-
Task
-
Resolution: Fixed
-
Minor
-
3.9.18, 3.11.11, 4.0.5, 4.1
-
MOODLE_311_STABLE, MOODLE_39_STABLE, MOODLE_400_STABLE, MOODLE_401_STABLE
-
MOODLE_311_STABLE, MOODLE_39_STABLE, MOODLE_400_STABLE
-
MDL-72836-master -
-
1
-
Team Hedgehog 4.1 sprint 0.4B, Team Hedgehog 4.1 sprint 0 rev
In MDL-69877 a new security.txt file, following the information @ security.txt was introduced.
The security.txt file located in /security.txt must be updated regularly, shortly before it expires (defined by the Expires element within the file). This task should be completed two weeks prior to the next major release (or at the earliest, after the major release -2 months minors are released).
As a minimum, this will involve updating the Expires value, which needs to be set to [expected major release date] + 3 WEEKS. If any of other details in the security.txt need to be amended, they should also be completed at the same time.
The updates should be made to master, as well as all other security supported Moodle versions that contain security.txt. This means all supported versions have an identical security.txt file (including the same expiry).
For this release, we also need to update the policy URL to the new moodledev.io docs version of the Security Procedures docs: https://moodledev.io/general/development/process/security
Detailed information (to be modified for each clone of this issue):
- Branches affected: master (41), 40, 311, 39
- Expiry (major release + 3 weeks): 8 May 2023 + 3 weeks = 29 May 2023
- Other changes: ... add any further changes required here
Exact formatted expiry date to use: 2023-05-29T01:00:00.000Z
How the date format was calculated (in line with the latest spec):
date --date='29 May 2023 01:00' -u +"%FT%H:%M:%S.000Z"
(This issue is part of the release process, 2 weeks before release, and will be cloned as part of it.)