securitydrupalorg

Open on Drupal.org →Open on Drupal GitLab →

Created on 24 May 2010, over 14 years ago

Maintained by

🇺🇸United States drumm
Drupal Security Team
🇺🇸United States greggles
🇺🇸United States mlhess
🇺🇸United States pwolanin
🇨🇦Canada scor
🇺🇸United States xjm

🇺🇸United States
76%

🇬🇧United Kingdom
12%

🇧🇪Belgium
3%

🇪🇸Spain
2%

🇮🇹Italy
2%

🇭🇺Hungary
2%

🇸🇰Slovakia
2%

🏴‍☠️🇦🇺 🇳🇱
2%

Top 10 contributors

DM13 Security LLC 22%
- 🇺🇸 @cmlara
Acquia 7%
- 🇬🇧 @mcdruid
Tag1 Consulting 5%
- 🇬🇧 @catch
Drupal Association 4%
- 🇺🇸 @drumm
- 🇪🇸 @fjgarlin
DUG BE vzw (Drupal User Group Belgium) 3%
- 🇧🇪 @BramDriesen
Lullabot 2%
- 🇺🇸 @yesct
Pronovix 2%
- 🇭🇺 @mxr576
ActivIT s.r.o. 2%
- 🇸🇰 @poker10
PreviousNext 1%
- 🇦🇺 @larowlan
Kosada 1%
- 🇺🇸 @mradcliffe

and 2 individuals ( 50% )

🇺🇸 @greggles
🇮🇹 @apaderno

Merge Requests

!4"My security issues" block's "more" link is redirecting to the wrong url
Open
Show issue
🇪🇸Spain fjgarlin
updated 3 days ago
!3Remove riskcalc, replaced with www.drupal.org
Merged
Show issue
🇺🇸United States drumm
updated 8 months ago

Issues

📌
Unsuported Modules: Establish timeline for publishing of vulnerability info to allow for possible CVE creation
Active
Documentation
Created about 9 hours ago
v1.0
🇺🇸United States cmlara
about 9 hours ago
🐛
"My security issues" block's "more" link is redirecting to the wrong url
Active
Code
Created 3 days ago
v1.0
🇧🇪Belgium BramDriesen
2 days ago
📌
Update CNA scope
Needs review
Code
Created about 2 months ago
v1.0
🇺🇸United States greggles
2 days ago
📌
Create CVEs for
Active
Code
Created about 2 months ago
v1.0
🇺🇸United States greggles
3 days ago
📌
Create CVEs for contributed projects in 2024
Active
Code
Created 17 days ago
v1.0
🇺🇸United States greggles
4 days ago
📌
Create a cve for diff
Active
Code
Created 3 months ago
v1.0
🇺🇸United States greggles
11 days ago
📌
Create CVEs for SA-CORE-2024-003, 004, 005, 006, 007, 008
Active
Code
Created 17 days ago
v1.0
🇺🇸United States greggles
12 days ago
📌
Develop and publish policy regarding missed SA notices
Active
Security Working Group (policy questions)
Created over 2 years ago
v1.0
🇺🇸United States cmlara
12 days ago
📌
Improve Security Risk Levels Defined docs page
Active
Documentation
Created over 1 year ago
v1.0
🇺🇸United States DamienMcKenna
12 days ago
🐛
Update 'Security team process' link in Quicklinks to point to d.o
Fixed
Code
Created over 8 years ago
v1.0
🇺🇸United States cashwilliams
12 days ago
✨
Security Tracker Emails: Strip the Body Field Or Encrypt with Recipient's Pubic GPG Key
Closed: won't fix
Code
Created about 10 years ago
v1.0
🇺🇸United States rickmanelius
12 days ago
📌
Collect CVE related details as part of Security Issue
Active
Code
Created 2 months ago
v1.0
🇺🇸United States cmlara
15 days ago
💬
greggles dealing with organization credit attribution limitations
Postponed
Miscellaneous
Created 7 months ago
v1.0
🇺🇸United States greggles
24 days ago
🌱
More flexible language for git vetted status for co-maintainers of existing projects
Active
Code
Created almost 2 years ago
v1.0
🇬🇧United Kingdom catch
about 1 month ago
✨
Prohibit the ability to adopt a project
Active
Code
Created 7 months ago
v1.0
🇺🇸United States cmlara
2 months ago
📌
Automate publishing of CVE's
Active
Code
Created 2 months ago
v1.0
🇺🇸United States cmlara
2 months ago
💬
Publication of CVE-2024-45440 by MITRE
Active
Security Working Group (policy questions)
Created 4 months ago
v1.0
🇺🇸United States cmlara
4 months ago
✨
Update policy to explicitly state security issues will be handled privately
Active
Security Working Group (policy questions)
Created over 2 years ago
v1.0
🇺🇸United States DamienMcKenna
4 months ago
🐛
Drupal SA's missing CVE ID's
Active
Documentation
Created 4 months ago
v1.0
🇺🇸United States cmlara
4 months ago
📌
Expand the ability of module maintainers to mark a particular release as security.
Active
Code
Created 6 months ago
v1.0
🇺🇸United States nicxvan
6 months ago
✨
Require in-person identity confirmation to receive security opt-in role.
Active
Code
Created 7 months ago
v1.0
🇺🇸United States cmlara
7 months ago
🌱
[META] Increase Security of Project Ownership Transfer Process
Active
Code
Created 7 months ago
v1.0
🇺🇸United States cmlara
7 months ago
📌
Remove riskcalc, replaced with www.drupal.org
Fixed
Code
Created 8 months ago
v1.0
🇺🇸United States drumm
8 months ago
📌
Switch to CVSS scoring
Active
Code
Created 8 months ago
v1.0
cilefen
8 months ago
📌
Document the process for updating an "unsupported" SA due to new adoption
Active
Documentation
Created over 1 year ago
v1.0
🇺🇸United States DamienMcKenna
9 months ago
📌
Review and fix up message templates
Fixed
Documentation
Created 10 months ago
v1.0
🇺🇸United States greggles
9 months ago
📌
Get an Open Source Security Foundation badge for Drupal (core? contrib?)
Needs review
Miscellaneous
Created almost 3 years ago
v1.0
🇺🇸United States greggles
10 months ago
🐛
Link to create SA in the sidebar info section doesn't work
Fixed
Code
Created about 1 year ago
v1.0
🇧🇪Belgium kristiaanvandeneynde
10 months ago
📌
Update links on the with wrong counts
Active
Documentation
Created about 1 year ago
v1.0
🇧🇪Belgium BramDriesen
about 1 year ago
✨
Change SA opt-in to differentiate between "not opted in (yet)" vs "opted out"
Active
User interface
Created about 1 year ago
v1.0
🇺🇸United States DamienMcKenna
about 1 year ago
📌
Update security issue version field for semantic versioning & Drupal 9
Active
User interface
Created about 4 years ago
v1.0
🇺🇸United States drumm
about 1 year ago
📌
Create new documentation guide & pages that clearly documents what issues are not considered security issues
Active
Miscellaneous
Created almost 3 years ago
v1.0
🇺🇸United States DamienMcKenna
over 1 year ago
✨
Adjust order for editing SA fields to match s.d.o and the display on d.o
Fixed
sahtml
Created almost 6 years ago
v1.0
🇺🇸United States greggles
over 1 year ago

