Wikimedia Security Team/AppSec Clinic Minutes/2022-05-31

Date: 2022-05-31

Attending:, ,

From Last Time

 * 1) T306514 - Assigned to
 * 2) Result: self-assigned and still in-progress
 * 3) T306516 - Assigned to
 * 4) Result: no update
 * 5) T307278 - Assigned to
 * 6) Result: patch still in progress
 * 7) T304291 - Assigned to
 * 8) Done!  Told to request new application security review.
 * 9) T306211 - Assigned to
 * 10) Result: no update
 * 11) T307750 - Assigned to
 * 12) Still in progress, waiting on Release Engineering review, may need to escalate.
 * 13) T308101 - Assigned to  for triage
 * 14) Risk rated, vuln rated, untagged security-team, to provide credentials advice
 * 15) T307991 - Assigned to
 * 16) Done! Risk rated, vuln rated, untagged security-team, Growth team and Releng appear to be triaging

Phabricator Tasks Reviewed

 * 1) T308659 - Assigned to
 * 2) Patches done and in production, adjust tags, track for supplemental security release (T305209)
 * 3) T309028 - Assigned to
 * 4) Patches done and in production, adjust tags, track for main security release (T305200), I believe
 * 5) T308471 - Assigned to  to triage
 * 6) T308473 - Assigned to  to triage
 * 7) T308583 - Assigned to  to triage
 * 8) T308861 - Assigned to  to triage
 * 9) T309077 - Assigned to
 * 10) I think this was fixed in another task/patch?
 * 11) T309078 - Assigned to  to triage
 * 12) T309255 - Assigned to  to triage
 * 13) Appears to not be a Wikimedia-deployed extension
 * 14) T309285
 * 15) Done in clinic! Untagged security team, protected as security task, triaged a bit