Page MenuHomeMiraheze

SecurityPolicy
ActivePublic

Members (7)

Watchers (5)

Details

Description

The members of this project have access to security-sensitive tasks.

Do NOT add unauthorized members!

Recent Activity

Feb 8 2019

Eduaddad triaged T4090: error in my account as Normal priority.
Feb 8 2019, 19:26 · Configuration

Jan 31 2019

Void added a comment to T4064: Abuse filter rangeblocks reveal user information.

Regardless, we've disabled the feature in https://git.io/fhyHl.

Jan 31 2019, 23:40 · Security
John closed T4064: Abuse filter rangeblocks reveal user information as Invalid.
Jan 31 2019, 23:38 · Security
John added a comment to T4064: Abuse filter rangeblocks reveal user information.

But we do this? User + range blocking. Though /16s are WAY too large to block automatically.

Jan 31 2019, 23:25 · Security
Paladox added a comment to T4064: Abuse filter rangeblocks reveal user information.

Reported here https://phabricator.wikimedia.org/T215044

Jan 31 2019, 23:25 · Security
Void created T4064: Abuse filter rangeblocks reveal user information.
Jan 31 2019, 23:18 · Security

Jan 28 2019

John changed the edit policy for T4046: Social Profile allows admins to change other user's email addresses.
Jan 28 2019, 20:33 · Security
John closed T4046: Social Profile allows admins to change other user's email addresses as Resolved.

Already public anyway.

Jan 28 2019, 20:32 · Security

Jan 27 2019

Paladox added a comment to T4046: Social Profile allows admins to change other user's email addresses.

+1 too ^^

Jan 27 2019, 22:15 · Security
Southparkfan added a comment to T4046: Social Profile allows admins to change other user's email addresses.

This seems done, time to make this task public?

Jan 27 2019, 21:57 · Security

Jan 25 2019

Southparkfan added a comment to T4046: Social Profile allows admins to change other user's email addresses.

Notices have been put on Meta, Facebook and Twitter. Emails have been sent out as necessary.

Jan 25 2019, 21:24 · Security
Paladox updated subscribers of T4046: Social Profile allows admins to change other user's email addresses.
Jan 25 2019, 15:07 · Security
Paladox added a watcher for Security: Paladox.
Jan 25 2019, 15:07
Paladox added a member for Security: labster.
Jan 25 2019, 15:07
Paladox added a comment to T4046: Social Profile allows admins to change other user's email addresses.

Also the dutch authorities will have to be told too.

Jan 25 2019, 14:39 · Security
Southparkfan added a comment to T4046: Social Profile allows admins to change other user's email addresses.

The issue has been identified and fixed and a list of affected wikis has been generated by @Paladox.

Jan 25 2019, 10:39 · Security

Jan 24 2019

Void added a comment to T4046: Social Profile allows admins to change other user's email addresses.

If it helps, I discovered this by accidentally stripping the email from two or three spambot accounts on allthetropeswiki.

Jan 24 2019, 13:42 · Security
Southparkfan removed a project from T4046: Social Profile allows admins to change other user's email addresses: Amanda Catherine.
Jan 24 2019, 12:00 · Security
Southparkfan changed the visibility for T4046: Social Profile allows admins to change other user's email addresses.
Jan 24 2019, 12:00 · Security
Southparkfan raised the priority of T4046: Social Profile allows admins to change other user's email addresses from High to Unbreak Now!.

Confirmed so far: this right was assigned to the 'sysop' group on all wikis with this extension enabled (as of this moment 86 wikis) since February 8, 2017.

Jan 24 2019, 11:59 · Security
John added a comment to T4046: Social Profile allows admins to change other user's email addresses.

You’d have to make a maint script to do and it’s easier to make a maintenance script loop all groups then modify a single purpose function to do the job.

Jan 24 2019, 10:30 · Security
Void added a comment to T4046: Social Profile allows admins to change other user's email addresses.

As a followup to this task, we're thinking of modifying modifyGroupPermission.php so that it can remove a permission from all groups that contain it. This would make it easier to strip the right, as currently there are still wikis that have it. Hence https://git.io/fhwOy was done as a temporary measure.

