Re: [xwiki-users] Security Level in JIRA
Hi Vincent, On 02/10/2010 12:17 PM, Vincent Massol wrote: > Hi Alex, > > On Feb 10, 2010, at 12:09 PM, Alex Busenius wrote: > >> Hi Guillaume, >> >> On 02/10/2010 11:46 AM, Guillaume Lerouge wrote: >>> Hi Alex, >>> >>> On Wed, Feb 10, 2010 at 1:26 AM, Alex Busenius wrote: >>> Hello, How can I specify a security level mentioned in JIRA help (http://jira.xwiki.org/jira/secure/ShowConstantsHelp.jspa#IssueTypes) for a new issue? >>> >>> I think you need to create the issue, save it and then edit it again since >>> the first issue creation screen doesn't display the security level IIRC. >>> >> >> Thank you for the hint, but I still can't change the security level >> there. The only thing that comes close to it is the "Viewable By" field, >> but the dropdown box only allows me to choose between "All Users", >> "Users" or "jira-users". >> >> Is there any other established way to report security bugs for xwiki? >> I'd like to report several XSS/CSRF vulnerabilities and do not want >> everybody to see the details before they are fixed. > > Thanks for that. I've just given you the right on jira so all should be ok > now. Can you verify? > Thanks, it works now. Regards, Alex > Thanks > -Vincent > > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Security Level in JIRA
On 02/10/2010 12:17 PM, Vincent Massol wrote: > Hi Alex, > > On Feb 10, 2010, at 12:09 PM, Alex Busenius wrote: > >> Hi Guillaume, >> >> On 02/10/2010 11:46 AM, Guillaume Lerouge wrote: >>> Hi Alex, >>> >>> On Wed, Feb 10, 2010 at 1:26 AM, Alex Busenius wrote: >>> Hello, How can I specify a security level mentioned in JIRA help (http://jira.xwiki.org/jira/secure/ShowConstantsHelp.jspa#IssueTypes) for a new issue? >>> >>> I think you need to create the issue, save it and then edit it again since >>> the first issue creation screen doesn't display the security level IIRC. >>> >> >> Thank you for the hint, but I still can't change the security level >> there. The only thing that comes close to it is the "Viewable By" field, >> but the dropdown box only allows me to choose between "All Users", >> "Users" or "jira-users". >> >> Is there any other established way to report security bugs for xwiki? >> I'd like to report several XSS/CSRF vulnerabilities and do not want >> everybody to see the details before they are fixed. > > Thanks for that. I've just given you the right on jira so all should be ok > now. Can you verify? Vincent, you didn't do it right, you granted him the right to view confidential issues, not to change the security setting. I changed the permission so that the reporter can mark issues as confidential. -- Sergiu Dumitriu http://purl.org/net/sergiu/ ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Security Level in JIRA
On 02/10/2010 12:23 PM, Sergiu Dumitriu wrote: > On 02/10/2010 12:09 PM, Alex Busenius wrote: >> Hi Guillaume, >> >> On 02/10/2010 11:46 AM, Guillaume Lerouge wrote: >>> Hi Alex, >>> >>> On Wed, Feb 10, 2010 at 1:26 AM, Alex Busenius >>> wrote: >>> Hello, How can I specify a security level mentioned in JIRA help (http://jira.xwiki.org/jira/secure/ShowConstantsHelp.jspa#IssueTypes) for a new issue? >>> >>> I think you need to create the issue, save it and then edit it again >>> since >>> the first issue creation screen doesn't display the security level IIRC. >>> >> >> Thank you for the hint, but I still can't change the security level >> there. The only thing that comes close to it is the "Viewable By" field, >> but the dropdown box only allows me to choose between "All Users", >> "Users" or "jira-users". >> >> Is there any other established way to report security bugs for xwiki? >> I'd like to report several XSS/CSRF vulnerabilities and do not want >> everybody to see the details before they are fixed. > > I'll take a look at the Jira administrative settings to see if I can > make the Security field public. > Done, try now. -- Sergiu Dumitriu http://purl.org/net/sergiu/ ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Security Level in JIRA
On 02/10/2010 12:09 PM, Alex Busenius wrote: > Hi Guillaume, > > On 02/10/2010 11:46 AM, Guillaume Lerouge wrote: >> Hi Alex, >> >> On Wed, Feb 10, 2010 at 1:26 AM, Alex Busenius wrote: >> >>> Hello, >>> >>> How can I specify a security level mentioned in JIRA help >>> (http://jira.xwiki.org/jira/secure/ShowConstantsHelp.jspa#IssueTypes) >>> for a new issue? >>> >> >> I think you need to create the issue, save it and then edit it again since >> the first issue creation screen doesn't display the security level IIRC. >> > > Thank you for the hint, but I still can't change the security level > there. The only thing that comes close to it is the "Viewable By" field, > but the dropdown box only allows me to choose between "All Users", > "Users" or "jira-users". > > Is there any other established way to report security bugs for xwiki? > I'd like to report several XSS/CSRF vulnerabilities and do not want > everybody to see the details before they are fixed. I'll take a look at the Jira administrative settings to see if I can make the Security field public. -- Sergiu Dumitriu http://purl.org/net/sergiu/ ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Security Level in JIRA
