Wikimedia Security Team/AppSec Clinic Minutes/2022-06-21

Date: 2022-06-21

Attending: MMartorana_(WMF), MStyles_(WMF), SBassett_(WMF)

Phabricator Tasks In Progress

edit
  1. MMartorana_(WMF)
    1. T307278 - Patch still in progress
    2. T308583 - Triaged, moved to secteam Watching, done.
      1. DONE for secteam, for now
    3. T309411 - Urbanecm wrote/deployed config patch, done.
      1. DONE
    4. T309894 - Tag MW-Core, core platform, determine ownership.
    5. T310023 - Discussion on task, left to AHT to triage/resolve.
      1. DONE for secteam, for now
  2. MStyles_(WMF)
    1. T306514 - Still in-progress
    2. T308473 - Reached out to Daimona regarding a patch
      1. DONE
    3. T309255 - Recommended retire affected extension, under further review
    4. T290313 - Deemed low risk
      1. DECLINED
    5. T309943 - Zabe added, tag Traffic/Brandon, see who can look at remaining items
    6. T310069 - Verify tagged teams, members for further review, move off secteam incoming
      1. Subbu responded
  3. Reedy_(WMF)
    1. T306516 - No update at this time
    2. T306211 - No update at this time
    3. T309703 - No update at this time
    4. T310393 - No update at this time
  4. SBassett_(WMF)
    1. T308861 - Patch written and posted, try to get CR then deploy
    2. T310312 - Assigned to SBassett_(WMF) to verify and complete
      1. DONE
    3. T310314 - Assigned to SBassett_(WMF) to verify and complete
      1. DONE
    4. T298784 - Security access, to discuss with JCross_(WMF)

New Phabricator Tasks Reviewed

edit
  1. T310763 - Assigned to MMartorana_(WMF) for triage/CR.