This page documents information related to Security for the MediaWiki platform and the Wikimedia Foundation.
To report security bugs, vulnerabilities or other issues please follow our reporting process.
Receive MediaWiki release notifications
Subscribe to the low-traffic mediawiki-announce mailing list to receive notifications of new MediaWiki releases by email.
This will include all security fix releases as well as other new versions. Anyone running a MediaWiki installation is strongly recommended to subscribe.
Educational and training material
- Manual:Security — information for system administrators about tightening up security for MediaWiki installations
- Security for developers — information for developers about tightening up security
Related security content
|Project||Use by Wikimedia Security Team|
|mediawiki.org||General content for policies, standard operating procedures (SOPs), etc. Official Security team page.|
|wikitech.wikimedia.org||Procedural or instructional material that is not training.|
|office.wikimedia.org (non-public)||Sensitive or private content. Must have a non-disclosure agreement (NDA) with the Wikimedia Foundation and appropriate access.|
|foundation.wikimedia.org||Canonical location for official policies of the Wikimedia Foundation|
Understanding the Wikimedia Security Team's documentation structure.
- Security/Application Security Pipeline
- Security/Guides/Draft/Golang Security Best Practices
- Security/Guides/SQL Queries and 3rd Party Packages
- Security/SOP/Access to Phabricator Security Issues
- Security/SOP/Application Security Reviews
- Security/SOP/Requests For Service
- Security/SOP/Security Preview
- Security/SOP/Security Readiness Reviews/Response Templates
- Security/Training resources