Wikimedia Security Team/AppSec Clinic Minutes/2022-06-13

Date: 2022-06-13

Attending: MMartorana_(WMF), MStyles_(WMF), SBassett_(WMF)

Phabricator Tasks In Progress

edit
  1. MMartorana_(WMF)
    1. T307278 - Patch still in progress
    2. T308583 - Triaged, moved to secteam Watching, done.
    3. T309411 - Urbanecm wrote/deployed config patch, done.
    4. T309894 - Tag MW-Core, core platform, determine ownership.
  2. MStyles_(WMF)
    1. T306514 - Still in-progress
    2. T308473 - Reached out to Daimona regarding a patch
    3. T309255 - Recommended retire affected extension, under further review
    4. T290313 - Deemed low risk
    5. T309943 - Zabe added, tag Traffic/Brandon, see who can look at remaining items
  3. Reedy_(WMF)
    1. T306516 - No update at this time
    2. T306211 - No update at this time
    3. T309703 - Assigned for further review and triage
  4. SBassett_(WMF)
    1. T308471 - Patch written and posted, just push through gerrit
    2. T308861 - Patch written and posted, try to get CR then deploy
    3. T309078 - Possibly triage more and add teams/owners?

New Phabricator Tasks Reviewed

edit
  1. Processed a bunch of low risk tools XSS (see SBassett_(WMF) for more details)
  2. T310023 - Assigned to MMartorana_(WMF) for triage
  3. T310069 - Assigned to MStyles_(WMF) for triage
  4. T310098 - Assigned to SBassett_(WMF) for triage
    1. Resolved for now, suggested making public in a week.
  5. T310304 - Assigned to MMartorana_(WMF) for triage
  6. T310393 - Assigned to Reedy_(WMF) to triage
  7. T310312 - Assigned to SBassett_(WMF) to verify and complete
  8. T310314 - Assigned to SBassett_(WMF) to verify and complete