Hi Alex, On Feb 10, 2010, at 12:09 PM, Alex Busenius wrote: > Hi Guillaume, > > On 02/10/2010 11:46 AM, Guillaume Lerouge wrote: >> Hi Alex, >> >> On Wed, Feb 10, 2010 at 1:26 AM, Alex Busenius wrote: >> >>> Hello, >>> >>> How can I specify a security level mentioned in JIRA help >>> (http://jira.xwiki.org/jira/secure/ShowConstantsHelp.jspa#IssueTypes) >>> for a new issue? >>> >> >> I think you need to create the issue, save it and then edit it again since >> the first issue creation screen doesn't display the security level IIRC. >> > > Thank you for the hint, but I still can't change the security level > there. The only thing that comes close to it is the "Viewable By" field, > but the dropdown box only allows me to choose between "All Users", > "Users" or "jira-users". > > Is there any other established way to report security bugs for xwiki? > I'd like to report several XSS/CSRF vulnerabilities and do not want > everybody to see the details before they are fixed. Thanks for that. I've just given you the right on jira so all should be ok now. Can you verify? Thanks -Vincent ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Security Level in JIRA
On 2/10/10 11:46 AM, Guillaume Lerouge wrote: > Hi Alex, > > On Wed, Feb 10, 2010 at 1:26 AM, Alex Busenius wrote: > >> Hello, >> >> How can I specify a security level mentioned in JIRA help >> (http://jira.xwiki.org/jira/secure/ShowConstantsHelp.jspa#IssueTypes) >> for a new issue? >> > > I think you need to create the issue, save it and then edit it again since > the first issue creation screen doesn't display the security level IIRC. That would not make much sense, since notifications emails are sent upon issue creation. From what I recall the field name is not "security" but "confidentiality". Jerome. > > Guillaume > > >> Regards, >> Alex Busenius >> ___ >> users mailing list >> users@xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users >> > > > ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Security Level in JIRA
Hi Guillaume, On 02/10/2010 11:46 AM, Guillaume Lerouge wrote: > Hi Alex, > > On Wed, Feb 10, 2010 at 1:26 AM, Alex Busenius wrote: > >> Hello, >> >> How can I specify a security level mentioned in JIRA help >> (http://jira.xwiki.org/jira/secure/ShowConstantsHelp.jspa#IssueTypes) >> for a new issue? >> > > I think you need to create the issue, save it and then edit it again since > the first issue creation screen doesn't display the security level IIRC. > Thank you for the hint, but I still can't change the security level there. The only thing that comes close to it is the "Viewable By" field, but the dropdown box only allows me to choose between "All Users", "Users" or "jira-users". Is there any other established way to report security bugs for xwiki? I'd like to report several XSS/CSRF vulnerabilities and do not want everybody to see the details before they are fixed. Regards, Alex > Guillaume > > >> Regards, >> Alex Busenius >> ___ >> users mailing list >> users@xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users >> > > > ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Security Level in JIRA
Hi Alex, On Wed, Feb 10, 2010 at 1:26 AM, Alex Busenius wrote: > Hello, > > How can I specify a security level mentioned in JIRA help > (http://jira.xwiki.org/jira/secure/ShowConstantsHelp.jspa#IssueTypes) > for a new issue? > I think you need to create the issue, save it and then edit it again since the first issue creation screen doesn't display the security level IIRC. Guillaume > Regards, > Alex Busenius > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Guillaume Lerouge Product Manager - XWiki SAS Skype: wikibc Twitter: glerouge http://guillaumelerouge.com/ ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] Security Level in JIRA
On Wed, Feb 10, 2010 at 01:26, Alex Busenius wrote: > Hello, > > How can I specify a security level mentioned in JIRA help > (http://jira.xwiki.org/jira/secure/ShowConstantsHelp.jspa#IssueTypes) > for a new issue? Maybe you can't specify the security level because you would not have the right to see it (not 100% sure about that but it make sense since i see it when I create an issue). > > Regards, > Alex Busenius > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
[xwiki-users] Security Level in JIRA
Hello, How can I specify a security level mentioned in JIRA help (http://jira.xwiki.org/jira/secure/ShowConstantsHelp.jspa#IssueTypes) for a new issue? Regards, Alex Busenius ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users