Tasks By Project

Project: MediaWiki-User-management

Switch to Active Tasks 153 Phabricator task(s).

Phabricator Link	Wiki Link	Status	Priority	Projects	Subtasks	Parent Tasks
T110620	T110620: Make User::newFromId(0) not return current user's IP	open	Medium (orange)	Privacy MediaWiki-User-management (Other) Sustainability (Incident Followup) Platform Team Workboards (MW Expedition) (Unsorted pile)
T152462	T152462: Add cookie when blocking anonymous users	resolved	Low (yellow)	MediaWiki-User-management (User blocking) Anti-Harassment (AHT Sprint 21/22) (Done) MW-1.32-notes (WMF-deploy-2018-05-29 (1.32.0-wmf.6)) Trust-and-Safety (Security/Abuse) Patch-For-Review	T196121: Enable set cookie with IP/IP-Range blocks when blocking logged-out users on itwiki T195930: Enable set cookie with IP/IP-Range blocks when blocking logged-out users T192016: Release anon cookie blocking on test.wikipedia.org T191542: Implement event logging for IP cookie blocks to make sure it's working reasonably T192017: Enable anon cookie blocking on all Wikimedia wikis	T196575: Add block cookie for browser-based API edits (including VisualEditor & MobileFrontend)
T159299	T159299: Deprecate and remove $wgUser	open	Medium (orange)	Technical-Debt (Deprecation process) (Not yet) Epic MediaWiki-User-management (Other) Platform Team Workboards (Epics) (Epic Backlog) User-DannyS712 (Projects) MW-1.35-notes (1.35.0-wmf.26; 2020-03-31)	T218555: Provide access to WebRequest and associated information via a service object T243003: Create method to temporarily override contextuser / wgUser T243004: RequestContext setUser should also set wgUser T244452: Add global $wgUser to DeprecatedGlobalVariablesSniff T243708: Mediawiki core needs uses of global $wgUser removed T243371: Non-gerrit extensions that need uses of global $wgUser removed &#91 tracking&#93 T245959: WMF deployed extensions need uses of global $wgUser removed &#91 tracking&#93 T247793: Non-WMF deployed extensions need uses of global $wgUser removed &#91 tracking&#93 T267861: &#91 GOAL&#93 Emit deprecation warnings reading from $wgUser
T185948	T185948: Update web UI for increased comment length	resolved	Needs Triage (violet)	MediaWiki-Page-editing (Backlog) User-notice (Already announced/Archive) MW-1.31-release-notes (WMF-deploy-2018-03-06 (1.31.0-wmf.24)) MediaWiki-Page-protection (Backlog) MediaWiki-User-management (Backlog) Patch-For-Review User-Ryasmeen (To be Verified) MediaWiki-Comment-store VisualEditor (To Triage) MediaWiki-Page-deletion	T180497: OO.ui.TextInputWidget's maxLength option limits by UTF-16 code units, not characters as documented	T6715: Allow comments longer than 255 bytes
T192016	T192016: Release anon cookie blocking on test.wikipedia.org	resolved	Needs Triage (violet)	Anti-Harassment (AHT Sprint 21/22) (Done) MediaWiki-User-management (User blocking)		T152462: Add cookie when blocking anonymous users
T192017	T192017: Enable anon cookie blocking on all Wikimedia wikis	resolved	Medium (orange)	Anti-Harassment (AHT Sprint 25) (Done) MediaWiki-User-management (User blocking) Patch-For-Review		T152462: Add cookie when blocking anonymous users
T193980	T193980: Write a global function to help assign rights to a user group	open	Medium (orange)	MediaWiki-User-management (User rights) Patch-Needs-Improvement Platform Team Workboards (External Code Reviews) (External Code Review In Progress) MediaWiki-General
T196575	T196575: Add block cookie for browser-based API edits (including VisualEditor & MobileFrontend)	resolved	Medium (orange)	Platform Team Workboards (Clinic Duty Team) (External Code Review Completed) Patch-For-Review MW-1.35-notes (1.35.0-wmf.2; 2019-10-15) Anti-Harassment (The Letter Song) (Done (2019-20: Q2)) MediaWiki-User-management (User blocking)	T233594: Allow cookie-block tracking from any uncached web request T152462: Add cookie when blocking anonymous users	T233597: Refactor ApiMain to use OutputPage::sendCacheControl
T199540	T199540: Forbid blocking IP ranges as big as /1 and /2, as done on ruwikiquote using the API	resolved	Needs Triage (violet)	MW-1.27-release-notes MediaWiki-User-management (Backlog) MW-1.32-notes (Backlog) MediaWiki-API (Needs Code) Security Platform Engineering (Needs Cleaning - Security, stability, performance, and scalability (TEC1)) MW-1.33-notes MW-1.30-release-notes Patch-For-Review Platform Team Workboards (Done with CPT) MW-1.34-notes (1.34.0-wmf.10; 2019-06-18) MW-1.31-release-notes
T200938	T200938: Special:CentralAuth should provide the same blocking information as Special:BlockList does	resolved	Medium (orange)	MW-1.35-notes (1.35.0-wmf.5; 2019-11-05) Patch-For-Review MediaWiki-User-management (User blocking) Anti-Harassment (The Letter Song) (Done (2019-20: Q2)) Platform Team Workboards (Clinic Duty Team) (External Code Review Completed) MediaWiki-extensions-CentralAuth (Feature requests) Stewards-and-global-tools (Untriaged)	T226657: Add a mechanism to determine if a namespace is a default MW namespace T229613: CentralAuth tests are broken
T206954	T206954: Enable wgRelevantUserName for IP ranges	open	Needs Triage (violet)	MediaWiki-User-management (Other) MW-1.36-notes (1.36.0-wmf.25; 2021-01-05) MediaWiki-Special-pages (To triage)
T207217	T207217: ActorMigration.php: PHP Warning: Invalid argument supplied for foreach (via SpecialNewFiles)	resolved	High (red)	Wikimedia-production-error (Older) Platform Team Workboards (Clinic Duty Team) (Done) MediaWiki-Special-pages (Multimedia-related) MW-1.35-notes (1.35.0-wmf.10; 2019-12-10) MediaWiki-User-management (Other) User-xSavitar (Under Review)
T208472	T208472: Block::getTarget() can return a User object or a string that is an invalid user name	resolved	Needs Triage (violet)	TechCom (Watching) MediaWiki-User-management (User blocking) Anti-Harassment (AHT Sprint 33) (Done) MW-1.33-notes (1.33.0-wmf.6; 2018-11-27) Platform Team Workboards (Done with CPT) Platform Engineering (Needs Cleaning - Security, stability, performance, and scalability (TEC1))
T208768	T208768: Create a PermissionManager service	resolved	Medium (orange)	Platform Engineering (Decoupling (CDP2)) Platform Team Workboards (S&F Workboard) (Done) MediaWiki-User-management (Backlog) Anti-Harassment (Tracking work by others) MediaWiki-Authentication-and-authorization (Backlog)		T208764: Remove cyclic dependency between Title and User classes T218558: Move User::getRights and related methods into PermissionManager T220191: Remove calls to deprecated methods in Title and User with calls to the new PermissionManager service.
T212851	T212851: Confusing error for OAuth consumers with rollback but not edit grant	open	Needs Triage (violet)	MediaWiki-API (Non-core-API stuff) MediaWiki-extensions-OAuth (Backlog) MediaWiki-User-management (User rights)
T216200	T216200: includes/specials/pagers/ActiveUsersPager.php: PHP Notice: Undefined index: dir	resolved	Unbreak Now! (pink)	Platform Engineering (Needs Cleaning - Security, stability, performance, and scalability (TEC1)) Wikimedia-production-error (Resolved) MediaWiki-User-management (User list) MW-1.33-notes (1.33.0-wmf.17; 2019-02-12)
T218558	T218558: Move User::getRights and related methods into PermissionManager	resolved	Medium (orange)	MediaWiki-User-management (User rights) Platform Engineering (Decoupling (CDP2)) Platform Team Workboards (S&F Workboard) (Done)	T208768: Create a PermissionManager service	T208764: Remove cyclic dependency between Title and User classes T220191: Remove calls to deprecated methods in Title and User with calls to the new PermissionManager service. T223295: Make PermissionManager aware of the current user's session.
T218674	T218674: User::getRights() applies session rights restrictions to non-session users	open	Medium (orange)	Platform Team Workboards (MW Expedition) (Authority pile) MediaWiki-User-management (User rights) MediaWiki-API (Non-core-API stuff)	T231930: Introduce Authority objects to represent the user performing a given action T271463: Refactor PermissionManager into Authority &#91 hard&#93
T219441	T219441: Introduce a BlockManager service for getting and combining the blocks that apply to a user/IP	resolved	Medium (orange)	MW-1.34-notes (1.34.0-wmf.4; 2019-05-07) Anti-Harassment (Yōd - י) (Done) Platform Team Legacy (Watching / External) MediaWiki-User-management (User blocking)		T208764: Remove cyclic dependency between Title and User classes T225011: Clean up code related to blocking
T219684	T219684: BlockRestriction should be a service instead of a singleton	resolved	Medium (orange)	MediaWiki-User-management (User blocking) Patch-For-Review MW-1.33-notes MW-1.34-notes (1.34.0-wmf.3; 2019-04-30) Anti-Harassment (Teth - ט) (Done) Technical-Debt (Unsorted)		T221722: ApiQueryBlocks should not be aware of the container
T221444	T221444: Partially blocked users cannot tag revisions on unrelated pages, nor add, deactive or delete tags	resolved	Medium (orange)	MediaWiki-Change-tagging (Backlog) Anti-Harassment (The Letter Song) (Done (2019-20: Q2)) MW-1.34-notes (1.34.0-wmf.23; 2019-09-17) Platform Team Workboards (Clinic Duty Team) (External Code Review Completed) MediaWiki-User-management (User blocking)	T228948: PermissionManager::isBlockedFrom() can return true even if the user does not have a block
T222380	T222380: Decide how to represent the identity of users from another wiki.	resolved	Medium (orange)	MediaWiki-User-management (Other) Platform Team Workboards (MW Expedition) (Waiting for Review)		T260933: Make UserIdentity objects aware of which wiki they belong to
T222598	T222598: NamespaceInfo::getRestrictionLevels() does not correctly handle namespace restrictions that require more than one permission	resolved	Needs Triage (violet)	MediaWiki-General Platform Engineering (Needs Cleaning - Security, stability, performance, and scalability (TEC1)) Platform Team Workboards (Done with CPT) Security-Team (Our Part Is Done) MediaWiki-User-management (Backlog) MediaWiki-Page-protection (Backlog) MW-1.34-notes (1.34.0-wmf.7; 2019-05-28)
T222720	T222720: NamespaceInfo::getRestrictionLevels does not correctly handle group permissions	duplicate	Needs Triage (violet)	Security-Team (Our Part Is Done) MediaWiki-User-management (Backlog) MediaWiki-Page-protection (Backlog) Platform Engineering (Inbox)
T222737	T222737: Refactor Block to AbstractBlock, DatabaseBlock and SystemBlock	resolved	Medium (orange)	Patch-For-Review Anti-Harassment (Lāmed - ל) (Done) MW-1.34-notes (1.34.0-wmf.5; 2019-05-14) MediaWiki-User-management (User blocking)		T225011: Clean up code related to blocking
T223099	T223099: Factor code for handling for options (preferences) out of User class	open	Needs Triage (violet)	MediaWiki-User-management (Other) Platform Team Workboards (S&F Workboard) (Backlog) Platform Team Initiatives (Decoupling (CDP2)) (Backlog) Wikimedia-Hackathon-2019 (Projects) MediaWiki-User-preferences	T248527: Create UserOptionsManager T250822: Factor user options definitions out of PreferencesFactory
T224423	T224423: Factor user group management out of the User object	open	Needs Triage (violet)	MediaWiki-User-management (User rights) Platform Team Initiatives (Decoupling (CDP2)) (Backlog)
T225141	T225141: Move cookie-related logic from User and Block to BlockManager	resolved	Needs Triage (violet)	Anti-Harassment (Lāmed - ל) (Done) MediaWiki-User-management (User blocking) MW-1.34-notes (1.34.0-wmf.10; 2019-06-18)		T225011: Clean up code related to blocking
T225469	T225469: Create maintenance script for bad actor data cleanup	open	Needs Triage (violet)	Wikimedia-database-error (Bad data & Corruption) Platform Team Initiatives (Decoupling (CDP2)) (Backlog) MediaWiki-User-management (Other)
T226926	T226926: Investigate separate user right for creating pages with custom content models	resolved	Needs Triage (violet)	User-DannyS712 (Otherwise closed) MediaWiki-ContentHandler MediaWiki-User-management (User rights)
T227005	T227005: Don't require that the blocker be a User for a SystemBlock	resolved	Medium (orange)	Patch-For-Review Anti-Harassment (The Letter Song) (Done (2019-20: Q2)) MediaWiki-User-management (User blocking)	T236814: Improve blocker information on mobile block error message drawer	T225011: Clean up code related to blocking
T227007	T227007: Reasons and blockers for SystemBlocks should not be stored as translated messages	resolved	Needs Triage (violet)	MW-1.35-notes (1.35.0-wmf.3; 2019-10-22) Anti-Harassment (The Letter Song) (Done (2019-20: Q2)) Platform Team Workboards (Clinic Duty Team) (External Code Review In Progress) MediaWiki-User-management (User blocking)
T227656	T227656: action=history shows "username removed" for anonymous editors on mediawiki.org instead of IP addresses	resolved	Unbreak Now! (pink)	MW-1.34-notes (1.34.0-wmf.13; 2019-07-09) MediaWiki-Page-history (Backlog) MediaWiki-Page-diffs (Backlog) Platform Engineering (Revision Storage Schema Improvements) MediaWiki-User-management (Backlog)
T227733	T227733: Draft: Masking IP addresses for increased privacy	declined	Needs Triage (violet)	MediaWiki-User-management (Other) Platform Team Workboards (Initiatives) (Later) Privacy Security-Team-Services (Privacy Engineering) (Watching) Anti-Harassment (Untriaged)
T227739	T227739: Contention on User::getActorId ?	open	Low (yellow)	Platform Engineering (Icebox) Wikimedia-database-error (Query) Wikimedia-production-error (Older) MediaWiki-User-management (Other)
T228025	T228025: Translate sandbox signup is broken	resolved	High (red)	MediaWiki-extensions-Translate (Backlog) MW-1.34-notes (1.34.0-wmf.19; 2019-08-20) affects-translatewiki.net (Backlog) Language-Team (Language-2019-July-September) (Done) Platform Team Workboards (Clinic Duty Team) (Done) MediaWiki-User-management (User rights)
T228077	T228077: Migrate ipblocks to actor table	declined	Lowest (sky)	MediaWiki-User-management (User blocking) Platform Engineering (Tracking/Watching) Platform Team Workboards (Clinic Duty Team) (Done)
T228286	T228286: LocalFile.php: Call to a member function getName() on a non-object (null)	duplicate	Unbreak Now! (pink)	MediaWiki-API (Unsorted) Multimedia (Untriaged) MediaWiki-File-management (Backlog) Platform Engineering (Inbox) Commons (Incoming) MediaWiki-User-management (Backlog) Wikimedia-production-error (Jul2019/1.34.wmf.13+)
T228486	T228486: Partially blocked users cannot delete revisions	resolved	Medium (orange)	Anti-Harassment (The Letter Song) (Done (2019-20: Q2)) MW-1.34-notes (1.34.0-wmf.23; 2019-09-17) Technical-Debt (Unsorted) Platform Team Workboards (Clinic Duty Team) (External Code Review Completed) MediaWiki-User-management (User blocking) MediaWiki-API (Needs Review) Patch-For-Review	T228948: PermissionManager::isBlockedFrom() can return true even if the user does not have a block
T228948	T228948: PermissionManager::isBlockedFrom() can return true even if the user does not have a block	resolved	Needs Triage (violet)	Anti-Harassment (The Letter Song) (Done (2019-20: Q2)) MediaWiki-User-management (User blocking) MW-1.34-notes (1.34.0-wmf.22; 2019-09-10)		T221444: Partially blocked users cannot tag revisions on unrelated pages, nor add, deactive or delete tags T228486: Partially blocked users cannot delete revisions T229692: Use GetUserBlockComplete hook instead of GetBlockedStatus in TorBlock extension
T229035	T229035: Deprecate 'GetBlockedStatus' hook and reduce visibility of User::mBlock, User::mBlockedBy and User::mHideName	resolved	Needs Triage (violet)	Anti-Harassment (The Letter Song) (Done (2019-20: Q2)) Patch-For-Review MW-1.34-notes (1.34.0-wmf.23; 2019-09-17) MW-1.35-notes (1.35.0-wmf.4; 2019-10-29) MediaWiki-User-management (User blocking)	T229692: Use GetUserBlockComplete hook instead of GetBlockedStatus in TorBlock extension	T221067: Move block-related methods on User to the BlockManager
T229692	T229692: Use GetUserBlockComplete hook instead of GetBlockedStatus in TorBlock extension	resolved	Needs Triage (violet)	Anti-Harassment (The Letter Song) (Done (2019-20: Q2)) MW-1.34-notes (1.34.0-wmf.21; 2019-09-03) MediaWiki-extensions-TorBlock (Backlog) MediaWiki-User-management (User blocking) Patch-For-Review	T228948: PermissionManager::isBlockedFrom() can return true even if the user does not have a block	T229035: Deprecate 'GetBlockedStatus' hook and reduce visibility of User::mBlock, User::mBlockedBy and User::mHideName
T230822	T230822: Include `dnsblacklist` in logs	resolved	Medium (orange)	Wikimedia-Site-requests (Blocked on development) MediaWiki-User-management (User blocking) MW-1.34-notes (1.34.0-wmf.23; 2019-09-17) MediaWiki-Debug-Logger Platform Team Workboards (Clinic Duty Team) (External Code Review Completed) User-Urbanecm (Blocked on others)
T231930	T231930: Introduce Authority objects to represent the user performing a given action	open	Medium (orange)	Platform Team Initiatives (Decoupling (CDP2)) (Backlog) User-Daniel (Inbox) MediaWiki-User-management (Other) Epic Platform Team Workboards (MW Expedition) (Doing)	T261963: Spike to explore Authority concept, implementation, and migration T271466: Authority and JSON serialization T271465: Use Authority in EditPage T271463: Refactor PermissionManager into Authority &#91 hard&#93 T271462: Experiment with converting action API modules to Authority T271460: Authority should be available via IContextSource T271494: Expose information about user blocks via Authority and PermissionStatus T271504: PermissionsError should be instantiatable with PermissionStatus returned by Authority T271837: Convert PreferencesFactory to Authority &#91 hard&#93 T271975: Convert EditPage to Authority T272039: Convert BlockPermissionChecker and BlockPermissionCheckerFactory to use Authority T272519: Implement private wiki read permission in a way that works with Authority T274947: Rename Authority::getActor to Authority::getPerformer T275504: Convert MovePage to Authority T275508: Convert ApiCheckCanExecute hook to Authority T275507: Convert ChangeTags to Authority T275768: Mark Authority as stable	T218674: User::getRights() applies session rights restrictions to non-session users
T232021	T232021: Add some way to technically distinguish partial blocks and full blocks	resolved	Medium (orange)	MW-1.34-notes (1.34.0-wmf.24; 2019-09-24) MediaWiki-User-management (User blocking) Platform Team Workboards (Clinic Duty Team) (Done) Anti-Harassment (Tracking work by others) MediaWiki-API (Needs Review)
T232169	T232169: Deprecate `wgSysopEmailBans`	resolved	Medium (orange)	MW-1.35-notes (1.35.0-wmf.5; 2019-11-05) User-DannyS712 (Resolved (deprecation)) Platform Team Workboards (Clinic Duty Team) (External Code Review Completed) MW-1.34-notes Technical-Debt (Deprecation process) (Untriaged) MediaWiki-User-management (User rights)
T232568	T232568: Special:UserRights exposes the existence of hidden users (CVE-2020-25813)	resolved	High (red)	Security MediaWiki-User-management (User list) Vuln-Infoleak MW-1.35-notes MW-1.34-notes Security-Team (In Progress) User-DannyS712 (Awaiting review and deployment)
T232763	T232763: Allow setting a block that can be removed by the blocked user	declined	Low (yellow)	MediaWiki-User-management (User blocking) Platform Engineering (Feature Requests to Review) User-DannyS712 (Archive)
T232940	T232940: Allow automatic deletion during page move of redirect pages with multiple redirect-only revisions	duplicate	Medium (orange)	MediaWiki-User-management (User rights) MediaWiki-Page-deletion MediaWiki-Redirects (General) Platform Engineering (Feature Requests to Review)
T233594	T233594: Allow cookie-block tracking from any uncached web request	resolved	High (red)	MW-1.35-notes (1.35.0-wmf.1; 2019-10-08) Anti-Harassment (The Letter Song) (Done (2019-20: Q2)) MediaWiki-User-management (User blocking) Platform Team Workboards (Clinic Duty Team) (External Code Review Completed) Performance-Team (Radar) (Watching)		T196575: Add block cookie for browser-based API edits (including VisualEditor & MobileFrontend)
T234921	T234921: Factor group membership management out of User class	open	Medium (orange)	MW-1.35-notes (1.35.0-wmf.39; 2020-06-30) MW-1.36-notes (1.36.0-wmf.12; 2020-10-05; NEVER DEPLOYED) Platform Team Workboards (MW Expedition) (Blocked) Platform Team Initiatives (Decoupling (CDP2)) (Backlog) MediaWiki-User-management (User rights)	T252621: Move Autopromotion logic to UserGroupManager service T254282: Reuse cached values for higher queryFlags in UserGroupManager if possible T254822: CentralAuth's group membership is not reliable T254838: Move User::changeableGroups and User::changeableByGroup to UserGroupManager T254912: CheckUser is using UserGroupMembership::getGroupMemberships for foreign wikis T255309: Remove UserRightsProxy and replace it's usages with UserGroupManager T275148: Prepare User group methods for hard deprecation
T236444	T236444: Actor migration seems to have broken deleteDefaultMessages.php, and by extension the update process for really old wikis	resolved	Needs Triage (violet)	MediaWiki-Installer (General) Platform Team Workboards (Clinic Duty Team) (Waiting for Review) MW-1.35-notes (1.35.0-wmf.5; 2019-11-05) MediaWiki-User-management (Backlog) MediaWiki-Maintenance-system (Backlog) MW-1.34-notes
T236701	T236701: Consider enforcing read permissions at the storage layer	open	Medium (orange)	Security MediaWiki-User-management (User rights) Platform Team Workboards (MW Expedition) (Authority pile)
T239277	T239277: Add user right to delete single revision redirects, regardless of target, during page moves	resolved	Medium (orange)	MW-1.36-notes (1.36.0-wmf.8; 2020-09-08) MediaWiki-Page-deletion User-notice (Already announced/Archive) Platform Team Workboards (External Code Reviews) (External Code Review Completed) MediaWiki-Page-rename MediaWiki-User-management (User rights) MediaWiki-Redirects (Untriaged) User-DannyS712 (Awaiting review and deployment)
T239451	T239451: DBPerformance: Unexpected masterConns on GET from ApiQueryInfo via BlockManager.php	resolved	Medium (orange)	MediaWiki-API (Needs details or plan) MediaWiki-User-management (User blocking) Platform Engineering (Triage Meeting Inbox) Performance-Team (Radar) (Perf recommendation) MW-1.35-notes (1.35.0-wmf.15; 2020-01-14) Anti-Harassment (Tracking work by others) Wikimedia-production-error (Nov2019/1.35.wmf.5+)
T241557	T241557: Replace $wgUser in core Api modules	declined	Needs Triage (violet)	MediaWiki-API (Needs Code) Platform Team Workboards (Clinic Duty Team) (Inbox) MediaWiki-User-management (Backlog) Technical-Debt (Migrate / Replace)		T243708: Mediawiki core needs uses of global $wgUser removed
T243003	T243003: Create method to temporarily override contextuser / wgUser	declined	Needs Triage (violet)	MediaWiki-User-management (Other) User-DannyS712 (In progress)	T243004: RequestContext setUser should also set wgUser	T159299: Deprecate and remove $wgUser
T243276	T243276: Add 'actor' to default $wgSharedTables	resolved	High (red)	MediaWiki-Configuration (Planning) MW-1.35-release (Blocker) MW-1.36-notes (1.36.0-wmf.14; 2020-10-20) MW-1.36-release (Blocker) MediaWiki-User-management (Other) Platform Team Workboards (Clinic Duty Team) (Waiting for Review) MW-1.35-notes
