Page MenuHomeMiraheze

SecurityPolicy
ActivePublic

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

This project is used for tracking security related tasks (from TLS settings to system hardening, a broad scope). Tasks do not have to be private to qualify for this project's workboard. Please do not use this project as an access control list for security sensitive tasks, we have acl*security for that.

Members of this project are likely to be Miraheze's security contacts. A security contact can help you with information security related questions.

Recent Activity

Sun, Nov 13

Owen moved T9123: Join NCSC services for enhanced support from Backlog to External on the Trust & Safety board.
Sun, Nov 13, 22:04 · Trust & Safety, Site Reliability Engineering, Security

Tue, Nov 8

Reception123 closed T9927: Issue in Domain pointing and SSL as Invalid.

Not a security issue, original task was fine (T9924). You just needed to wait until we did the configuration on our side.

Tue, Nov 8, 13:37 · MediaWiki (SRE), SSL
Bankerpedia created T9927: Issue in Domain pointing and SSL.
Tue, Nov 8, 12:00 · MediaWiki (SRE), SSL

Fri, Nov 4

Missmaze created T9909: Missing photos on Wiji.
Fri, Nov 4, 22:34 · Universal Omega, MediaWiki (SRE), Swift

Sep 12 2022

Universal_Omega moved T5863: Re-enable score/Lillypond with Shellbox after security issues from Short Term to Long Term on the MediaWiki (SRE) board.
Sep 12 2022, 22:27 · Puppet, Configuration, MediaWiki (SRE), Security

Jul 30 2022

Dmehus added a comment to T9500: Retention of UserBoard data as part of the SocialProfile extension.
Jul 30 2022, 21:15 · RemovePII, MediaWiki (SRE), Trust & Safety, Security

Jul 29 2022

Universal_Omega closed T9500: Retention of UserBoard data as part of the SocialProfile extension as Resolved.
Jul 29 2022, 06:48 · RemovePII, MediaWiki (SRE), Trust & Safety, Security
Universal_Omega moved T9500: Retention of UserBoard data as part of the SocialProfile extension from Features to Bugs on the RemovePII board.
Jul 29 2022, 06:38 · RemovePII, MediaWiki (SRE), Trust & Safety, Security
Universal_Omega moved T9500: Retention of UserBoard data as part of the SocialProfile extension from Backlog to Features on the RemovePII board.
Jul 29 2022, 06:37 · RemovePII, MediaWiki (SRE), Trust & Safety, Security
Universal_Omega edited projects for T9500: Retention of UserBoard data as part of the SocialProfile extension, added: RemovePII; removed Extensions.
Jul 29 2022, 06:37 · RemovePII, MediaWiki (SRE), Trust & Safety, Security
Universal_Omega moved T9500: Retention of UserBoard data as part of the SocialProfile extension from Backlog to Short Term on the MediaWiki (SRE) board.
Jul 29 2022, 06:36 · RemovePII, MediaWiki (SRE), Trust & Safety, Security
Universal_Omega claimed T9500: Retention of UserBoard data as part of the SocialProfile extension.
Jul 29 2022, 05:59 · RemovePII, MediaWiki (SRE), Trust & Safety, Security
Universal_Omega added a comment to T9500: Retention of UserBoard data as part of the SocialProfile extension.

https://github.com/miraheze/RemovePII/pull/60

Jul 29 2022, 00:51 · RemovePII, MediaWiki (SRE), Trust & Safety, Security

Jul 17 2022

Owen moved T9500: Retention of UserBoard data as part of the SocialProfile extension from External to Internal on the Trust & Safety board.
Jul 17 2022, 15:26 · RemovePII, MediaWiki (SRE), Trust & Safety, Security
Owen moved T9500: Retention of UserBoard data as part of the SocialProfile extension from Backlog to External on the Trust & Safety board.
Jul 17 2022, 14:35 · RemovePII, MediaWiki (SRE), Trust & Safety, Security

Jul 9 2022

Reception123 added a comment to T9500: Retention of UserBoard data as part of the SocialProfile extension.

