Page MenuHomeMiraheze

Undeploy RegexFunctions for MediaWiki 1.40
Open, LowPublic

Description

This extension has some very long standing security issues which led to be disabled globally over a year ago. Glancing at the git repo for the extension, nothing has changed. RegexFunctions should thus be undeployed.

Event Timeline

Agent_Isai created this task.

Developer Skizzerz, who only pops by at MW.org/Wikimedia once every few months these days, has nonetheless been informed by me just this moment. If possible, I'll try to bring word of the security concerns to WM Phab the sooner I join their equivalent hub. I'll keep you posted.

@Routhwick somewhat unrelated but I tried to email you but you don't have an email verified on your wiki account. Would you be interested in helping us test Semantic MediaWiki on MediaWiki 1.40 to make sure we don't break SMW wikis when we upgrade/to ensure no bugs exist?

Feedback from Skizzerz (now that I've got his last letter right this time), just this moment (bolded emphasis mine):

"Pathological regex patterns are not a security issue, they are a configuration issue. PCRE has multiple php.ini settings to control how much backtracking or recursion will be allowed in a regex before it errors out."

MacFan4000 claimed this task.
Pppery removed MacFan4000 as the assignee of this task.
Pppery added a subscriber: MacFan4000.