Page MenuHomeMiraheze
Feed Advanced Search

Dec 3 2022

Reception123 merged T10041: Please restore Score extension into T5863: Re-enable score/Lillypond with Shellbox after security issues.
Dec 3 2022, 06:36 · Puppet, Configuration, MediaWiki (SRE), Security

Nov 13 2022

Owen moved T9123: Join NCSC services for enhanced support from Backlog to External on the Trust & Safety board.
Nov 13 2022, 22:04 · Trust & Safety, Site Reliability Engineering, Security

Nov 8 2022

Reception123 closed T9927: Issue in Domain pointing and SSL as Invalid.

Not a security issue, original task was fine (T9924). You just needed to wait until we did the configuration on our side.

Nov 8 2022, 13:37 · MediaWiki (SRE), SSL
Bankerpedia created T9927: Issue in Domain pointing and SSL.
Nov 8 2022, 12:00 · MediaWiki (SRE), SSL

Nov 4 2022

Missmaze created T9909: Missing photos on Wiji.
Nov 4 2022, 22:34 · Universal Omega, MediaWiki (SRE), Swift

Sep 12 2022

Universal_Omega moved T5863: Re-enable score/Lillypond with Shellbox after security issues from Short Term to Long Term on the MediaWiki (SRE) board.
Sep 12 2022, 22:27 · Puppet, Configuration, MediaWiki (SRE), Security

Jul 30 2022

Dmehus added a comment to T9500: Retention of UserBoard data as part of the SocialProfile extension.
Jul 30 2022, 21:15 · RemovePII, MediaWiki (SRE), Trust & Safety, Security

Jul 29 2022

Universal_Omega closed T9500: Retention of UserBoard data as part of the SocialProfile extension as Resolved.
Jul 29 2022, 06:48 · RemovePII, MediaWiki (SRE), Trust & Safety, Security
Universal_Omega moved T9500: Retention of UserBoard data as part of the SocialProfile extension from Features to Bugs on the RemovePII board.
Jul 29 2022, 06:38 · RemovePII, MediaWiki (SRE), Trust & Safety, Security
Universal_Omega moved T9500: Retention of UserBoard data as part of the SocialProfile extension from Backlog to Features on the RemovePII board.
Jul 29 2022, 06:37 · RemovePII, MediaWiki (SRE), Trust & Safety, Security
Universal_Omega edited projects for T9500: Retention of UserBoard data as part of the SocialProfile extension, added: RemovePII; removed Extensions.
Jul 29 2022, 06:37 · RemovePII, MediaWiki (SRE), Trust & Safety, Security
Universal_Omega moved T9500: Retention of UserBoard data as part of the SocialProfile extension from Backlog to Short Term on the MediaWiki (SRE) board.
Jul 29 2022, 06:36 · RemovePII, MediaWiki (SRE), Trust & Safety, Security
Universal_Omega claimed T9500: Retention of UserBoard data as part of the SocialProfile extension.
Jul 29 2022, 05:59 · RemovePII, MediaWiki (SRE), Trust & Safety, Security
Universal_Omega added a comment to T9500: Retention of UserBoard data as part of the SocialProfile extension.

https://github.com/miraheze/RemovePII/pull/60

Jul 29 2022, 00:51 · RemovePII, MediaWiki (SRE), Trust & Safety, Security

Jul 17 2022

Owen moved T9500: Retention of UserBoard data as part of the SocialProfile extension from External to Internal on the Trust & Safety board.
Jul 17 2022, 15:26 · RemovePII, MediaWiki (SRE), Trust & Safety, Security
Owen moved T9500: Retention of UserBoard data as part of the SocialProfile extension from Backlog to External on the Trust & Safety board.
Jul 17 2022, 14:35 · RemovePII, MediaWiki (SRE), Trust & Safety, Security

Jul 9 2022

Reception123 added a comment to T9500: Retention of UserBoard data as part of the SocialProfile extension.

