Viewers
 » 
Gallery
 » 
gallery-devel

Prioritization of security and localization tickets

View: New views
1 Messages — Rating Filter:   Alert me  

Prioritization of security and localization tickets

by Andy Staudacher-3 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Bharat asked me to prioritize the security and l10n tickets. Here's what it boils down to.
Only showing critical tickets, i.e. issues that should be fixed before shipping Gallery 3.0 IMO. Subject to discussion.

Sorry for the HTML. It's copy and paste from trac. If you can't view it, here's a list of ticket ids: 385, 583, 584, 585, 586, 587, 589, 329, 165, 482, 522.

For UI issues, I'd be glad if they could be owned by somebody else. Specifically ticket 329 (jhilden) and the BiDi / CSS ticket 482 (no owner yet).
Ticket Summary Component Version Milestone Type Priority Created
#385 Security review of json_encode et al. None 3.0 Beta 1 3.0 Beta 3 defect critical 06/10/09
#583 (Review) Gallery Authorization Not Adequately Enforced None 3.0 Beta 2 3.0 Beta 3 defect critical 07/21/09
#584 (Review) XSS Vulnerability: Insufficient Input Sanitization None 3.0 Beta 2 3.0 Beta 3 defect critical 07/21/09
#585 Password / email change doesn't require current password None 3.0 Beta 2 3.0 Beta 3 defect critical 07/21/09
#586 Arbitrary URL Redirection / Phishing Vulnerability None 3.0 Beta 2 3.0 Beta 3 defect critical 07/22/09
#587 var/uploads open for unauthorized access None 3.0 Beta 2 3.0 Beta 3 defect critical 07/22/09
#589 Prone to brute force login attacks None 3.0 Beta 2 3.0 Beta 3 defect critical 07/22/09
#329 Admin > Languages page looks like poo jhilden defect critical GIT HEAD bharat

 - Andy

------------------------------------------------------------------------------

__[ g a l l e r y - d e v e l ]_________________________

[ list info/archive --> http://gallery.sf.net/lists.php ]
[ gallery info/FAQ/download --> http://gallery.sf.net ]
Free embeddable forum powered by Nabble Forum Help