By Tobias Zulauf on 2020-06-21 08:48 in Security Strike Team

Time: Tuesday, 16th of June 2020, 5pm UTC - 6pm UTC

Attendees: David Jardin, George Wilson, Tobias Zulauf


CMS Security Summit: The Update Framework (TUF)

Following the last report there has now been an coordinated date for the initial PHP-TUF meeting an invite has been sent to the involved people.


Default password policy for the CMS (internal RFC)

As documented in the public issue tracker (see joomla/joomla-cms#29476), we have either no default password policy at all or a really bad one.

We now have an internal RFC to be moved to the public issue tracker for an updated default password policy. More updates on that coming soon after an internal discussion and feedback phase.


SVG support statement (internal RFC)

The JSST has been requested for an statement on possible SVG support for the Joomla 4 media manager and an initial proposal for an statement has been shared with the team to be moved to the public tracker after an internal discussion and feedback phase. (Published here)


Looking for volunteers

As all teams in Joomla also, JSST is looking for new members to join us on security topics. Due to our responsibilities we would like to invite applications from experienced developers known to the community and or having a proven track record for security stuff. When you are interested in joining or need more information please contact David Jardin directly or use the “Get involved” contact form at the Volunteer Portal.


- Redacted Topics -