diff --git a/.github/workflows/code_samples.yaml b/.github/workflows/code_samples.yaml index b0f1e22e2d..6e16df9b83 100644 --- a/.github/workflows/code_samples.yaml +++ b/.github/workflows/code_samples.yaml @@ -49,39 +49,40 @@ jobs: - name: Ignore audit advisory for PHP 7.4 if: matrix.php == '7.4' run: | - composer config audit.ignore --json '{ + composer config policy.advisories.ignore-id --json '{ "GHSA-68jq-c3rv-pcrr": "As this is for code quality tests and not to run a production DXP, this can be ignored.", "GHSA-fc86-6rv6-2jpm": "As this is for code quality tests and not to run a production DXP, this can be ignored.", "GHSA-r7cg-qjjm-xhqq": "As this is for code quality tests and not to run a production DXP, this can be ignored.", - "PKSA-5k7f-wvjj-jrgw": "As this is for code quality tests and not to run a production DXP, this can be ignored.", - "PKSA-sjvz-tbbr-vwth": "As this is for code quality tests and not to run a production DXP, this can be ignored.", - "PKSA-h8hf-ytnd-5t9q": "As this is for code quality tests and not to run a production DXP, this can be ignored.", - "PKSA-wwb1-81rc-pd65": "As this is for code quality tests and not to run a production DXP, this can be ignored.", - "PKSA-hgmw-wn4d-hpcy": "As this is for code quality tests and not to run a production DXP, this can be ignored.", - "PKSA-kvv6-36cr-fkzb": "As this is for code quality tests and not to run a production DXP, this can be ignored.", - "PKSA-n14z-jjjg-g8vd": "As this is for code quality tests and not to run a production DXP, this can be ignored.", - "PKSA-3mcc-k66d-pydb": "As this is for code quality tests and not to run a production DXP, this can be ignored.", - "PKSA-gw7n-z4yx-7xjt": "As this is for code quality tests and not to run a production DXP, this can be ignored.", - "PKSA-dpx1-78wg-1kqs": "As this is for code quality tests and not to run a production DXP, this can be ignored.", + "PKSA-1tmc-rt7x-12w6": "As this is for code quality tests and not to run a production DXP, this can be ignored.", "PKSA-21g2-dzjv-sky5": "As this is for code quality tests and not to run a production DXP, this can be ignored.", - "PKSA-yhcn-xrg3-68b1": "As this is for code quality tests and not to run a production DXP, this can be ignored.", + "PKSA-2rbx-bjdx-4d4d": "As this is for code quality tests and not to run a production DXP, this can be ignored.", "PKSA-2wrf-1xmk-1pky": "As this is for code quality tests and not to run a production DXP, this can be ignored.", + "PKSA-3mcc-k66d-pydb": "As this is for code quality tests and not to run a production DXP, this can be ignored.", + "PKSA-5k7f-wvjj-jrgw": "As this is for code quality tests and not to run a production DXP, this can be ignored.", "PKSA-6319-ffpf-gx66": "As this is for code quality tests and not to run a production DXP, this can be ignored.", - "PKSA-n7sg-8f52-pqtf": "As this is for code quality tests and not to run a production DXP, this can be ignored.", "PKSA-8kk8-h2xr-h5nx": "As this is for code quality tests and not to run a production DXP, this can be ignored.", - "PKSA-2rbx-bjdx-4d4d": "As this is for code quality tests and not to run a production DXP, this can be ignored.", - "PKSA-fs5b-x5k4-1h39": "As this is for code quality tests and not to run a production DXP, this can be ignored.", + "PKSA-8zx5-v2nz-58pb": "As this is for code quality tests and not to run a production DXP, this can be ignored.", + "PKSA-dpx1-78wg-1kqs": "As this is for code quality tests and not to run a production DXP, this can be ignored.", "PKSA-fbvq-z33h-r2np": "As this is for code quality tests and not to run a production DXP, this can be ignored.", + "PKSA-fs5b-x5k4-1h39": "As this is for code quality tests and not to run a production DXP, this can be ignored.", "PKSA-g9zw-qxh8-pq8w": "As this is for code quality tests and not to run a production DXP, this can be ignored.", + "PKSA-gw7n-z4yx-7xjt": "As this is for code quality tests and not to run a production DXP, this can be ignored.", + "PKSA-h8hf-ytnd-5t9q": "As this is for code quality tests and not to run a production DXP, this can be ignored.", + "PKSA-hgmw-wn4d-hpcy": "As this is for code quality tests and not to run a production DXP, this can be ignored.", + "PKSA-kvv6-36cr-fkzb": "As this is for code quality tests and not to run a production DXP, this can be ignored.", + "PKSA-n14z-jjjg-g8vd": "As this is for code quality tests and not to run a production DXP, this can be