Replies: 6 comments 3 replies
-
The old issue creation process took significant time on our end. And in fact, some advisories got delayed as the process isn't super straight forward and easy to have things slip through. Can you elaborate on the use-case for your RSS feed? If it is to be informed about Security Patches, then it would be better in most cases to directly subscribe to our release announcements. (as advisories are only released after a delay) (I'd guess that "Subscribing" to the repository should also yield a notification on each new advisory) That said, as we assign a CVE to our advisories, there should be plenty of third-party solutions to accessing a RSS feed. For example, cvedetails.com allows you to get a RSS feed of all assigned CVEs: https://www.cvedetails.com/vulnerability-feed.php?vendor_id=15913&product_id=0&version_id=0&orderby=1&cvssscoremin=0 |
Beta Was this translation helpful? Give feedback.
-
I found the previously mentioned "release announcements" subscription: here: https://newsletter.nextcloud.com/ |
Beta Was this translation helpful? Give feedback.
-
The RSS feed is/was super useful. Many organizations now use Teams and it is very comfortable to set up a connector and subscribe to RSS feeds in Teams. Then you will get daily notifications. That being said, I think GitHub should offer RSS functionality for the Security tab. I believe the timeframe between a new vulnerability being added to GitHub Security Advisories and a corresponding CVE has been assigned in CVE Details is way to long. For me it seem that there is a big difference between these two sources, with GitHub being the most valuable one. |
Beta Was this translation helpful? Give feedback.
-
I’ve just discovered the rss feed is defunct a full six months later, and there isn’t a replacement. |
Beta Was this translation helpful? Give feedback.
-
I hacked together something to replace this for my needs. This way you can get the latest info directly to your Teams channel. You can find the source code at my GitLab. This utilises GitLabs CI/CD functionality so you don't need any infra to run it - everything runs in GitLab. If you want you can grab it and use it. It would be cool if you ported it to GitHub because I think more people would discover, use and maybe even improve it that way. For this system to work with GitLab you must create the CI/CD variable TEAMS_WEBHOOK_URL (protected and masked) and add your Teams webhook URL. BTW! I did this in one hour and the code is quite ugly. Beside Nextcloud you will get info about some other software too, but you can easily remove that. Happy new year! |
Beta Was this translation helpful? Give feedback.
-
I too would strongly prefer an RSS feed of Nextcloud Security Advisories, with no 3rd party tools needed to craft one. (Cross-post:) |
Beta Was this translation helpful? Give feedback.
-
Since about midnight the RSS feed I used to follow Nextcloud security advisories fails with 404:
Beta Was this translation helpful? Give feedback.
All reactions