Everyone on Wikimedia wikis will shortly be logged out and will have to log
back in again.
The protections we deployed on June 26 failed to cover some cases.
We have updated the traffic layer today to also protect against these cases.
-- Timo Tijhof
On Fri, Jun 26, 2020 at 3:44 AM Tim Starling
> Everyone on Wikimedia wikis will shortly be logged out and will have
> to log back in again.
> We are resetting all sessions because we believe that, due to a
> configuration error, session cookies may have been sent in cacheable
> responses. Some users reported that they saw the site as if they were
> logged in as someone else. We believe that the number of affected
> users was very small. However, we believe that resetting all sessions
> is a prudent measure to ensure that the impact is limited.
> There are several layers of protection against something like this
> happening, and we don't yet know how all of them failed, but we have
> made a configuration change which should be sufficient to prevent it
> from happening again.
> -- Tim Starling
> Wikitech-ambassadors mailing list
Wikitech-ambassadors mailing list