@Dmehus I've discussed this with @Universal_Omega a little and it seems like what we'd need to do is remove mentions from the page text? It doesn't seem possible without deleting all boards but potentially we could attempt to delete all boards which are sent by a user? Though that seems quite complex

Jul 9 2022, 09:57 · RemovePII, MediaWiki (SRE), Trust & Safety, Security

Jul 7 2022

Dmehus updated the task description for T9500: Retention of UserBoard data as part of the SocialProfile extension.
Jul 7 2022, 02:59 · RemovePII, MediaWiki (SRE), Trust & Safety, Security
Dmehus created T9500: Retention of UserBoard data as part of the SocialProfile extension.
Jul 7 2022, 02:57 · RemovePII, MediaWiki (SRE), Trust & Safety, Security

Jun 16 2022

Universal_Omega changed the visibility for T9366: Upgrade linux kernel on all hosts.
Jun 16 2022, 05:18 · Infrastructure (SRE), Security
Universal_Omega closed T9366: Upgrade linux kernel on all hosts as Resolved.
Jun 16 2022, 05:17 · Infrastructure (SRE), Security

Jun 13 2022

Paladox added a comment to T9366: Upgrade linux kernel on all hosts.
In T9366#189952, @John wrote:

It does also now cross my mind that ProxMox is installed on the HDDs of the server, maybe not too relevant here but we might want to look at some work to move it over to the SSDs

Jun 13 2022, 21:04 · Infrastructure (SRE), Security
John added a comment to T9366: Upgrade linux kernel on all hosts.

It does also now cross my mind that ProxMox is installed on the HDDs of the server, maybe not too relevant here but we might want to look at some work to move it over to the SSDs

Jun 13 2022, 21:01 · Infrastructure (SRE), Security
Paladox added a comment to T9366: Upgrade linux kernel on all hosts.

The best bet in my opinion is the reboot them during the MW upgrade as users already expect broken.

@Paladox is this something you can facilitate?

Jun 13 2022, 20:58 · Infrastructure (SRE), Security
John added a comment to T9366: Upgrade linux kernel on all hosts.

Cloud servers can't be done without downtime can they?

Jun 13 2022, 20:53 · Infrastructure (SRE), Security
RhinosF1 added a comment to T9366: Upgrade linux kernel on all hosts.

Cloud servers can't be done without downtime can they?

Jun 13 2022, 20:51 · Infrastructure (SRE), Security
John added a comment to T9366: Upgrade linux kernel on all hosts.

It feels like hosts should have been done based on cloud server rather than individually as we need to reboot the physical hosts as well.

Jun 13 2022, 20:50 · Infrastructure (SRE), Security
Paladox added a comment to T9366: Upgrade linux kernel on all hosts.

Upgraded graylog121

Jun 13 2022, 19:33 · Infrastructure (SRE), Security
Paladox added a comment to T9366: Upgrade linux kernel on all hosts.

Upgraded phab121, ldap111, bast101, bast121 and mail121.

Jun 13 2022, 19:17 · Infrastructure (SRE), Security
Paladox added a comment to T9366: Upgrade linux kernel on all hosts.

Upgraded matomo101, prometheus101, mon111 and puppet111.

Jun 13 2022, 19:02 · Infrastructure (SRE), Security

Jun 11 2022

Universal_Omega added a comment to T9366: Upgrade linux kernel on all hosts.

mw*, mwtask111, test101, and jobchron121 are now done.

Jun 11 2022, 18:00 · Infrastructure (SRE), Security
Universal_Omega added a comment to T9366: Upgrade linux kernel on all hosts.

I filed the task because Icinga alerted again. It was only released this morning.

Jun 11 2022, 15:43 · Infrastructure (SRE), Security
RhinosF1 added a comment to T9366: Upgrade linux kernel on all hosts.

And yes they were numerous issues in how the upgrades were done early this morning

Jun 11 2022, 15:43 · Infrastructure (SRE), Security
RhinosF1 added a comment to T9366: Upgrade linux kernel on all hosts.

I filed the task because Icinga alerted again. It was only released this morning.

Jun 11 2022, 15:43 · Infrastructure (SRE), Security
Universal_Omega added a comment to T9366: Upgrade linux kernel on all hosts.

I think this would've been done yesterday by Reception123, so just needs a reboot on servers that weren't rebooted. Some major ones had to be because of outage. db* was rebooted, mon111 was rebooted, phab121 was rebooted, a single mw server was (by me) and test101 was. So I think all those are already done.

Jun 11 2022, 15:40 · Infrastructure (SRE), Security
RhinosF1 created T9366: Upgrade linux kernel on all hosts.
Jun 11 2022, 10:23 · Infrastructure (SRE), Security

May 11 2022

Routhwick updated subscribers of T8866: 500 error when attempting to create certain pages.

