| Project | Title | Status | Priority | Category | Version | Replies |
Last updated |
Assigned to | Created |
|---|---|---|---|---|---|---|---|---|---|
| Shield | Shield middleware invokes hooks before modules are loaded, corrupting module_implements cache | Needs work | Major | Bug report | 8.x-1.6 | 20 | 1 week 3 hours | 4 years 3 weeks | |
| Security Kit | Implement a "semi automatic" Nonce settings | Needs review | Normal | Feature request | 2.x-dev | 30 | 2 weeks 5 days | 4 years 7 months | |
| Shield | Implicitly marking parameter as nullable is deprecated | Reviewed & tested by the community | Major | Bug report | 8.x-1.x-dev | 9 | 3 weeks 2 days | 1 year 3 months | |
| Security Kit | Add form-action directive | Reviewed & tested by the community | Normal | Feature request | 2.x-dev | 23 | 1 month 3 days | 4 years 11 months | |
| Security Kit | Add Tugboat support | Needs review | Normal | Task | 2.x-dev | 3 | 1 month 2 weeks | 1 month 2 weeks | |
| Security Kit | [META] Roadmap to new release | Active | Normal | Feature request | 2.x-dev | 1 | 1 month 2 weeks | 1 month 2 weeks | |
| Security Kit | fix gaps in automated test coverage | Needs review | Normal | Task | 2.0.3 | 3 | 1 month 3 weeks | 1 month 3 weeks | |
| Security Kit | Add missing config schema definitions for X-XSS-Protection options in Seckit | Reviewed & tested by the community | Normal | Bug report | 2.0.3 | 3 | 1 month 3 weeks | 5 months 4 days | |
| Shield | Title: Infinite loading (hang) after submitting credentials on Apache/FastCGI | Active | Normal | Bug report | 8.x-1.8 | 2 | 1 month 4 weeks | 3 months 3 weeks | |
| Security Kit | Support for configuring script-src-elem | Active | Normal | Feature request | 2.x-dev | 6 | 2 months 5 hours | 1 year 2 months | |
| Security Kit | Add worker-src | Needs review | Normal | Feature request | 2.0.3 | 7 | 2 months 3 days | 2 years 1 month | |
| Security Kit | ALLOW-FROM directive in x-frame-options is obsolete | Active | Normal | Bug report | 2.0.0 | 5 | 2 months 1 week | 3 years 6 months | |
| Security Kit | Add Permissions Policy to configurable options | Needs review | Normal | Feature request | 2.x-dev | 38 | 3 months 2 days | 5 years 5 months | |
| Security Kit | Add support for the Cross-Origin-Opener-Policy (COOP) header | Reviewed & tested by the community | Normal | Feature request | 2.x-dev | 6 | 3 months 2 days | 10 months 1 week | |
| Security Kit | Remove the term whitelist* from the module | Needs review | Normal | Task | 2.0.3 | 13 | 3 months 1 week | 9 months 1 week | |
| Security Kit | Add trusted-type and require-trusted-type-for directives to the CSP | Needs review | Normal | Feature request | 2.x-dev | 3 | 3 months 2 weeks | 3 months 2 weeks | |
| Security Kit | Support flood control for CSP violation reports | Needs work | Major | Task | 8.x-1.x-dev | 66 | 3 months 3 weeks | kmoll | 10 years 1 month |
| Security Kit | Enabling "Enable JavaScript + CSS + Noscript protection" causes invalid HTML | Needs work | Normal | Bug report | 2.x-dev | 24 | 3 months 4 weeks | 6 years 10 months | |
| Security Kit | noscript in head tag causing HTML Validation issues | Active | Major | Bug report | 2.0.0 | 2 | 4 months 7 hours | 3 years 12 months | |
| Security Kit | report-uri is deprecated | Needs work | Normal | Bug report | 2.x-dev | 14 | 4 months 1 week | 3 years 3 weeks | |
| Security Kit | Add manifest-src | Needs work | Normal | Feature request | 2.0.0 | 4 | 4 months 2 weeks | 5 years 1 month | |
| Security Kit | The base-uri policy is missing | Needs review | Normal | Bug report | 2.x-dev | 42 | 4 months 2 weeks | 6 years 5 months | |
| Shield | Return private cache headers when IP allowlist is triggered | Reviewed & tested by the community | Normal | Feature request | 8.x-1.x-dev | 4 | 5 months 3 weeks | richard.thomas | 1 year 20 hours |
| Security Kit | text about drupal 6 | Active | Minor | Bug report | 2.0.3 | 1 | 6 months 5 hours | 6 months 5 hours | |
| Security Kit | Update CSP directives | Needs review | Normal | Feature request | 2.x-dev | 10 | 6 months 3 weeks | 8 years 7 months | |
