Wikimedia Security Team/Security Review Scrum/2019-10-29

Date/time: October 29th, 2019 - 10:00 AM PDT

Attending: Scott, Sam, Jennifer

Backlog


 * John to explore funding of 3rd party audits this quarter, stalled - https://phabricator.wikimedia.org/T155537, https://phabricator.wikimedia.org/T156960 , https://phabricator.wikimedia.org/T148246 , https://phabricator.wikimedia.org/T187846
 * Planet Wikimedia,unassigned https://phabricator.wikimedia.org/T207246
 * Security Concept Review For client side error logging js client,unassigned https://phabricator.wikimedia.org/T232820

In Progress


 * Review the FileImporter extension's load of config from wiki pages for security concerns, in-progress high priority, https://phabricator.wikimedia.org/T202071
 * Security readiness review for the MachineVision extension, in-progress and nearing completion, https://phabricator.wikimedia.org/T227346
 * Security Review for MediaWiki REST API, in-progress, https://phabricator.wikimedia.org/T230140
 * Security review of Ex:DoubleWiki, in-progress - https://phabricator.wikimedia.org/T131199
 * Security concept review for newcomer tasks on Special:Homepage, in-progress, https://phabricator.wikimedia.org/T235720

Awaiting Remediation


 * Labs db/sanitarium and maintain-views.yaml audits, assigned to James F, stalled - https://phabricator.wikimedia.org/T169097, https://phabricator.wikimedia.org/T103011
 * Page Content Service route /page/mobile-html, waiting - https://phabricator.wikimedia.org/T227114
 * Parsoid-PHP, moved to active, waiting - https://phabricator.wikimedia.org/T227209

Frozen (delayed indefinitely)


 * Banner preview, stalled - https://phabricator.wikimedia.org/T230176
 * Security review of preact 8.4.2, Scott did a very simple assessment, unassigned, stalled https://phabricator.wikimedia.org/T227726

Closing Soon / Closed