Skip to content

docs: close v10.x security, build-hardening, and supply-chain specs#209

Merged
satwareAG-ironMike merged 1 commit intosatware-mainfrom
wip/spec-implementation-security-hardening
Apr 9, 2026
Merged

docs: close v10.x security, build-hardening, and supply-chain specs#209
satwareAG-ironMike merged 1 commit intosatware-mainfrom
wip/spec-implementation-security-hardening

Conversation

@satwareAG-ironMike
Copy link
Copy Markdown

@satwareAG-ironMike satwareAG-ironMike commented Apr 2, 2026

Summary

Audits all three open v10.x implementation specs against current codebase and marks them DONE:

  • spec-v10.3.7-security.md: C1 (SQL injection), C2 (SPB overflow), M10 (dynamic alloc), M7 (PHP 8.2 gate) - all verified implemented. H5 (stale CONTRIBUTING.md refs) fixed in this PR.
  • spec-v10.4-build-hardening.md: H4 (compiler flags), M1 (gnu17), M8 (out_connection), L1 (LTO) - all verified implemented.
  • spec-v10.4-supply-chain.md: H1 (SLSA attestations), H2 (CycloneDX SBOM, Linux), H3 (Dependabot), M4 (version stamps) - all verified. Note: Windows SBOM is TBD as follow-up.

Changes

  • Fix CONTRIBUTING.md: php81 -> php82, 8.1+ -> 8.2+
  • Update NEXT_STEPS.md: move specs to Completed section
  • Mark all three spec files as DONE with completion date

@jane-alesi
docs: fix CONTRIBUTING.md stale PHP 8.1 refs, mark security spec DONE
d5ff3e1 
- CONTRIBUTING.md: php81 -> php82 in Docker example, 8.1+ -> 8.2+ in requirements
- spec-v10.3.7-security.md: all 7 success criteria verified complete, status DONE

Closes the v10.3.7 security spec. C1 (SQL injection), C2 (SPB overflow),
M10 (dynamic alloc), M7 (config.m4 version gate) were already implemented
on satware-main. H5 (stale docs) fixed in this commit.
@satwareAG-ironMike satwareAG-ironMike force-pushed the wip/spec-implementation-security-hardening branch from d989f19 to d5ff3e1 Compare April 9, 2026 12:27
@satwareAG-ironMike satwareAG-ironMike merged commit 099ce71 into satware-main Apr 9, 2026
27 checks passed
@satwareAG-ironMike satwareAG-ironMike deleted the wip/spec-implementation-security-hardening branch April 9, 2026 12:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@satwareAG-ironMike @jane-alesi