Jan 24 2019, 04:58 · Security
Void assigned T4046: Social Profile allows admins to change other user's email addresses to Paladox.
Jan 24 2019, 03:50 · Security
Void created T4046: Social Profile allows admins to change other user's email addresses.
Jan 24 2019, 03:36 · Security

Jan 14 2019

MacFan4000 updated subscribers of T4005: Execute external commands on MediaWiki servers inside sandboxes.
Jan 14 2019, 18:40 · Operations, Security, MediaWiki
Southparkfan added a subtask for T4005: Execute external commands on MediaWiki servers inside sandboxes: T4004: Replace exec statements with Shell::command (MediaWiki's Shell Framework).
Jan 14 2019, 17:50 · Operations, Security, MediaWiki
Southparkfan triaged T4005: Execute external commands on MediaWiki servers inside sandboxes as Normal priority.
Jan 14 2019, 17:50 · Operations, Security, MediaWiki

Jan 3 2019

Paladox closed T3955: Extension:Maps refuses to load map tiles because of Content Security Policy directive as Resolved by committing Unknown Object (Diffusion Commit).
Jan 3 2019, 03:49 · Extensions

Jan 2 2019

Oxocero created T3955: Extension:Maps refuses to load map tiles because of Content Security Policy directive.
Jan 2 2019, 23:09 · Extensions

Dec 19 2018

ZelDelet created T3905: We had a small attack of vandalism.
Dec 19 2018, 08:54

Dec 14 2018

MacFan4000 merged task T3888: Section headers are broken on all wikis (Mobile Version) into T3751: Page renders strangely on Mobile View.
Dec 14 2018, 11:35
Ahmsaqib created T3888: Section headers are broken on all wikis (Mobile Version).
Dec 14 2018, 09:45

Dec 4 2018

Paladox closed T3862: Increase minimum length passwords from 1 to at least 6? as Resolved.
Dec 4 2018, 16:48 · MacFan4000, Configuration, Security
MacFan4000 claimed T3862: Increase minimum length passwords from 1 to at least 6?.

https://github.com/miraheze/mw-config/pull/2571

Dec 4 2018, 15:26 · MacFan4000, Configuration, Security
Paladox changed the edit policy for T3862: Increase minimum length passwords from 1 to at least 6?.
Dec 4 2018, 01:03 · MacFan4000, Configuration, Security
Herald added a project to T3862: Increase minimum length passwords from 1 to at least 6?: MacFan4000.

https://www.mediawiki.org/wiki/Manual:$wgPasswordPolicy

Dec 4 2018, 00:54 · MacFan4000, Configuration, Security
Paladox created T3862: Increase minimum length passwords from 1 to at least 6?.
Dec 4 2018, 00:30 · MacFan4000, Configuration, Security

Oct 28 2018

Paladox added a comment to T3739: Permissions settings do not longer seem to be effective.

Hi, you probaly want to change https://christipedia.miraheze.org/wiki/Speciaal:ManageWikiPermissions/* since User only affects logged in users where as * affects annons.

Oct 28 2018, 09:35 · MacFan4000
Reception123 updated subscribers of T3739: Permissions settings do not longer seem to be effective.
Oct 28 2018, 08:15 · MacFan4000
Kees_Langeveld created T3739: Permissions settings do not longer seem to be effective.
Oct 28 2018, 06:18 · MacFan4000

Oct 18 2018

Paladox closed T3712: logo karmel.miraheze as Resolved.
Oct 18 2018, 21:10 · Configuration
Paladox added a comment to T3712: logo karmel.miraheze.

You can do that here https://karmel.miraheze.org/wiki/Especial:ManageWikiSettings (setting the logo)

Oct 18 2018, 21:07 · Configuration
Penarc1 added a comment to T3712: logo karmel.miraheze.

https://karmel.miraheze.org/wiki/Archivo:Wiki.png

Oct 18 2018, 20:45 · Configuration
Penarc1 created T3712: logo karmel.miraheze.
Oct 18 2018, 20:43 · Configuration

Aug 27 2018

CnocBride added a watcher for Security: CnocBride.
Aug 27 2018, 09:14
John closed T3520: Personal and sensitive information being sent third party by a community as Resolved.
Aug 27 2018, 01:56 · MediaWiki, Security
John added a comment to T3520: Personal and sensitive information being sent third party by a community.

https://meta.miraheze.org/wiki/2018-08-26_Security_Disclosure

Aug 27 2018, 01:55 · MediaWiki, Security
John updated the task description for T3520: Personal and sensitive information being sent third party by a community.
Aug 27 2018, 00:13 · MediaWiki, Security

Aug 26 2018

John updated the task description for T3520: Personal and sensitive information being sent third party by a community.
Aug 26 2018, 23:11 · MediaWiki, Security
Void added a comment to T3520: Personal and sensitive information being sent third party by a community.
  1. OS is done.
  2. Warning is going anyway.
  3. List should possibly be here.
Aug 26 2018, 22:55 · MediaWiki, Security