@Dmehus I've discussed this with @Universal_Omega a little and it seems like what we'd need to do is remove mentions from the page text? It doesn't seem possible without deleting all boards but potentially we could attempt to delete all boards which are sent by a user? Though that seems quite complex

Jul 9 2022, 09:57 · RemovePII, MediaWiki (SRE), Trust & Safety, Security

Jul 7 2022

Dmehus updated the task description for T9500: Retention of UserBoard data as part of the SocialProfile extension.
Jul 7 2022, 02:59 · RemovePII, MediaWiki (SRE), Trust & Safety, Security
Dmehus created T9500: Retention of UserBoard data as part of the SocialProfile extension.
Jul 7 2022, 02:57 · RemovePII, MediaWiki (SRE), Trust & Safety, Security

Jun 16 2022

Universal_Omega changed the visibility for T9366: Upgrade linux kernel on all hosts.
Jun 16 2022, 05:18 · Infrastructure (SRE), Security
Universal_Omega closed T9366: Upgrade linux kernel on all hosts as Resolved.
Jun 16 2022, 05:17 · Infrastructure (SRE), Security

Jun 13 2022

Paladox added a comment to T9366: Upgrade linux kernel on all hosts.
In T9366#189952, @John wrote:

It does also now cross my mind that ProxMox is installed on the HDDs of the server, maybe not too relevant here but we might want to look at some work to move it over to the SSDs

Jun 13 2022, 21:04 · Infrastructure (SRE), Security
John added a comment to T9366: Upgrade linux kernel on all hosts.

It does also now cross my mind that ProxMox is installed on the HDDs of the server, maybe not too relevant here but we might want to look at some work to move it over to the SSDs

Jun 13 2022, 21:01 · Infrastructure (SRE), Security
Paladox added a comment to T9366: Upgrade linux kernel on all hosts.

The best bet in my opinion is the reboot them during the MW upgrade as users already expect broken.

@Paladox is this something you can facilitate?

Jun 13 2022, 20:58 · Infrastructure (SRE), Security
John added a comment to T9366: Upgrade linux kernel on all hosts.

Cloud servers can't be done without downtime can they?

Jun 13 2022, 20:53 · Infrastructure (SRE), Security
RhinosF1 added a comment to T9366: Upgrade linux kernel on all hosts.

Cloud servers can't be done without downtime can they?

Jun 13 2022, 20:51 · Infrastructure (SRE), Security
John added a comment to T9366: Upgrade linux kernel on all hosts.

It feels like hosts should have been done based on cloud server rather than individually as we need to reboot the physical hosts as well.

Jun 13 2022, 20:50 · Infrastructure (SRE), Security
Paladox added a comment to T9366: Upgrade linux kernel on all hosts.

Upgraded graylog121

Jun 13 2022, 19:33 · Infrastructure (SRE), Security
Paladox added a comment to T9366: Upgrade linux kernel on all hosts.

Upgraded phab121, ldap111, bast101, bast121 and mail121.

Jun 13 2022, 19:17 · Infrastructure (SRE), Security
Paladox added a comment to T9366: Upgrade linux kernel on all hosts.

Upgraded matomo101, prometheus101, mon111 and puppet111.

Jun 13 2022, 19:02 · Infrastructure (SRE), Security

Jun 11 2022

Universal_Omega added a comment to T9366: Upgrade linux kernel on all hosts.

mw*, mwtask111, test101, and jobchron121 are now done.

Jun 11 2022, 18:00 · Infrastructure (SRE), Security
Universal_Omega added a comment to T9366: Upgrade linux kernel on all hosts.

I filed the task because Icinga alerted again. It was only released this morning.

Jun 11 2022, 15:43 · Infrastructure (SRE), Security
RhinosF1 added a comment to T9366: Upgrade linux kernel on all hosts.

And yes they were numerous issues in how the upgrades were done early this morning

Jun 11 2022, 15:43 · Infrastructure (SRE), Security
RhinosF1 added a comment to T9366: Upgrade linux kernel on all hosts.

I filed the task because Icinga alerted again. It was only released this morning.

Jun 11 2022, 15:43 · Infrastructure (SRE), Security
Universal_Omega added a comment to T9366: Upgrade linux kernel on all hosts.

I think this would've been done yesterday by Reception123, so just needs a reboot on servers that weren't rebooted. Some major ones had to be because of outage. db* was rebooted, mon111 was rebooted, phab121 was rebooted, a single mw server was (by me) and test101 was. So I think all those are already done.

