Closed (fixed)
Project:
Drupal.org security advisory coverage applications
Component:
module
Priority:
Normal
Category:
Task
Assigned:
Reporter:
Created:
18 Oct 2024 at 05:44 UTC
Updated:
10 Apr 2025 at 10:50 UTC
Jump to comment: Most recent
Comments
Comment #2
vishal.kadamThank you for applying!
Please read Review process for security advisory coverage: What to expect for more details and Security advisory coverage application checklist to understand what reviewers look for. Tips for ensuring a smooth review gives some hints for a smoother review.
The important notes are the following.
phpcs --standard=Drupal,DrupalPracticeon the project, which alone fixes most of what reviewers would report.To the reviewers
Please read How to review security advisory coverage applications, Application workflow, What to cover in an application review, and Tools to use for reviews.
The important notes are the following.
For new reviewers, I would also suggest to first read In which way the issue queue for coverage applications is different from other project queues.
Comment #3
vishal.kadamComment #4
avpadernoComment #5
rushikesh raval commentedI am changing priority as per Issue priorities.
Comment #6
rushikesh raval commentedsrc/Form/TaxonomyTermConfirmationForm.php & TaxonomyTermReplaceForm.php
sanitize user inputted text
Comment #7
rushikesh raval commentedI am changing priority as per Issue priorities.
Comment #8
avpadernoGiven the used code is the following one, the user input is correctly sanitized, and at the right moment.
Comment #9
avpadernoThank you for your contribution and for your patience with the review process!
I am going to update your account so you can opt into security advisory coverage any project you create, including the projects you already created.
These are some recommended readings to help you with maintainership:
You can find more contributors chatting on Slack or IRC in #drupal-contribute. So, come hang out and stay involved!
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.
I thank the dedicated reviewers as well.
Comment #10
avpadernoComment #12
ighosh commented@avpaderno The security advisory issue has been resolved and moved to the fixed state. What should I do next to ensure the module's release status is updated and reflects the fix? Should I tag a new release, or do I need to do something else to ensure the green indicator shows under the release (Composer) of my module page? Thanks for the guidance!
Comment #13
vishal.kadamTo enable the green security coverage indicator, go to the module's project page and click "Edit." Find the "Security advisory coverage" section, check the box for "Opt into security advisory coverage," and save the changes. After doing this, the green security badge will be displayed on the project page.
Comment #14
avpaderno