Security Unpointed Tasks

Help.

116967 Gather information on the frequency of Wikimedia sites being framed In Progress open 2017-01-02 2015-10-28
116967 Gather information on the frequency of Wikimedia sites being framed In Progress open 2017-01-02 2015-10-28
116967 Gather information on the frequency of Wikimedia sites being framed In Progress open 2017-01-02 2015-10-28
124445 Design research support for two step authentication In Progress open 2017-01-02 2017-01-19
124445 Design research support for two step authentication In Progress open 2017-01-02 2017-01-19
124445 Design research support for two step authentication In Progress open 2017-01-02 2017-01-19
55195 OATH token input should be on a separate page In Progress resolved 2017-01-02 2016-04-07
55195 OATH token input should be on a separate page In Progress resolved 2017-01-02 2016-04-07
55195 OATH token input should be on a separate page In Progress resolved 2017-01-02 2016-04-07
72541 Upgrade Lua bundled binary for CVE-2014-5461 In Progress resolved 2017-01-02 2016-02-22
72541 Upgrade Lua bundled binary for CVE-2014-5461 In Progress resolved 2017-01-02 2016-02-22
72541 Upgrade Lua bundled binary for CVE-2014-5461 In Progress resolved 2017-01-02 2016-02-22
100374 Allow for using separate database for OATH credentials (for CentralAuth compatibility) In Progress resolved 2017-01-02 2016-04-14
100374 Allow for using separate database for OATH credentials (for CentralAuth compatibility) In Progress resolved 2017-01-02 2016-04-14
100374 Allow for using separate database for OATH credentials (for CentralAuth compatibility) In Progress resolved 2017-01-02 2016-04-14
100376 Add user right for enabling two-factor authentication In Progress resolved 2017-01-02 2016-04-07
100376 Add user right for enabling two-factor authentication In Progress resolved 2017-01-02 2016-04-07
100376 Add user right for enabling two-factor authentication In Progress resolved 2017-01-02 2016-04-07
103239 Patrol allows click catching and patrolling of any page In Progress resolved 2017-01-02 2016-08-16
103239 Patrol allows click catching and patrolling of any page In Progress resolved 2017-01-02 2016-08-16
103239 Patrol allows click catching and patrolling of any page In Progress resolved 2017-01-02 2016-08-16
109724 A combination of Special:MyPage redirects and pagecounts allows an external site to know the wikipedia login of an user In Progress resolved 2017-01-02 2016-01-19
109724 A combination of Special:MyPage redirects and pagecounts allows an external site to know the wikipedia login of an user In Progress resolved 2017-01-02 2016-01-19
109724 A combination of Special:MyPage redirects and pagecounts allows an external site to know the wikipedia login of an user In Progress resolved 2017-01-02 2016-01-19
110143 strip markers can be used to get around html attribute escaping in (many?) parser tags In Progress resolved 2017-01-02 2017-01-14
110143 strip markers can be used to get around html attribute escaping in (many?) parser tags In Progress resolved 2017-01-02 2017-01-14
110143 strip markers can be used to get around html attribute escaping in (many?) parser tags In Progress resolved 2017-01-02 2017-01-14
116030 Increase pbkdf2 parameter strengths In Progress resolved 2017-01-02 2016-04-25
116030 Increase pbkdf2 parameter strengths In Progress resolved 2017-01-02 2016-04-25
116030 Increase pbkdf2 parameter strengths In Progress resolved 2017-01-02 2016-04-25
116413 Security review for SessionManager In Progress resolved 2017-01-02 2017-06-07
116413 Security review for SessionManager In Progress resolved 2017-01-02 2017-06-07
116413 Security review for SessionManager In Progress resolved 2017-01-02 2017-06-07
119100 Increase MinimalPasswordLength to 8 for several local and global groups In Progress resolved 2017-01-02 2016-03-15
119100 Increase MinimalPasswordLength to 8 for several local and global groups In Progress resolved 2017-01-02 2016-03-15
119100 Increase MinimalPasswordLength to 8 for several local and global groups In Progress resolved 2017-01-02 2016-03-15
124940 MediaWiki 1.26.3 security release In Progress resolved 2017-01-02 2016-05-25
124940 MediaWiki 1.26.3 security release In Progress resolved 2017-01-02 2016-05-25
124940 MediaWiki 1.26.3 security release In Progress resolved 2017-01-02 2016-05-25
128200 Update OpenVAS packages on Bismuth In Progress resolved 2017-01-02 2016-04-05
128200 Update OpenVAS packages on Bismuth In Progress resolved 2017-01-02 2016-04-05
128200 Update OpenVAS packages on Bismuth In Progress resolved 2017-01-02 2016-04-05
130700 Create central OATHAuth table for CentralAuth wikis In Progress resolved 2017-01-02 2016-12-15