Jun 11 2022, 15:40 · Infrastructure (SRE), Security
RhinosF1 created T9366: Upgrade linux kernel on all hosts.
Jun 11 2022, 10:23 · Infrastructure (SRE), Security

May 11 2022

Routhwick updated subscribers of T8866: 500 error when attempting to create certain pages.

On a related note post-resolution (after several days' delay): Subsequent conversions to Scribunto/Lua have still led to similar problems on the Tovasala-English pages whose titles begin with "S"; instances of the recently launched {{Find}} module in the {{Entry}} system are causing the Position-component system and rhyme-page links to go awry:

May 11 2022, 15:06 · Extensions, Performance, Security, MediaWiki (SRE)
Universal_Omega added a comment to T9207: Usergroups required for autopromotion keep being reset.

This should now be fixed. Apologies for the issue.

May 11 2022, 05:39 · Security, ManageWiki, MediaWiki (SRE)
Universal_Omega closed T9207: Usergroups required for autopromotion keep being reset as Resolved.
May 11 2022, 05:39 · Security, ManageWiki, MediaWiki (SRE)

May 10 2022

Universal_Omega claimed T9207: Usergroups required for autopromotion keep being reset.

https://github.com/miraheze/ManageWiki/pull/359 should hopefully fix this. The issue is not as severe as I initially thought since autopromote still is functional, it just gets overriden if group is saved again, since the form defaults for the autopromote groups is incorrect.

May 10 2022, 21:07 · Security, ManageWiki, MediaWiki (SRE)
Universal_Omega added a comment to T9207: Usergroups required for autopromotion keep being reset.

I am able to reproduce with 100% reproduction. (Every single time)

May 10 2022, 20:02 · Security, ManageWiki, MediaWiki (SRE)
Universal_Omega changed the visibility for T9207: Usergroups required for autopromotion keep being reset.
May 10 2022, 20:02 · Security, ManageWiki, MediaWiki (SRE)

May 9 2022

Universal_Omega edited projects for T5863: Re-enable score/Lillypond with Shellbox after security issues, added: Puppet; removed Extensions.
May 9 2022, 19:25 · Puppet, Configuration, MediaWiki (SRE), Security

May 4 2022

Universal_Omega moved T7214: Write docs for GHSA from Backlog to MediaWiki on the Documentation board.
May 4 2022, 17:22 · Documentation, Security, MediaWiki (SRE)

Apr 24 2022

John changed the visibility for T9123: Join NCSC services for enhanced support.
Apr 24 2022, 16:29 · Trust & Safety, Site Reliability Engineering, Security
RhinosF1 added a comment to T9123: Join NCSC services for enhanced support.

@John: it says email us and ask if you don't have a sponsor?

Apr 24 2022, 16:23 · Trust & Safety, Site Reliability Engineering, Security
John closed T9123: Join NCSC services for enhanced support as Resolved.

Early Warning has been signed up to.

Apr 24 2022, 16:22 · Trust & Safety, Site Reliability Engineering, Security

Apr 22 2022

RhinosF1 added a comment to T9123: Join NCSC services for enhanced support.

https://www.ncsc.gov.uk/information/cyber-security-information-sharing-partnership--cisp- & https://acdhub.service.ncsc.gov.uk/

Apr 22 2022, 19:08 · Trust & Safety, Site Reliability Engineering, Security
RhinosF1 moved T9123: Join NCSC services for enhanced support from Radar to Discussion on the Site Reliability Engineering board.
Apr 22 2022, 19:01 · Trust & Safety, Site Reliability Engineering, Security
RhinosF1 created T9123: Join NCSC services for enhanced support.
Apr 22 2022, 19:01 · Trust & Safety, Site Reliability Engineering, Security

Apr 17 2022

Universal_Omega added a comment to T9061: CreateRedirect has weak (no?) permissions checks.

I was directed to this task over IRC. It appears to already be closed, and have little relevance to me at all. What is going on here?

You must've been directed to the wrong task, I'd assume? T9071 is probably what they meant to direct you to, I'm assuming, based off conversation I have observed. But that task is currently private.

No, I thought Naleksuh might be interested in the task, so sent him this link.

Apr 17 2022, 07:48 · Extensions, Trust & Safety, MediaWiki (SRE), Security