This page documents information related to Security for the MediaWiki platform and the Wikimedia Foundation.
To report security bugs, vulnerabilities or other issues please follow our reporting process.
Receive release notifications
You may subscribe to the low-traffic mediawiki-announce mailing list to receive notifications of new MediaWiki releases by email.
This will include all security fix releases as well as other new versions. Anyone running a MediaWiki installation is strongly recommended to subscribe.
Educational and training material
Related security content
|Project||Use by Wikimedia Security Team|
|mediawiki.org||General content for Policy, SOPs, etc. Official Security team page.|
|wikitech.wikimedia.org||Procedural or instructional material that is not training.|
|office.wikimedia.org||Sensitive or private content. Must have an NDA and appropriate access.|
|foundation.wikimedia.org||Canonical location for Policy|
Understanding the Wikimedia Security Team's documentation structure.
- Security/Application Security Pipeline
- Security/Guides/Draft/Golang Security Best Practices
- Security/Guides/SQL Queries and 3rd Party Packages
- Security/Reference/Security for libraries
- Security/SOP/Access to Phabricator Security Issues
- Security/SOP/Application Security Reviews
- Security/SOP/Requests For Service
- Security/SOP/Security Preview
- Security/SOP/Security Readiness Reviews/Response Templates