130700 Create central OATHAuth table for CentralAuth wikis In Progress resolved 2017-01-02 2016-12-15
130700 Create central OATHAuth table for CentralAuth wikis In Progress resolved 2017-01-02 2016-12-15
149614 Enable OATHAuth on all private wikis In Progress resolved 2017-01-02 2016-11-04
149614 Enable OATHAuth on all private wikis In Progress resolved 2017-01-02 2016-11-04
149614 Enable OATHAuth on all private wikis In Progress resolved 2017-01-02 2016-11-04
149638 Set up password policies for all users on private wikis In Progress resolved 2017-01-02 2016-11-11
149638 Set up password policies for all users on private wikis In Progress resolved 2017-01-02 2016-11-11
149638 Set up password policies for all users on private wikis In Progress resolved 2017-01-02 2016-11-11
109082 Goal: Privacy support for Analytics - UniqueID's, Pagecount API Done open 2017-01-02 2016-08-13
109082 Goal: Privacy support for Analytics - UniqueID's, Pagecount API Done open 2017-01-02 2016-08-13
109083 Goal: Support legal during rollout of email encryption initiative Done open 2017-01-02 2016-08-13
109083 Goal: Support legal during rollout of email encryption initiative Done open 2017-01-02 2016-08-13
109086 Goal: Security engineering support for FrTech PCI Done open 2017-01-02 2016-08-13
109086 Goal: Security engineering support for FrTech PCI Done open 2017-01-02 2016-08-13
116967 Gather information on the frequency of Wikimedia sites being framed In Progress open 2017-01-02 2015-10-28
124445 Design research support for two step authentication In Progress open 2017-01-02 2017-01-19
1286 Aphlict security review Done resolved 2017-01-02 2015-11-18
1286 Aphlict security review Done resolved 2017-01-02 2015-11-18
55195 OATH token input should be on a separate page In Progress resolved 2017-01-02 2016-04-07
72541 Upgrade Lua bundled binary for CVE-2014-5461 In Progress resolved 2017-01-02 2016-02-22
90115 BlazeGraph Security Review Done resolved 2017-01-02 2017-07-14
90115 BlazeGraph Security Review Done resolved 2017-01-02 2017-07-14
91850 No rate limits on uploading files Done resolved 2017-01-02 2015-10-16
91850 No rate limits on uploading files Done resolved 2017-01-02 2015-10-16
93846 [draft] Security Roadmap April - June 2015 (Q4 2014/2015) Done resolved 2017-01-02 2015-10-13
93846 [draft] Security Roadmap April - June 2015 (Q4 2014/2015) Done resolved 2017-01-02 2015-10-13
94774 Password policies by group Done resolved 2017-01-02 2016-10-18
94774 Password policies by group Done resolved 2017-01-02 2016-10-18
98246 Initial risk assessment of engineering groups Done resolved 2017-01-02 2015-07-10
98246 Initial risk assessment of engineering groups Done resolved 2017-01-02 2015-07-10
98251 Security planning for Fundraising Tech Done resolved 2017-01-02 2015-07-01
98251 Security planning for Fundraising Tech Done resolved 2017-01-02 2015-07-01
98252 Security planning for Reading (Infrastructure & Engineering) Done resolved 2017-01-02 2015-07-01
98252 Security planning for Reading (Infrastructure & Engineering) Done resolved 2017-01-02 2015-07-01
98253 Security planning for Editing Done resolved 2017-01-02 2015-07-01
98253 Security planning for Editing Done resolved 2017-01-02 2015-07-01
98254 Security planning for Search & Discovery Done resolved 2017-01-02 2015-07-01
98254 Security planning for Search & Discovery Done resolved 2017-01-02 2015-07-01
99086 Add composer/semver 0.1.0 to mediawiki/vendor Done resolved 2017-01-02 2015-10-13
99086 Add composer/semver 0.1.0 to mediawiki/vendor Done resolved 2017-01-02 2015-10-13
99352 Security review of Wikibase-Quality Done resolved 2017-01-02 2015-06-25
99352 Security review of Wikibase-Quality Done resolved 2017-01-02 2015-06-25
99355 Security review of Wikibase-Quality-Constraints - v1 branch Done resolved 2017-01-02 2015-06-25
99355 Security review of Wikibase-Quality-Constraints - v1 branch Done resolved 2017-01-02 2015-06-25
100374 Allow for using separate database for OATH credentials (for CentralAuth compatibility) In Progress resolved 2017-01-02 2016-04-14
100376 Add user right for enabling two-factor authentication In Progress resolved 2017-01-02 2016-04-07
100413 "You are centrally logged in." toast on every page view on commons Done resolved 2017-01-02 2016-12-15
100413 "You are centrally logged in." toast on every page view on commons Done resolved 2017-01-02 2016-12-15
103022 OAuth IP restrictions only apply to Special:OAuth/initiate, not to general API requests Done resolved 2017-01-02 2015-10-16
103022 OAuth IP restrictions only apply to Special:OAuth/initiate, not to general API requests Done resolved 2017-01-02 2015-10-16
