Closed
Bug 735454
Opened 12 years ago
Closed 12 years ago
Perform Security Review For AirMozilla Theme Refresh
Categories
(mozilla.org :: Security Assurance: Review Request, task)
mozilla.org
Security Assurance: Review Request
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: bensternthal, Assigned: ygjb)
References
Details
(Whiteboard: [secr:yvan][target 2012-04-12])
I am not sure how much security review we need for this as we are only updating a theme. However I wanted to add this so you were aware and could advise. If you decide we do not need a review just close the bug. If we do need a review I will include whomever is assigned the bug to our weekly meeting ==A quick intro to what this app does== We are planning a UI refresh of https://air.mozilla.org/ website. The scope of this project is: - Use a one mozilla based theme with certain air mozilla branding elements - Add a simple widget that allows freeform html into the sidebar - Change main page to function more like a blog... latest posts on top, more than just one post. So we are just updating the theme and adding a standard widget. We are not using/adding any additional plugins. ==Where is the source code located?== TBD ==Is there a stage server running that we can also test against? If so, please indicate what machine the web server is running on.== We are requesting a stage server located here: http://airmozilla.allizom.org It is not setup yet ==Where would you like the bugs filed in bugzilla? Please specify the product, component and if anyone specific should be copied on the bugs.== Product: Websites Component: air.mozilla.com Blocks: 735436 ==Will this application be collecting any personally identifiable information from users (email address, physical address, phone number, etc)?== No ==Please describe if this app will be connecting to any internal or external services or if it is able to interact with the OS.== N/A ==Does this app support logins or multiple roles? If so, we'll need test accounts created for each available role.== It's wordpress, I do not think we have different roles for this site. ==What is the worst case scenario that could happen with this system, data or connected systems? (This is used to help understand the criticality of this server.)== We could not stream live events ==Does this website contain an administration page? If so, have the admin page blockers (listed here) all been addressed?== Yes but just standard wordpress ==This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?== If we do decide we need a security review it would be around the first week of april. Our drop dead date for this project is April 20th for Moz Camp BA. We want to have this site live well before then.
Updated•12 years ago
|
QA Contact: mcoates → jstevensen
Reporter | ||
Comment 1•12 years ago
|
||
I wanted to check on this, given that this is theme work with no new plugins do we need a sec review?
Updated•12 years ago
|
Assignee: security-assurance → yboily
Whiteboard: [pending secreview] → [secr:yvan]
Reporter | ||
Comment 2•12 years ago
|
||
Reminder on this one, can you confirm if we do/do-not need a sec review given that this is just a theme no plugins.
Reporter | ||
Comment 3•12 years ago
|
||
Yvan... talking to craig... since we are pushing new code (this is a sub-theme) we would like a sec review. We do think it will be a quick one. Do the dates of 4/10 - 4/11 work for you? I will also add you to our next meeting. Ping me or email me if you need more info/have comments.
Assignee | ||
Comment 4•12 years ago
|
||
Per our discussion, this will be completed by April 12th. Can you provide the repo for the source code?
Whiteboard: [secr:yvan] → [secr:yvan][target 2012-04-12]
Updated•12 years ago
|
Status: NEW → ASSIGNED
Reporter | ||
Comment 5•12 years ago
|
||
Yvan, below is the SVN location: http://svn.mozilla.org/projects/air.mozilla.com/trunk/wp-content/themes/ The theme is: OneMozilla-Air
Reporter | ||
Comment 6•12 years ago
|
||
Yvan: I wanted to ping you on this, we have the sec review scheduled for 4/10 - 4/12. The code at the svn repository is relatively stable. I do not see major changes at this stage, and it's very minor stuff. I think this will be very quick for you. Please contact me or craig if you have any questions or concerns.
Reporter | ||
Comment 7•12 years ago
|
||
Can you confirm if this was completed yesterday? We are slated to launch on monday and I want to be sure we are infrasec approved. Thanks, Ben
Assignee | ||
Comment 8•12 years ago
|
||
Yes, this was completed. Apologies for not updating it.
Reporter | ||
Updated•12 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Reporter | ||
Updated•12 years ago
|
Status: RESOLVED → VERIFIED
Updated•12 years ago
|
Keywords: sec-review-needed
You need to log in
before you can comment on or make changes to this bug.
Description
•