Aller au contenu principal
Jahia Store
FR

security.txt

community
Télécharger 2.0.4

Informations

Identifiant du module
securitytxt
Identifiant de groupe
org.jahia.community
Statut
community
Catégorie
Security
Auteur
Florent BOURASSE
Site web du développeur
http://www.jahia.com
Nécessite Jahia
8.2.2.1
Mis à jour
2026-07-09
Source
scm:git:git@github.com:Jahia/securitytxt.git

The purpose of this module is to ease the generation of the file security.txt inside Jahia. For more information about security.txt, please refer to this URL: https://securitytxt.org/

Versions

Highlights

  • Accessibility: resolved WCAG 2.1 AA issues across the admin UI (color contrast, missing labels, navigation/keyboard, and other A11y findings).
  • Security: addressed multiple Dependabot alerts and a CVE in transitive dependencies.
  • Quality: SonarQube findings cleaned up; Cypress test suite reworked and stabilized.
  • Documentation: streamlined SECURITY.md, updated README.md, removed obsolete GPG/PGP instructions, added Claude/agent context files (AGENTS.mdCLAUDE.md).

Accessibility (WCAG 2.1 AA)

  • 0ccb116 — Initial pass on WCAG 2.1 AA accessibility issues in the admin UI.
  • 47ff861 — Resolved structured A11y findings: C-01 to C-03 (contrast), M-01 to M-07 (markup/labels), N-01 to N-03 and N-07 (navigation/keyboard).
  • f45cef5 — Test fix: set expiry date in the "saves text fields" test to comply with new required-field validation.
  • e26f14e — Test fix: in "clears a field" test, clear the optional canonical field rather than the now-required contact field.

Security & Dependencies

  • b260e94 — CVE fix: upgrade systeminformation from 5.31.5 to 5.31.6 via Yarn resolution override.
  • d886d06 — Dependabot alerts: upgraded @babel/plugin-transform-modules-systemjsfast-uriaxiosip-address.
  • 89877c0dccfee145fdca9 — Additional Dependabot remediation passes.
  • 6dc9ec4 — Added security checks.
  • fdc4a78 — Streamlined SECURITY.md policy.

Code Quality

  • 80a3c8c — SonarQube improvements.
  • cee83fa — Fixes for lint findings reported on Cypress tests.

Testing (Cypress)

  • 02c93da — Test structure aligned with user-password-authentication module conventions.
  • 84e36b4 — Working Cypress test suite.
  • 00a5d08d3b8db4 — Iterative updates to Cypress tests, aligned with Jahia/sandbox patterns.
  • d713a55 — Downgraded required graphql-dxm-provider version to match supported runtime.

Documentation & Project Hygiene

  • 192380a — Renamed CLAUDE.md to AGENTS.md; kept a CLAUDE.md reference.
  • a46cc46 — Added Claude basic context.
  • 2038975 — Updated provisioning instructions.
  • 23a466e — README.md update.
  • c46c348 — Removed GPG/PGP instructions from README.md.
  • f4a6239 — Removed useless module installation step.
  • d51e446 — Added curl installation.
  • c5b3e6190e55912ab671a — .gitignore hygiene (.envinstall-state.gz).

Compatibility

  • Built against Jahia parent 8.2.2.1.
  • Requires graphql-dxm-provider at the version pinned in pom.xml (see d713a55).

Upgrade Notes

  • The contact field is now a required input in the admin UI. Existing automation or scripts that submit the form must provide a contact value (and an expiry date) to pass validation.
  • No breaking API changes detected; module remains an OSGi bundle deployed via Jahia tools as before.

Full Changelog2_0_3...2_0_4

Nécessite Jahia 8.2.2.1Mis à jour 2026-05-19
Nécessite Jahia 8.2.3.0Mis à jour 2026-03-22