- Log in or register to create an issue
- Advanced search
| Title | Status | Priority | Category | Version | Component | Replies |
Last updated |
Assigned to | Created |
|---|---|---|---|---|---|---|---|---|---|
| Documenting the Security/CVE process for D7ES providers | Active | Normal | Task | 7.x-1.x-dev | Documentation | 5 | 39 min 16 sec | aangel | 8 months 3 weeks |
| Publish Term Reference Tree CVE - CVE-2026-4093 | Needs work | Normal | Support request | 7.x-1.x-dev | Code | 5 | 7 hours 41 min | 2 months 4 days | |
| Publish for Simple Hierarchical Select (SHS) CVE-2026-4929 | Needs work | Normal | Support request | 7.x-1.x-dev | Miscellaneous | 3 | 8 hours 11 min | 2 months 4 days | |
| CVE request for LDAP - CVE-2026-6908 | Needs review | Normal | Task | 7.x-1.x-dev | Code | 6 | 5 days 10 hours | 2 weeks 3 days | |
| [policy] Treat CAPTCHA bypasses as non-security bugs | Active | Normal | Plan | 7.x-1.x-dev | Code | 4 | 1 week 3 days | 2 weeks 4 days | |
| Define standard description for marking an existing permission as "restrict access" | Active | Normal | Task | 7.x-1.x-dev | Documentation | 4 | 1 week 3 days | 2 weeks 3 days | |
| Publish a new CVE for TFA Basic Plugins - CVE-2026-6816 | Needs work | Normal | Support request | 7.x-1.x-dev | Code | 12 | 1 week 3 days | 1 month 4 weeks | |
| Create CVEs for April 2026 | Active | Normal | Task | 7.x-1.x-dev | Code | 1 | 1 month 12 hours | 1 month 12 hours | |
| Review and adopt CWE assignments from NIST | Active | Normal | Task | 7.x-1.x-dev | Code | 1 | 2 months 2 weeks | 2 months 2 weeks | |
| Switch to CVSS scoring | Active | Normal | Task | 7.x-1.x-dev | Code | 10 | 8 months 1 week | 2 years 1 week | |
| Align DST vulnerability determination criteria to CVE standards | Active | Critical | Support request | 7.x-1.x-dev | Security Working Group (policy questions) | 11 | 8 months 1 week | 1 year 8 months | |
| Incorrect affected versions on advisories | Active | Normal | Bug report | 7.x-1.x-dev | Miscellaneous | 2 | 8 months 4 weeks | 8 months 4 weeks | |
| Create CVEs for 2016 (especially for highly critical issues) | Active | Normal | Task | 7.x-1.x-dev | Code | 1 | 9 months 6 days | 9 months 6 days | |
| More flexible language for git vetted status for co-maintainers of existing projects | Active | Normal | Plan | 7.x-1.x-dev | Code | 42 | 10 months 1 week | 3 years 2 months | |
| Allow filtering the All Issues view by version | Needs review | Normal | Feature request | 7.x-1.x-dev | User interface | 3 | 10 months 1 week | 10 months 1 week | |
| Get an Open Source Security Foundation badge for Drupal (core? contrib?) | Needs review | Normal | Task | 7.x-1.x-dev | Miscellaneous | 11 | 10 months 1 week | 4 years 2 months | |
| Clarify the Drupal Security Team Disclosure Policy | Active | Normal | Task | 7.x-1.x-dev | Code | 2 | 11 months 1 week | 11 months 2 weeks | |
| Policy: Post CVE number / link on private issue | Active | Normal | Feature request | 7.x-1.x-dev | Documentation | 3 | 11 months 1 week | 11 months 2 weeks | |
| Unsuported Modules: Establish timeline for publishing of vulnerability info to allow for possible CVE creation | Active | Normal | Task | 7.x-1.x-dev | Documentation | 6 | 1 year 1 month | 1 year 4 months | |
| Run a static application security test (SAST) as part of core CI | Active | Normal | Task | 7.x-1.x-dev | Code | 1 | 1 year 1 month | 1 year 1 month | |
| Create a survey for the community prior to Drupalcon | Needs work | Normal | Task | 7.x-1.x-dev | Code | 11 | 1 year 1 month | 1 year 1 month | |
| issues_by_followup_date view should default to Open status | Active | Normal | Bug report | 7.x-1.x-dev | Code | 3 | 1 year 2 months | 1 year 2 months | |
| Prohibit the ability to adopt a project | Active | Normal | Feature request | 7.x-1.x-dev | Code | 16 | 1 year 3 months | 1 year 11 months | |
| Require in-person identity confirmation to receive "Git vetted user" role. | Active | Normal | Feature request | 7.x-1.x-dev | Code | 8 | 1 year 3 months | 1 year 11 months | |
| [META|POLICY] Think of a way to make adding a (co-) maintainer more trustworthy | Active | Major | Task | 7.x-1.x-dev | Security Working Group (policy questions) | 11 | 1 year 3 months | 1 year 3 months | |
| "My security issues" block's "more" link is redirecting to the wrong url | Needs review | Normal | Bug report | 7.x-1.x-dev | Code | 8 | 1 year 4 months | 1 year 4 months | |
