Security auditing and response

From MediaWiki.org
Jump to: navigation, search

Rationale[edit]

Insecure code sucks  :-)

Review queue[edit]

New requests for review should be added in Phabricator under the "Security-Reviews" project. A list of open security review requests can be found there.

The list below is obsolete as of December 2014, and should be removed as soon as we know that all of the open items are properly tracked in Phabricator.

  • Wikidata Property Suggester
  • Extension:Petition (bug 65850, 65849)
  • Extension:Mantle (bug 66238)
  • Flow Templates, based on Mantle
  • Extension:Petition
  • FundraisingChart
  • Extension:BounceHandler
  • Extension:Graph
  • ImageMetrics
  • Extension:RecentActivityFeed
    • on hold
  • Ex:Graph re-review
  • IEG Review App
  • #lsth part of Extension:Labeled_Section_Transclusion
  • WikibaseQuery / WikibaseQueryEngine
    • On hold, Pending discussion of 3rd-party component inclusion
  • WikiGrok
  • OOjs UI (PHP Implementation)
  • SandboxLink extension
  • GlobalUserPage
  • Sprint (for Phabricator)
  • Varnishtee
  • Plancake email parser (bug 72956)
  • Ex:ContentTranslation (T85686)
  • Raven.js (part of T86677)
  • ApiFeatureUsage
  • liuggio/statsd-php-client (T90409)
  • Ex:Hovercards (T88171)
  • Ex:Gather
  • Citeoid service
  • Graphoid service
  • Aphlict (for Phabricator notifications)
  • Extension:Josa (T88261)
  • Wikimetrics for production
  • OCG service
  • TimedMediaHandler v2
  • Graphite
  • Ex:Math
  • ExtraLanguageLink
  • TwitterCards (bug 64967)
  • In other projects sidebar beta feature (bug 66850)
  • PubSubHubub (bug 67118)
    • On hold
  • Limn
    • On hold

Reviewed[edit]

Communications[edit]