ignored.", + "PKSA-n7sg-8f52-pqtf": "As this is for code quality tests and not to run a production DXP, this can be ignored.", + "PKSA-sjvz-tbbr-vwth": "As this is for code quality tests and not to run a production DXP, this can be ignored.", + "PKSA-wwb1-81rc-pd65": "As this is for code quality tests and not to run a production DXP, this can be ignored.", + "PKSA-xx6c-6d96-db2w": "As this is for code quality tests and not to run a production DXP, this can be ignored.", "PKSA-yd6k-t2gh-1m43": "As this is for code quality tests and not to run a production DXP, this can be ignored.", - "PKSA-1tmc-rt7x-12w6": "As this is for code quality tests and not to run a production DXP, this can be ignored.", - "PKSA-xx6c-6d96-db2w": "As this is for code quality tests and not to run a production DXP, this can be ignored." + "PKSA-yhcn-xrg3-68b1": "As this is for code quality tests and not to run a production DXP, this can be ignored." }' - name: Ignore audit advisory for PHP 8.2 if: matrix.php == '8.2' run: | - composer config audit.ignore --json '{ + composer config policy.advisories.ignore-id --json '{ "PKSA-fs5b-x5k4-1h39": "As this is for code quality tests and not to run a production DXP, this can be ignored." }' diff --git a/docs/getting_started/install_ibexa_dxp.md b/docs/getting_started/install_ibexa_dxp.md index 57e7c6c93a..6ba67b3b8a 100644 --- a/docs/getting_started/install_ibexa_dxp.md +++ b/docs/getting_started/install_ibexa_dxp.md @@ -13,7 +13,7 @@ month_change: true !!! note "Installing [[= product_name_oss =]]" - This installation guide shows in details how to install [[= product_name =]] for users who have a subscription agreement with [[= product_name_base =]]. + This installation guide shows in detail how to install [[= product_name =]] for users who have a subscription agreement with [[= product_name_base =]]. If you want to install [[= product_name_oss =]], you don't need authentication tokens or an account on updates.ibexa.co, but must adapt the steps shown here to the product edition and the `ibexa/oss-skeleton` repository. ## Prepare work environment @@ -29,7 +29,7 @@ Additional requirements: For production, you need to [configure an HTTP server](#configure-an-http-server), Apache or nginx (Apache is used as an example below). -Before getting started, make sure you review other [requirements](requirements.md) to see the systems that is supported and used for testing. +Before getting started, make sure you review other [requirements](requirements.md) to see the systems that are supported and used for testing. ### Get Composer @@ -68,12 +68,12 @@ Log in to your Service portal on [support.ibexa.co](https://support.ibexa.co/), 1. Select **Create token** (this requires the **Portal administrator** access level). 2. Fill in a label describing the use of the token. This allows you to revoke access later. -3. Save the password, **you aren't able to access it again**. +3. Save the password. **You won't be able to access it again**. !!! tip "Save the authentication token in `auth.json` to avoid re-typing it" Composer asks whether you want to save the token every time you perform an update. - If you prefer, you can decline and create an `auth.json` file globally in [`COMPOSER_HOME`](https://getcomposer.org/doc/03-cli.md#composer-home) directory for machine-wide use: + If you prefer, you can decline and create an `auth.json` file globally in the [`COMPOSER_HOME`](https://getcomposer.org/doc/03-cli.md#composer-home) directory for machine-wide use: ``` bash composer config --global http-basic.updates.ibexa.co @@ -164,7 +164,11 @@ To use Composer to instantly create a project in the current folder with all the If you added credentials to the `COMPOSER_AUTH` variable, at this point add this variable to `auth.json` (for example, by running `echo $COMPOSER_AUTH > auth.json`). -!!! tip +!!! caution "Security advisories" + + If you encounter security advisories that prevent the install, see [Package security advisories](security_advisories.md#package-security-advisories). + +!!! tip "Version constraint" You can set [different version constraints](https://getcomposer.org/doc/articles/versions.md), for example, specific tag (`[[= latest_tag_4_6 =]]`), version range (`~4.6.10`), or stability (`^4.6@rc`): @@ -193,7 +197,7 @@ git init; git add . > /dev/null; git commit -m "init" > /dev/null ### Change installation parameters -At this point configure your database via the `DATABASE_URL` in the `.env` file, depending of the database you're using: +At this point, configure your database via the `DATABASE_URL` in the `.env` file, depending on the database you're using: `DATABASE_URL=mysql://user:password@host:port/database_name`. @@ -217,7 +221,7 @@ It's used by Symfony when generating [CSRF tokens]([[= symfony_doc =]]/security/ The app secret is crucial to the security of your installation. Be careful about how you generate it, and how you store it. - Here's one way to generate a 64 characters long, secure random string as your secret, from command line: + Here's one way to generate a secure random string of 64 characters as your secret, from the command line: ``` bash php -r "print bin2hex(random_bytes(32));" @@ -227,13 +231,13 @@ It's used by Symfony when generating [CSRF tokens]([[= symfony_doc =]]/security/ If you have any suspicion that the secret may have been exposed, replace it with a new one. The same goes for other secrets, like database password, Varnish invalidate token, JWT passphrase, and more. - After changing the app secret, make sure that you clear the application cache and log out all the users. + After changing the app secret, make sure that you clear the application cache and log out all users. For more information, see [Symfony documentation]([[= symfony_doc =]]/reference/configuration/framework.html#secret). - It's recommended to store the database credentials in your `.env.local` file and not commit it to the Version Control System. + It's recommended that you store the database credentials in your `.env.local` file, and not commit that file to the Version Control System. -In `DATABASE_VERSION` you can also configure the database server version (for a MariaDB database, prefix the value with `mariadb-`). +In `DATABASE_VERSION`, you can also configure the database server version (for a MariaDB database, prefix the value with `mariadb-`). !!! tip "Using PostgreSQL" @@ -267,12 +271,23 @@ You may choose to replace the [default search engine](legacy_search_overview.md) Install [[= product_name =]] and create a database with: -``` bash -php bin/console ibexa:install -php bin/console ibexa:graphql:generate-schema -``` +=== "PHP 8.4" + + Deprecation warnings must be suppressed when using PHP 8.4, otherwise the installation fails due to errors such as "headers have already been sent". + + ``` bash + php -d error_reporting=`php -r 'echo E_ALL & ~E_DEPRECATED;'` bin/console ibexa:install + php bin/console ibexa:graphql:generate-schema + ``` + +=== "PHP 8.3 and older" + + ``` bash + php bin/console ibexa:install + php bin/console ibexa:graphql:generate-schema + ``` -Before executing the command make sure that the database user has sufficient permissions. +Before executing the command, make sure that the database user has sufficient permissions. ### Run post-installation script @@ -290,7 +305,7 @@ For development you can use the built-in PHP server. php -S 127.0.0.1:8000 -t public ``` -Your PHP web server is accessible at `http://127.0.0.1:8000` +Your PHP web server is accessible at `http://127.0.0.1:8000`. You can also use [Symfony CLI](https://symfony.com/download): @@ -300,7 +315,7 @@ symfony serve ## Prepare installation for development -Consider adding the Symfony DebugBundle which fixes memory outage when dumping objects with circular references. +Consider adding the Symfony DebugBundle, which prevents running out of memory when dumping objects with circular references. The DebugBundle contains the [VarDumper]([[= symfony_doc =]]/components/var_dumper.html) and [its Twig integration]([[= symfony_doc =]]/components/var_dumper.html#debugbundle-and-twig-integration). ``` bash @@ -313,7 +328,7 @@ For detailed information about request treatment, you can also install [Symfony composer require --dev symfony/profiler-pack ``` -To get both features in one go use: +To get both features in one go, use: ``` bash composer require --dev symfony/debug-pack @@ -325,7 +340,7 @@ To use [[= product_name =]] with an HTTP server, you need to [set up directory p ### Set up permissions -For development needs, the web user can be made the owner of all your files (for example with the `www-data` web user): +For development needs, the web user can be made the owner of all your files (for example, with the `www-data` web user): ``` bash chown -R www-data:www-data @@ -336,7 +351,7 @@ Future files and directories created by these two users need to inherit those pe !!! caution - For