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024

securitydrupalorg

Top 10 contributors

and 4 other organisations

and 2 individuals ( 50% )

Merge Requests

!4"My security issues" block's "more" link is redirecting to the wrong urlOpen Show issue

!3Remove riskcalc, replaced with www.drupal.orgMerged Show issue

Issues

Unsuported Modules: Establish timeline for publishing of vulnerability info to allow for possible CVE creationActiveDocumentation Created about 9 hours ago

"My security issues" block's "more" link is redirecting to the wrong urlActiveCode Created 3 days ago

Update CNA scopeNeeds reviewCode Created about 2 months ago

Create CVEs for ActiveCode Created about 2 months ago

Create CVEs for contributed projects in 2024ActiveCode Created 17 days ago

Create a cve for diffActiveCode Created 3 months ago

Create CVEs for SA-CORE-2024-003, 004, 005, 006, 007, 008 ActiveCode Created 17 days ago

Develop and publish policy regarding missed SA noticesActiveSecurity Working Group (policy questions) Created over 2 years ago

Improve Security Risk Levels Defined docs pageActiveDocumentation Created over 1 year ago

Update 'Security team process' link in Quicklinks to point to d.oFixedCode Created over 8 years ago

Security Tracker Emails: Strip the Body Field Or Encrypt with Recipient's Pubic GPG KeyClosed: won't fixCode Created about 10 years ago

Collect CVE related details as part of Security IssueActiveCode Created 2 months ago

greggles dealing with organization credit attribution limitationsPostponedMiscellaneous Created 7 months ago

More flexible language for git vetted status for co-maintainers of existing projectsActiveCode Created almost 2 years ago

Prohibit the ability to adopt a projectActiveCode Created 7 months ago

Automate publishing of CVE'sActiveCode Created 2 months ago

Publication of CVE-2024-45440 by MITREActiveSecurity Working Group (policy questions) Created 4 months ago

Update policy to explicitly state security issues will be handled privatelyActiveSecurity Working Group (policy questions) Created over 2 years ago

