Wikimedia Security Team/AppSec Clinic Minutes/2023-04-17

Date: 2023-04-17

Attending: CLemoisson-WMF, MStyles_(WMF), SBassett_(WMF)

Phabricator Tasks In Progress[edit]

1. MMartorana_(WMF)
   1. T328393 - Try to find CU maintainers interested in fixing.
   2. T144097 - Investigating potential patches.
   3. T331477 - Tag Releng, reach out to DC folks about info leaks.
   4. T332889 - Try to understand if/who owns LogFormatter?
   5. T333723 - Ask if can be public, suggest filing new feature (url checker) as public bug.
   6. T334437 - Triaged, any further action?
2. MStyles_(WMF)
   1. T323651 - Undeploy unmerged in gerrit for now.
   2. T333050 - Need to get reviewers for public gerrit patch, try #code-review and board.
3. Reedy_(WMF)
   1. T318825 - Assigned for follow-up.
   2. T321092 - Assigned for follow-up.
   3. T330086 - Done, Reedy to include w/ next sec release.
4. SBassett_(WMF)
   1. T326871 - Waiting on AHT/Thalia response.
   2. T333140 - Abuser now likely contained via mitigations.
   3. T333722 - Reach out to Sam to decom channel.
   4. T334403 - Watch, for now.

Sent to Kelton
Sent to Privacy Engineering

1. 1. Tagged on T333950#8785714

New Phabricator Tasks Reviewed[edit]

1. T334851 - Assigned to MStyles_(WMF) for secteam-implications, bring back concerns.