security reasons, in production, the web server cannot have write access to other directories than `var`. + For security reasons, in production, the web server mustn't have write access to any directory other than `var`. Skip the step above and follow the link below for production needs instead. You must also make sure that the web server cannot interpret the files in the `var` directory through PHP. @@ -370,7 +385,7 @@ Prepare a [virtual host configuration](https://en.wikipedia.org/wiki/Virtual_hos Finally, restart the Apache server. The command may vary depending on your Linux distribution. - For example, on Ubuntu use: + For example, on Ubuntu, use: ``` bash service apache2 restart @@ -378,10 +393,10 @@ Prepare a [virtual host configuration](https://en.wikipedia.org/wiki/Virtual_hos === "nginx" - You can use [this example vhost file](https://raw.githubusercontent.com/ibexa/post-install/main/resources/templates/nginx/vhost.template) and modify it to fit your project. You also need the `ibexa_params.d` files that should reside in a subdirectory below where the main file is, [as is shown here](https://github.com/ibexa/post-install/tree/main/resources/templates/nginx). + You can use [this example vhost file](https://raw.githubusercontent.com/ibexa/post-install/main/resources/templates/nginx/vhost.template) and modify it to fit your project. You also need the `ibexa_params.d` files, which should reside in a subdirectory below the main file, [as shown here](https://github.com/ibexa/post-install/tree/main/resources/templates/nginx). Specify `//public` as the `root`, or ensure `BASEDIR` is set in the environment. - Ensure `APP_ENV` is set to `prod` or `dev` in the environment, depending on the environment that you're configuring, and uncomment the line that starts with `#if[APP_ENV`. + Ensure `APP_ENV` is set to `prod` or `dev` in the environment, depending on which environment you're configuring, and uncomment the line that starts with `#if [APP_ENV]`. When the virtual host file is ready, enable the virtual host and disable the default. Finally, restart the nginx server. diff --git a/docs/infrastructure_and_maintenance/security/security_advisories.md b/docs/infrastructure_and_maintenance/security/security_advisories.md new file mode 100644 index 0000000000..d01e5b6fab --- /dev/null +++ b/docs/infrastructure_and_maintenance/security/security_advisories.md @@ -0,0 +1,77 @@ +--- +description: Find [[= product_name_base =]] security advisories, and learn how to handle Composer package security advisories. +--- + +# Security advisories + +## [[= product_name_base =]] security advisories + +[[= product_name_base =]] security advisories are released via [your Service portal](https://support.ibexa.co/), and via [Security advisories](https://developers.ibexa.co/security-advisories). The latter is available to non-subscribers. + +## Package security advisories + +Overall, it's recommended to keep your Composer packages up to date. + +You can run the following command to check for available updates without installing them: + +```bash +composer update --dry-run +``` + +When a security issue is discovered in a Composer package, a security advisory is issued, and the affected versions of the package become blocked from installation unless you take action. + +When installing or updating, Composer avoids installing packages that are affected by security advisories. +However, this can create constraint issues that make installation or updates impossible. +For example, security fixes might not be available for [unsupported PHP versions](https://www.php.net/supported-versions.php). + +Example of a Composer output about a package with security issues when trying to install: + +```text +- Root composer.json requires twig/cssinliner-extra v3.11.0 (exact version match), found twig/cssinliner-extra[v3.11.0] but these were not loaded, because they are affected by security advisories ("PKSA-fs5b-x5k4-1h39"). +``` + +Composer's output isn't always this verbose about security advisories blocking installation or updates. + +For example, imagine this error appeared recently when trying to install [[= product_name =]] 4.6 on PHP 7.4: + +```text +- ibexa/user[v4.6.0, ..., v4.6.31] require twig/twig ^3.0 -> satisfiable by twig/twig[v3.27.0, v3.27.1, v3.28.0]. +- twig/twig[v3.27.0, ..., v3.28.0] require php >=8.1.0 -> your php version (7.4.33) does not satisfy that requirement. +``` + +It worked before. You