103023 API requests don't get validated if signed by the correct OAuth consumer Done resolved 2017-01-02 2016-09-09
103023 API requests don't get validated if signed by the correct OAuth consumer Done resolved 2017-01-02 2016-09-09
103185 Security review of kzykhys/pygments Done resolved 2017-01-02 2015-10-13
103185 Security review of kzykhys/pygments Done resolved 2017-01-02 2015-10-13
103239 Patrol allows click catching and patrolling of any page In Progress resolved 2017-01-02 2016-08-16
103391 Reflected XSS vulnerabilities in Semantic Forms Done resolved 2017-01-02 2015-10-13
103391 Reflected XSS vulnerabilities in Semantic Forms Done resolved 2017-01-02 2015-10-13
105051 Security review of Maps service Done resolved 2017-01-02 2015-11-07
105051 Security review of Maps service Done resolved 2017-01-02 2015-11-07
105246 Document automated scanning requirements and goals Done resolved 2017-01-02 2015-10-13
105246 Document automated scanning requirements and goals Done resolved 2017-01-02 2015-10-13
105247 Consider Burp Proxy as option for headless automated scanning Done resolved 2017-01-02 2015-10-13
105247 Consider Burp Proxy as option for headless automated scanning Done resolved 2017-01-02 2015-10-13
105248 Consider Zed Attack Proxy as option for headless automated scanning Done resolved 2017-01-02 2015-10-13
105248 Consider Zed Attack Proxy as option for headless automated scanning Done resolved 2017-01-02 2015-10-13
105249 Consider Arachni as option for headless automated scanning Done resolved 2017-01-02 2015-10-13
105249 Consider Arachni as option for headless automated scanning Done resolved 2017-01-02 2015-10-13
105250 Build new server image on labs for automated scanning Done resolved 2017-01-02 2015-10-13
105250 Build new server image on labs for automated scanning Done resolved 2017-01-02 2015-10-13
105534 Document and report initial metrics for security bug handling Done resolved 2017-01-02 2015-10-13
105534 Document and report initial metrics for security bug handling Done resolved 2017-01-02 2015-10-13
107231 Security review of Ex:PageBanner Done resolved 2017-01-02 2015-08-05
107231 Security review of Ex:PageBanner Done resolved 2017-01-02 2015-08-05
108616 Local path disclosure when using ImageMagick as a scaler Done resolved 2017-01-02 2015-10-17
108616 Local path disclosure when using ImageMagick as a scaler Done resolved 2017-01-02 2015-10-17
108893 Security training Logistics Done resolved 2017-01-02 2015-10-13
108893 Security training Logistics Done resolved 2017-01-02 2015-10-13
109023 Security review of the MobileApps service Done resolved 2017-01-02 2016-01-25
109023 Security review of the MobileApps service Done resolved 2017-01-02 2016-01-25
109384 Security review of apache/avro and nmred/kafka-php Done resolved 2017-01-02 2015-09-09
109384 Security review of apache/avro and nmred/kafka-php Done resolved 2017-01-02 2015-09-09
109638 Page categorization logs expose user's IP Done resolved 2017-01-02 2017-02-01
109638 Page categorization logs expose user's IP Done resolved 2017-01-02 2017-02-01
109724 A combination of Special:MyPage redirects and pagecounts allows an external site to know the wikipedia login of an user In Progress resolved 2017-01-02 2016-01-19
110143 strip markers can be used to get around html attribute escaping in (many?) parser tags In Progress resolved 2017-01-02 2017-01-14
110432 please add Platonides to WMF-NDA Done resolved 2017-01-02 2015-10-13
110432 please add Platonides to WMF-NDA Done resolved 2017-01-02 2015-10-13
111587 Access to security bugs for Platonides Done resolved 2017-01-02 2015-10-13
111587 Access to security bugs for Platonides Done resolved 2017-01-02 2015-10-13
112329 Security review for oyejorge/less.php Done resolved 2017-01-02 2015-09-30
112329 Security review for oyejorge/less.php Done resolved 2017-01-02 2015-09-30
112950 Security review for UrlShortener extension Done resolved 2017-01-02 2015-10-22
112950 Security review for UrlShortener extension Done resolved 2017-01-02 2015-10-22
113076 Secure Code Training for FrTech: Fall 2015 Done resolved 2017-01-02 2015-10-13
113076 Secure Code Training for FrTech: Fall 2015 Done resolved 2017-01-02 2015-10-13
114341 Security review for GPGMail Done resolved 2017-01-02 2016-04-05
114341 Security review for GPGMail Done resolved 2017-01-02 2016-04-05
114414 Thumbor Security Review Done resolved 2017-01-02 2016-04-05
114414 Thumbor Security Review Done resolved 2017-01-02 2016-04-05
116030 Increase pbkdf2 parameter strengths In Progress resolved 2017-01-02 2016-04-25
116413 Security review for SessionManager In Progress resolved 2017-01-02 2017-06-07
119100 Increase MinimalPasswordLength to 8 for several local and global groups In Progress resolved 2017-01-02 2016-03-15