Drupal SA's missing CVE ID'sActiveDocumentation Created 4 months ago

Expand the ability of module maintainers to mark a particular release as security.ActiveCode Created 6 months ago

Require in-person identity confirmation to receive security opt-in role.ActiveCode Created 7 months ago

[META] Increase Security of Project Ownership Transfer ProcessActiveCode Created 7 months ago

Remove riskcalc, replaced with www.drupal.orgFixedCode Created 8 months ago

Switch to CVSS scoringActiveCode Created 8 months ago

Document the process for updating an "unsupported" SA due to new adoptionActiveDocumentation Created over 1 year ago

Review and fix up message templatesFixedDocumentation Created 10 months ago

Get an Open Source Security Foundation badge for Drupal (core? contrib?)Needs reviewMiscellaneous Created almost 3 years ago

Link to create SA in the sidebar info section doesn't workFixedCode Created about 1 year ago

Update links on the with wrong countsActiveDocumentation Created about 1 year ago

Change SA opt-in to differentiate between "not opted in (yet)" vs "opted out"ActiveUser interface Created about 1 year ago

Update security issue version field for semantic versioning & Drupal 9ActiveUser interface Created about 4 years ago

Create new documentation guide & pages that clearly documents what issues are not considered security issuesActiveMiscellaneous Created almost 3 years ago

Adjust order for editing SA fields to match s.d.o and the display on d.oFixedsahtml Created almost 6 years ago

!4"My security issues" block's "more" link is redirecting to the wrong url
Open
Show issue

!3Remove riskcalc, replaced with www.drupal.org
Merged
Show issue

Unsuported Modules: Establish timeline for publishing of vulnerability info to allow for possible CVE creation
Active
Documentation
Created about 9 hours ago

"My security issues" block's "more" link is redirecting to the wrong url
Active
Code
Created 3 days ago

Update CNA scope
Needs review
Code
Created about 2 months ago

Create CVEs for
Active
Code
Created about 2 months ago

Create CVEs for contributed projects in 2024
Active
Code
Created 17 days ago

Create a cve for diff
Active
Code
Created 3 months ago

Create CVEs for SA-CORE-2024-003, 004, 005, 006, 007, 008
Active
Code
Created 17 days ago

Develop and publish policy regarding missed SA notices
Active
Security Working Group (policy questions)
Created over 2 years ago

Improve Security Risk Levels Defined docs page
Active
Documentation
Created over 1 year ago

Update 'Security team process' link in Quicklinks to point to d.o
Fixed
Code
Created over 8 years ago

Security Tracker Emails: Strip the Body Field Or Encrypt with Recipient's Pubic GPG Key
Closed: won't fix
Code
Created about 10 years ago

Collect CVE related details as part of Security Issue
Active
Code
Created 2 months ago

greggles dealing with organization credit attribution limitations
Postponed
Miscellaneous
Created 7 months ago

More flexible language for git vetted status for co-maintainers of existing projects
Active
Code
Created almost 2 years ago

Prohibit the ability to adopt a project
Active
Code
Created 7 months ago

Automate publishing of CVE's
Active
Code
Created 2 months ago

Publication of CVE-2024-45440 by MITRE
Active
Security Working Group (policy questions)
Created 4 months ago

Update policy to explicitly state security issues will be handled privately
Active
Security Working Group (policy questions)
Created over 2 years ago

Drupal SA's missing CVE ID's
Active
Documentation
Created 4 months ago

Expand the ability of module maintainers to mark a particular release as security.
Active
Code
Created 6 months ago

Require in-person identity confirmation to receive security opt-in role.
Active
Code
Created 7 months ago

[META] Increase Security of Project Ownership Transfer Process
Active
Code
Created 7 months ago

Remove riskcalc, replaced with www.drupal.org
Fixed
Code
Created 8 months ago

Switch to CVSS scoring
Active
Code
Created 8 months ago

Document the process for updating an "unsupported" SA due to new adoption
Active
Documentation
Created over 1 year ago

Review and fix up message templates
Fixed
Documentation
Created 10 months ago

Get an Open Source Security Foundation badge for Drupal (core? contrib?)
Needs review
Miscellaneous
Created almost 3 years ago

Link to create SA in the sidebar info section doesn't work
Fixed
Code
Created about 1 year ago

Update links on the with wrong counts
Active
Documentation
Created about 1 year ago

Change SA opt-in to differentiate between "not opted in (yet)" vs "opted out"
Active
User interface
Created about 1 year ago

Update security issue version field for semantic versioning & Drupal 9
Active
User interface
Created about 4 years ago

Create new documentation guide & pages that clearly documents what issues are not considered security issues
Active
Miscellaneous
Created almost 3 years ago

Adjust order for editing SA fields to match s.d.o and the display on d.o
Fixed
sahtml
Created almost 6 years ago