This page documents information related to Security for the MediaWiki platform and the Wikimedia Foundation.
To report security bugs, vulnerabilities or other issues please follow our reporting process.
Receive release notifications
You may subscribe to the low-traffic mediawiki-announce mailing list to receive notifications of new MediaWiki releases by email.
This will include all security fix releases as well as other new versions. Anyone running a MediaWiki installation is strongly recommended to subscribe.
Educational and training material
- Manual:Security — information for end users about tightening up security
- Security for developers — information for developers about tightening up security
Related security content
|Project||Use by Wikimedia Security Team|
|mediawiki.org||General content for Policy, SOPs, etc. Official Security team page.|
|wikitech.wikimedia.org||Procedural or instructional material that is not training.|
|office.wikimedia.org||Sensitive or private content. Must have an NDA and appropriate access.|
|foundation.wikimedia.org||Canonical location for Policy|
Understanding the Wikimedia Security Team's documentation structure.
- Security/Guides/Draft/Golang Security Best Practices
- Security/Reference/Security for libraries
- Security/SOP/Access to Phabricator Security Issues
- Security/SOP/Requests For Service
- Security/SOP/Security Preview
- Security/SOP/Security Readiness Reviews
- Security/SOP/Security Readiness Reviews/Response Templates