 Oleksandr Bezdieniezhnykh
|
d2b5308b45
|
[AZ-552..AZ-557] Cycle-2 hotfix task intake (6 specs, 11 pts)
Materializes cycle-2 hotfix sprint task specs from security_report_cycle2.md
findings. All six roll up to epic AZ-530 per the `cycle-2-hotfix` /
`AZ-530-followup` Jira labels. Total 11 story points; gates the next deploy.
Tasks:
- AZ-552 drop_jwt_secret_deploy_preflight (1 pt) — F-INFRA-1 Critical
- AZ-553 bind_mount_es256_keys (2 pts) — F-INFRA-2 Critical
- AZ-554 persist_dataprotection_keys (2 pts) — F-INFRA-3 High
- AZ-555 secrets_readme_es256_rewrite (1 pt) — F-INFRA-4 High
- AZ-556 unify_login_error_codes (2 pts) — F-AUTH-1+F-AUTH-3 High
- AZ-557 mfa_brute_force_lockout (3 pts) — F-AUTH-2 High
Also:
- _dependencies_table.md updated (25 tasks / 82 pts; hotfix landing order)
- _autodev_state.md rolled to step: 10 (Implement) not_started
- _process_leftovers/2026-05-14_suite_infra_jwt_secret_drift.md logs the
out-of-scope suite-level _infra/deploy/webserver/ JWT_SECRET drift —
separate Jira ticket needed against the suite repo, not blocking.
Step 9 (New Task) cycle-2-hotfix-intake output.
Co-authored-by: Cursor <cursoragent@cursor.com>
|
2026-05-14 09:23:12 +03:00 |
|