Menu
▾
▴
[mantisbt-dev] Tracking of security issues having CVEs
|
From: Damien R. <dr...@ma...> - 2015-01-23 16:14:05
|
Hello again, I'd like your input in terms of handling / tracking of important, publicly announced security issues (i.e having a CVE) that affect multiple versions. In the past, we only had a single issue in our tracker, with target/fixed in version set to the oldest version (i.e. 1.2.x), and it was implied that the fix was also implemented in later releases. This was not a problem before an "official" release for 1.3 was published, but now that we have the beta out, I'm wondering if we should not create "dummy" issues as clones/duplicates of the "main" ones for 1.2, but with target/fixed version set to 1.3.x. This way the CVE IDs would appear on the change log / roadmap. Thoughts ? |
