Page MenuHomeMiraheze
Feed Advanced Search

Feb 20 2024

Agent_Isai removed a member for acl*security_reviewers: Paladox.
Feb 20 2024, 02:25
Agent_Isai removed a member for acl*security_reviewers: Owen.
Feb 20 2024, 02:25

Jan 29 2024

Universal_Omega added a member for acl*security_reviewers: labster.
Jan 29 2024, 19:39

Jan 7 2024

Universal_Omega added a member for acl*security_reviewers: Redmin.
Jan 7 2024, 10:16

Jan 6 2024

Universal_Omega added members for acl*security_reviewers: Reception123, Void, Owen, Agent_Isai, MacFan4000, Paladox, Original_Authority.
Jan 6 2024, 21:25
Universal_Omega added a member for acl*security_reviewers: Universal_Omega.
Jan 6 2024, 21:22
Universal_Omega added a watcher for acl*security_reviewers: Universal_Omega.
Jan 6 2024, 21:22
Universal_Omega activated acl*security_reviewers.
Jan 6 2024, 21:21

Oct 16 2021

Reception123 removed a member for acl*security_reviewers: Owen.
Oct 16 2021, 09:08
Reception123 removed a member for acl*security_reviewers: Void.
Oct 16 2021, 09:08
Reception123 removed a member for acl*security_reviewers: Redmin.
Oct 16 2021, 09:08
Reception123 removed a member for acl*security_reviewers: Unknown Object (User).
Oct 16 2021, 09:08
Reception123 removed a member for acl*security_reviewers: RhinosF1.
Oct 16 2021, 09:08
Reception123 removed a member for acl*security_reviewers: Southparkfan.
Oct 16 2021, 09:08
Reception123 removed a member for acl*security_reviewers: Reception123.
Oct 16 2021, 09:08
Reception123 archived acl*security_reviewers.
Oct 16 2021, 05:00

Jun 30 2021

Reception123 added a member for acl*security_reviewers: Owen.
Jun 30 2021, 15:28

Jun 25 2021

Unknown Object (User) closed T7508: GoogleCustomWikiSearch Does Not Escape Config Variables as Invalid.

This doesn't need to be a local task with an upstream task existing.

Jun 25 2021, 04:21 · MediaWiki (SRE), Security

Jun 22 2021

Redmin added a comment to T7508: GoogleCustomWikiSearch Does Not Escape Config Variables.

Note: Even if the upstream task is resolved, $wgGoogleCustomWikiSearchOptions should never be added to ManageWiki because it is supposed to contain JS by design.

Jun 22 2021, 08:19 · MediaWiki (SRE), Security
Redmin claimed T7508: GoogleCustomWikiSearch Does Not Escape Config Variables.
Jun 22 2021, 07:41 · MediaWiki (SRE), Security
RhinosF1 added a comment to T7508: GoogleCustomWikiSearch Does Not Escape Config Variables.

ManageWiki has its own validation types. If we can use them then we're fine. I wouldn't like to deploy exploitable vulnerabilities though if we can afford it.

Jun 22 2021, 05:10 · MediaWiki (SRE), Security
Unknown Object (User) added a comment to T7508: GoogleCustomWikiSearch Does Not Escape Config Variables.

And actually even adding to ManageWiki may not be a blocker for this for the same reason only unescaped interface messages aren't by themselves a reason to decline.

Jun 22 2021, 04:40 · MediaWiki (SRE), Security
Unknown Object (User) added a comment to T7508: GoogleCustomWikiSearch Does Not Escape Config Variables.

This should be done upstream but for now is not a blocker for the extension review if we don't add the configs to ManageWiki.

Jun 22 2021, 04:35 · MediaWiki (SRE), Security
Redmin lowered the priority of T7508: GoogleCustomWikiSearch Does Not Escape Config Variables from High to Normal.
Jun 22 2021, 04:31 · MediaWiki (SRE), Security
Redmin added a parent task for T7508: GoogleCustomWikiSearch Does Not Escape Config Variables: T7457: Enable the GoogleCustomWikiSearch extension on https://worldsanskrit.net.
Jun 22 2021, 04:31 · MediaWiki (SRE), Security
Redmin created T7508: GoogleCustomWikiSearch Does Not Escape Config Variables.
Jun 22 2021, 04:30 · MediaWiki (SRE), Security

Jun 14 2021

Void added a member for acl*security_reviewers: Void.
Jun 14 2021, 17:15
Reception123 removed a member for acl*security_reviewers: Paladox.
Jun 14 2021, 17:11
Reception123 removed a member for acl*security_reviewers: John.
Jun 14 2021, 17:11

Feb 15 2021

Paladox removed a member for acl*security_reviewers: NDKilla.
Feb 15 2021, 15:52
Paladox removed a member for acl*security_reviewers: Zppix.
Feb 15 2021, 15:52

Jan 24 2021

Southparkfan added a member for acl*security_reviewers: Redmin.
Jan 24 2021, 17:49

Aug 25 2020

Reception123 added a member for acl*security_reviewers: Unknown Object (User).
Aug 25 2020, 04:59

Aug 24 2020

Southparkfan set the icon for acl*security_reviewers to Policy.
Aug 24 2020, 22:04
Southparkfan set the image for acl*security_reviewers to F1243031: profile.
Aug 24 2020, 22:03
Southparkfan created acl*security_reviewers.
Aug 24 2020, 22:03