Security Strike Team

From Joomla! Documentation


Other languages:
English • ‎eesti • ‎français • ‎Nederlands

The Joomla! Security Strike Team falls under the responsibility of the Production Department, which oversees all aspects related to the code of all software lead by the Joomla! Project.
Please visit the Volunteers Portal to get an overview of the members of this team.

Purpose and Mission

In wild land firefighting, the term "Strike Team" is used to describe a collection of similar resources, which used for a specific purpose (https://en.wikipedia.org/wiki/Strike_Team).
The JSST is called a strike team because it is a collection of developers and security experts tasked with improving and managing security for Joomla.

The JSST operates with a limited scope and only directly responds to issues with the core Joomla! CMS and Framework, as well as processing reports regarding the *.joomla.org network of websites.
We do not directly handle potential vulnerabilities with Joomla! extensions or websites built by our users, however there are resources available for these categories.
The Vulnerable Extensions List contains reports of security vulnerabilities in extensions and users may seek assistance with security issues on their websites from the Joomla! Forum.

Goals

  • Investigate and respond to reported vulnerabilities in the Joomla! CMS, Framework, and joomla.org websites.
  • Execute code reviews prior to release to identify new vulnerabilities.
  • Provide public presence regarding security issues.
  • Help the community understand Joomla! security.