|
Update the default reset password link timeout to a longer value
|
|
10
|
219
|
March 25, 2024
|
|
Add friction in some UI for better security
|
|
5
|
85
|
February 14, 2024
|
|
Even remote code executions of type "Bug" instead of type "Security" on jira.xwiki.org
|
|
1
|
70
|
January 12, 2024
|
|
Security Policy Process Amendment
|
|
4
|
140
|
December 8, 2023
|
|
Access request to security group in Jira.xwiki.org
|
|
2
|
64
|
December 4, 2023
|
|
Jira tickets for security issues
|
|
4
|
379
|
October 10, 2023
|
|
Security warnings when using the latest XWiki version
|
|
9
|
355
|
September 26, 2023
|
|
Security Policy Amendment to analyze vulnerabilities in dependencies
|
|
2
|
161
|
July 20, 2023
|
|
Formalize CVSS "Privileges Required" level for XWiki advisories
|
|
6
|
310
|
May 16, 2023
|
|
CVSS computation best practice for XSS
|
|
4
|
317
|
May 16, 2023
|
|
Disclosing old fixed security issues
|
|
14
|
471
|
December 2, 2022
|
|
Security advisory template documented in Security policy
|
|
0
|
211
|
November 22, 2022
|
|
Security Policy Amendment: systematic vote for extending CVE embargo
|
|
5
|
213
|
November 4, 2022
|
|
Reminder about the importance of upgrading your XWiki instances
|
|
0
|
204
|
September 7, 2022
|
|
Add a .well-known/security.txt file in xwiki.org
|
|
6
|
343
|
April 28, 2022
|
|
OpenID Connect Authenticator 1.29.1 released with important security fix
|
|
1
|
316
|
January 27, 2022
|
|
Log4J CVE-2021-44228 "Log4Shell" Zero-Day Vulnerability
|
|
1
|
2593
|
December 13, 2021
|
|
LTS updates with security issues
|
|
4
|
381
|
July 30, 2021
|
|
Security issues disclosure for current cycle
|
|
2
|
284
|
June 30, 2021
|
|
SonarCloud Review
|
|
3
|
1013
|
May 28, 2021
|
|
Get rid of @Programming annnotation
|
|
5
|
275
|
January 25, 2021
|
|
[CRITICAL] Authenticated server side code execution without programming rights on User Dashboards
|
|
0
|
262
|
May 16, 2020
|