123558 Security review for TextCat library Done resolved 2017-01-02 2016-02-11
123558 Security review for TextCat library Done resolved 2017-01-02 2016-02-11
123592 Security review for WikimediaPageViewInfo extension Done resolved 2017-01-02 2016-03-11
123592 Security review for WikimediaPageViewInfo extension Done resolved 2017-01-02 2016-03-11
123594 Security review of the ImageTweaks extension ahead of production deployment Done resolved 2017-01-02 2017-06-27
123594 Security review of the ImageTweaks extension ahead of production deployment Done resolved 2017-01-02 2017-06-27
124940 MediaWiki 1.26.3 security release In Progress resolved 2017-01-02 2016-05-25
124943 Security review for Gadgets 2.0 Done resolved 2017-01-02 2016-05-18
124943 Security review for Gadgets 2.0 Done resolved 2017-01-02 2016-05-18
128200 Update OpenVAS packages on Bismuth In Progress resolved 2017-01-02 2016-04-05
129426 Security review of json-schema Done resolved 2017-01-02 2016-06-29
129426 Security review of json-schema Done resolved 2017-01-02 2016-06-29
129609 Security review for MediaWiki extension UploadsLink Done resolved 2017-01-02 2016-04-22
129609 Security review for MediaWiki extension UploadsLink Done resolved 2017-01-02 2016-04-22
130700 Create central OATHAuth table for CentralAuth wikis In Progress resolved 2017-01-02 2016-12-15
149614 Enable OATHAuth on all private wikis In Progress resolved 2017-01-02 2016-11-04
149638 Set up password policies for all users on private wikis In Progress resolved 2017-01-02 2016-11-11
28227 Notify user by email when password changed Security Other open 2017-01-02 2016-11-13
28508 Content Security Policy (CSP) Security Other open 2017-01-02 2016-06-24
56713 Non-NDA users cannot access graphite.wikimedia.org Security Other open 2017-01-02 2016-06-10
61702 Examine which extensions are installed on login.wikimedia.org (loginwiki) and vote.wikimedia.org (votewiki) Security Other open 2017-01-02 2017-04-19
75953 RFC: MediaWiki HTTPS policy Security Other open 2017-01-02 2016-07-27
75958 Refactor Title to make permission checking it's own class Security Other open 2017-01-02 2015-05-11
76158 Pitfalls checklist for software using AGPL Security Other open 2017-01-02 2017-02-07
88083 Mobile apps users should not be shown captchas when creating accounts Security Other open 2016-09-28 2017-06-12
90033 Support 1password for login Security Other open 2015-09-29 2016-09-02
97869 Review access to security tasks Security Other open 2017-01-02 2016-01-26
99358 [Task] Security review of Wikibase-Quality-External-Validation branch master Security Other open 2017-01-02 2017-04-06
100375 Improve user experience of Two-Factor process Security Other open 2017-01-02 2016-11-17
103912 [Task] Ex:WikibaseQualityExternalValidation - performance review of Special:CrossCheck Security Other open 2017-01-02 2017-04-05
108360 Create "security pre-announce" group Security Other open 2017-07-14 2017-07-13
108978 Add $wgAllowSiteJSOnRestrictedPages to allow JS on restricted special pages Security Other open 2017-01-02 2015-08-13
109084 Goal: Security engineering support for AuthManager Security Other open 2017-01-02 2016-08-13
109094 Create and document security training on mw.org, and document training processes Security Other open 2017-01-02 2016-05-23
109102 Investigate / test hardware tokens for WMF identity key Security Other open 2017-01-02 2015-08-14
109106 Document bug triage process Security Other open 2017-01-02 2016-05-23
109328 Undefined #Security-General and #Security-Other Security Other open 2017-01-02 2017-01-20
109524 DFIR process documented on officewiki Security Other open 2017-01-02 2015-08-18
109726 Privacy review of graphite and grafana data sets Security Other open 2017-01-02 2015-08-20
110249 Allow OAuth applications to be granted rights the user doesn't have Security Other open 2017-01-02 2017-03-07
110620 Add code patterns that could impact privacy to MediaWiki secure code training. Security Other open 2017-01-02 2015-08-27
111820 Set default CSP header in service template to "default-src 'none'" Security Other open 2017-01-02 2016-10-12
116305 Followup assessment for analytics cluster Security Other open 2017-01-02 2016-07-28
117618 Add restrictive CSP to upload.wikimedia.org Security Other open 2017-01-02 2016-07-26
118131 Credit security researchers that identify and disclose vulnerabilities Security Other open 2017-01-02 2016-04-26
118750 Document and test security response process Security Other open 2017-01-02 2016-05-23
119451 Consider using "pepper" for our hashed passwords Security Other open 2017-01-02 2015-11-23
