Issue Tracker Audit -- March 2026
The issue tracker currently has 237 open issues and 3 open PRs . This audit categorizes every open issue by priority and recommends concrete cleanup actions that would reduce the count to approximately 80-100 actionable issues.
Executive Summary
Category
Count
Recommended Action
Legacy branch issues (maint-1.x, 2.x, legacy)
93
Bulk close
Obsolete v1/v2 component issues (unlabeled legacy)
~63
Close as obsolete
Active bugs (P1)
4
Fix or close with resolution
Security/infra (P2)
9
Address soon
Documentation gaps (P3)
18
Prioritize top items
Enhancements/RFCs (P4)
~50
Audit, close stale
Priority 1 -- CRITICAL (active bugs and CI/CD)
Issue
Summary
Age
#4067 Adding a record fails with permission denied (v3.3)
5.2y
#3989 Files disappear after record update via REST API (data loss)
6.1y
#4040 invenio_admin version conflict prevents installation (v3.2)
5.5y
#3015 No formal security disclosure policy (RFC)
10.8y
PRs ready for review:
PR
Summary
Status
#4101 Modernize PyPI publish workflow (security fix + CI updates)
Open, supersedes #4097
#4100 Linux development environment setup guides
Open
#4102 Add SECURITY.md vulnerability reporting policy
Open, addresses #3015
#4097 Dependabot bump of pypi-publish (superseded by #4101 )
Open, recommend close
Priority 2 -- HIGH (security and infrastructure)
Issue
Summary
Recommended Action
#4045 Verify inveniosoftware.org domain on GitHub
5-min admin task
#3609 Docker nginx should use HTTPS
Fix or close if Docker setup is deprecated
#3637 Installation should use HTTPS port
Related to #3609
#3961 Update tested ElasticSearch versions across all repos
Audit needed
#3998 Update Python classifiers in setup.py
Quick fix
#4048 Investigate moving docs to MkDocs
Decision needed
#3988 setup script conflicts with ipython autoreload
Fix or document workaround
#3810 inveniomanage database init fails
Close if inveniomanage is deprecated
#3809 inveniomanage incompatible with flask-collect 1.3.x
Close if inveniomanage is deprecated
Priority 3 -- Documentation Gaps (18 issues)
Most filed by @lnielsen . Key items for production users:
Issue
Summary
#4060 Linux setup guide -- addressed by PR #4100
#3906 Securing your instance (missing entirely)
#3907 Monitoring your infrastructure (missing entirely)
#3942 Upgrading Elasticsearch chapter
#4016 Template API stability guarantees
#4014 Bundles and compatibility documentation
#3997 Modules dependency management
#3948 How to write documentation
#3914 Restructure "build a module" section
#3876 Improve quickstart
#3878 Installing and running section
#3879 Styling Invenio section
#3881 Linking records section
#3885 NGR support section
#3710 Triage process docs
#3711 Maintenance process docs
#3657 Package anatomy docs
#3658 Module anatomy docs
Priority 5 -- RECOMMEND CLOSING
A. Legacy branch issues (93 issues)
These target maint-1.1, maint-1.2, maint-2.0, or legacy branches that have not received updates in years:
#3842 , #3840 , #3837 , #3834 , #3832 , #3826 , #3825 , #3819 , #3816 , #3814 , #3806 , #3759 , #3740 , #3687 , #3661 , #3633 , #3619 , #3615 , #3600 , #3584 , #3536 , #3527 , #3491 , #3234 , #3224 , #3139 , #2909 , #2861 , #2814 , #2805 , #2729 , #2696 , #2668 , #2610 , #2592 , #2576 , #2462 , #2454 , #2387 , #2383 , #2193 , #2098 , #2064 , #1948 , #1929 , #1862 , #1729 , #1725 , #1720 , #1716 , #1714 , #1710 , #1682 , #1679 , #1675 , #1672 , #1669 , #1664 , #1663 , #1650 , #1640 , #1634 , #1628 , #1627 , #1626 , #1623 , #1622 , #1620 , #1611 , #1610 , #1600 , #1593 , #1590 , #1571 , #1567 , #1558 , #1505 , #1498 , #1411 , #1410 , #1346 , #1315 , #1293 , #1289 , #1227 , #1205 , #1202 , #1179 , #1134 , #1133 , #1111 , #1049 , #921
Suggested close message:
Closing as stale. This issue targets a legacy branch (maint-1.x/2.x) that is no longer maintained. The component referenced here does not exist in Invenio v3+. If this issue is still relevant to a current version of Invenio, please open a new issue with updated reproduction steps.
