User:CPettet (WMF)/Security

This page documents information related to Security for the Mediawiki platform and the Wikimedia Foundation.

Report a security problem
If you have found or believe you have found a security bug in MediaWiki or on one of Wikimedia's web sites, please directly e-mail security&#64;wikimedia.org with details.


 * Emailing the details to that address ensures that the issue is dealt with quickly and with the best outcome for our third-party users. Please do not report the issue directly in phab>Special:MyLanguage/Phabricator|Phabricator UNLESS you [https://phabricator.wikimedia.org/maniphest/task/edit/form/2/ use the dedicated Security bug report form] (available as "Report Security Issue" from the "Create Task" dropdown), which ensures the bug report is not publicly readable.


 * See reporting>Special:MyLanguage/Reporting security bugs|Reporting security bugs for more information about the process.

We would be most happy to have a day or two to fix the problem and prepare a bug fix for third-party users before public disclosure, if possible.

(Note that any security problems found in the wiki-to-HTML parser will be included in the parser regression test suite in the next release.)

Receive release notifications
You may subscribe to the low-traffic mail>mail:mediawiki-announce|mediawiki-announce mailing list to receive notifications of new MediaWiki releases by e-mail.

This will include all security fix releases as well as other new versions. Anyone running a MediaWiki installation is strongly recommended to subscribe.

Educational and Training Material

 * security>Special:MyLanguage/Manual:Security|Manual:Security &mdash; information for end users about tightening up security
 * dev>Special:MyLanguage/Security for developers|Security for developers &mdash; information for developers about tightening up security

= Related Security Content =

Understanding Wikimedia Security Team documentation structure