120484 Create password-authentication service for use by CentralAuth Security Other open 2017-01-02 2017-04-20
120495 Major overhaul to Special reports Security Other open 2017-01-02 2016-01-28
120532 Use user-specific passwords for accessing EventLogging database Security Other open 2017-01-02 2017-02-20
120886 Make javascript editing permissions more fine grained and separate from normal edit-interface Security Other open 2017-01-02 2017-08-30
120888 Create optional XSS filter step for the parser Security Other open 2017-01-02 2016-05-23
120889 Create preference to control using personal JS Security Other open 2017-01-02 2015-12-08
121136 Establish a process to periodically review and approve access for hadoop/hue users Security Other open 2017-01-02 2016-08-22
121175 Implement password age password policy check Security Other open 2017-01-02 2015-12-11
121179 Implement password complexity password policy check Security Other open 2017-01-02 2015-12-11
121181 Implement password policy preventing user using their real name Security Other open 2017-01-02 2017-07-20
121186 Implement results of enwiki Security review RfC Security Other open 2017-01-02 2016-10-31
122013 Investigate additional password reset methods (apart from email) Security Other open 2017-01-02 2015-12-20
122124 Tell users to use a unique password when creating an account. Security Other open 2017-01-02 2017-03-23
122220 Enable optional two-factor authentication for OTRS Security Other open 2017-01-02 2016-01-20
122248 Password/login related security issues (Tracking) Security Other open 2017-01-02 2015-12-22
122375 Segment sensitive data within WMF cluster (tracking) Security Other open 2017-01-02 2016-07-19
123243 Ability to alert when we get a sudden increase in bad passwords for privileged accounts, to possibly detect password brute-forcing Security Other open 2017-01-02 2016-09-17
123753 Establish retrospective reports for #security and #performance incidents Security Other open 2017-01-02 2017-09-13
125382 Ensure DOMPurify meets our SVG sanitization requirements for Graphs Security Other open 2017-01-02 2017-07-18
125589 Allow tools to have their own ".tools.wmflabs.org" subdomain Security Other open 2017-01-02 2017-10-15
130396 Add restbase test url to ZAP seeding Security Other open 2017-01-02 2016-03-18
132720 ApiHelp on api.php should set OutputPage::disallowUserJs Security Other open 2017-01-02 2016-09-02
132934 Security review of TWL Security Other open 2017-01-02 2017-02-18
133735 Formalize procedures for doing security releases of MediaWiki extensions Security Other open 2017-01-02 2016-04-26
135963 Add support for Content-Security-Policy (CSP) headers in MediaWiki Security Other open 2017-01-02 2017-05-16
137016 Allow more than 1 password reset per 24 hours Security Other open 2017-01-02 2016-06-07
137599 MediaWiki as candidate for Mozilla funded code audit Security Other open 2017-01-02 2016-06-10
138783 SVG Upload should (optionally) allow the xhtml namespace Security Other open 2017-01-02 2016-12-02
140270 Determine a core set or a checklist of permissions for deployment purpose Security Other open 2017-01-02 2017-05-16
143790 $wgBlockDisablesLogin = true; + $wgEmailConfirmToEdit = true; causes the wiki to be inaccessible for anonymous users Security Other open 2017-01-02 2017-04-16
149588 Create password policy using AntiSpoof Security Other open 2017-01-02 2016-10-31
149743 Prevent user from continuing until they change their password Security Other open 2017-01-02 2016-11-01
150049 Enable $wgCaptchaDeleteOnSolve Security Other open 2017-01-02 2017-09-04
150300 icinga notification if elevated writing to badpass.log Security Other open 2017-01-02 2017-09-07
150577 Enable OATHAuth for all users Security Other open 2017-01-02 2016-11-12
150580 Throttle IP when doing many successful login attemps Security Other open 2017-01-02 2016-11-12
150582 Support two-factor authentication in AutoWikiBrowser Security Other open 2017-01-02 2017-07-01
150605 Publish an analysis of the OurMine hack Security Other open 2017-01-02 2017-02-09
150626 Suggest users with short passwords change them Security Other open 2017-01-02 2016-11-14
150647 Deploy EncryptedPassword to WMF Security Other open 2017-01-02 2016-12-10
150853 Create a burn-down list of administrator accounts without 2FA or password changes since 11 November Security Other open 2017-01-02 2016-11-16
151425 Enlarge Popular Password File to 100,000 entries Security Other open 2017-01-02 2017-09-06
152219 Statistics on Captcha success/failure rate Security Other open 2017-01-02 2017-09-03
152972 Accessing private information through SecurePoll should be logged Security Other open 2017-01-02 2017-06-07