B. Obsolete v1/v2 component issues without legacy label (~63 issues)
These reference components (WebSearch, BibEdit, BibSched, BibCirculation, etc.) from the Invenio v1/v2 architecture that do not exist in v3:
#860 , #866 , #867 , #880 , #881 , #882 , #883 , #884 , #885 , #886 , #887 , #890 , #899 , #902 , #906 , #910 , #927 , #928 , #959 , #963 , #967 , #969 , #972 , #981 , #984 , #985 , #1001 , #1008 , #1029 , #1071 , #1151 , #1203 , #1208 , #1224 , #1242 , #1243 , #1259 , #1261 , #1262 , #1290 , #1291 , #1302 , #1305 , #1336 , #1347 , #1395 , #1403 , #1412 , #1451 , #1480 , #1492 , #1521 , #1522 , #1523 , #1537 , #1577 , #2414 , #2750 , #2838 , #2904 , #3182 , #3199 , #3421 , #3638 , #3690
C. Other stale/obsolete issues
Issue
Reason to close
#4056 Sprint planning artifact from Dec 2020, not an issue
#3800 Kickstart script issue (likely deprecated)
#3801 Kickstart script issue (likely deprecated)
#3813 Docker build failure from 2017
#3820 OpenSSL error from 2017 (resolved by upgrades)
#3858 ssl_context issue targeting maint-2.1 (unlabeled)
#1009 "Content translation on the fly" discussion from 2014
#1203 BatchUpload component (v1/v2)
#1243 bibrank component (v1/v2)
#1629 "Watch list" RFC from 2014 (v1/v2 era)
#1769 JavaScript Code Style RFC from 2014 (predates modern tooling)
#1851 BibDocFile copyright detection discussion from 2014
#2803 Custom Jinja template checker discussion from 2015
Governance Decisions Needed
These require maintainer input and cannot be resolved by triage alone:
Issue
Decision
#3829 MIT license migration -- audit which repos still need migration (23 comments)
#3650 Obsoleted packages policy -- adopt and apply to enable bulk closure
#3665 Project announcement space
#3666 invenio-* component naming convention
#2895 Reporting module RFC
Recommended Action Plan
Immediate : Review and merge PRs docs: add Linux development environment setup guides #4100 ci: modernize PyPI publish workflow #4101 docs: add SECURITY.md vulnerability reporting policy #4102 build(deps): bump pypa/gh-action-pypi-publish from 1.3.1 to 1.13.0 in /.github/workflows #4097 This week : Bulk-close the 93 legacy-branch issues listed aboveThis week : Close the ~63 obsolete v1/v2 component issues listed aboveThis month : Verify GitHub domain (Verify domain on GitHub #4045 Adding a record fails with permission denied #4067 Cannot attach files to an updated record #3989 This quarter : Documentation sprint on docs: securing your instance #3906 docs: new section "Monitoring your infrastructure" #3907 Governance : Decide on RFC policy on clearly obsoleted packages #3650
This would reduce the tracker from 237 to ~80 actionable issues .
Issue Tracker Audit -- March 2026
The issue tracker currently has 237 open issues and 3 open PRs. This audit categorizes every open issue by priority and recommends concrete cleanup actions that would reduce the count to approximately 80-100 actionable issues.
Executive Summary
Priority 1 -- CRITICAL (active bugs and CI/CD)
PRs ready for review:
Priority 2 -- HIGH (security and infrastructure)
Priority 3 -- Documentation Gaps (18 issues)
Most filed by @lnielsen. Key items for production users:
Priority 5 -- RECOMMEND CLOSING
A. Legacy branch issues (93 issues)
These target
maint-1.1,maint-1.2,maint-2.0, orlegacybranches that have not received updates in years:#3842, #3840, #3837, #3834, #3832, #3826, #3825, #3819, #3816, #3814, #3806, #3759, #3740, #3687, #3661, #3633, #3619, #3615, #3600, #3584, #3536, #3527, #3491, #3234, #3224, #3139, #2909, #2861, #2814, #2805, #2729, #2696, #2668, #2610, #2592, #2576, #2462, #2454, #2387, #2383, #2193, #2098, #2064, #1948, #1929, #1862, #1729, #1725, #1720, #1716, #1714, #1710, #1682, #1679, #1675, #1672, #1669, #1664, #1663, #1650, #1640, #1634, #1628, #1627, #1626, #1623, #1622, #1620, #1611, #1610, #1600, #1593, #1590, #1571, #1567, #1558, #1505, #1498, #1411, #1410, #1346, #1315, #1293, #1289, #1227, #1205, #1202, #1179, #1134, #1133, #1111, #1049, #921
Suggested close message:
B. Obsolete v1/v2 component issues without legacy label (~63 issues)
These reference components (WebSearch, BibEdit, BibSched, BibCirculation, etc.) from the Invenio v1/v2 architecture that do not exist in v3:
#860, #866, #867, #880, #881, #882, #883, #884, #885, #886, #887, #890, #899, #902, #906, #910, #927, #928, #959, #963, #967, #969, #972, #981, #984, #985, #1001, #1008, #1029, #1071, #1151, #1203, #1208, #1224, #1242, #1243, #1259, #1261, #1262, #1290, #1291, #1302, #1305, #1336, #1347, #1395, #1403, #1412, #1451, #1480, #1492, #1521, #1522, #1523, #1537, #1577, #2414, #2750, #2838, #2904, #3182, #3199, #3421, #3638, #3690
C. Other stale/obsolete issues
Governance Decisions Needed
These require maintainer input and cannot be resolved by triage alone:
Recommended Action Plan
This would reduce the tracker from 237 to ~80 actionable issues.