Symfony
a SensioLabs product
DOWNLOAD NOW

Archives

Master Symfony2 fundamentals

Be trained by SensioLabs experts (2 to 6 day sessions -- French or English).
trainings.sensiolabs.com

Symfony hosting done right

ServerGrove, outstanding support at the right price for your Symfony hosting needs.
servergrove.com

Discover the SensioLabs Support

Access to the SensioLabs Competency Center for an exclusive and tailor-made support on Symfony
sensiolabs.com
Home » Blog » Security Issue Management Improvements
RSS comments
RSS posts
Twitter twitter

Blog

DOCUMENTATION

Fabien Potencier
Security Issue Management Improvements
by Fabien Potencier – December 18, 2012 – 4 comments

Some days ago, Kousuke Ebihara sent an email to the Symfony dev mailing-list about how we could improve the security release announcements. It also took the time to list all past security issues in Symfony.

Today, I'm pleased to announced that we have improved our management of security issues in several ways:

  • There is a new Security Advisories section on the blog that lists all blog posts about security releases;
  • We have improved our process by refining the way we handle and resolve security issues;
  • There is a new http://symfony.com/security shortcut URL that redirects to the documentation section that talks about security in Symfony;
  • The security page in the documentation now also lists all past security advisories (including the ones for symfony 1.x);
  • All emails sent from the mailing-list now have a link to the security page.

Add a Comment

Connect to post a comment

Comments RSS

  • Christof Damian
    #1 Christof Damian said on the 2012/12/18 at 22:12
    It might be good also to mention the CVE number where available. These are for used for example in Linux distributions to track security issues.

    There are some already available for symfony: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=symfony

    It could be even an idea to request numbers for new security issues which haven't a assigned one yet, but I have no idea how complicated that is.
  • Lukas Kahwe Smith
    #2 Lukas Kahwe Smith said on the 2012/12/18 at 23:55
    The next important step here is to better formalize the security team, especially integrate members of our big users like Drupal and ezPublish.
  • Fabien Potencier
    #3 Fabien Potencier said on the 2012/12/19 at 08:24
    I've just added references to CVE numbers where available:

    https://github.com/symfony/symfony-docs/pull/2047
  • Fabien Potencier
    #4 Fabien Potencier said on the 2012/12/19 at 08:33
    I've just sent an email to learn more about the process of CVE identifiers management as I would like to get one for each new security issue in the future.

NEWS FROM THE BLOG

Visit Symfony's blog

IN THE NEWS

Announcing the next Symfony Live Conference 2013 in Portland

UPCOMING TRAINING SESSIONS

View all sessions

sf - Symfony is a trademark of Fabien Potencier. All rights reserved.

What is Symfony?

Get Started

Learn Symfony

Marketplace

Community

Services

Blog

About