On a related note post-resolution (after several days' delay): Subsequent conversions to Scribunto/Lua have still led to similar problems on the Tovasala-English pages whose titles begin with "S"; instances of the recently launched {{Find}} module in the {{Entry}} system are causing the Position-component system and rhyme-page links to go awry:

May 11 2022, 15:06 · Extensions, Performance, Security, MediaWiki (SRE)
Universal_Omega added a comment to T9207: Usergroups required for autopromotion keep being reset.

This should now be fixed. Apologies for the issue.

May 11 2022, 05:39 · Security, ManageWiki, MediaWiki (SRE)
Universal_Omega closed T9207: Usergroups required for autopromotion keep being reset as Resolved.
May 11 2022, 05:39 · Security, ManageWiki, MediaWiki (SRE)

May 10 2022

Universal_Omega claimed T9207: Usergroups required for autopromotion keep being reset.

https://github.com/miraheze/ManageWiki/pull/359 should hopefully fix this. The issue is not as severe as I initially thought since autopromote still is functional, it just gets overriden if group is saved again, since the form defaults for the autopromote groups is incorrect.

May 10 2022, 21:07 · Security, ManageWiki, MediaWiki (SRE)
Universal_Omega added a comment to T9207: Usergroups required for autopromotion keep being reset.

I am able to reproduce with 100% reproduction. (Every single time)

May 10 2022, 20:02 · Security, ManageWiki, MediaWiki (SRE)
Universal_Omega changed the visibility for T9207: Usergroups required for autopromotion keep being reset.
May 10 2022, 20:02 · Security, ManageWiki, MediaWiki (SRE)

May 9 2022

Universal_Omega edited projects for T5863: Re-enable score/Lillypond with Shellbox after security issues, added: Puppet; removed Extensions.
May 9 2022, 19:25 · Puppet, Configuration, MediaWiki (SRE), Security

May 4 2022

Universal_Omega moved T7214: Write docs for GHSA from Backlog to MediaWiki on the Documentation board.
May 4 2022, 17:22 · Documentation, Security, MediaWiki (SRE)

Apr 24 2022

John changed the visibility for T9123: Join NCSC services for enhanced support.
Apr 24 2022, 16:29 · Trust & Safety, Site Reliability Engineering, Security
RhinosF1 added a comment to T9123: Join NCSC services for enhanced support.

@John: it says email us and ask if you don't have a sponsor?

Apr 24 2022, 16:23 · Trust & Safety, Site Reliability Engineering, Security
John closed T9123: Join NCSC services for enhanced support as Resolved.

Early Warning has been signed up to.

Apr 24 2022, 16:22 · Trust & Safety, Site Reliability Engineering, Security

Apr 22 2022

RhinosF1 added a comment to T9123: Join NCSC services for enhanced support.

https://www.ncsc.gov.uk/information/cyber-security-information-sharing-partnership--cisp- & https://acdhub.service.ncsc.gov.uk/

Apr 22 2022, 19:08 · Trust & Safety, Site Reliability Engineering, Security
RhinosF1 moved T9123: Join NCSC services for enhanced support from Radar to Discussion on the Site Reliability Engineering board.
Apr 22 2022, 19:01 · Trust & Safety, Site Reliability Engineering, Security
RhinosF1 created T9123: Join NCSC services for enhanced support.
Apr 22 2022, 19:01 · Trust & Safety, Site Reliability Engineering, Security

Apr 17 2022

Universal_Omega added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

I was directed to this task over IRC. It appears to already be closed, and have little relevance to me at all. What is going on here?

You must've been directed to the wrong task, I'd assume? T9071 is probably what they meant to direct you to, I'm assuming, based off conversation I have observed. But that task is currently private.

No, I thought Naleksuh might be interested in the task, so sent him this link.

Apr 17 2022, 07:48 · Extensions, Trust & Safety, MediaWiki (SRE), Security
Dmehus added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

I was directed to this task over IRC. It appears to already be closed, and have little relevance to me at all. What is going on here?

You must've been directed to the wrong task, I'd assume? T9071 is probably what they meant to direct you to, I'm assuming, based off conversation I have observed. But that task is currently private.

