request #26734 Add basic support of security.txt file (RFC 9116)

Artifact

Infos

Artifact ID#26734

Submitted byThomas Gerbet (tgerbet)

Last Modified On2022-05-18 13:24

Submitted on2022-04-28 15:24

Rank28263

Details

Summary *

Add basic support of security.txt file (RFC 9116)

Original Submission

security.txt files exist for a while now. It is a standard for websites to make it easier for security researchers and companies to find a point of contact for security issues. RFC 9116 just got published so it is good time to consider it.

Since the only really needed thing is to expose a text file under /.well-known/security.txt there is already nothing preventing administrators to deploy one (in the same way they can use the ACME protocol with the HTTP challenge) but for basic use cases they might prefer that Tuleap manages this endpoint (less system configuration to manage).

This request proposes to add the possibility of defining a primary security contact and to publish /.well-known/security.txt when one is defined. More complex needs can be contributed later on or administrators can still fallback to deploy their own security.txt file.

CategoryOther

Reported in versionEmpty

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[x] internal improvement

CC listEmpty

Stage

Assigned toThomas Gerbet (tgerbet)

StatusClosed

Close date2022-05-18

Attachments

Connected artifacts

Artifact links

Releases

Fixed in

	Artifact ID	Project	Tracker	Summary	Status	Last Update Date	Submitted By	Assigned to
	rel #25713	Tuleap	Releases	13.9	Delivered	2022-05-25 14:19	Manuel Vacelet (vaceletm)

Reverse artifact links

Empty

AttachmentsEmpty

References

Cross references

Referencing request #26734

Git commit

tuleap/tuleap/stable

Merge commit 'refs/changes/07/25807/2' of ssh://gerrit.tuleap.net:29418/tuleap 5539428407

Manuel Vacelet (vaceletm) , 2022-05-03 18:57

request #26734: Add basic support of security.txt file (RFC 9116) 7739e418f6

Thomas Gerbet (tgerbet) , 2022-04-28 17:44

Add a comment in security.txt file to mention it is autogenerated ea41df20c3

Thomas Gerbet (tgerbet) , 2022-05-04 08:32

Show items referenced by request #26734

Referenced by request #26734

Artifact Tracker v5

rel #25713 13.9

Other

Follow-ups

Thomas Gerbet (tgerbet)

2022-05-18 13:24

The plugin is mentioned in the documentation: https://github.com/Enalean/tuleap-documentation-en/commit/05ea8956252f1a4d6275f220eb31f324c97050ad

Status changed from Under implementation to Closed
Close date set to 2022-05-18

Manuel Vacelet (vaceletm)

2022-05-05 15:34

gerrit #25832 (Add a comment in security.txt file to mention it is autogenerated) integrated in Tuleap 13.8.99.40

Thomas Gerbet (tgerbet)

2022-05-04 17:01

Yep it was on my todo list :)

Manuel Vacelet (vaceletm)

2022-05-04 16:53

BTW, you should add information about this plugin in documentation (at least in the list of plugins)

Manuel Vacelet (vaceletm)

2022-05-03 18:58

gerrit #25807 (Add basic support of security.txt file (RFC 9116)) integrated in Tuleap 13.8.99.27

Connected artifacts
- Added Fixed in: rel #25713