Page MenuHomeMiraheze

acl*security_reviewersPolicy
ActivePublic

Members (7)

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

This project serves as an ACL for pastes or tasks created by security reviewers. Only security reviewers and members of acl*security should be a member of this project.

Recent Activity

Jun 30 2021

Reception123 added a member for acl*security_reviewers: Owen.
Jun 30 2021, 15:28

Jun 25 2021

Universal_Omega closed T7508: GoogleCustomWikiSearch Does Not Escape Config Variables as Invalid.

This doesn't need to be a local task with an upstream task existing.

Jun 25 2021, 04:21 · MediaWiki (SRE), Security

Jun 22 2021

R4356th added a comment to T7508: GoogleCustomWikiSearch Does Not Escape Config Variables.

Note: Even if the upstream task is resolved, $wgGoogleCustomWikiSearchOptions should never be added to ManageWiki because it is supposed to contain JS by design.

Jun 22 2021, 08:19 · MediaWiki (SRE), Security
R4356th claimed T7508: GoogleCustomWikiSearch Does Not Escape Config Variables.
Jun 22 2021, 07:41 · MediaWiki (SRE), Security
RhinosF1 added a comment to T7508: GoogleCustomWikiSearch Does Not Escape Config Variables.

ManageWiki has its own validation types. If we can use them then we're fine. I wouldn't like to deploy exploitable vulnerabilities though if we can afford it.

Jun 22 2021, 05:10 · MediaWiki (SRE), Security
Universal_Omega added a comment to T7508: GoogleCustomWikiSearch Does Not Escape Config Variables.

And actually even adding to ManageWiki may not be a blocker for this for the same reason only unescaped interface messages aren't by themselves a reason to decline.

Jun 22 2021, 04:40 · MediaWiki (SRE), Security
Universal_Omega added a comment to T7508: GoogleCustomWikiSearch Does Not Escape Config Variables.

This should be done upstream but for now is not a blocker for the extension review if we don't add the configs to ManageWiki.

Jun 22 2021, 04:35 · MediaWiki (SRE), Security
R4356th lowered the priority of T7508: GoogleCustomWikiSearch Does Not Escape Config Variables from High to Normal.
Jun 22 2021, 04:31 · MediaWiki (SRE), Security
R4356th added a parent task for T7508: GoogleCustomWikiSearch Does Not Escape Config Variables: T7457: Enable the GoogleCustomWikiSearch extension on https://worldsanskrit.net.
Jun 22 2021, 04:31 · MediaWiki (SRE), Security
R4356th created T7508: GoogleCustomWikiSearch Does Not Escape Config Variables.
Jun 22 2021, 04:30 · MediaWiki (SRE), Security

Jun 14 2021

Void added a member for acl*security_reviewers: Void.
Jun 14 2021, 17:15
Reception123 removed a member for acl*security_reviewers: Paladox.
Jun 14 2021, 17:11
Reception123 removed a member for acl*security_reviewers: John.
Jun 14 2021, 17:11

Feb 15 2021

Paladox removed a member for acl*security_reviewers: NDKilla.
Feb 15 2021, 15:52
Paladox removed a member for acl*security_reviewers: Zppix.
Feb 15 2021, 15:52

Jan 24 2021

Southparkfan added a member for acl*security_reviewers: R4356th.
Jan 24 2021, 17:49

Aug 25 2020

Reception123 added a member for acl*security_reviewers: Universal_Omega.
Aug 25 2020, 04:59

Aug 24 2020

Southparkfan set the icon for acl*security_reviewers to Policy.
Aug 24 2020, 22:04
Southparkfan set the image for acl*security_reviewers to F1243031: profile.
Aug 24 2020, 22:03
Southparkfan created acl*security_reviewers.
Aug 24 2020, 22:03