If you are receiving this email it means that you are on the Sakai security contacts list. The list is maintained by the Sakai Security Working Group (aka Security WG). Please contact the Security WG at email@example.com if you should be removed from this list. Only authorized individuals are permitted on this list. Our security policy is available publicly at .....
The Sakai security contacts list receive security alerts to allow time to patch their Sakai installation ahead of any public disclosure. Designated security contacts are also provided access rights to view, comment and address issues flagged as security items in Sakai's JIRA issue tracking application.
What to do if you are notified of a security issue through this list:
- Read the security notice carefully
- Check the relevant Jira's. The Jira ids will be provided. If you do not have access, contact the Security WG
- If you need additional clarification, post your question on the Jira in the Comments
- Apply the fixes as soon as possible
- Do ask questions on the Jira or to the Security WG. Do not post questions or information on any other web site, forum, email group, social network, or any other public communications forum. Please only notify the people at your institution and who help manage your Sakai system on a need-to-know basis
What to do if you find what you believe to be a security vulnerability in Sakai:
- Please notify the Security WG immediately. Describe the issue in detail. There is no such thing as too much information. Please include your telephone number in case we deem it necessary to contact you this way
- Please do not take any other action and refrain from voicing your concerns on any public listserv, blog or other communication channel
- We will get back with you as soon as possible with any further information or instructions
Filing a Jira:
- If you file a Jira issue, please make sure to flag it as a security issue by selecting "Security Issue" from the security level drop down as well as clicking the security issue filter flag.
Why is this important?
* The integrity and security of existing Sakai installations can be compromised by the premature public disclosure of security threats.
- The goal is to do our best as a community to protect each other, with the caveat that the community is only able to support two releases at a time.