The Bot don't run for the CMS Issue #11353 #850
Comments
|
I noticed that there was no label (eg pr-staging) and thought that might be related so i have now added that label |
|
same issue applys to: joomla/joomla-cms#11359 |
|
mod_security looks to be blocking the webhooks still. |
|
again mod_security on joomla/joomla-cms#11497 ? |
|
Can we do something about the mod_security issue? joomla/joomla-cms#11056 |
|
It happens more than the above as I didn't bother to report it if I could make the change |
|
We can't get mod_security completely turned off here. I don't have time to dig into every webhook that's failing but that last one the issue has SQL statements included in at least one comment's payload and joomla/joomla-cms#11359 could be deciphered as XSS by mod_security. |
|
Ah ok. That explains it so if that fails the maintainer need to add them manually. Thanks. |
|
It shouldn't need to be manually but remember there are webhook payloads that are going to trigger a mod_security rule with a default configuration. So if there's going to be a whitelist around it then it has to be a very explicit configuration. |
|
Could we use the CLI script to sync those issues with "security problems"? |
|
Should be doing that already since it'd be bypassing mod_security. It just doesn't give the instant gratification that the webhooks do, and I don't believe the CLI scripts are doing all the automated stuff that the webhooks do. |
|
Yeah the "event" stuff is still missing. There is a proposal in #692 ... |
Steps to reproduce the issue
see: joomla/joomla-cms#11353 & https://issues.joomla.org/tracker/joomla-cms/11353
Expected result
PR-staging&RTClabelActual result
no label
Additional comments
It looks like that the bot don't run on that issue?
The text was updated successfully, but these errors were encountered: