Active Tasks By Project

Project: Security

Switch to All Tasks 17 Phabricator task(s).

Phabricator Link	Wiki Link	Status	Priority	Author	Assignee	Projects	Subtasks	Parent Tasks
T121240	T121240: Network isolation for production and semi-production services	open	Medium (orange)	GWicke (Gabriel Wicke)		Security SRE (Acknowledged)
T140813	T140813: Protect sensitive user-related information with a UserData / auth / session service	open	Medium (orange)	GWicke (Gabriel Wicke)		Security Services (next) Platform Team Legacy (Later) SRE (Acknowledged) Services-next (Backlog) Product-Infrastructure-Team-Backlog (Tracking)	T137272: Create BagOStuff subclass for HTTP T120484: Create password-authentication service for use by CentralAuth
T152972	T152972: Accessing private information through SecurePoll should be logged	open	Needs Triage (violet)	Huji (Huji Lee)		Platform Engineering (Icebox) Security Stewards-and-global-tools (Low priority) MediaWiki-extensions-SecurePoll (Backlog)	T271276: Log when admins access voter data in SecurePoll
T169328	T169328: Protect against PHP code execution via memcached/unserialize	open	Medium (orange)	daniel (Daniel Kinzler)	daniel (Daniel Kinzler)	MW-1.37-notes (1.37.0-wmf.3; 2021-04-27) Platform Team Workboards (Clinic Duty Team) (Waiting for Review) MediaWiki-Cache (libs/objectcache) Security Patch-For-Review		T274189: Remove usage of PHP serialization from WANObjectCache
T189641	T189641: Service for checking the Pwned Passwords database	open	Low (yellow)	Tgr (Gergő Tisza)		Platform Team Legacy (Watching / External) MediaWiki-Authentication-and-authorization (Backlog) Services (watching) MediaWiki-User-login-and-signup (Backlog) SecTeam-Processed (Completed) Security WMF-Legal (Backlog) User-Tgr (Next)
T208188	T208188: RFC: Partial opt-out method for Content security policy	open	Medium (orange)	Bawolff (Brian Wolff)		Security-Team-Services (Privacy Engineering) (Watching) Platform Team Workboards (Clinic Duty Team) (External Code Review Completed) TechCom-RFC (P2: Resource) TechCom (Watching) Security-Team (Watching) Patch-For-Review ContentSecurityPolicy (MediaWiki) Security		T135963: Add support for Content-Security-Policy (CSP) headers in MediaWiki
T236701	T236701: Consider enforcing read permissions at the storage layer	open	Medium (orange)	daniel (Daniel Kinzler)		Security MediaWiki-User-management (User rights) Platform Team Workboards (MW Expedition) (Authority pile)
T241039	T241039: Create an API for sending yourself an arbitrary HTML email	open	Medium (orange)	Tgr (Gergő Tisza)		Security MediaWiki-Email (Backlog) MediaWiki-API (Needs details or plan)
T255370	T255370: Document best practices for user login if user is using 2FA	open	Low (yellow)	Reedy (Sam Reed)		Platform Team Initiatives (API Gateway) Documentation (Backlog) MediaWiki-Documentation Security MediaWiki-Authentication-and-authorization (Backlog) MediaWiki-extensions-OATHAuth (Backlog)
T256535	T256535: Same-Origin policy prevents reading HTML pages cross-origin	open	Medium (orange)	dbarratt (David Barratt)		Platform Team Workboards (External Code Reviews) (External Code Review Needed) Patch-For-Review Security MediaWiki-General
T258322	T258322: Open redirect in wikis that use http://domain.tld/index.php format	open	Low (yellow)	Reedy (Sam Reed)		Platform Engineering (Tracking/Watching) Vuln-OpenRedirect (Tracked) MediaWiki-General SecTeam-Processed (Completed) Security
T261050	T261050: Frequent "Invalid CSRF token" errors on Wikimedia projects using Pywikibot since August 2020	open	High (red)	Multichill (Maarten Dammers)		Pywikibot (Backlog) Security MediaWiki-API (Unsorted) Platform Engineering (Tracking/Watching)
T263220	T263220: Limit concurrency of DPL queries	open	High (red)	Urbanecm		Vuln-DoS (Tracked) Sustainability (Incident Followup) Platform Team Workboards (Clinic Duty Team) (Later) Performance Issue PoolCounter (Backlog) DynamicPageList (Wikimedia) (Backlog) MW-1.36-notes (1.36.0-wmf.18; 2020-11-17) SRE (Backlog) serviceops (Incoming 🐫) Slow-DB-Query SecTeam-Processed (Completed) Security Patch-For-Review	T266775: Stalls on db1075 (s3) replica db
T263927	T263927: MediaWiki user and password fields should have the proper autocomplete value	open	Needs Triage (violet)	Tgr (Gergő Tisza)		MW-1.36-notes (1.36.0-wmf.20; 2020-12-01) Platform Team Workboards (External Code Reviews) (External Code Review Completed) Security MediaWiki-User-login-and-signup (Backlog)	T150983: Support arbitrary autocomplete values in OOUI\TextInputWidget
T284274	T284274: action=history with a high limit like >= 2000, can be slow and might timeout	open	Needs Triage (violet)	Legoktm (Legoktm)		Performance-Team (Radar) (Perf recommendation) Platform Team Workboards (Clinic Duty Team) (Later) Security Security-Team (Watching) Patch-For-Review Vuln-DoS (Tracked) Performance-Team-publish (Consider write up) MediaWiki-Page-history (Backlog)
T32018	T32018: Require some user groups to have a periodically confirmed valid email address	open	Lowest (sky)	bzimport (bugzilla import bot)		Platform Engineering (Feature Requests to Review) Security MediaWiki-User-management (User rights)
T6845	T6845: CAPTCHA doesn't work for people with visual impairments	open	Medium (orange)	tstarling (Tim Starling)	DrMel (Dr Mel Ganus (z))	WCAG-Level-A Platform Engineering (Inbox) Security Readers-Web-Backlog (Tracking) ConfirmEdit (CAPTCHA extension) (Backlog) Accessibility (Aural / Screen readers) Design (Incoming)