Skip to Content
Last modified by Agnease on 2026/06/08 18:44
From version 1.9
edited by Agnease
on 2026/05/26 10:48
Change comment: There is no comment for this version
To version 3.5
edited by Agnease
on 2026/06/08 18:16
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -122,6 +122,13 @@
122 122   of small exceptions that nobody reviewed later.
123 123   </p>
124 124  
125 + <p>
126 + For a deeper look at this topic, see
127 + <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">why XWiki access rights need a clear governance model</a>.
128 + For a practical starting point, see
129 + <a href="$xwiki.getURL('resources.xwiki-access-rights-review')">how to start an XWiki access-rights review</a>.
130 + </p>
131 +
125 125   <h3>3. Authentication and identity management</h3>
126 126   <p>
127 127   Authentication should be reviewed beyond the simple question of whether users can log in. LDAP, Active
... ... @@ -165,11 +165,11 @@
165 165  
166 166   <div class="resource-inline-cta">
167 167   <p>
168 - <strong>Not sure how risky your current XWiki version is?</strong>
169 - A short technical review can clarify the upgrade path, extension compatibility,
170 - custom code risks and validation needs before production is touched.
175 + <strong>Need a clearer view of your XWiki security posture?</strong>
176 + A structured review can check versions, access rights, authentication,
177 + extensions, custom code, infrastructure, backups and operational practices.
171 171   </p>
172 - <a class="btn btn-secondary" href="$xwiki.getURL('contact.WebHome')">Request a quick review</a>
179 + <a class="btn btn-secondary" href="$xwiki.getURL('contact.WebHome')">Request a security review</a>
173 173   </div>
174 174  
175 175   <h2 id="security-checklist">XWiki security review checklist</h2>
... ... @@ -232,6 +232,16 @@
232 232   permissions, extensions, customizations and recovery procedures were configured years earlier.
233 233   </p>
234 234  
242 + <div class="resource-note">
243 + <p>
244 + <strong>Security review series:</strong>
245 + this article is the main overview. You can also read
246 + <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">why XWiki access rights need a clear governance model</a>.
247 + Future topics will cover authentication and access control, script and programming rights, backup validation,
248 + extension review and operational practices.
249 + </p>
250 + </div>
251 +
235 235   <h2 id="security-review-faq">XWiki security review FAQ</h2>
236 236  
237 237   <h3>What should an XWiki security review include?</h3>
... ... @@ -271,6 +271,7 @@
271 271   <div class="resource-note">
272 272   <p>
273 273   Related resources:
291 + <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">why XWiki access rights need a clear governance model</a>,
274 274   <a href="$xwiki.getURL('resources.why-upgrade-xwiki')">why regular XWiki upgrades matter</a>
275 275   and
276 276   <a href="$xwiki.getURL('resources.xwiki-custom-development')">how to keep XWiki custom development maintainable across upgrades</a>.
xwiki-security-review.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.Admin
Size
... ... @@ -1,0 +1,1 @@
1 +1.3 MB
Content