Closed cmaeng closed 1 year ago
Marked Simplesaml PHP alert as "risk is tolerable to this project" because it only applies to case-insensitive filesystems such as Windows Servers NTFS, which we are not using because we use EXT4 in case-sensitive mode (default) on Linux. https://github.com/department-of-veterans-affairs/va.gov-cms/network/alert/composer.lock/simplesamlphp%2Fsimplesamlphp/closed
1 down, 10 to go.
Refinement discussion:
This was completed in #13498
Description
A list of known security advisories and dependency alerts can be found in GitHub here: https://github.com/department-of-veterans-affairs/va.gov-cms/network/alerts
This is part of a larger plan to allow space in each sprint to review and resolve security issues. Epic https://github.com/department-of-veterans-affairs/va.gov-cms/issues/1750 will capture a checklist of things we'll want to review and at least one story will be added to each sprint to address.
We want to go through the existing list of security alerts and understand each one in regards to the following criteria:
Acceptance Criteria