mahara-contributors team mailing list archive
-
mahara-contributors team
-
Mailing list archive
-
Message #32197
[Bug 1531987] [NEW] Review HTTP headers to improve security
*** This bug is a security vulnerability ***
Public security bug reported:
We need to review our HTTP headers to improve security and check which
ones we should include per default and which ones might need to be
configurable. The review will include but is not limited to:
- Strict-Transport-Security
- Content-Security-Policy
- X-Frame-Options
- X-XSS-Protection
- X-Content-Type-Options
- Server
- X-Powered-By
- X-Permitted-Cross-Domain-Policies
- Caching headers
** Affects: mahara
Importance: High
Status: Confirmed
** Affects: mahara/1.10
Importance: High
Status: Confirmed
** Affects: mahara/15.04
Importance: High
Status: Confirmed
** Affects: mahara/15.10
Importance: High
Status: Confirmed
** Tags: security
** Also affects: mahara/1.10
Importance: Undecided
Status: New
** Also affects: mahara/15.10
Importance: Undecided
Status: New
** Also affects: mahara/15.04
Importance: Undecided
Status: New
** Changed in: mahara/1.10
Status: New => Confirmed
** Changed in: mahara/15.04
Status: New => Confirmed
** Changed in: mahara/15.10
Status: New => Confirmed
** Changed in: mahara/1.10
Importance: Undecided => High
** Changed in: mahara/15.04
Importance: Undecided => High
** Changed in: mahara/15.10
Importance: Undecided => High
** Changed in: mahara/1.10
Milestone: None => 1.10.9
** Changed in: mahara/15.04
Milestone: None => 15.04.6
** Changed in: mahara/15.10
Milestone: None => 15.10.2
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1531987
Title:
Review HTTP headers to improve security
Status in Mahara:
Confirmed
Status in Mahara 1.10 series:
Confirmed
Status in Mahara 15.04 series:
Confirmed
Status in Mahara 15.10 series:
Confirmed
Bug description:
We need to review our HTTP headers to improve security and check which
ones we should include per default and which ones might need to be
configurable. The review will include but is not limited to:
- Strict-Transport-Security
- Content-Security-Policy
- X-Frame-Options
- X-XSS-Protection
- X-Content-Type-Options
- Server
- X-Powered-By
- X-Permitted-Cross-Domain-Policies
- Caching headers
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1531987/+subscriptions
Follow ups
-
[Bug 1531987] Re: Review HTTP headers to improve security
From: Kristina Hoeppner, 2016-04-29
-
[Bug 1531987] Re: Review HTTP headers to improve security
From: Son Nguyen, 2016-03-23
-
[Bug 1531987] Re: Review HTTP headers to improve security
From: Robert Lyon, 2016-03-23
-
[Bug 1531987] Re: Review HTTP headers to improve security
From: Aaron Wells, 2016-03-23
-
[Bug 1531987] Re: Review HTTP headers to improve security
From: Robert Lyon, 2016-03-21
-
[Bug 1531987] A change has been merged
From: Mahara Bot, 2016-03-21
-
[Bug 1531987] A change has been merged
From: Mahara Bot, 2016-03-21
-
[Bug 1531987] A change has been merged
From: Mahara Bot, 2016-03-21
-
[Bug 1531987] Re: Review HTTP headers to improve security
From: Robert Lyon, 2016-03-21
-
[Bug 1531987] A patch has been submitted for review
From: Mahara Bot, 2016-03-21
-
[Bug 1531987] A patch has been submitted for review
From: Mahara Bot, 2016-03-21
-
[Bug 1531987] A change has been merged
From: Mahara Bot, 2016-03-21
-
[Bug 1531987] Re: Review HTTP headers to improve security
From: Robert Lyon, 2016-03-21
-
[Bug 1531987] Re: Review HTTP headers to improve security
From: Aaron Wells, 2016-02-09
-
[Bug 1531987] Re: Review HTTP headers to improve security
From: Aaron Wells, 2016-02-04
-
[Bug 1531987] A patch has been submitted for review
From: Mahara Bot, 2016-02-04
-
[Bug 1531987] Re: Review HTTP headers to improve security
From: Aaron Wells, 2016-02-03
-
[Bug 1531987] Re: Review HTTP headers to improve security
From: Robert Lyon, 2016-01-14
-
[Bug 1531987] Re: Review HTTP headers to improve security
From: Kristina Hoeppner, 2016-01-08