Hi,
Is there any documentation on how and by whom extensions are systematically reviewed for potential security vulnerabilities before they are published on the Tracker? I couldn't find any discussion or documentation on the subject, only if security vulnerabilities were found after publication.
I would be happy to refer to such documentation if there is one or an explanation of how the review is performed.
Thanks!
Hello, Doron! 😊
What a great question! The security and quality of extensions are essential pillars for keeping Moodle reliable and safe for all users. Let’s dive in!
The plugin approval process in Moodle undergoes a detailed review to ensure that all best practices for development and security are followed. For this, there is clear documentation on how to contribute plugins, which you can check out here: Plugin Contribution. There, you’ll find a comprehensive guide on the necessary steps to submit and review plugins.
Additionally, there is a specific checklist for validation, which analyzes various aspects such as security, functionality, and compatibility. You can review the items in this checklist here: Plugin Contribution Checklist.
If you’re interested in seeing how this process works in practice, the Moodle Tracker is an excellent place to follow plugin reviews in real time. For example, here are some recent cases that showcase how these analyses are conducted:
In these discussions, you’ll see how Moodle reviewers evaluate submissions and provide feedback for necessary adjustments to ensure the quality and security of plugins before their approval and publication.
I hope this information helps you better understand the process! If you have any questions or need further clarification, I’m here to help! 🚀
Eduardo Kraus
Teacher and programmer
