated
Code
Created over 9 years ago

Change the project title in the status block to a link to the project
Closed: outdated
Code
Created almost 10 years ago

Email new nodes to a configurable email address
Closed: outdated
Code
Created over 10 years ago

Allow team members to pull bakery users
Closed: outdated
Code
Created over 12 years ago

Let distro maintainers or trusted persons see security issue count in dependent modules
Closed: outdated
Code
Created over 11 years ago

Invoke hook to create account if account is not on local site.
Closed: outdated
Code
Created almost 11 years ago

Create a survey for the community priori to Drupalcon
Active
Code
Created 4 months ago

Switch to CVSS scoring
Active
Code
Created about 1 year ago

Create CVEs for contributed projects in 2024
Active
Code
Created 7 months ago

issues_by_followup_date view should default to Open status
Active
Code
Created 4 months ago

Update CNA scope
Needs review
Code
Created 8 months ago

Prohibit the ability to adopt a project
Active
Code
Created about 1 year ago

Require in-person identity confirmation to receive security opt-in role.
Active
Code
Created about 1 year ago

[META|POLICY] Think of a way to make it less easy to become a (co-) maintainer
Active
Security Working Group (policy questions)
Created 6 months ago

greggles dealing with organization credit attribution limitations
Postponed
Miscellaneous
Created about 1 year ago

Create CVEs for SA-CORE-2024-003, 004, 005, 006, 007, 008
Active
Code
Created 7 months ago

Update 'Security team process' link in Quicklinks to point to d.o
Fixed
Code
Created almost 9 years ago

"My security issues" block's "more" link is redirecting to the wrong url
Active
Code
Created 7 months ago

Create CVEs for
Active
Code
Created 8 months ago

Create a cve for diff
Active
Code
Created 9 months ago

Develop and publish policy regarding missed SA notices
Active
Security Working Group (policy questions)
Created over 3 years ago

Improve Security Risk Levels Defined docs page
Active
Documentation
Created almost 2 years ago

Security Tracker Emails: Strip the Body Field Or Encrypt with Recipient's Pubic GPG Key
Closed: won't fix
Code
Created over 10 years ago

Collect CVE related details as part of Security Issue
Active
Code
Created 9 months ago

Automate publishing of CVE's
Active
Code
Created 9 months ago

Publication of CVE-2024-45440 by MITRE
Active
Security Working Group (policy questions)
Created 10 months ago

Update policy to explicitly state security issues will be handled privately
Active
Security Working Group (policy questions)
Created almost 3 years ago

Expand the ability of module maintainers to mark a particular release as security.
Active
Code
Created about 1 year ago

[META] Increase Security of Project Ownership Transfer Process
Active
Code
Created about 1 year ago

Remove riskcalc, replaced with www.drupal.org
Fixed
Code
Created about 1 year ago

Document the process for updating an "unsupported" SA due to new adoption
Active
Documentation
Created almost 2 years ago

Review and fix up message templates
Fixed
Documentation
Created over 1 year ago

Link to create SA in the sidebar info section doesn't work
Fixed
Code
Created over 1 year ago

Change SA opt-in to differentiate between "not opted in (yet)" vs "opted out"
Active
User interface
Created over 1 year ago

Update security issue version field for semantic versioning & Drupal 9
Active
User interface
Created over 4 years ago