Update Sendy List ID #976
Assignees
Comments
github-project-automation
bot
moved this to Icebox
in Simpler.Grants.gov Product Backlog
SammySteiner
moved this from Icebox
to Sprint Ready
in Simpler.Grants.gov Product Backlog
acouch
modified the milestones:
Security - control implementations,
Security - future work
mxk0
changed the title
|
@doug-s-nava - Given this has been an open ticket since last Jan. Do you have any objections to pushing it out past the 12/10 deadlines? At that point we'll have a bit of bandwidth to explore rebuilding the account profile to invalidate the one with published data. |
doug-s-nava
changed the title
|
That works for me. I don't think this is particularly pressing. Moving back to the icebox for now. |
doug-s-nava
moved this from In Progress
to Icebox
in Simpler.Grants.gov Product Backlog
|
Noting for posterity that there are a bunch of details from Doug's investigation here. |
|
We're likely moving off of Sending in the next quad or so; marking this as won't fix. |
github-project-automation
bot
moved this from Todo
to Done
in Simpler.Grants.gov Product Backlog
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
Sendy recommended hardcoding our sendy url, api key, and list id directly in the html of the application.
While we already removed that from the codebase and from the client browser, the url and list id are still in our github history. While the url likely cannot be changed, we should update the list id to prevent any possible malicious use.
Acceptance criteria
Note that this ticket previously called for rewriting the git history to remove any Sendy secret data. As this was deemed too risky and complex, the AC was updated.
The text was updated successfully, but these errors were encountered: