https://bugzilla.wikimedia.org/show_bug.cgi?id=60178
--- Comment #19 from Chris Steipp <[email protected]> --- (In reply to comment #18) > > Security re-review: no > > https://bugzilla.wikimedia.org/show_bug.cgi?id=57270 (RESOLVED FIXED) > > Is it worth re-doing the security review? Large code changes don't always > require it, case by case and such. I'll let Chris comment/decide. Bug 60218 was bad, and should have been caught by someone before it hit production, but it was missed until lego pointed it out. These vulnerabilities happen, and I'm happy with the teams response to the discovery. At this point, I don't think another full review is going to be worth my time, until/unless there is an architectural shift in how they are doing security. For example, if we can choose a template engine this week, and Flow is willing to implement it, then I would definitely want another full review to ensure their coding patterns are safe. On the admin tools integration, I personally would have liked to see all of the admin tool integration done before the extension was installed. However, the team decided it was worth the risk, and it seems like they are making good progress integrating with the tools. Erik Bernhardson conveyed it is a priority for them, and they are making progress towards the integration. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