Apr 17 2022, 07:29 · Extensions, Trust & Safety, MediaWiki (SRE), Security
Universal_Omega added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

I was directed to this task over IRC. It appears to already be closed, and have little relevance to me at all. What is going on here?

Apr 17 2022, 05:23 · Extensions, Trust & Safety, MediaWiki (SRE), Security
Naleksuh added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

I was directed to this task over IRC. It appears to already be closed, and have little relevance to me at all. What is going on here?

Apr 17 2022, 04:47 · Extensions, Trust & Safety, MediaWiki (SRE), Security
Dmehus added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

I mentioned the CreateRedirect error on its talk page (sorry, I didn't realise this was a hidden security task! I shouldn't've advertised it publicly), and it looks like the issue has been fixed: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CreateRedirect/+/780567

Apr 17 2022, 04:36 · Extensions, Trust & Safety, MediaWiki (SRE), Security
Dmehus added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

No problem.

@Dmehus: any issues to making public?

No objections if @John and @Owen have no issues making it public

It already is now.

Apr 17 2022, 04:32 · Extensions, Trust & Safety, MediaWiki (SRE), Security
Dmehus added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

@Samwilson: It looks like create redirect is at fault. I can move the Main_Page without being able to edit it and the user used that. It looks like you are one of 2 project members. Can you look into this?

Apr 17 2022, 04:31 · Extensions, Trust & Safety, MediaWiki (SRE), Security
Universal_Omega added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

No problem.

@Dmehus: any issues to making public?

No objections if @John and @Owen have no issues making it public

Apr 17 2022, 04:28 · Extensions, Trust & Safety, MediaWiki (SRE), Security
Dmehus updated subscribers of T9061: CreateRedirect has weak (no?) permissions checks.

No problem.

@Dmehus: any issues to making public?

Apr 17 2022, 04:26 · Extensions, Trust & Safety, MediaWiki (SRE), Security

Apr 16 2022

RhinosF1 renamed T8983: 23 Mar 2022 DoS from 23 Mar 2022 DDoS to 23 Mar 2022 DoS.
Apr 16 2022, 09:17 · MediaWiki, Infrastructure (SRE), Varnish, Security

Apr 15 2022

Routhwick added a comment to T8866: 500 error when attempting to create certain pages.

As to what might have caused those 500s/502s all along:

Apr 15 2022, 12:46 · Extensions, Performance, Security, MediaWiki (SRE)
Universal_Omega added a comment to T8866: 500 error when attempting to create certain pages.

Which leaves only Regex Fun--or Scribunto/Lua--as our only options from here. Too bad it had to come down to this--but for what it's worth, I implemented RegexFunctions on the basis of good faith four months ago (as a means of code curbing). Never expected this trouble to arise just from RgxF, but then again...

Apr 15 2022, 03:59 · Extensions, Performance, Security, MediaWiki (SRE)
Routhwick added a comment to T8866: 500 error when attempting to create certain pages.

Which leaves only Regex Fun--or Scribunto/Lua--as our only options from here. Too bad it had to come down to this--but for what it's worth, I implemented RegexFunctions on the basis of good faith four months ago (as a means of code curbing). Never expected this trouble to arise just from RgxF, but then again...

Apr 15 2022, 03:55 · Extensions, Performance, Security, MediaWiki (SRE)
Universal_Omega added a comment to T8866: 500 error when attempting to create certain pages.

I think we should consider permanent removal of RegexFunctions.

But not before bringing up this advice/pro-tip from RegexFunctions developer "Skizzers" himself, which may help me prevent future catastrophes of such like:

RegexFunctions will not block you from using a terrible regex that causes all sorts of backtracking and uses up a ton of resources. Either optimize your regexes or move to a solution like Scribunto (and lua's pattern matching, which is a lot lighter-weight than regex). If you want to go the former route, there is plenty of information online on how to avoid regex patterns that cause excessive backtracking.

Bolded emphasis mine--and for starters, Jan Goyvaerts of RegExp.info has been there before. That said, I'll do some testing of the trouble spot(s) at ExpandTemplates and remind you on how it's shaping up.

Apr 15 2022, 02:06 · Extensions, Performance, Security, MediaWiki (SRE)
Routhwick added a comment to T8866: 500 error when attempting to create certain pages.

I think we should consider permanent removal of RegexFunctions.

