Wikimedia Security Team/AppSec Clinic Minutes/2022-07-11

Date: 2022-07-11

Attending: MMartorana_(WMF), MStyles_(WMF), SBassett_(WMF)

Phabricator Tasks In Progress

edit
  1. MMartorana_(WMF)
    1. T307278 - Patch still in progress
    2. T309894 - Tag MW-Core, core platform, determine ownership
      1. Maybe untag Editing-Team, review git history/blame for better maintainer list...
    3. T310763 - Assigned to MMartorana_(WMF) for triage/CR
      1. Patch has been proposed...
    4. T311180 - Assigned to MMartorana_(WMF) for triage/CR
      1. Need to further research issue and find potential maintainers
    5. T311652 - Resolved, hurray!
  2. MStyles_(WMF)
    1. T306514 - Still in-progress
    2. T309255 - Recommended retire affected extension, under further review
    3. T309943 - Zabe added, tag Traffic/Brandon, see who can look at remaining items
    4. T310069 - Verify tagged teams, members for further review, move off secteam incoming
      1. Subbu responded
    5. T311337 - Assigned to MStyles_(WMF) for triage/CR
      1. Include in next supplemental release, patch still needs CR, then security deploy
    6. T311721 - Assigned to MStyles_(WMF) for triage/CR.
  3. Reedy_(WMF)
    1. T306516 - No update at this time
    2. T306211 - No update at this time
    3. T309703 - No update at this time
    4. T310393 - No update at this time
    5. T311368 - Assigned to Reedy_(WMF) for triage/CR
  4. SBassett_(WMF)
    1. T298784 - Security access, to discuss with JCross_(WMF)
    2. T311960 - Assigned to SBassett_(WMF) for triage/CR.
      1. Untagged secteam (not a prod-deployed ext), assigned vuln class, risk and #secteam-processed.
    3. T312733 - Assigned to SBassett_(WMF) for triage/CR.
      1. Untagged secteam (not a prod-deployed ext), assigned risk and #secteam-processed.

New Phabricator Tasks Reviewed

edit
  1. T312506 - Assigned to MStyles_(WMF) for assessment-related follow-up.
  2. T312282 - Assigned to MMartorana_(WMF) for triage/CR.