| Develop and publish policy regarding missed SA notices | Active | Normal | Task | 7.x-1.x-dev | Security Working Group (policy questions) | 6 | 1 year 4 months | 4 years 1 month | |
| Improve Security Risk Levels Defined docs page | Active | Normal | Task | 7.x-1.x-dev | Documentation | 2 | 1 year 4 months | 2 years 8 months | |
| Collect CVE related details as part of Security Issue | Active | Normal | Task | 7.x-1.x-dev | Code | 5 | 1 year 4 months | 1 year 6 months | |
| Automate publishing of CVE's | Active | Normal | Task | 7.x-1.x-dev | Code | 3 | 1 year 6 months | 1 year 6 months | |
| Update policy to explicitly state security issues will be handled privately | Active | Normal | Feature request | 7.x-1.x-dev | Security Working Group (policy questions) | 5 | 1 year 8 months | 3 years 8 months | |
| Expand the ability of module maintainers to mark a particular release as security. | Active | Major | Task | 7.x-1.x-dev | Code | 5 | 1 year 10 months | 1 year 10 months | |
| [META] Increase Security of Project Ownership Transfer Process | Active | Normal | Plan | 7.x-1.x-dev | Code | 7 | 1 year 10 months | 1 year 11 months | |
| Document the process for updating an "unsupported" SA due to new adoption | Active | Normal | Task | 7.x-1.x-dev | Documentation | 7 | 2 years 1 month | 2 years 8 months | |
| Change SA opt-in to differentiate between "not opted in (yet)" vs "opted out" | Active | Normal | Feature request | 7.x-1.x-dev | User interface | 2 | 2 years 5 months | 2 years 6 months | |
| Update security issue version field for semantic versioning & Drupal 9 | Active | Normal | Task | 7.x-1.x-dev | User interface | 2 | 2 years 6 months | 5 years 6 months | |
| Create new documentation guide & pages that clearly documents what issues are not considered security issues | Active | Normal | Task | 7.x-1.x-dev | Miscellaneous | 6 | 2 years 8 months | 4 years 2 months | |
| Discuss involving ecosystem maintainers in security support degradation process | Active | Normal | Plan | 7.x-1.x-dev | Code | 16 | 3 years 4 months | 4 years 3 months | |
| Increase efficiency in ownership transfers related to modules with known vulnerabilities | Active | Normal | Feature request | 7.x-1.x-dev | Security Working Group (policy questions) | 3 | 3 years 4 months | 3 years 9 months | |
| Change policy regarding timeline for resolution and disclosure of security vulnerabilities to be more strict | Active | Normal | Task | 7.x-1.x-dev | Security Working Group (policy questions) | 18 | 3 years 4 months | 3 years 11 months | |
| Create autofill text for status of needs review, unsupported, or closed-fixed | Active | Normal | Bug report | 7.x-1.x-dev | Code | 7 | 3 years 4 months | 6 years 8 months | |
| Clarification of "insecure" versus "unsupported" | Active | Normal | Task | 7.x-1.x-dev | Security Working Group (policy questions) | 2 | 3 years 6 months | 3 years 6 months | |
| Codify and enforce rules regarding marking releases unsupported | Active | Normal | Task | 7.x-1.x-dev | Security Working Group (policy questions) | 1 | 3 years 7 months | 3 years 7 months | |
| Update to unsupported module advisory process | Active | Normal | Task | 7.x-1.x-dev | Code | 7 | 3 years 11 months | 3 years 11 months | |
| Proposal: make it easier for folks to know they're at a point to become vetted | Active | Normal | Plan | 7.x-1.x-dev | Miscellaneous | 8 | 4 years 6 months | 4 years 6 months | |
| Add issue submitter to access on referenced advisory | Active | Normal | Feature request | 7.x-1.x-dev | Code | 3 | 4 years 7 months | 11 years 8 months | |
| Indicate affected (major) versions on security advisories lists | Active | Normal | Feature request | 7.x-1.x-dev | Code | 5 | 6 years 4 months | 6 years 5 months | |
| Email maintainers when issue status is set to no maintainer response | Active | Normal | Bug report | 7.x-1.x-dev | Code | 2 | 6 years 6 months | 8 years 4 months | |
| Allow the risk calculator to pre-fill values from the URL for linking | Needs review | Normal | Feature request | 7.x-1.x-dev | Code | 3 | 8 years 3 months | 8 years 3 months | |
| Rename and modify status options on SDO | Active | Normal | Bug report | 7.x-1.x-dev | Code | 19 | 8 years 6 months | 9 years 1 month |
Pages
Subscribe with RSS 