TWiki Security Alert Process
I discovered a security issue. Now What?
How can I get notified of security issues?
- Please subscribe to the TWikiAnnounceMailingList to get updates on new TWiki releases and TWiki vulnerabilities in a timely manner.
Security Alert Process
As a free service, the TWiki team is trying its best to provide a hotfix and to send TWikiSecurityAlerts
to TWiki site administrators in a timely manner.
- Someone sends an e-mail to the SecurityTeam via the TWikiSecurityMailingList at mailto:twiki-security@listsPLEASENOSPAM.sourceforge.net
- The SecurityTeam triages the seriousness of the issue:
- Severity 1 issue: The web server can be compromised
- Example: Software can be installed and executed remotely
- Severity 2 issue: The TWiki installation is compromised
- Example: The access control of the admin group can be cirumvented
- Severity 3 issue: TWiki content or browser is compromised
- Action for Severity 1 and 2 issues:
- Action for Priority 3 issue:
-- Contributors: PeterThoeny
Old discussions up to 2006 removed. They are accessible in rev 50
of this topic.