Page MenuHomeMiraheze

Check pygments is up to date
Closed, InvalidPublic

Description

Used by MediaWiki https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270

Got picked up by my Synk alerts for something else today

Event Timeline

https://phabricator.wikimedia.org/T276843#6902629
/srv/mediawiki/extensions/SyntaxHighlight_GeSHi/pygments/VERSION says we have 2.7.4 (a patched version). Patch was deployed in https://github.com/miraheze/mediawiki/pull/1373 (March 22th).

Southparkfan changed the visibility from "Custom Policy" to "Public (No Login Required)".
Southparkfan changed the edit policy from "Custom Policy" to "All Users".