Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug Reporter: Add a link for reporting "Security Issues" to the information at the top #5567

Closed
thennothinghappened opened this issue Apr 18, 2024 · 4 comments
Closed

Bug Reporter: Add a link for reporting "Security Issues" to the information at the top #5567

thennothinghappened opened this issue Apr 18, 2024 · 4 comments
Assignees
@yyalansavage @YYBartT
Labels
documentation Improvements or additions to documentation are required by this issue feature request New feature (or a request for one)
Milestone
2024.6

Comments

@thennothinghappened
Copy link

thennothinghappened commented Apr 18, 2024
edited
Loading

Is your feature request related to a problem?

@iampremo suggested putting a feature request in for this after discussing it briefly.

As of 2024.400 the dropdown to privately report an issue in the IDE has been removed. I've only ever used this option once, but the usecase was to report a potential security issue I had found. The removal of this option is good for general bug reports - it makes sense that bugs and feature requests should be universally in the one public list - but for security issues it makes it a lot less obvious what the correct path should be for such issues.

I was pointed toward the Reporting Security Issues page, but the fact I hadn't known that existed until now means it should be more immediately accessible.

Describe the solution you'd like

With the option to privately submit a bug report gone, it might make sense to have a dedicated help menu item for reporting security issues. Alternatively, the existing reporter could have a "Security" dropdown option which would clarify that submitting in this category is done privately. Another option could be having a link on the reporter with text something like "Report a security issue" that links to the page earlier.

There's a bunch of different ways to approach it and the implementation is less of a concern in form, as long as the IDE provides a clear path to making this sort of report privately. Additionally, the private report option never provided any feedback - whatever form the solution will take should keep communication open so that the reporter can provide more details, or know that it is being addressed.

Hopefully such an option never has to be used! But having it there as clearly as possible means that such reports are openly encouraged, and should mean that security reports make their way through the intended processes to be addressed quickly and ensuring that they can be handled however necessary to the nature of the report.
@thennothinghappened thennothinghappened added the feature request New feature (or a request for one) label Apr 18, 2024
@jackerley jackerley moved this from Triage to Backlog in Team Workload Apr 19, 2024
@jackerley jackerley added this to the 2024.6 milestone Apr 19, 2024
@jackerley jackerley moved this from Backlog to Todo in Team Workload Apr 19, 2024
@yyalansavage yyalansavage moved this from Todo to In Progress in Team Workload May 28, 2024
@yyalansavage
Copy link

Added a link to security page in bug reporter

@github-project-automation github-project-automation bot moved this from In Progress to Done in Team Workload May 29, 2024
@YYDan YYDan self-assigned this May 30, 2024
@YYDan YYDan changed the title In-IDE method or information for securely reporting security issues Bug Reporter: Add a new category for "Security Issues", so users do not have to find this on our website May 30, 2024
@gurpreetsinghmatharoo gurpreetsinghmatharoo added the documentation Improvements or additions to documentation are required by this issue label Jun 3, 2024
@YYDan
Copy link
Collaborator

YYDan commented Jun 17, 2024

Verifying, as the link and text is there (and goes to the correct page) in IDE v2024.6.0.154 Runtime v2024.6.0.204:

image

@YYDan YYDan changed the title Bug Reporter: Add a new category for "Security Issues", so users do not have to find this on our website Bug Reporter: Add a link for reporting "Security Issues" to the information at the top Jun 17, 2024
@YYDan YYDan moved this from Done to Verified in Team Workload Jun 24, 2024
@YYDan YYDan moved this from Verified to Done in Team Workload Jun 24, 2024
YYBartT added a commit to YoYoGames/GameMaker-Manual that referenced this issue Jun 24, 2024
@YYBartT
docs(general): Add a link for reporting "Security Issues" to the info…
6fdbe15 
…rmation at the top

YoYoGames/GameMaker-Bugs#5567

* Updated description and screenshot
@YYBartT
Copy link

YYBartT commented Jun 24, 2024

Updated the screenshot and description on the manual page.

@YYBartT YYBartT moved this from Done to Ready for QA in Team Workload Jun 24, 2024
@YYBartT YYBartT mentioned this issue Jun 24, 2024
Merged
@YYDan
Copy link
Collaborator

YYDan commented Jun 26, 2024

Yup - confirmed the manual text now.

I will file a separate issue that much of the bug reporter docs are on the main "Help Menu" page rather than on the actual page for the IDE bug reporter (and could do with a little bit of updating around not sending bugs via contact-us), but that's not a problem for this verification.

@YYDan YYDan moved this from Ready for QA to Verified in Team Workload Jun 26, 2024
@YYDan YYDan removed their assignment Jul 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yyalansavage yyalansavage

@YYBartT YYBartT

Labels
documentation Improvements or additions to documentation are required by this issue feature request New feature (or a request for one)
Projects
Team Workload
Status: Verified
Milestone
2024.6
Development

No branches or pull requests
6 participants
@jackerley @yyalansavage @YYDan @gurpreetsinghmatharoo @thennothinghappened @YYBartT