Page MenuHomeMiraheze
Create Task
Maniphest T8283

Private wiki search results (page titles) can be incorrectly cached
Closed, ResolvedPublic
Actions

Description

We're deploying a fix but this was caught by our automated security task alerts.

Event Timeline

RhinosF1 created this task.Nov 12 2021, 21:30
Herald added subscribers: Agent_Isai, Unknown Object (User), Void, Reception123. · View Herald TranscriptNov 12 2021, 21:30
RhinosF1 added subscribers: Dmehus, Owen.Nov 12 2021, 21:35
Agent_Isai added a comment.Nov 12 2021, 22:01
On 12 November, 2021, Site Reliability Engineering was made aware that search results on private wikis may have accidentally been cached and thus publicly visible. SRE took steps immediately to remediate the issue and confirmed only search results were publicly visible. There is currently no indication anyone purposefully viewed private wiki search results through means of the cached version available. If you have any questions, please feel free to email sre{{@}}miraheze.org or ask on #miraheze-sre on IRC/Discord. ~~~~~

This is a draft announcement, please let me know what you think about it.

RhinosF1 added a comment.Nov 12 2021, 22:07

+1 from me + John on IRC

Unknown Object (User) moved this task from Backlog to Bugs on the MediaWiki board.Nov 13 2021, 16:56
Unknown Object (User) moved this task from Backlog to Short Term on the MediaWiki (SRE) board.
RhinosF1 closed this task as Resolved.Nov 14 2021, 08:39
RhinosF1 claimed this task.

Closing, will post Agent's announcement in a bit.

RhinosF1 changed the visibility from "Custom Policy" to "Public (No Login Required)".Nov 14 2021, 08:44
RhinosF1 changed the edit policy from "Custom Policy" to "All Users".
Herald added a subscriber: NDKilla. · View Herald TranscriptNov 14 2021, 08:44
Dmehus awarded a token.Nov 21 2021, 19:04