153691 Strengthen two factor authentication by making it concurrent instead of sequential during the authentication process Security Other open 2017-01-02 2016-12-19
156445 Streamline/automate MW tarball security release process Security Other open 2017-01-28 2017-05-17
156757 Add examples of the three security review processes Security Other open 2017-02-01 2017-02-03
157500 Query percentage of English Wikipedia admins without 2FA Security Other open 2017-02-08 2017-02-14
160357 Allow those with CheckUser right to access AbuseLog private information on WMF projects Security Other open 2017-03-14 2017-10-20
162171 Become a CVE Numbering Authority (CNA) for MediaWiki and extensions Security Other open 2017-04-05 2017-04-04
164340 Request to add TerraCodes to the "oathauth-tester" group on meta Security Other open 2017-05-04 2017-05-03
166622 Allow all users on all wikis to use OATHAuth Security Other open 2017-05-31 2017-08-13
169676 Remove EducationProgram in favour of EducationDashboard Security Other open 2017-07-05 2017-10-14
173370 Support restricted execution of external commands (via firejail) Security Other open 2017-08-16 2017-10-20
174813 Allow multiple password blacklists Security Other open 2017-09-02 2017-09-01
174877 Spambots as IP addresses and as accounts again prolific within WMF wikis Security Other open 2017-09-04 2017-09-07
175171 Implement bloom filter for popular password password lists Security Other open 2017-09-07 2017-09-06
177895 Allow logged in users to disable MediaWiki:Common.js and MediaWiki:Common.css Security Other open 2017-10-11 2017-10-10
178060 RawAction should set proper Content-Type header Security Other open 2017-10-13 2017-10-13
178752 gblrename log_type missing on replicas Security Other open 2017-10-23 2017-10-22
787 Security review of community extensions: Extension:AtomExporter, Extension:DownloadCounter, Extension:PasswordProtected Security Other resolved 2017-01-02 2017-03-12
1390 Tags for security bugs Security Other resolved 2017-01-02 2016-07-13
62835 Enable cross-domain API requests in API's JSON responses Security Other resolved 2017-01-02 2016-09-10
65808 Allow cross-site domain access from (tools) Labs via CORS Security Other resolved 2017-01-02 2016-01-11
72181 Setup a dedicated mediawiki host in Beta Cluster that we can use for security scanning Security Other resolved 2017-01-02 2017-09-26
76563 A direct way to submit a security report as a private task Security Other resolved 2017-01-02 2016-03-13
85862 Make iSec assessment public Security Other resolved 2017-01-02 2015-05-06
86049 Security recommendations for new services Security Other resolved 2017-01-02 2015-05-07
88393 Store unsampled API and XFF logs Security Other resolved 2017-01-02 2015-05-23
95714 Allow the production cluster to access *.wmflabs.org IPs Security Other resolved 2017-01-02 2017-01-23
97653 Give Mark Holmquist security task access Security Other resolved 2017-01-02 2015-08-20
97897 Incorrect parsing of IPs for global block Security Other resolved 2017-01-02 2016-01-24
98255 Security planning for Community Tech Security Other resolved 2017-01-02 2015-07-01
98256 Security planning for Infrastructure Security Other resolved 2017-01-02 2015-07-01
98258 Security planning for Analytics Security Other resolved 2017-01-02 2015-07-01
98259 Security planning for Release Engineering Security Other resolved 2017-01-02 2015-07-01
98260 Security planning for Services Security Other resolved 2017-01-02 2015-07-01
98261 Security planning for Ops Security Other resolved 2017-01-02 2015-07-01
99680 Login screen should have a display password checkbox Security Other resolved 2017-01-02 2015-08-29
102649 Ex:WikibaseQuality - Needs to escape output by default Security Other resolved 2017-01-02 2015-06-23
103633 Ex:WikibaseQualityExternalValidation - SpecialExternalDbs escape or don't use raw cells Security Other resolved 2017-01-02 2015-06-24
103905 Ex:WikibaseQualityExternalValidation - rate limit Special:CrossCheck Security Other resolved 2017-01-02 2015-06-29
104147 can we get rid of rsvg security patch? Security Other resolved 2017-01-02 2016-02-02
104370 Strengthen password policy for Staff Security Other resolved 2017-01-02 2015-12-17
104371 Strengthen password policy for Stewards Security Other resolved 2017-01-02 2017-01-11
104372 Strengthen password policy for Ombudsmen Security Other resolved 2017-01-02 2016-10-31
104373 Strengthen password policy for Checkusers Security Other resolved 2017-01-02 2016-10-31
104615 Some account creations causing exceptions Security Other resolved 2017-01-02 2015-11-04
104913 Improve RESTBase CSP headers: use 'self' instead of *, allow inline styles for sanitized content Security Other resolved 2017-01-02 2015-07-31
