Page MenuHomeMiraheze

SecurityPolicy
ActivePublic

Members (6)

Watchers (4)

Details

Description

The members of this project have access to security-sensitive tasks.

Do NOT add unauthorized members!

Recent Activity

Tue, Dec 4

Paladox closed T3862: Increase minimum length passwords from 1 to at least 6? as Resolved.
Tue, Dec 4, 16:48 · MacFan4000, Configuration, Security
MacFan4000 claimed T3862: Increase minimum length passwords from 1 to at least 6?.

https://github.com/miraheze/mw-config/pull/2571

Tue, Dec 4, 15:26 · MacFan4000, Configuration, Security
Paladox changed the edit policy for T3862: Increase minimum length passwords from 1 to at least 6?.
Tue, Dec 4, 01:03 · MacFan4000, Configuration, Security
Herald added a project to T3862: Increase minimum length passwords from 1 to at least 6?: MacFan4000.

https://www.mediawiki.org/wiki/Manual:$wgPasswordPolicy

Tue, Dec 4, 00:54 · MacFan4000, Configuration, Security
Paladox created T3862: Increase minimum length passwords from 1 to at least 6?.
Tue, Dec 4, 00:30 · MacFan4000, Configuration, Security

Oct 28 2018

Paladox added a comment to T3739: Permissions settings do not longer seem to be effective.

Hi, you probaly want to change https://christipedia.miraheze.org/wiki/Speciaal:ManageWikiPermissions/* since User only affects logged in users where as * affects annons.

Oct 28 2018, 09:35 · MacFan4000
Reception123 updated subscribers of T3739: Permissions settings do not longer seem to be effective.
Oct 28 2018, 08:15 · MacFan4000
Kees_Langeveld created T3739: Permissions settings do not longer seem to be effective.
Oct 28 2018, 06:18 · MacFan4000

Oct 18 2018

Paladox closed T3712: logo karmel.miraheze as Resolved.
Oct 18 2018, 21:10 · Configuration
Paladox added a comment to T3712: logo karmel.miraheze.

You can do that here https://karmel.miraheze.org/wiki/Especial:ManageWikiSettings (setting the logo)

Oct 18 2018, 21:07 · Configuration
Penarc1 added a comment to T3712: logo karmel.miraheze.

https://karmel.miraheze.org/wiki/Archivo:Wiki.png

Oct 18 2018, 20:45 · Configuration
Penarc1 created T3712: logo karmel.miraheze.
Oct 18 2018, 20:43 · Configuration

Aug 27 2018

CnocBride added a watcher for Security: CnocBride.
Aug 27 2018, 09:14
John closed T3520: Personal and sensitive information being sent third party by a community as Resolved.
Aug 27 2018, 01:56 · MediaWiki, Security
John added a comment to T3520: Personal and sensitive information being sent third party by a community.

https://meta.miraheze.org/wiki/2018-08-26_Security_Disclosure

Aug 27 2018, 01:55 · MediaWiki, Security
John updated the task description for T3520: Personal and sensitive information being sent third party by a community.
Aug 27 2018, 00:13 · MediaWiki, Security

Aug 26 2018

John updated the task description for T3520: Personal and sensitive information being sent third party by a community.
Aug 26 2018, 23:11 · MediaWiki, Security
Void added a comment to T3520: Personal and sensitive information being sent third party by a community.
  1. OS is done.
  2. Warning is going anyway.
  3. List should possibly be here.
Aug 26 2018, 22:55 · MediaWiki, Security
John added a comment to T3520: Personal and sensitive information being sent third party by a community.

Some comments.

  1. Script removal should be done by oversighters (so that local admins cannot restore).

Has been done, don't worry :)

  1. One of the problems is that the guy who made the script has been inactive for months (see this). I'm not sure whether anyone can make a contact.

They'll get an email if they have one. Else, I'm sure others will react anyway.

  1. Also, at least one of the admins there hosts multiple wikis; those wikis should also be investigated (I'll send a list on CVT channel if necessary).

Please do!

Aug 26 2018, 22:55 · MediaWiki, Security
The_Pioneer added a comment to T3520: Personal and sensitive information being sent third party by a community.

Some comments.

