In Drupal 8 system.install near line 443 there is a reference to SA-CORE-2013-003, which is in regard to .htaccess protections in files directories. This document is versioned for D6 and D7 only and does not provide .htaccess information for D8.
An existing document should be identified or a new document should be created, perhaps in https://www.drupal.org/docs/8/install, then linked to instead.
Comments
Comment #2
cilefen CreditAttribution: cilefen commentedThe security improvements affiliated with SA-CORE-2013-003 were made part of Drupal 8 core years before its release. SA-CORE-2013-003 reflects the state of affairs at the time of the announcement so we shouldn't change it.
I suggest adding something in the install guide about it (if something doesn't already exist) because this .htaccess protection is business as usual now.
Comment #3
mlhess CreditAttribution: mlhess as a volunteer commentedWe could also add something to the top of the SA with a link to the docs page.
Comment #15
quietone CreditAttribution: quietone at PreviousNext commentedThis is a duplicate of #3086243: Status page should link to D8/9 information for public files, which is a later issue but has more discussion, a patch and a review by a committer.
Therefore, closing as a duplicate. If that is wrong, reopen the issue, by setting the status to 'Active', and add a comment.
Thanks!
Comment #16
quietone CreditAttribution: quietone at PreviousNext commentedTagging