Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.- Log in or register to create an issue
- Advanced search
| Title | Status | Priority | Category | Version | Component | Replies |
Last updated |
Assigned to | Created |
|---|---|---|---|---|---|---|---|---|---|
| GitLab security issue template should ask for impacted version | Active | Normal | Bug report | 7.x-1.x-dev | User interface | 1 | 3 hours 34 min | 3 hours 34 min | |
| Define standard description for marking an existing permission as "restrict access" | Active | Normal | Task | 7.x-1.x-dev | Documentation | 7 | 1 day 7 hours | 1 month 1 week | |
| OpenID Connect: Request update to CVE-2026-3532 | Active | Normal | Task | 7.x-1.x-dev | Code | 1 | 2 days 23 min | 2 days 23 min | |
| OpenID Connect: Request update to CVE-2026-3531 | Active | Normal | Task | 7.x-1.x-dev | Code | 1 | 2 days 29 min | 2 days 29 min | |
| OpenID Connect: Request update to CVE-2026-3530 | Active | Normal | Task | 7.x-1.x-dev | Code | 1 | 2 days 37 min | 2 days 37 min | |
| Publish a new CVE for TFA Basic Plugins - CVE-2026-6816 | Needs review | Normal | Support request | 7.x-1.x-dev | Code | 14 | 2 days 5 hours | 2 months 3 weeks | |
| Add link to CVE on advisories | Active | Normal | Feature request | 7.x-1.x-dev | Code | 1 | 4 days 2 hours | 4 days 2 hours | |
| Create CVEs for May 2026 | Needs work | Normal | Task | 7.x-1.x-dev | Code | 5 | 5 days 6 hours | 1 week 6 hours | |
| Plan for how to meet 72 hour publication obligation (CNAv4.1 section 4.5.1.4) | Active | Normal | Plan | 7.x-1.x-dev | Security Working Group (policy questions) | 3 | 6 days 16 min | 2 weeks 5 hours | |
| CVE request for LDAP - CVE-2026-6908 | Needs work | Normal | Task | 7.x-1.x-dev | Code | 7 | 6 days 2 hours | 1 month 1 week | |
| Publish Term Reference Tree CVE - CVE-2026-4093 | Fixed | Normal | Support request | 7.x-1.x-dev | Code | 7 | 6 days 2 hours | 3 months 55 min | |
| Publish for Simple Hierarchical Select (SHS) CVE-2026-4929 | Fixed | Normal | Support request | 7.x-1.x-dev | Miscellaneous | 5 | 6 days 2 hours | 3 months 2 hours | |
| Create CVEs for April and early May 2026 | Fixed | Normal | Task | 7.x-1.x-dev | Code | 7 | 1 week 1 day | 1 month 3 weeks | |
| Documenting the Security/CVE process for D7ES providers | Active | Normal | Task | 7.x-1.x-dev | Documentation | 5 | 3 weeks 4 days | aangel | 9 months 2 weeks |
| [policy] Treat CAPTCHA bypasses as non-security bugs | Active | Normal | Plan | 7.x-1.x-dev | Code | 4 | 1 month 6 days | 1 month 2 weeks | |
| Review and adopt CWE assignments from NIST | Active | Normal | Task | 7.x-1.x-dev | Code | 1 | 3 months 1 week | 3 months 1 week | |
| Switch to CVSS scoring | Active | Normal | Task | 7.x-1.x-dev | Code | 10 | 9 months 3 days | 2 years 1 month | |
| Align DST vulnerability determination criteria to CVE standards | Active | Critical | Support request | 7.x-1.x-dev | Security Working Group (policy questions) | 11 | 9 months 1 week | 1 year 8 months | |
| Incorrect affected versions on advisories | Active | Normal | Bug report | 7.x-1.x-dev | Miscellaneous | 2 | 9 months 3 weeks | 9 months 3 weeks | |
| Create CVEs for 2016 (especially for highly critical issues) | Active | Normal | Task | 7.x-1.x-dev | Code | 1 | 10 months 2 days | 10 months 2 days | |
| More flexible language for git vetted status for co-maintainers of existing projects | Active | Normal | Plan | 7.x-1.x-dev | Code | 42 | 11 months 6 days | 3 years 3 months | |
| Allow filtering the All Issues view by version | Needs review | Normal | Feature request | 7.x-1.x-dev | User interface | 3 | 11 months 6 days | 11 months 6 days | |
| Get an Open Source Security Foundation badge for Drupal (core? contrib?) | Needs review | Normal | Task | 7.x-1.x-dev | Miscellaneous | 11 | 11 months 1 week | 4 years 3 months | |
| Clarify the Drupal Security Team Disclosure Policy | Active | Normal | Task | 7.x-1.x-dev | Code | 2 | 1 year 4 days | 1 year 6 days | |
| Policy: Post CVE number / link on private issue | Active | Normal | Feature request | 7.x-1.x-dev | Documentation | 3 | 1 year 4 days | 1 year 5 days | |
| Unsuported Modules: Establish timeline for publishing of vulnerability info to allow for possible CVE creation | Active | Normal | Task | 7.x-1.x-dev | Documentation | 6 | 1 year 1 month | 1 year 5 months | |