can check packagist.org, or an already running instance of [[= product_name =]], to see which version of this package was previously accepted. + +In this example, [`twig/twig` v3.11.3](https://packagist.org/packages/twig/twig#v3.11.3) matches the constraints `^3.0` and PHP 7.4 `>=7.2.5`. +```terminal +% composer require twig/twig:3.11.3 +Your requirements could not be resolved to an installable set of packages. + + Problem 1 + - Root composer.json requires twig/twig 3.11.3 (exact version match: 3.11.3 or 3.11.3.0), found twig/twig[v3.11.3] but these were not loaded, because they are affected by security advisories ("PKSA-8zx5-v2nz-58pb"). +``` + +It's highly recommended that you not install the affected package, and instead meet the requirements of the fixed version. + +You can use the https://packagist.org/security-advisories/ resource to learn more about a security advisory, such as the affected packages and versions, a detailed description of the issue, and other possible reference IDs for the advisory: PKSA (Packagist Security Advisory), GHSA (GitHub Security Advisories), and CVE (Common Vulnerabilities and Exposures). + +If you need to, upgrade PHP and migrate your custom code to be compatible with the newer PHP version, for example by using [Rector](https://github.com/rectorphp/rector). + +If updating the affected package isn't possible, carefully review the security issue and assess the risk. +If you choose to implement countermeasures instead of upgrading, you can ignore the security advisory. +We recommend using Composer's [`config.policy.advisories.ignore-id`](https://getcomposer.org/doc/06-config.md#ignore-id) setting, providing for each entry the reason why you consider it safe to ignore. +This way, you'll still be warned if the package is affected by a new security advisory. + +```json +{ + "config": { + "policy": { + "advisories": { + "ignore-id": { + "PKSA-fs5b-x5k4-1h39": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", + "PKSA-8zx5-v2nz-58pb": "Description of the countermeasures you've implemented causing this one to be safe to ignore." + } + } + } + } +} +``` diff --git a/docs/infrastructure_and_maintenance/security/security_checklist.md b/docs/infrastructure_and_maintenance/security/security_checklist.md index 1f34f7efc6..44c0b51b4c 100644 --- a/docs/infrastructure_and_maintenance/security/security_checklist.md +++ b/docs/infrastructure_and_maintenance/security/security_checklist.md @@ -8,7 +8,7 @@ When getting ready to go live with your project for the first time, or when re-l !!! caution - Security is an ongoing process. After going live, you should pay attention to security advisories released via [your Service portal](https://support.ibexa.co/), or via [Security advisories](https://developers.ibexa.co/security-advisories) if you're not a subscriber. + Security is an ongoing process. After going live, you should pay attention to Ibexa security advisories released via [your Service portal](https://support.ibexa.co/), or via [Security advisories](https://developers.ibexa.co/security-advisories) if you're not a subscriber. ## [[= product_name =]] @@ -16,7 +16,7 @@ When getting ready to go live with your project for the first time, or when re-l Make sure Admin users and other privileged users who have access to System Information and setup in the back end are vetted and fully trustworthy. -As administrator you have access to full information about the system through the `setup/system_info` policy, and also to user data, role editing, and many other critical aspects. +As administrator, you have access to full information about the system through the `setup/system_info` policy, and also to user data, role editing, and many other critical aspects. The users in your organization who have backend access must be kept up-to-date. Any user leaving the organization must be disabled without delay. @@ -316,6 +316,7 @@ Those steps aren't needed when using [[= product_name_cloud =]], where the provi - Run servers on a recent operating system and install security patches for dependencies. - Configure servers to alert you about security updates from vendors. Pay special attention to dependencies used by your project directly, or by PHP. The provider of the operating system usually has a service for this. +- Update Composer packages regularly. Don't underestimate [package security advisories](security_advisories.md#package-security-advisories). Update dependencies