Wikimedia Security Team/AppSec Clinic Minutes/2022-07-11

Date: 2022-07-11

Attending: MMartorana_(WMF), MStyles_(WMF), SBassett_(WMF)

Phabricator Tasks In Progress

MMartorana_(WMF)
1. T307278 - Patch still in progress
2. T309894 - Tag MW-Core, core platform, determine ownership
  1. Maybe untag Editing-Team, review git history/blame for better maintainer list...
3. T310763 - Assigned to MMartorana_(WMF) for triage/CR
  1. Patch has been proposed...
4. T311180 - Assigned to MMartorana_(WMF) for triage/CR
  1. Need to further research issue and find potential maintainers
5. T311652 - Resolved, hurray!
MStyles_(WMF)
1. T306514 - Still in-progress
2. T309255 - Recommended retire affected extension, under further review
3. T309943 - Zabe added, tag Traffic/Brandon, see who can look at remaining items
4. T310069 - Verify tagged teams, members for further review, move off secteam incoming
  1. Subbu responded
5. T311337 - Assigned to MStyles_(WMF) for triage/CR
  1. Include in next supplemental release, patch still needs CR, then security deploy
6. T311721 - Assigned to MStyles_(WMF) for triage/CR.
Reedy_(WMF)
1. T306516 - No update at this time
2. T306211 - No update at this time
3. T309703 - No update at this time
4. T310393 - No update at this time
5. T311368 - Assigned to Reedy_(WMF) for triage/CR
SBassett_(WMF)
1. T298784 - Security access, to discuss with JCross_(WMF)
2. T311960 - Assigned to SBassett_(WMF) for triage/CR.
  1. Untagged secteam (not a prod-deployed ext), assigned vuln class, risk and #secteam-processed.
3. T312733 - Assigned to SBassett_(WMF) for triage/CR.
  1. Untagged secteam (not a prod-deployed ext), assigned risk and #secteam-processed.

New Phabricator Tasks Reviewed

T312506 - Assigned to MStyles_(WMF) for assessment-related follow-up.
T312282 - Assigned to MMartorana_(WMF) for triage/CR.