Forwarding for those who might not be on wikitech-l. -Chad
---------- Forwarded message --------- From: Brad Jorsch (Anomie) <[email protected]> Date: Mon, Aug 15, 2016 at 10:14 AM Subject: [Wikitech-l] Security update for CentralAuth To: Wikimedia developers <[email protected]> A bug[1] was identified in CentralAuth that would allow a user to log in to a wiki with a reserved or otherwise "unusable" account if that account was not reserved on another wiki in the CentralAuth cluster. Patches for supported branches are: * master (1.28 alpha): https://gerrit.wikimedia.org/r/304856 * REL1_27: https://gerrit.wikimedia.org/r/304857 * REL1_26: https://gerrit.wikimedia.org/r/304858 * REL1_23: https://gerrit.wikimedia.org/r/304861 If you are using an earlier version, you should upgrade your MediaWiki installation. [1]: https://phabricator.wikimedia.org/T130384 -- Brad Jorsch (Anomie) Senior Software Engineer Wikimedia Foundation _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