| Run a static application security test (SAST) as part of core CI | Active | Normal | Task | 7.x-1.x-dev | Code | 1 | 1 year 1 month | 1 year 1 month | |
| Create a survey for the community prior to Drupalcon | Needs work | Normal | Task | 7.x-1.x-dev | Code | 11 | 1 year 2 months | 1 year 2 months | |
| issues_by_followup_date view should default to Open status | Active | Normal | Bug report | 7.x-1.x-dev | Code | 3 | 1 year 3 months | 1 year 3 months | |
| Prohibit the ability to adopt a project | Active | Normal | Feature request | 7.x-1.x-dev | Code | 16 | 1 year 4 months | 1 year 11 months | |
| Require in-person identity confirmation to receive "Git vetted user" role. | Active | Normal | Feature request | 7.x-1.x-dev | Code | 8 | 1 year 4 months | 1 year 11 months | |
| [META|POLICY] Think of a way to make adding a (co-) maintainer more trustworthy | Active | Major | Task | 7.x-1.x-dev | Security Working Group (policy questions) | 11 | 1 year 4 months | 1 year 4 months | |
| "My security issues" block's "more" link is redirecting to the wrong url | Needs review | Normal | Bug report | 7.x-1.x-dev | Code | 8 | 1 year 5 months | 1 year 5 months | |
| Develop and publish policy regarding missed SA notices | Active | Normal | Task | 7.x-1.x-dev | Security Working Group (policy questions) | 6 | 1 year 5 months | 4 years 2 months | |
| Improve Security Risk Levels Defined docs page | Active | Normal | Task | 7.x-1.x-dev | Documentation | 2 | 1 year 5 months | 2 years 9 months | |
| Collect CVE related details as part of Security Issue | Active | Normal | Task | 7.x-1.x-dev | Code | 5 | 1 year 5 months | 1 year 7 months | |
| Automate publishing of CVE's | Active | Normal | Task | 7.x-1.x-dev | Code | 3 | 1 year 7 months | 1 year 7 months | |
| Update policy to explicitly state security issues will be handled privately | Active | Normal | Feature request | 7.x-1.x-dev | Security Working Group (policy questions) | 5 | 1 year 8 months | 3 years 8 months | |
| Expand the ability of module maintainers to mark a particular release as security. | Active | Major | Task | 7.x-1.x-dev | Code | 5 | 1 year 10 months | 1 year 11 months | |
| [META] Increase Security of Project Ownership Transfer Process | Active | Normal | Plan | 7.x-1.x-dev | Code | 7 | 1 year 11 months | 1 year 11 months | |
| Document the process for updating an "unsupported" SA due to new adoption | Active | Normal | Task | 7.x-1.x-dev | Documentation | 7 | 2 years 2 months | 2 years 9 months | |
| Change SA opt-in to differentiate between "not opted in (yet)" vs "opted out" | Active | Normal | Feature request | 7.x-1.x-dev | User interface | 2 | 2 years 6 months | 2 years 7 months | |
| Update security issue version field for semantic versioning & Drupal 9 | Active | Normal | Task | 7.x-1.x-dev | User interface | 2 | 2 years 6 months | 5 years 7 months | |
| Create new documentation guide & pages that clearly documents what issues are not considered security issues | Active | Normal | Task | 7.x-1.x-dev | Miscellaneous | 6 | 2 years 9 months | 4 years 3 months | |
| Discuss involving ecosystem maintainers in security support degradation process | Active | Normal | Plan | 7.x-1.x-dev | Code | 16 | 3 years 5 months | 4 years 4 months | |
| Increase efficiency in ownership transfers related to modules with known vulnerabilities | Active | Normal | Feature request | 7.x-1.x-dev | Security Working Group (policy questions) | 3 | 3 years 5 months | 3 years 10 months | |
| Change policy regarding timeline for resolution and disclosure of security vulnerabilities to be more strict | Active | Normal | Task | 7.x-1.x-dev | Security Working Group (policy questions) | 18 | 3 years 5 months | 4 years 1 week | |
| Create autofill text for status of needs review, unsupported, or closed-fixed | Active | Normal | Bug report | 7.x-1.x-dev | Code | 7 | 3 years 5 months | 6 years 9 months | |
| Clarification of "insecure" versus "unsupported" | Active | Normal | Task | 7.x-1.x-dev | Security Working Group (policy questions) | 2 | 3 years 7 months | 3 years 7 months | |
| Codify and enforce rules regarding marking releases unsupported | Active | Normal | Task | 7.x-1.x-dev | Security Working Group (policy questions) | 1 | 3 years 8 months | 3 years 8 months |
Pages
Subscribe with RSS 