Add related security bulletin when an extension version is marked as insecure
What do you suggest?
When an extension version is marked as insecure, the background of the extension version appear red in the TER website, the download link is removed and the extension version does not appear anymore when searching in TYPO3 TER BE Module.
I think it could be relevant ta add a link to the particular Security Bulletin which led to flag that extension version as insecure (to get more information)
Maybe by replacing
Before | After |
---|---|
ATTENTION: Use at your own risk ! | ATTENTION : This extension version has been flagged as insecure by the TYPO3 Security Team, please checkout TYPO3-PSA-2017-001 security bulletin for more information. |
Why?
It is always interesting to know why an extension version has been marked as insecure in my opinon.
Add an use case
For example, extension realurl_clearcache2 versions has been marked as insecure because of TYPO3-PSA-2017-001 security bulletin. A link to the security bulletin should be mentionned.
PS : when all versions available are flagged as insecure, Installation section shouldn't be hidden (as it allow to download last version) ?
PS2 : for this particular extension (realurl_clearcache2), why the proposed version in Installation section is 1.0.1 and not 2.0.0 ? Shouldn't be the last version proposed ?