MediaWiki

Wikimedia Security Team/AppSec Clinic Minutes/2024-12-16

< Wikimedia Security Team | AppSec Clinic Minutes

Date: 2024-12-16

Dashboard: https://phabricator.wikimedia.org/portal/view/3/

Attending: SBassett_(WMF), MMartorana_(WMF), MStyles_(WMF), JLy-WMF, ACooper-WMF

Previous Tasks

edit
  1. MMartorana_(WMF)
    1. T380014 - Jimmy onboarding, stat kerberos task, then done
    2. T381033 - Still investigating, seems to be a true positive
    3. T381522 - Untag for Trusa engineering
  2. MStyles_(WMF)
    1. T367677 - 3D upgrade, will ping again for review
    2. T381769 - Make public as part of unserialize deprecation work
  3. SBassett_(WMF)
    1. T364776 - talked to Amir, Aaron - db tests would need to be addressed
  4. JLy-WMF
    1. T381625 - multiple +1s, hopefully SRE merges soon
  5. ACooper-WMF
  6. Reedy
    1. T373933 - Seems in-progress?
    2. T375537 - processed, Reedy to be working on it?
    3. T376563 - Publish public "Rules of Engagement" for security researchers and people reporting security vulnerabilities
    4. T379176 - moved to watching, assigned to Reedy

New Phabricator Tasks Reviewed

edit
  1. T382043 - Assigned to MMartorana_(WMF) to triage and add to supp release
  2. T382230 - Added to secteam watching
  3. T381944 - ACooper-WMF to investigate
  4. T380392 - Untagged secteam until T381944 (above) is resolved
  5. T382081 - MStyles_(WMF) completed

Additional Notes

edit
  1. We will begin triaging a small number of backlogged #Security tasks starting at our first clinic in 2025
Retrieved from "https://www.mediawiki.org/w/index.php?title=Wikimedia_Security_Team/AppSec_Clinic_Minutes/2024-12-16&oldid=6910778"