105251 Deploy automated dynamic scanning of MediaWiki in beta Security Other resolved 2017-01-02 2015-10-13
105533 Security Roadmap July - Sept 2015 (Q1 2015/2016) Security Other resolved 2017-01-02 2016-01-06
105690 Support 2fa in keystone/horizon Security Other resolved 2017-01-02 2016-04-02
107605 Support two-factor authentication on CentralAuth wikis Security Other resolved 2017-01-02 2017-04-16
108138 Sysops can undelete pages, although the page is protected against it Security Other resolved 2017-01-02 2017-04-17
109002 Add EBernhardson to Security group Security Other resolved 2017-01-02 2015-08-13
110072 Security Review of Revscoring Security Other resolved 2017-01-02 2016-01-21
110617 Goal: Implement static code analysis for security Security Other resolved 2017-01-02 2017-08-15
112792 Security review for cross-wiki aspects of Echo notifications Security Other resolved 2015-10-02 2016-05-04
115095 Security review of Newsletter extension Security Other resolved 2017-01-02 2017-06-26
117899 XSS from wikitext when $wgArticlePath='$1' Security Other resolved 2017-01-02 2015-12-18
119478 security review 15.wikipedia/annual2015 code review Security Other resolved 2017-01-02 2016-01-14
120212 Security review of EventBus extension Security Other resolved 2017-01-02 2017-07-12
121046 Automatically submit weekly core deployment branch (+skins, +vendor) to Veracode Security Other resolved 2017-01-02 2016-01-06
121355 Sometimes Citoid API returns null authors when using format mediawiki Security Other resolved 2017-01-02 2016-01-21
122164 Better limitation on number of password guesses people can make Security Other resolved 2017-01-02 2016-12-11
122940 Update / repackage openvas Security Other resolved 2017-01-02 2016-02-11
124421 Response to api.php?action=login on Wikimedia wikis has some seriously sick Set-Cookie headings Security Other resolved 2017-01-02 2016-01-26
125290 CentralAuthUser::validateAuthToken should use constant-time string comparison Security Other resolved 2017-01-02 2016-12-15
126544 Update openvas-manager 6.0.7 package for gnutls issue Security Other resolved 2017-01-02 2016-02-11
126685 Globally throttle password attempts Security Other resolved 2017-01-02 2016-04-20
130233 [Review] using Wheels for deployment (signing?) Security Other resolved 2017-01-02 2017-06-28
130649 Procure *.tools.wmflabs.org certificate Security Other resolved 2017-01-02 2017-02-22
130695 ACL configuration for url-downloader.wikimedia.org allowing upload.wikimedia.org Security Other resolved 2017-01-02 2016-08-27
130740 Additional error handling needed in OATHAuthHooks::schemaUpdateOldUsers Security Other resolved 2017-01-02 2017-05-19
130741 Back button allows access to scratch tokens and previously submitted token immediately after two-factor enrollment Security Other resolved 2017-01-02 2016-04-08
130892 wikitech 2fa provisioning form does so without confirmation Security Other resolved 2017-01-02 2016-10-03
131420 Install Ex:OATH to beta Security Other resolved 2017-01-02 2016-04-14
132929 Review TWL OAuth implementation Security Other resolved 2017-01-02 2016-05-12
133070 MediaWiki 1.27.1 security release Security Other resolved 2017-01-02 2017-03-20
134313 redis-openvas on Bismuth is broken due to missing /var/run/redis Security Other resolved 2017-01-02 2016-05-04
134863 Reflected XSS in GlobalGroupPermissions Security Other resolved 2017-01-02 2017-07-20
138650 provide ganeti VM for security team sectools Security Other resolved 2017-09-06 2017-09-11
140591 MediaWiki 1.28.1/1.27.2/1.23.16 security release Security Other resolved 2017-04-07 2017-04-06
146768 Possible access to security locked tasks? Security Other resolved 2017-01-02 2016-09-27
150029 Create cronjob for regular captcha regeneration Security Other resolved 2017-01-02 2017-02-09
150807 Add 'interface-editors' to the list of users who can enable OATHAuth on WMF wikis Security Other resolved 2017-01-02 2016-11-16
150925 Enable 2FA for wikidata-staff on wikidatawiki Security Other resolved 2017-01-02 2016-11-29
151209 Resetting 2FA for my wiki-account Security Other resolved 2017-01-02 2016-11-21
153487 Add user group to wikitech granting the oathauth-api-all right Security Other resolved 2017-01-02 2017-03-04
158119 Add Security.md to MediaWiki Core? Security Other resolved 2017-02-15 2017-10-03
159085 [Security] Improve data attribute naming to avoid forge Security Other resolved 2017-02-27 2017-04-02
159519 Investigate security concerns on enabling OAuth or BotPasswords for stewardwiki Security Other resolved 2017-03-06 2017-07-17