Apr 15 2022, 01:54 · Extensions, Performance, Security, MediaWiki (SRE)
Universal_Omega closed T9049: PHP-FPM issues as Resolved.
Apr 15 2022, 01:10 · Security, Performance, MediaWiki, MediaWiki (SRE)
Universal_Omega added a comment to T9049: PHP-FPM issues.

Is their a reason this is a security task still? It is not an issue that users can reproduce themselves so see no reason why.

Apr 15 2022, 00:52 · Security, Performance, MediaWiki, MediaWiki (SRE)
Universal_Omega closed T8866: 500 error when attempting to create certain pages as Resolved.

Made public since RegexFunctions was disabled for us, which mitigated the issue for you, so considering this task resolved, as it is less issue now. I think we should consider permanent removal of RegexFunctions.

Apr 15 2022, 00:51 · Extensions, Performance, Security, MediaWiki (SRE)
Universal_Omega changed the visibility for T8866: 500 error when attempting to create certain pages.
Apr 15 2022, 00:49 · Extensions, Performance, Security, MediaWiki (SRE)

Apr 14 2022

Universal_Omega changed the visibility for T9061: CreateRedirect has weak (no?) permissions checks.
Apr 14 2022, 21:31 · Extensions, Trust & Safety, MediaWiki (SRE), Security
RhinosF1 added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

No objectionw

Apr 14 2022, 20:47 · Extensions, Trust & Safety, MediaWiki (SRE), Security
Universal_Omega added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

Is this task ok to be made public?

Apr 14 2022, 20:46 · Extensions, Trust & Safety, MediaWiki (SRE), Security
Universal_Omega closed T9061: CreateRedirect has weak (no?) permissions checks as Resolved.

Extension patched upstream, and updated for us, I will do another full review of the extension, and then hopefully re-enable it.

Apr 14 2022, 20:46 · Extensions, Trust & Safety, MediaWiki (SRE), Security
Raidarr added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

As possible I strongly encourage interfacing with the local wikis. I suspect a lot of traffic that would benefit from an announcement, simply does not pass through Meta or its CN.

Apr 14 2022, 20:19 · Extensions, Trust & Safety, MediaWiki (SRE), Security
Agent_Isai updated subscribers of T9061: CreateRedirect has weak (no?) permissions checks.

Technical mishap ;)

Apr 14 2022, 20:09 · Extensions, Trust & Safety, MediaWiki (SRE), Security
Agent_Isai updated subscribers of T9061: CreateRedirect has weak (no?) permissions checks.

My view is that if RedirectManager is very similar to CreateRedirect and does not present the issues that CR does we should replace it.

Apr 14 2022, 20:08 · Extensions, Trust & Safety, MediaWiki (SRE), Security
Routhwick added a comment to T8866: 500 error when attempting to create certain pages.

Hi, can you please see if it is better now?

Apr 14 2022, 13:34 · Extensions, Performance, Security, MediaWiki (SRE)
Reception123 added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

My view is that if RedirectManager is very similar to CreateRedirect and does not present the issues that CR does we should replace it.

Apr 14 2022, 11:40 · Extensions, Trust & Safety, MediaWiki (SRE), Security
RhinosF1 added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

Note: T1140#25572 is original review

Apr 14 2022, 11:15 · Extensions, Trust & Safety, MediaWiki (SRE), Security
RhinosF1 moved T9061: CreateRedirect has weak (no?) permissions checks from Deployed Extension Bugs to Security Review Needed on the Extensions board.
Apr 14 2022, 11:14 · Extensions, Trust & Safety, MediaWiki (SRE), Security
RhinosF1 lowered the priority of T9061: CreateRedirect has weak (no?) permissions checks from High to Low.
Apr 14 2022, 11:14 · Extensions, Trust & Safety, MediaWiki (SRE), Security
RhinosF1 added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

@Universal_Omega: I'd appreciate a security review / opinion on the below as this doesn't fill me with great confidence.

Apr 14 2022, 11:14 · Extensions, Trust & Safety, MediaWiki (SRE), Security
RhinosF1 added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

I filed https://phabricator.wikimedia.org/T306174 for getting a CVE

Apr 14 2022, 11:13 · Extensions, Trust & Safety, MediaWiki (SRE), Security
RhinosF1 added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

No problem.

