By Tobias Zulauf on 2020-10-25 14:29 in Security Strike Team


  • Saturday, 24th of October 2020, 10am (UTC +2) - 6pm UTC (UTC +2)
  • Sunday, 25th of October 2020, 10am (UTC +1) - 4pm (UTC +1)

Attendees: David Jardin, Benjamin Trenkle, Harald Leithner, Tobias Zulauf
Location: Google Meet

CNA / CVE Status
We discussed the current status of the CNA approval process as well as the process changes required after becoming an CNA. This includes the updates and feedback that was requested by the MITRE after our onboarding meeting at 20.10.2020.

JSST Standard Operating Procedures
The SOP document has been updated with various minor text and tool changes as well as responsibility changes. This also includes the documentation of our CNA process.

Discussion of security related Joomla 4 release blockers
We had a discussion about the following security related topics for Joomla 4:

  • SameSite Cookie Support (#25414) => PR updates required
  • Possible issue with an unset rule (#29233) => PR #31228
  • Outdated crypto lib in Joomla\CMS\Crypt (#29830) => PR #31231

- Redacted Topics - 

Sorry folks, confidentiality is part of the nature of our work ;)