The OWG just published a security notice for OpenStreetMap application developers and for those that independently use the openstreetmap-website code. This is related to the broken login windows that mappers have been noticing this week.
6 Likes
Thank you for taking steps to improve communications around security issues and breaking changes going forwards.
Is there an RSS/Atom feed where we can subscribe to similar notices in the future? The security notice you’ve linked to here doesn’t appear in https://operations.osmfoundation.org/feed.xml (nor does it appear to be linked from anywhere else on the operations.osmfoundation.org website, FWIW).
I’m not an OWG member, so I can’t make guarantees for them, but this incident sets a precedent that similar security incidents will also be posted on the low-volume announce mailing list and on Mastodon.
There is a known issue about missing links to incident reports (and now security notices) on the index page and RSS feed. At a glance, resolving this issue should be fairly straightforward if you’re familiar with Jekyll.
1 Like