Wikimedia Security Team/AppSec Clinic Minutes/2022-07-18

Date: 2022-07-18

Attending:, ,

Phabricator Tasks In Progress

 * 1) T307278 - Patch still in progress
 * 2) T309894 - Tag MW-Core, core platform, determine ownership
 * 3) Maybe untag Editing-Team, review git history/blame for better maintainer list...
 * 4) T310763 - Assigned to  for triage/CR
 * 5) Patch has been proposed...
 * 6) T311180 - Assigned to  for triage/CR
 * 7) Need to further research issue and find potential maintainers
 * 8) T311652 - Resolved, hurray!
 * 9) T306514 - Still in-progress
 * 10) T309255 - Recommended retire affected extension, under further review
 * 11) T309943 - Zabe added, tag Traffic/Brandon, see who can look at remaining items
 * 12) T310069 - Verify tagged teams, members for further review, move off secteam incoming
 * 13) Subbu responded
 * 14) T311337 - Assigned to  for triage/CR
 * 15) Include in next supplemental release, patch still needs CR, then security deploy
 * 16) T311721 - Assigned to  for triage/CR.
 * 17) T306516 - No update at this time
 * 18) T306211 - No update at this time
 * 19) T309703 - No update at this time
 * 20) T310393 - No update at this time
 * 21) T311368 - Assigned to  for triage/CR
 * 22) T298784 - Security access, to discuss with
 * 23) T311960 - Assigned to  for triage/CR.
 * 24) Untagged secteam (not a prod-deployed ext), assigned vuln class, risk and #secteam-processed.
 * 25) T312733 - Assigned to  for triage/CR.
 * 26) Untagged secteam (not a prod-deployed ext), assigned risk and #secteam-processed.
 * 1) T311960 - Assigned to  for triage/CR.
 * 2) Untagged secteam (not a prod-deployed ext), assigned vuln class, risk and #secteam-processed.
 * 3) T312733 - Assigned to  for triage/CR.
 * 4) Untagged secteam (not a prod-deployed ext), assigned risk and #secteam-processed.

New Phabricator Tasks Reviewed

 * 1) T312506 - Assigned to  for assessment-related follow-up.
 * 2) T312282 - Assigned to  for triage/CR.