Page MenuHomePhabricator
Create Task
Maniphest T406313

Create a security issue reporting template
Open, Needs TriagePublic
Actions

Description

It would be really really useful if we had a bit of a template on the security issue report form that includes a field of "introduced" or similar.

I'm not expecting the author of the report to necessarily work it out, but if someone responding does, that makes life easier.

Event Timeline

Reedy created this task.Oct 3 2025, 10:40 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 3 2025, 10:40 AM
Dreamy_Jazz awarded a token.Oct 3 2025, 10:41 AM
SomeRandomDeveloper awarded a token.Oct 3 2025, 10:43 AM
SomeRandomDeveloper subscribed.
A_smart_kitten added a project: Phabricator.Oct 3 2025, 11:13 AM
A_smart_kitten subscribed.
Aklapper moved this task from To Triage to Administration (UI) on the Phabricator board.Oct 3 2025, 11:25 AM

I assume this about changing the (currently empty) default value for the Description field in https://phabricator.wikimedia.org/transactions/editengine/maniphest.task/defaults/75/ , as that form is also linked by default from the Favorites/Bookmark dropdown in the top bar?

Note that there are also https://phabricator.wikimedia.org/transactions/editengine/maniphest.task/view/73/ and https://phabricator.wikimedia.org/transactions/editengine/maniphest.task/view/78/ (and https://phabricator.wikimedia.org/transactions/editengine/maniphest.task/view/74/ but that's only for editing, not for creating)

SomeRandomDeveloper added a comment.Oct 3 2025, 11:33 AM

I think it would be good if there was a template for the description similar to the bug report form. Most of my security reports usually follow this structure (unless there are multiple vulnerabilities in the same task):

  1. A short description
  2. Reproduction steps
  3. Cause
  4. Additional information (e.g. versions this was tested on)

Regarding the field suggested in this task, IMO it should be a separate field (similar to e.g. Risk Rating or Author Affiliation) rather than a part of the description.

sbassett moved this task from Incoming to Back Orders on the Security-Team board.Oct 3 2025, 9:31 PM
sbassett added a project: SecTeam-Processed.
Bugreporter2 awarded a token.Oct 6 2025, 12:51 PM
Aklapper added a comment.Oct 13 2025, 3:05 PM

@Reedy: What is exactly wanted, for which of the existing forms?

Aklapper added a comment.Dec 17 2025, 1:40 AM

@Reedy: ping

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits