Thread:Extension talk:MultiUpload/MW 1.19 Compatibility Update (Reiteration)

Reiteration!!!

This extension DOES HAVE SEVERE MEDIA RELATED VULNERABILITIES and is advise against installing unto your hard drive.

Problems : This extension has a HIGH LEVEL VULNERABILITY(HLV) to parser based attacks and a high propensity to become susceptible to HTTP/Directory events and server-related incidents. Probable causes that may contribute to these errors would be heavy media loads or other upload content already on the server. Various MW 1.19 directory files, especially maintenance files such as HipHop have been known to cause extensive server related incompatibility issues.

Another possible approach in recognizing the problems may be in the GIT repository, whereby older extensions (possibly over 90%) of the GIT populated files may have compatibility issues due to maintenance updates. The repository hosts multiple types of files for download (zip, 7z, tar, etc.) from which possible vulnerability attacks may be instigated. Accordingly, a growing number of inclusion files are being targeted for removal from the repository; due to the High Level Vulnerability ratings and lack of supported extension content such as variable/parser functions.

Solution:

As of Habatchii (talk) 17:33, 30 July 2012 (UTC); the most effective solution for the vulnerability issue is to contact the [|support desk] and


 * 1) Notify of attacks against one or more of your sites
 * 2) Request for Review of the GIT process
 * 3) Apply to one or more volunteer programs to police known HLV extensions
 * 4) Use existing templates to document as many broken or vandalized extensions possible
 * 5) Maintain and adopt extensions that you can modify to re-submit to the repository.
 * 6) Arrange for discussion page conferences such as this to be included in a final petition for review.

 Additional Solutions: 
 * for maintainers and authors
 * commit request
 * pre-commit checklist