Hey everybody,
This was already posted to Mediawiki-api-announce, x-posting here for
increased visibility as this change should be in production this week.
With the merge of Icb674095,[1] use of API action=logout will require
a CSRF token. This was considered a security issue, so the usual
deprec
kimedia.org/T232113
[3] https://www.mediawiki.org/wiki/Version_lifecycle
--
Scott Bassett
sbass...@wikimedia.org
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
34983
[2] https://www.mediawiki.org/wiki/Version_lifecycle
[3] https://www.mediawiki.org/wiki/Reporting_security_bugs
--
Scott Bassett
sbass...@wikimedia.org
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
e a security task within
Phabricator [3].
[0] https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html
[1] https://phabricator.wikimedia.org/T240400
[2] https://www.mediawiki.org/wiki/Version_lifecycle
[3] https://www.mediawiki.org/wiki/Reporting_security_bugs
--
Scott Basset
ia.org/T248542
[2] https://www.mediawiki.org/wiki/Version_lifecycle
[3] https://www.mediawiki.org/wiki/Reporting_security_bugs
--
Scott Bassett
sbass...@wikimedia.org
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/m
imedia.org/pipermail/mediawiki-announce/2020-September/000260.html
[1] https://phabricator.wikimedia.org/T256342
[2] https://www.mediawiki.org/wiki/Version_lifecycle
[3] https://www.mediawiki.org/wiki/Reporting_security_bugs
--
Scott Bassett
sbass...@wikimedia.org
___
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
--
Scott Bassett
sbass...@wikimedia.org
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
ase feel free to contact secur...@wikimedia.org
or file a security task within Phabricator [3].
[0]
https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html
[1] https://phabricator.wikimedia.org/T263810
[2] https://www.mediawiki.org/wiki/Version_lifecycle
[3] https://www.m
ct secur...@wikimedia.org
or file a security task within Phabricator [3].
[0]
https://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000272.html
[1] https://phabricator.wikimedia.org/T270466
[2] https://www.mediawiki.org/wiki/Version_lifecycle
[3] https://www.mediawiki
ealt with on a Friday or even over the weekend,
but in general, the Security Team likes to avoid this. Moving the train to
a Mon, Tue, Wed cadence would imply the security window be moved to the
previous Friday or possibly Thursday, which is doable, but not desired for
the aforementioned reasons.
ists.wikimedia.org/hyperkitty/list/mediawiki-annou...@lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/
[1] https://phabricator.wikimedia.org/T279733
[2] https://www.mediawiki.org/wiki/Version_lifecycle
[3] https://www.mediawiki.org/wiki/Reporting_security_bugs
--
Scott Bassett
sbass...
11 matches
Mail list logo