| Module Blacklist | TypeError: ModuleInstaller::__construct(): Argument #4 ($connection) must be of type Drupal\Core\Database\Connection | Needs review | Major | Bug report | 8.x-1.x-dev | 4 | 6 months 4 weeks | 6 months 4 weeks | |
| Module Blacklist | The service module_blacklist.module_installer has a dependency on a non-existent service app.root. | Reviewed & tested by the community | Major | Bug report | 8.x-1.0-alpha4 | 5 | 6 months 4 weeks | 2 years 11 months | |
| Security Kit | JavaScript + CSS + Noscript protection can cause Javascript errors | Active | Normal | Bug report | 2.x-dev | 2 | 7 months 1 week | 7 months 1 week | |
| Security Kit | CSP: Directive script-src-elem violated with googletagmanager | Reviewed & tested by the community | Normal | Support request | 2.x-dev | 22 | 7 months 1 week | 5 years 1 month | |
| Shield | Incompatibility between Shield and Workspaces? | Active | Normal | Bug report | 8.x-1.x-dev | 1 | 7 months 2 weeks | 7 months 2 weeks | |
| Shield | Undefined constant "Drupal\node\Entity\DRUPAL_OPTIONAL" | Needs review | Major | Bug report | 8.x-1.x-dev | 29 | 8 months 1 week | 3 years 9 months | |
| Security Kit | cspell issues reported in pipeline | Active | Normal | Task | 2.x-dev | 4 | 9 months 1 week | 10 months 3 days | |
| Shield | Drupal calls should be avoided in classes, use dependency injection instead | Needs review | Normal | Task | 8.x-1.x-dev | 2 | 10 months 2 weeks | 10 months 2 weeks | |
| Shield | Drupal 11 WHITE SCREEN OF DEATH -- On View TypeError: Drupal\Core\Entity\EntityTypeManager | Active | Normal | Bug report | 8.x-1.8 | 10 | 10 months 4 weeks | 1 year 4 months | |
| Security Kit | Implement the script-src-attr policy | Needs review | Normal | Feature request | 2.x-dev | 7 | 11 months 1 week | 4 years 1 month | |
| Shield | Allow to pass shield credentials in request header | Active | Normal | Feature request | 2.x-dev | 7 | 11 months 3 weeks | 4 years 2 months | |
| Shield | Roadmap to shield 2.0 | Active | Normal | Plan | 2.x-dev | 5 | 11 months 3 weeks | 4 years 5 months | |
| Shield | Stop calling HTTP basic auth apache authentication | Active | Minor | Task | 8.x-1.x-dev | 12 | 11 months 3 weeks | 9 years 4 months | |
| Security Kit | Breaks sitemap.xml when JS +CSS + Noscript protection is enabled | Needs review | Normal | Bug report | 2.0.0 | 10 | 11 months 3 weeks | 4 years 11 months | |
| Security Kit | User interface improvements | Active | Minor | Feature request | 2.0.3 | 4 | 12 months 11 hours | 1 year 1 week | |
| Shield | Enable/disable protection by server name | Active | Normal | Feature request | 8.x-1.x-dev | 12 | 1 year 13 hours | 7 years 9 months | |
| Security Kit | Extend length of src fields | Needs review | Major | Feature request | 2.0.0 | 9 | 1 year 6 days | 5 years 1 month | |
| Shield | Credentials fields are missing/hidden | Needs review | Normal | Bug report | 8.x-1.x-dev | 15 | 1 year 1 week | 2 years 5 months | |
| Shield | Remove drupal 9 from .info because end of life | Needs review | Normal | Task | 8.x-1.x-dev | 7 | 1 year 2 weeks | 2 years 6 months | |
| Shield | Add feature to set username and password for multiple users | Reviewed & tested by the community | Normal | Feature request | 8.x-1.x-dev | 4 | 1 year 1 month | 8 years 5 months | |
| Security Kit | default-src has wrong description | Needs review | Major | Bug report | 2.x-dev | 17 | 1 year 2 months | 5 years 4 months | |
| Security Kit | Avoid using document.write('<!--'); | Needs review | Normal | Task | 2.x-dev | 41 | 1 year 2 months | 5 years 4 months | |
| Shield | Excluded paths setting does not seem to work | Needs review | Normal | Support request | 8.x-1.7 | 5 | 1 year 2 months | 3 years 8 months | |
| Security Kit | How to add all google tlds for CSP | Active | Normal | Support request | 2.0.0 | 10 | 1 year 2 months | 3 years 11 months | |
| Security Kit | Google URL's are blocked. | Active | Major | Support request | 2.0.1 | 5 | 1 year 2 months | 2 years 3 months |
Pages
Subscribe with RSS 