to be able to install fixed versions. - Enable [GitHub Dependabot](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates) to receive notifications when a security fix is released in a GitHub-hosted dependency. - If you're not using GitHub for your project, you can create a dummy project on GitHub with the same dependencies as your real project, and enable Dependabot notifications for that. diff --git a/docs/update_and_migration/from_4.6/update_from_4.6.md b/docs/update_and_migration/from_4.6/update_from_4.6.md index fc233f61f0..69f4af4ff3 100644 --- a/docs/update_and_migration/from_4.6/update_from_4.6.md +++ b/docs/update_and_migration/from_4.6/update_from_4.6.md @@ -32,7 +32,7 @@ First, run: Then execute the instructions below starting from the version you're upgrading from. -!!! caution +!!! caution "Deprecation messages on PHP 8.2 and newer" To avoid deprecations when using PHP 8.2, 8.3, or 8.4, run the following commands: @@ -43,6 +43,10 @@ Then execute the instructions below starting from the version you're upgrading f +!!! caution "Security advisories" + + If you encounter security advisories that prevent the update, see [Package security advisories](security_advisories.md#package-security-advisories). + ## v4.6.1 No additional steps needed. @@ -714,39 +718,8 @@ Then, update Ibexa DXP. If updating the Twig packages isn't possible, for example, because the project is using PHP 7.4 or 8.0 where the fixes are not available, review the security issues carefully and assess the danger. -If you choose to implement countermeasures without upgrading PHP and updating Twig, you can silence the advisories in `composer.json`: - -```json -"config": { - "audit": { - "ignore": { - "PKSA-fbvq-z33h-r2np": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-g9zw-qxh8-pq8w": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-yd6k-t2gh-1m43": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-1tmc-rt7x-12w6": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-xx6c-6d96-db2w": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-5k7f-wvjj-jrgw": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-sjvz-tbbr-vwth": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-h8hf-ytnd-5t9q": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-wwb1-81rc-pd65": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-hgmw-wn4d-hpcy": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-kvv6-36cr-fkzb": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-n14z-jjjg-g8vd": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-3mcc-k66d-pydb": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-gw7n-z4yx-7xjt": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-dpx1-78wg-1kqs": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-21g2-dzjv-sky5": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-yhcn-xrg3-68b1": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-2wrf-1xmk-1pky": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-6319-ffpf-gx66": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-n7sg-8f52-pqtf": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-8kk8-h2xr-h5nx": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-2rbx-bjdx-4d4d": "Description of the countermeasures you've implemented causing this one to be safe to ignore.", - "PKSA-fs5b-x5k4-1h39": "Description of the countermeasures you've implemented causing this one to be safe to ignore." - } - } -} -``` +If you choose to implement countermeasures without upgrading PHP and updating Twig, you can silence the advisories in `composer.json`. +For more information, see [Package security advisories](security_advisories.md#package-security-advisories). In addition, consider upgrading your project to one of [the actively supported PHP versions](requirements.md#php). diff --git a/mkdocs.yml b/mkdocs.yml index 898287276d..cab9dfca9e 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -855,6 +855,7 @@ nav: - Development security: infrastructure_and_maintenance/security/development_security.md - Security checklist: infrastructure_and_maintenance/security/security_checklist.md - Reporting issues: infrastructure_and_maintenance/security/reporting_issues.md + - Security advisories: infrastructure_and_maintenance/security/security_advisories.md - Support and maintenance FAQ: infrastructure_and_maintenance/support_and_maintenance_faq.md - Update and migration: - Update Ibexa DXP: update_and_migration/update_ibexa_dxp.md