Apr 14 2022, 11:09 · Extensions, Trust & Safety, MediaWiki (SRE), Security
Samwilson added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

I mentioned the CreateRedirect error on its talk page (sorry, I didn't realise this was a hidden security task! I shouldn't've advertised it publicly), and it looks like the issue has been fixed: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CreateRedirect/+/780567

Apr 14 2022, 10:57 · Extensions, Trust & Safety, MediaWiki (SRE), Security
RhinosF1 added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

Given the risk with the currently layout and how much nicer @Samwilson's looks, if it passed security review, I'd consider replacing CreateRedirect with it.

Apr 14 2022, 06:52 · Extensions, Trust & Safety, MediaWiki (SRE), Security
Samwilson added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

I'm not a member, just watching that project.

Apr 14 2022, 06:05 · Extensions, Trust & Safety, MediaWiki (SRE), Security
Universal_Omega added a comment to T8866: 500 error when attempting to create certain pages.

RegexFunctions has been disabled as it's causing OOMs.

Apr 14 2022, 01:45 · Extensions, Performance, Security, MediaWiki (SRE)
Universal_Omega moved T8866: 500 error when attempting to create certain pages from Backlog to Short Term on the MediaWiki (SRE) board.
Apr 14 2022, 01:38 · Extensions, Performance, Security, MediaWiki (SRE)
Universal_Omega moved T8866: 500 error when attempting to create certain pages from Backlog to Deployed Extension Bugs on the Extensions board.
Apr 14 2022, 01:38 · Extensions, Performance, Security, MediaWiki (SRE)
Universal_Omega edited projects for T8866: 500 error when attempting to create certain pages, added: Security, Performance, Extensions; removed Configuration.
Apr 14 2022, 01:38 · Extensions, Performance, Security, MediaWiki (SRE)

Apr 13 2022

RhinosF1 renamed T9061: CreateRedirect has weak (no?) permissions checks from Investigate why global block for 148.74.235.89 not effective on wikiweewiki to CreateRedirect has weak (no?) permissions checks.
Apr 13 2022, 15:50 · Extensions, Trust & Safety, MediaWiki (SRE), Security
RhinosF1 updated subscribers of T9061: CreateRedirect has weak (no?) permissions checks.
Apr 13 2022, 15:49 · Extensions, Trust & Safety, MediaWiki (SRE), Security
RhinosF1 added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

@Samwilson: It looks like create redirect is at fault. I can move the Main_Page without being able to edit it and the user used that. It looks like you are one of 2 project members. Can you look into this?

Apr 13 2022, 15:47 · Extensions, Trust & Safety, MediaWiki (SRE), Security
RhinosF1 added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

nothing to do with GlobalBlock at all

Apr 13 2022, 15:43 · Extensions, Trust & Safety, MediaWiki (SRE), Security
RhinosF1 added a comment to T9061: CreateRedirect has weak (no?) permissions checks.
rhinos@mwtask111:~$ sudo -u www-data php /srv/mediawiki/w/maintenance/eval.php --wiki=wikiweewiki
> $title = \TitleFactory::makeTitle('', 'Main_Page', '', '')
Apr 13 2022, 15:21 · Extensions, Trust & Safety, MediaWiki (SRE), Security
RhinosF1 updated subscribers of T9061: CreateRedirect has weak (no?) permissions checks.
Apr 13 2022, 14:28 · Extensions, Trust & Safety, MediaWiki (SRE), Security

Apr 12 2022

Agent_Isai lowered the priority of T9049: PHP-FPM issues from Unbreak Now! to High.

Complete outage as we saw on 7/8 April has not occurred since database backups were disabled so lowering from UBN to High as this is not currently impacting us anymore

Apr 12 2022, 15:55 · Security, Performance, MediaWiki, MediaWiki (SRE)
RhinosF1 added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

The issue will have to be tested on a test wiki by applying a global block to an IP and identifying potential extensions and them being disabled/enabled until we can conclude which one is causing it.

Yeah... I wouldn't prefer to do extension testing on Public Test Wiki, though. This is one of those times when it'd be really still be helpful to have an SRE testing wiki within the existing CentralAuth-linked production wikis.

Apr 12 2022, 08:07 · Extensions, Trust & Safety, MediaWiki (SRE), Security
Reception123 added a project to T7214: Write docs for GHSA: Documentation.
Apr 12 2022, 04:58 · Documentation, Security, MediaWiki (SRE)