[#850] - The Bot don't run for the CMS Issue #11353
- Closed
- 8 Aug 2016
- Medium
- Build: master
- # 850
Steps to reproduce the issue
see: joomla/joomla-cms#11353 & https://issues.joomla.org/tracker/joomla-cms/11353
Expected result
PR-staging & RTC label
Actual result
no label
Additional comments
It looks like that the bot don't run on that issue?
same issue applys to: joomla/joomla-cms#11359
mod_security looks to be blocking the webhooks still.
again mod_security on joomla/joomla-cms#11497 ?
Can we do something about the mod_security issue? joomla/joomla-cms#11056
It happens more than the above as I didn't bother to report it if I could make the change
We can't get mod_security completely turned off here. I don't have time to dig into every webhook that's failing but that last one the issue has SQL statements included in at least one comment's payload and joomla/joomla-cms#11359 could be deciphered as XSS by mod_security.
Ah ok. That explains it so if that fails the maintainer need to add them manually. Thanks.
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2016-08-08 19:24:07 |
| Closed_By | ⇒ | zero-24 |
It shouldn't need to be manually but remember there are webhook payloads that are going to trigger a mod_security rule with a default configuration. So if there's going to be a whitelist around it then it has to be a very explicit configuration.
Could we use the CLI script to sync those issues with "security problems"?
Should be doing that already since it'd be bypassing mod_security. It just doesn't give the instant gratification that the webhooks do, and I don't believe the CLI scripts are doing all the automated stuff that the webhooks do.
| Labels |
Added:
server issue
|
||
I noticed that there was no label (eg pr-staging) and thought that might be related so i have now added that label