- Log in or register to create an issue
- Advanced search
| Title | Status | Priority | Category | Version | Component | Replies |
Last updated |
Assigned to | Created |
|---|---|---|---|---|---|---|---|---|---|
| Request for CVE ID for Icon | Active | Normal | Support request | 7.x-1.x-dev | Documentation | 1 | 1 day 37 min | 1 day 37 min | |
| Expand the ability of module maintainers to mark a particular release as security. | Active | Major | Task | 7.x-1.x-dev | Code | 6 | 4 days 10 hours | 2 years 1 day | |
| Document the labels on security issues in Drupalcode | Needs review | Normal | Task | 7.x-1.x-dev | Code | 8 | 6 days 21 hours | 1 week 2 days | |
| CAPTCHA: Request for new CVE ID for failure provides login credential validation feedback | Active | Normal | Task | 7.x-1.x-dev | Code | 2 | 2 weeks 3 days | 2 weeks 5 days | |
| Unsuported Modules: Establish timeline for publishing of vulnerability info to allow for possible CVE creation | Active | Normal | Task | 7.x-1.x-dev | Documentation | 7 | 2 weeks 6 days | 1 year 6 months | |
| Switch to CVSS scoring | Active | Normal | Task | 7.x-1.x-dev | Code | 17 | 2 weeks 6 days | 2 years 2 months | |
| OpenID Connect: Request update to CVE-2026-3530 | Needs review | Normal | Task | 7.x-1.x-dev | Code | 3 | 1 month 1 day | 1 month 4 days | |
| OpenID Connect: Request update to CVE-2026-3531 | Needs review | Normal | Task | 7.x-1.x-dev | Code | 3 | 1 month 1 day | 1 month 4 days | |
| OpenID Connect: Request update to CVE-2026-3532 | Needs review | Normal | Task | 7.x-1.x-dev | Code | 3 | 1 month 1 day | 1 month 4 days | |
| CAPTCHA: Request update to CVE-2026-3214 | Needs review | Normal | Task | 7.x-1.x-dev | Code | 2 | 1 month 1 day | 1 month 1 day | |
| Change policy regarding timeline for resolution and disclosure of security vulnerabilities to be more strict | Active | Normal | Task | 7.x-1.x-dev | Security Working Group (policy questions) | 19 | 1 month 2 days | 4 years 1 month | |
| GitLab security issue template should ask for impacted version | Active | Normal | Bug report | 7.x-1.x-dev | User interface | 1 | 1 month 2 days | 1 month 2 days | |
| Define standard description for marking an existing permission as "restrict access" | Active | Normal | Task | 7.x-1.x-dev | Documentation | 7 | 1 month 4 days | 2 months 2 weeks | |
| Create CVEs for May 2026 | Needs work | Normal | Task | 7.x-1.x-dev | Code | 5 | 1 month 1 week | 1 month 1 week | |
| Plan for how to meet 72 hour publication obligation (CNAv4.1 section 4.5.1.4) | Active | Normal | Plan | 7.x-1.x-dev | Security Working Group (policy questions) | 3 | 1 month 1 week | 1 month 2 weeks | |
| CVE request for LDAP - CVE-2026-6908 | Needs work | Normal | Task | 7.x-1.x-dev | Code | 7 | 1 month 1 week | 2 months 2 weeks | |
| Documenting the Security/CVE process for D7ES providers | Active | Normal | Task | 7.x-1.x-dev | Documentation | 5 | 1 month 4 weeks | aangel | 10 months 2 weeks |
| [policy] Treat CAPTCHA bypasses as non-security bugs | Active | Normal | Plan | 7.x-1.x-dev | Code | 4 | 2 months 1 week | 2 months 2 weeks | |
| Review and adopt CWE assignments from NIST | Active | Normal | Task | 7.x-1.x-dev | Code | 1 | 4 months 2 weeks | 4 months 2 weeks | |
| Align DST vulnerability determination criteria to CVE standards | Active | Critical | Support request | 7.x-1.x-dev | Security Working Group (policy questions) | 11 | 10 months 1 week | 1 year 10 months | |
| Incorrect affected versions on advisories | Active | Normal | Bug report | 7.x-1.x-dev | Miscellaneous | 2 | 10 months 3 weeks | 10 months 3 weeks | |
| Create CVEs for 2016 (especially for highly critical issues) | Active | Normal | Task | 7.x-1.x-dev | Code | 1 | 11 months 5 days | 11 months 5 days | |
| More flexible language for git vetted status for co-maintainers of existing projects | Active | Normal | Plan | 7.x-1.x-dev | Code | 42 | 1 year 4 days | 3 years 4 months | |
| Allow filtering the All Issues view by version | Needs review | Normal | Feature request | 7.x-1.x-dev | User interface | 3 | 1 year 4 days | 1 year 4 days | |
| Get an Open Source Security Foundation badge for Drupal (core? contrib?) | Needs review | Normal | Task | 7.x-1.x-dev | Miscellaneous | 11 | 1 year 5 days | 4 years 4 months | |
| Clarify the Drupal Security Team Disclosure Policy | Active | Normal | Task | 7.x-1.x-dev | Code | 2 | 1 year 1 month | 1 year 1 month | |
| Policy: Post CVE number / link on private issue | Active | Normal | Feature request | 7.x-1.x-dev | Documentation | 3 | 1 year 1 month | 1 year 1 month | |
| Run a static application security test (SAST) as part of core CI | Active | Normal | Task | 7.x-1.x-dev | Code | 1 | 1 year 2 months | 1 year 2 months | |
| Create a survey for the community prior to Drupalcon | Needs work | Normal | Task | 7.x-1.x-dev | Code | 11 | 1 year 3 months | 1 year 3 months | |
| issues_by_followup_date view should default to Open status | Active | Normal | Bug report | 7.x-1.x-dev | Code | 3 | 1 year 4 months | 1 year 4 months | |
| Prohibit the ability to adopt a project | Active | Normal | Feature request | 7.x-1.x-dev | Code | 16 | 1 year 5 months | 2 years 3 weeks | |
| Require in-person identity confirmation to receive "Git vetted user" role. | Active | Normal | Feature request | 7.x-1.x-dev | Code | 8 | 1 year 5 months | 2 years 3 weeks | |
| [META|POLICY] Think of a way to make adding a (co-) maintainer more trustworthy | Active | Major | Task | 7.x-1.x-dev | Security Working Group (policy questions) | 11 | 1 year 5 months | 1 year 5 months | |
| "My security issues" block's "more" link is redirecting to the wrong url | Needs review | Normal | Bug report | 7.x-1.x-dev | Code | 8 | 1 year 6 months | 1 year 6 months | |
| Develop and publish policy regarding missed SA notices | Active | Normal | Task | 7.x-1.x-dev | Security Working Group (policy questions) | 6 | 1 year 6 months | 4 years 3 months | |
| Improve Security Risk Levels Defined docs page | Active | Normal | Task | 7.x-1.x-dev | Documentation | 2 | 1 year 6 months | 2 years 10 months | |
| Collect CVE related details as part of Security Issue | Active | Normal | Task | 7.x-1.x-dev | Code | 5 | 1 year 6 months | 1 year 8 months | |
| Automate publishing of CVE's | Active | Normal | Task | 7.x-1.x-dev | Code | 3 | 1 year 8 months | 1 year 8 months | |
| Update policy to explicitly state security issues will be handled privately | Active | Normal | Feature request | 7.x-1.x-dev | Security Working Group (policy questions) | 5 | 1 year 9 months | 3 years 10 months | |
| [META] Increase Security of Project Ownership Transfer Process | Active | Normal | Plan | 7.x-1.x-dev | Code | 7 | 2 years 2 weeks | 2 years 3 weeks | |
| Document the process for updating an "unsupported" SA due to new adoption | Active | Normal | Task | 7.x-1.x-dev | Documentation | 7 | 2 years 3 months | 2 years 10 months | |
| Change SA opt-in to differentiate between "not opted in (yet)" vs "opted out" | Active | Normal | Feature request | 7.x-1.x-dev | User interface | 2 | 2 years 7 months | 2 years 8 months | |
| Update security issue version field for semantic versioning & Drupal 9 | Active | Normal | Task | 7.x-1.x-dev | User interface | 2 | 2 years 8 months | 5 years 8 months | |
| Create new documentation guide & pages that clearly documents what issues are not considered security issues | Active | Normal | Task | 7.x-1.x-dev | Miscellaneous | 6 | 2 years 10 months | 4 years 4 months | |
| Discuss involving ecosystem maintainers in security support degradation process | Active | Normal | Plan | 7.x-1.x-dev | Code | 16 | 3 years 6 months | 4 years 5 months | |
| Create autofill text for status of needs review, unsupported, or closed-fixed | Active | Normal | Bug report | 7.x-1.x-dev | Code | 7 | 3 years 6 months | 6 years 10 months | |
| Clarification of "insecure" versus "unsupported" | Active | Normal | Task | 7.x-1.x-dev | Security Working Group (policy questions) | 2 | 3 years 8 months | 3 years 8 months | |
| Codify and enforce rules regarding marking releases unsupported | Active | Normal | Task | 7.x-1.x-dev | Security Working Group (policy questions) | 1 | 3 years 9 months | 3 years 9 months | |
| Update to unsupported module advisory process | Active | Normal | Task | 7.x-1.x-dev | Code | 7 | 4 years 1 month | 4 years 1 month | |
| Proposal: make it easier for folks to know they're at a point to become vetted | Active | Normal | Plan | 7.x-1.x-dev | Miscellaneous | 8 | 4 years 8 months | 4 years 8 months |
Pages
Subscribe with RSS 