Wikimedia Security Team/AppSec Clinic Minutes/2022-06-21

Date: 2022-06-21

Attending:, ,

Phabricator Tasks In Progress

 * 1) T307278 - Patch still in progress
 * 2) T308583 - Triaged, moved to secteam Watching, done.
 * 3) T309411 - Urbanecm wrote/deployed config patch, done.
 * 4) T309894 - Tag MW-Core, core platform, determine ownership.
 * 5) T306514 - Still in-progress
 * 6) T308473 - Reached out to Daimona regarding a patch
 * 7) T309255 - Recommended retire affected extension, under further review
 * 8) T290313 - Deemed low risk
 * 9) T309943 - Zabe added, tag Traffic/Brandon, see who can look at remaining items
 * 10) T306516 - No update at this time
 * 11) T306211 - No update at this time
 * 12) T309703 - Assigned for further review and triage
 * 13) T308471 - Patch written and posted, just push through gerrit
 * 14) T308861 - Patch written and posted, try to get CR then deploy
 * 15) T309078 - Possibly triage more and add teams/owners?
 * 1) T308471 - Patch written and posted, just push through gerrit
 * 2) T308861 - Patch written and posted, try to get CR then deploy
 * 3) T309078 - Possibly triage more and add teams/owners?
 * 1) T309078 - Possibly triage more and add teams/owners?

New Phabricator Tasks Reviewed

 * 1) Processed a bunch of low risk tools XSS (see  for more details)
 * 2) T310023 - Assigned to  for triage
 * 3) T310069 - Assigned to  for triage
 * 4) T310098 - Assigned to  for triage
 * 5) Resolved for now, suggested making public in a week.
 * 6) T310304 - Assigned to  for triage
 * 7) T310393 - Assigned to  to triage
 * 8) T310312 - Assigned to  to verify and complete
 * 9) T310314 - Assigned to  to verify and complete