-
Task
-
Resolution: Fixed
-
Critical
-
3.9.13, 3.11.6
-
MOODLE_311_STABLE, MOODLE_39_STABLE
-
MOODLE_311_STABLE, MOODLE_39_STABLE
-
- Visit <wwwroot>/security.txt
- CONFIRM the expires date is set to 2022-12-05T01:00:00.000Z
-
HQ Team International CIH2-222
In MDL-69877 a new security.txt file, following the information @ security.txt was introduced.
The security.txt file located in /security.txt must be updated regularly, shortly before it expires (defined by the Expires element within the file). Due to the delayed 4.0 major release, the minor release security.txt expiry was not due to expire at the same time the major release version required updating (completed on MDL-73580), so is being updated separately in this issue and will then be in sync with master and return to normal scheduled updates for the 4.1 release.
As a minimum, this update involves updating the Expires value, which needs to be set to [expected 4.1 major release date] + 3 WEEKS. If any of other details in the security.txt need to be amended, they should also be completed at the same time.
The updates should be made to master, as well as all other security supported Moodle versions that contain security.txt. This means all supported versions have an identical security.txt file (including the same expiry).
Detailed information (to be modified for each clone of this issue):
- Branches affected: 311, 310, 39
- Expiry (major release + 3 weeks): 14 November 2022 + 3 weeks = 5 December 2022
- Other changes: ... add any further changes required here
Exact formatted expiry date to use: 2022-12-05T01:00:00.000Z
How the date format was calculated (in line with the latest spec):
date --date='5 December 2022 01:00' -u +"%FT%H:%M:%S.000Z"