How best to track moodle 1.9 security vulnerabilities

How best to track moodle 1.9 security vulnerabilities

- Nate Baxley の投稿
返信数: 7

With Moodle 1.9 security patches currently on the docket to stop in June and my instutition likely to still be running M1.9 for a little while, I want to keep better on top of the security issues that are found.  Does anyone have suggestions about how best to do that?

Thanks,
Nate Baxley

評点平均:Useful (2)
Nate Baxley への返信

Re: How best to track moodle 1.9 security vulnerabilities

- Emma Irwin の投稿

Hi Nate,

I don't have a response, but I am interested in this tread (subscribing) 笑顔 and then I'm actually going to ask one myself:  WHhere is the information on 1.9 support your question is based on, AND what version of 1.9 are you running?  Thanks

Nate Baxley への返信

Re: How best to track moodle 1.9 security vulnerabilities

- Dan Marsden の投稿
画像 Core developers 画像 Particularly helpful Moodlers 画像 Peer reviewers 画像 Plugin developers 画像 Plugins guardians 画像 Testers 画像 Translators

Emma - see here: http://docs.moodle.org/dev/Releases#Moodle_1.9

Nate - unfortunately I don't think this will be something that can be easily "tracked" by the "general public"

Security issues are usually reported in the Moodle Tracker and if they are flagged as "serious" then only the Security team can view them and because 1.9 is no longer supported these bugs may be closed as "won't fix" but probably won't be made completely public as that could potentially cause more issues for users still running 1.9. If this is really important to you I'd suggest you engage your local Moodle Partner to help track this.

Dan Marsden への返信

Re: How best to track moodle 1.9 security vulnerabilities

- Nate Baxley の投稿

Thanks Dan.  We're hosting our own Moodle, and it's fairly large, around 20 thousand users, and we don't really have a relationship with a Moodle Partner.  What's involved in getting on the security team.  It's going to be in our interest to make sure these things are fixed, and if it's an issue that effects us, I'd be happy to work on patches.  Any idea who I should contact?

Nate Baxley への返信

Re: How best to track moodle 1.9 security vulnerabilities

- Martin Dougiamas の投稿
画像 Core developers 画像 Documentation writers 画像 Moodle HQ 画像 Particularly helpful Moodlers 画像 Plugin developers 画像 Testers

Nate, if you can commit to tracking the security bugs on 2.x and backporting them to 1.9 as necessary (which means keeping up with all the security issues being integrated for 2.x, producing clean, trustworthy, safe patches for 1.9.x as branches in a github repository and then creating new issues in the tracker and submitting them for integration), then we will continue integrating them.   Contact me direct and I'll get you set up!

Martin Dougiamas への返信

Re: How best to track moodle 1.9 security vulnerabilities

- Nate Baxley の投稿

Thanks Martin.  I will bring it up at our team meeting on Monday.  Sounds like we may get some help from Dan as well.

Martin Dougiamas への返信

Re: How best to track moodle 1.9 security vulnerabilities

- Nate Baxley の投稿

Martin (et all),

We discussed this at our meeting this morning and while we can't commit to taking on the role you described, we can put programming time toward fixing the issues as they come up, as long as we're still working with 1.9.  I'll talk to Dan to see if I can work with him to share the programming load.  Thanks for being open to this.  Wish we could do more.