161997 Write Release Announcements for MediaWiki 1.28.1/1.27.2/1.23.16 Security Other resolved 2017-04-07 2017-04-06
166229 Mediawiki replies with 500 on wrongly formatted CSP report Security Other resolved 2017-05-25 2017-06-06
169656 Security Review of Recommendation API - take #2 Security Other resolved 2017-07-05 2017-08-02
170927 Make wbqc_constraints table available on Quarry et al. Security Other resolved 2017-07-19 2017-08-25
178052 pagetranslation log_type missing on replicas Security Other resolved 2017-10-13 2017-10-22
109082 Goal: Privacy support for Analytics - UniqueID's, Pagecount API Done open 2017-01-02 2016-08-13
109083 Goal: Support legal during rollout of email encryption initiative Done open 2017-01-02 2016-08-13
109086 Goal: Security engineering support for FrTech PCI Done open 2017-01-02 2016-08-13
1286 Aphlict security review Done resolved 2017-01-02 2015-11-18
90115 BlazeGraph Security Review Done resolved 2017-01-02 2017-07-14
91850 No rate limits on uploading files Done resolved 2017-01-02 2015-10-16
93846 [draft] Security Roadmap April - June 2015 (Q4 2014/2015) Done resolved 2017-01-02 2015-10-13
94774 Password policies by group Done resolved 2017-01-02 2016-10-18
98246 Initial risk assessment of engineering groups Done resolved 2017-01-02 2015-07-10
98251 Security planning for Fundraising Tech Done resolved 2017-01-02 2015-07-01
98252 Security planning for Reading (Infrastructure & Engineering) Done resolved 2017-01-02 2015-07-01
98253 Security planning for Editing Done resolved 2017-01-02 2015-07-01
98254 Security planning for Search & Discovery Done resolved 2017-01-02 2015-07-01
99086 Add composer/semver 0.1.0 to mediawiki/vendor Done resolved 2017-01-02 2015-10-13
99352 Security review of Wikibase-Quality Done resolved 2017-01-02 2015-06-25
99355 Security review of Wikibase-Quality-Constraints - v1 branch Done resolved 2017-01-02 2015-06-25
100413 "You are centrally logged in." toast on every page view on commons Done resolved 2017-01-02 2016-12-15
103022 OAuth IP restrictions only apply to Special:OAuth/initiate, not to general API requests Done resolved 2017-01-02 2015-10-16
103023 API requests don't get validated if signed by the correct OAuth consumer Done resolved 2017-01-02 2016-09-09
103185 Security review of kzykhys/pygments Done resolved 2017-01-02 2015-10-13
103391 Reflected XSS vulnerabilities in Semantic Forms Done resolved 2017-01-02 2015-10-13
105051 Security review of Maps service Done resolved 2017-01-02 2015-11-07
105246 Document automated scanning requirements and goals Done resolved 2017-01-02 2015-10-13
105247 Consider Burp Proxy as option for headless automated scanning Done resolved 2017-01-02 2015-10-13
105248 Consider Zed Attack Proxy as option for headless automated scanning Done resolved 2017-01-02 2015-10-13
105249 Consider Arachni as option for headless automated scanning Done resolved 2017-01-02 2015-10-13
105250 Build new server image on labs for automated scanning Done resolved 2017-01-02 2015-10-13
105534 Document and report initial metrics for security bug handling Done resolved 2017-01-02 2015-10-13
107231 Security review of Ex:PageBanner Done resolved 2017-01-02 2015-08-05
108616 Local path disclosure when using ImageMagick as a scaler Done resolved 2017-01-02 2015-10-17
108893 Security training Logistics Done resolved 2017-01-02 2015-10-13
109023 Security review of the MobileApps service Done resolved 2017-01-02 2016-01-25
109384 Security review of apache/avro and nmred/kafka-php Done resolved 2017-01-02 2015-09-09
109638 Page categorization logs expose user's IP Done resolved 2017-01-02 2017-02-01
110432 please add Platonides to WMF-NDA Done resolved 2017-01-02 2015-10-13
111587 Access to security bugs for Platonides Done resolved 2017-01-02 2015-10-13
112329 Security review for oyejorge/less.php Done resolved 2017-01-02 2015-09-30
112950 Security review for UrlShortener extension Done resolved 2017-01-02 2015-10-22
113076 Secure Code Training for FrTech: Fall 2015 Done resolved 2017-01-02 2015-10-13
114341 Security review for GPGMail Done resolved 2017-01-02 2016-04-05
114414 Thumbor Security Review Done resolved 2017-01-02 2016-04-05
123558 Security review for TextCat library Done resolved 2017-01-02 2016-02-11
123592 Security review for WikimediaPageViewInfo extension Done resolved 2017-01-02 2016-03-11
123594 Security review of the ImageTweaks extension ahead of production deployment Done resolved 2017-01-02 2017-06-27
124943 Security review for Gadgets 2.0 Done resolved 2017-01-02 2016-05-18
129426 Security review of json-schema Done resolved 2017-01-02 2016-06-29
129609 Security review for MediaWiki extension UploadsLink Done resolved 2017-01-02 2016-04-22