Wikimedia Security Team/AppSec Clinic Minutes/2022-08-01

Date: 2022-08-01

Attending: MMartorana_(WMF), MStyles_(WMF), Reedy_(WMF), SBassett_(WMF)

Phabricator Tasks In Progress

edit
  1. MMartorana_(WMF)
    1. T307278 - Patch still in progress
    2. T310763 - Assigned to MMartorana_(WMF) for triage/CR
      1. Thalia added to AHT triage - ask if we can get a testing resource for deployment.
    3. T311180 - Assigned to MMartorana_(WMF) for triage/CR
      1. Need to further research issue and find potential maintainers
    4. T312820 - Assigned to MMartorana_(WMF) for assessment-related follow-up.
      1. Patch deployed - done for now. Can likely come off this list next week.
  2. MStyles_(WMF)
    1. T311337 - Waiting on requesters.
      1. Include in next supplemental release, patch still needs CR, then security deploy
    2. T312951 - waiting on user follow-up to grant access.
    3. T313241 - Niklas responded, Maryum to follow up.
  3. Reedy_(WMF)
    1. T306516 - No update at this time
    2. T306211 - No update at this time
    3. T309703 - No update at this time
    4. T310393 - No update at this time
    5. T311368 - No update at this time
  4. SBassett_(WMF)
    1. T313299 - Posted comment for advice/guidance, will watch for a bit.
    2. T313637 - Ongoing event, needs follow-up.

New Phabricator Tasks Reviewed

edit
  1. T313864 - Assigned to MMartorana_(WMF) for assessment-related follow-up.
  2. T313898 - Assigned to SBassett_(WMF) for assessment-related follow-up.
  3. T314055 - Assigned to MStyles_(WMF) for assessment-related follow-up.
  4. T314215 - Assigned to Reedy_(WMF) for likely decline, ensure cloud SREs aware.
  5. T314245 - Assigned to MMartorana_(WMF) for assessment-related follow-up.