mendix/docs

security-advisories

Closed this issue · 1 comments

roadam9 commented

Please use the form below, leaving the prefilled data to help us. Thank you.

Page link: security-advisories

Document link: _index.md

My Issue/Suggestion

You might consider to add a filter for components / versions to make it more easy to check which vulnerabilities you are affected by.

Also on module release notes some versions are hidden (e.g. Encryption v10.0.0, 10.0.1), I guess because of the vulnerabilty, but this makes it hard to follow changes.

MarkvanMents commented

Hi there,
Thanks very much for your feedback. On your two suggestions:

  1. The developers say they are looking into how to filter CVEs to help customers find relevant ones. This is currently underway, but I cannot share a date when it will be available. Thanks for adding to the interest - it will help in the prioritization of this.
  2. Release Notes are created by the team which develops the module. I have mentioned the lack of information about 10.0.0 and 10.0.1 and the developers are drafting an improved release note which explains the missing versions. I can't guarantee that there won't be gaps in the future, but I hope this will trigger them to consider this eventuality.

Thanks again for making these suggestions - it is great to hear about potential improvements from people who are using the product and the documentation.
Yours
Mark van Ments