  1. Script removal should be done by oversighters (so that local admins cannot restore).
  2. One of the problems is that the guy who made the script has been inactive for months (see this). I'm not sure whether anyone can make a contact.
  3. Also, at least one of the admins there hosts multiple wikis; those wikis should also be investigated (I'll send a list on CVT channel if necessary).
Aug 26 2018, 22:46 · MediaWiki, Security
John updated the task description for T3520: Personal and sensitive information being sent third party by a community.
Aug 26 2018, 22:28 · MediaWiki, Security
John triaged T3520: Personal and sensitive information being sent third party by a community as Unbreak Now! priority.
Aug 26 2018, 22:28 · MediaWiki, Security

Aug 12 2018

Reception123 lowered the priority of T3470: cant upload a dump file from Unbreak Now! to Normal.
Aug 12 2018, 10:04 · Import, MediaWiki
Reception123 closed T3064: Discuss whether to use PediaPress or not as Invalid.
Aug 12 2018, 10:01 · Security, Operations, MacFan4000
Reception123 closed T2011: CentralAuth vulnerability as Resolved.
Aug 12 2018, 10:01 · revi, Security, MediaWiki
Rappy_4187 reopened T3064: Discuss whether to use PediaPress or not as "Open".
Aug 12 2018, 08:59 · Security, Operations, MacFan4000
Rappy_4187 reopened T2011: CentralAuth vulnerability as "Open".
Aug 12 2018, 08:58 · revi, Security, MediaWiki
Rappy_4187 changed the status of T3470: cant upload a dump file from Stalled to Open.
Aug 12 2018, 08:51 · Import, MediaWiki
Rappy_4187 reopened T3477: Requesting custom domain for openhatch wiki as "Open".
Aug 12 2018, 08:50 · SSL

Aug 1 2018

John closed T3443: Linode email to OPS@ received by CVT member as Resolved.

https://github.com/miraheze/puppet/commit/61d1a21dc445ca977b3d04e8aa1a24e808e43da6

Aug 1 2018, 14:09 · Mail
Reception123 updated subscribers of T3443: Linode email to OPS@ received by CVT member.
Aug 1 2018, 13:59 · Mail
Reception123 updated the task description for T3443: Linode email to OPS@ received by CVT member.
Aug 1 2018, 13:59 · Mail
Reception123 triaged T3443: Linode email to OPS@ received by CVT member as Unbreak Now! priority.
Aug 1 2018, 13:58 · Mail

Jul 31 2018

John closed T3436: Lock down sql.php to only be able to access wiki's as Resolved.

Done a minor change but this was never a security issue.

Jul 31 2018, 18:31 · Operations
John added a comment to T3436: Lock down sql.php to only be able to access wiki's.

Okay, can access - but can't use.

Jul 31 2018, 18:21 · Operations
NDKilla changed the visibility for T3436: Lock down sql.php to only be able to access wiki's.
Jul 31 2018, 17:06 · Operations
Paladox updated subscribers of T3436: Lock down sql.php to only be able to access wiki's.
Jul 31 2018, 15:54 · Operations
Paladox added a comment to T3436: Lock down sql.php to only be able to access wiki's.

I have locked down sql.php on mw* by chown root:root sql.php and chmod 0400 sql.php.

Jul 31 2018, 15:52 · Operations
Reception123 lowered the priority of T3436: Lock down sql.php to only be able to access wiki's from Unbreak Now! to High.

We have changed it to root only for now, but mw-admins should still be able to use sql.php so we should find another solution.

Jul 31 2018, 15:46 · Operations
Paladox added a comment to T3436: Lock down sql.php to only be able to access wiki's.

tables can also be created.

Jul 31 2018, 15:41 · Operations
Paladox changed the visibility for T3436: Lock down sql.php to only be able to access wiki's.
Jul 31 2018, 15:40 · Operations
Reception123 added a comment to T3436: Lock down sql.php to only be able to access wiki's.

Dropping of course does not work, but accessing any db that is not meant for mw-admins (such as phabricator_*, icinga, etc.) can be done via the SQL.php prompt

Jul 31 2018, 15:40 · Operations
Paladox changed the visibility for T3436: Lock down sql.php to only be able to access wiki's.
Jul 31 2018, 15:40 · Operations
Paladox changed the edit policy for T3436: Lock down sql.php to only be able to access wiki's.
Jul 31 2018, 15:38 · Operations
Paladox changed the edit policy for T3436: Lock down sql.php to only be able to access wiki's.
Jul 31 2018, 15:37 · Operations
Paladox raised the priority of T3436: Lock down sql.php to only be able to access wiki's from High to Unbreak Now!.
Jul 31 2018, 15:37 · Operations
Paladox created T3436: Lock down sql.php to only be able to access wiki's.
Jul 31 2018, 15:36 · Operations

Jul 26 2018

Southparkfan removed a member for Security: revi.
Jul 26 2018, 14:49

Jun 3 2018

MacFan4000 added a watcher for Security: MacFan4000.
Jun 3 2018, 21:07

May 30 2018

John changed the edit policy for T3162: Upgrade git to 2.17.1.
May 30 2018, 14:21 · Operations, Security