Wikimedia Security Team/AppSec Clinic Minutes/2022-05-31

Date: 2022-05-31

Attending:, ,

From Last Time

 * 1) T307278 - Result: patch still in progress
 * 2) T307750 - Our part is done, waiting on Release Engineering review for upstream fixes.
 * 3) T304291 - Done!  Told to request new application security review.
 * 4) T306514 - Result: self-assigned and still in-progress
 * 5) T308101 - Risk rated, vuln rated, untagged security-team, to provide credentials advice
 * 6) T306516 - Result: no update
 * 7) T306211 - Result: no update
 * 8) T307991 - Done! Risk rated, vuln rated, untagged security-team, Growth team and Releng appear to be triaging
 * 1) T306516 - Result: no update
 * 2) T306211 - Result: no update
 * 3) T307991 - Done! Risk rated, vuln rated, untagged security-team, Growth team and Releng appear to be triaging
 * 1) T307991 - Done! Risk rated, vuln rated, untagged security-team, Growth team and Releng appear to be triaging

Phabricator Tasks Reviewed

 * 1) T308659 - Assigned to
 * 2) Patches done and in production, adjust tags, track for supplemental security release (T305209)
 * 3) T309028 - Assigned to
 * 4) Patches done and in production, adjust tags, track for main security release (T305200), I believe
 * 5) T308471 - Assigned to  to triage
 * 6) T308473 - Assigned to  to triage
 * 7) T308583 - Assigned to  to triage
 * 8) T308861 - Assigned to  to triage
 * 9) T309077 - Assigned to
 * 10) I think this was fixed in another task/patch?
 * 11) T309078 - Assigned to  to triage
 * 12) T309255 - Assigned to  to triage
 * 13) Appears to not be a Wikimedia-deployed extension
 * 14) T309285
 * 15) Done in clinic! Untagged security team, protected as security task, triaged a bit