backlog icon indicating copy to clipboard operation
backlog copied to clipboard

Published 20 hours ago verified publisher icon magento

Security

Open misha-kotov opened this issue 6 years ago • 1 comments

The goal of this project is to contribute incremental security improvements to Magento so that the platform stays ahead of latest vulnerabilities and common exploits.

Scope includes:

  • Finalizing review of string output to ensure proper escaping everywhere
  • Implementation of CSP (Content Security Policy)
  • Implementation of comprehensive, granular ACL/permissions
  • PHP 7.3 compatibility
  • Upgrade of libraries and components to latest available versions
  • Removal of ZF1 code
  • Additional password security (check against haveibeenpwnd)
  • Testing Magento with encrypted mysql tables for PII protection

misha-kotov avatar May 30 '18 20:05 misha-kotov

~What does "PHP 5.3 compatibility" here refer to? Was this list copied from some very old doc?~

PHP 5.3 should be PHP 7.3 above.

scottsb avatar Sep 24 '18 19:09 scottsb