Vista combinada Visión Plana Vista de árbol
Discusiones [ Anterior | Siguiente ]
toggle
Kyriacos Neocleous
Addressing security vulnerabilities in CE
10 de abril de 2012 13:08
Respuesta

Kyriacos Neocleous

Ranking: New Member

Mensajes: 8

Fecha de incorporación: 26 de septiembre de 2011

Mensajes recientes

Hi, I'm using the community edition. Sometimes I get emails for the release of security vulnerability patches targeted for enterprise edition. Don't know how I got myself subscribed in that mailing list, I think I made an inquiry for the price of EE. In any case, does anyone know how this works for the CE? Do we get the same patch with some delay, or don't get a patch until the next major release?

Best Regards
Kyriacos
Mika Koivisto
RE: Addressing security vulnerabilities in CE
10 de abril de 2012 13:26
Respuesta

Mika Koivisto

LIFERAY STAFF

Ranking: Liferay Legend

Mensajes: 1513

Fecha de incorporación: 7 de agosto de 2006

Mensajes recientes

Some critical patches are release to CE as patches for others it's included in the next CE release.
Kyriacos Neocleous
RE: Addressing security vulnerabilities in CE
10 de abril de 2012 13:35
Respuesta

Kyriacos Neocleous

Ranking: New Member

Mensajes: 8

Fecha de incorporación: 26 de septiembre de 2011

Mensajes recientes

Hi Mika, thanks for your quick response! Can you please give me a documentation/wiki URL that discusses what is considered critical and what not for releasing immediately to CE?
Mika Koivisto
RE: Addressing security vulnerabilities in CE
11 de abril de 2012 12:17
Respuesta

Mika Koivisto

LIFERAY STAFF

Ranking: Liferay Legend

Mensajes: 1513

Fecha de incorporación: 7 de agosto de 2006

Mensajes recientes

They are deemed so on case by case at Liferay's discretion.
Hitoshi Ozawa
RE: Addressing security vulnerabilities in CE
11 de abril de 2012 16:55
Respuesta

Hitoshi Ozawa

Ranking: Liferay Legend

Mensajes: 7949

Fecha de incorporación: 23 de marzo de 2010

Mensajes recientes

There's a simple guideline in Liferay's Jira wiki when creating an issue. Liferay may change the priority when processing an issue so this may not be 100% correct but may give you some guidelines.

http://www.liferay.com/community/wiki/-/wiki/Main/JIRA

Priority/Severity #
An issue has a severity level which indicates its importance. The currently defined severities are listed below.

•Critical - Crashes, loss of data, severe memory leak, security hole, no valid workaround.
•Major - Major loss of function.
•Minor - Minor loss of function, edge case not experienced by most users, or other problem where easy workaround is present.
•Trivial - Cosmetic problem like incorrect spelling or misaligned text.
Some examples:

•Causes data loss (e.g. account data) or data corruption on upgrade with no good workaround - Critical
•Causes Liferay to freeze after a particular operation with no good workaround - Critical
•Allows unauthenticated users to see protected content - Critical
•Crashes Liferay, workaround provided - Major
•Adding 10 document library portlets to a page causes javascript error - Minor
•Missing translation for phrase - Trivial