Security auditing and response/status

Last update on: 2013-08-monthly

2013-03-monthly
The fundraising code base review is done. A MediaWiki security release, 1.20.3, was published on March 4. A review is underway for user metrics API.

2013-04-monthly
We released the MediaWiki 1.19.5 and 1.20.4 security releases on April 15th.

2013-05-monthly
We released MediaWiki 1.20.6/1.19.7 and provided security training for developers at the Amsterdam Hackathon.

2013-06-monthly
The team continued to respond to reported security issues, and gave security-oriented tech talks on emerging DoS techniques and using OWASP's ZAP tool for vulnerability scanning.

2013-07-monthly
The team continued to respond to reported security issues, and addressing outstanding bugs.

2013-08-monthly
Team responded to reported issues, and prepared for the next mediawiki release, scheduled on Sept 3rd. Worked with Operations to enable HTTPS for user logins in most geographies.