T245717	T245717: ApiQuerySiteInfo: add/remove user groups sometimes given as an object instead of array	open	Needs Triage (violet)	MediaWiki-User-management (User rights) User-DannyS712 (Next) Platform Engineering (Icebox) MediaWiki-API (Needs Code)
T246077	T246077: SQlite has wrong DB structure after upgrading to 1.35	resolved	High (red)	MW-1.35-release (Blocker) MW-1.35-notes (1.35.0-wmf.25; 2020-03-24) MediaWiki-Installer (General) SQLite (Backlog) MediaWiki-User-management (Backlog) Platform Team Workboards (Clinic Duty Team) (External Code Review Completed)		T245995: Sqlite Integration tests fail on macOS php 7.4
T246991	T246991: Memcached keys sometimes outlive their TTL (affects MW rate limit)	resolved	High (red)	MediaWiki-Cache (libs/objectcache) MW-1.34-notes MW-1.35-notes MediaWiki-User-management (Other) MW-1.31-release-notes Platform Team Workboards (Clinic Duty Team) (Done) Security-Team (Our Part Is Done) MW-1.36-notes (1.36.0-wmf.8; 2020-09-08)
T248195	T248195: Db error "Duplicate entry TestNewSystemUser … for key actor_name" (via UserTest)	resolved	High (red)	ci-test-error (Backlog) MediaWiki-User-management (Backlog) Platform Team Workboards (Clinic Duty Team) (Done) Patch-For-Review MW-1.35-notes (1.35.0-wmf.28; 2020-04-14)		T246358: Jenkins no longer fails build if mw-error.log or mw-dberror.log are non-empty
T248196	T248196: Consolidate logic for parsing expiries	open	Needs Triage (violet)	MediaWiki-Watchlist (Backlog) Platform Engineering (Feature Requests to Review) Growth-Team-Filtering MediaWiki-User-management (Other) MediaWiki-Page-protection (Backlog) MediaWiki-API (Non-core-API stuff) Community-Tech (Older: Team Work) Technical-Debt (Unsorted) Growth-Team (Inbox)	T248508: Watchlist Expiry: Add expiry type to ParamValidator &#91 medium&#93
T249189	T249189: Duplicate queries on page views (SELECT actor_id,actor_user,actor_name FROM `actor` WHERE actor_name = 'Current_user')	resolved	Low (yellow)	Performance-Team (Blocked (old)) MediaWiki-User-management (Backlog) MediaWiki-ResourceLoader (Confirmed Problem) MW-1.35-notes (1.35.0-wmf.30; 2020-04-28)
T249380	T249380: RfC: Per namespace view restrictions	open	High (red)	MediaWiki-General TechCom-RFC (P2: Resource) User-DannyS712 (Others) MediaWiki-Page-protection (Backlog) Proposal MediaWiki-Stakeholders-Group (Needs Volunteer (Development)) MediaWiki-User-management (User rights) MediaWiki-Configuration (Planning) Developer-Wishlist (2017) (To Be Triaged)		T230668: Fully implement read/view restrictions in mediawiki core
T250071	T250071: Rename ipb_address index on ipb_address to ipb_address_unique	resolved	Medium (orange)	Schema-change (Unsorted) MW-1.35-notes (1.35.0-wmf.30; 2020-04-28) MediaWiki-User-management (Backlog) DBA (In progress) Platform Team Workboards (Clinic Duty Team) (External Code Review Needed) User-Ladsgroup (Done)
T250822	T250822: Factor user options definitions out of PreferencesFactory	open	Needs Triage (violet)	Platform Team Initiatives (Decoupling (CDP2)) (Backlog) MediaWiki-User-preferences MediaWiki-User-management (Other)		T223099: Factor code for handling for options (preferences) out of User class
T251831	T251831: Factor code for user email out of the User class	open	Needs Triage (violet)	MediaWiki-Email (Backlog) Platform Engineering (Volunteer Needed Tasks) User-DannyS712 (Later) MediaWiki-User-management (Other)
T251851	T251851: Move remaining user rights methods to PermissionManager	open	Medium (orange)	Patch-For-Review Platform Team Workboards (External Code Reviews) (External Code Review Needed) Dependency injection MediaWiki-User-management (User rights) User-DannyS712 (Awaiting review and deployment)
T252621	T252621: Move Autopromotion logic to UserGroupManager service	resolved	Low (yellow)	MW-1.35-notes (1.35.0-wmf.37; 2020-06-16) MediaWiki-User-management (User rights) Platform Team Workboards (Clinic Duty Team) (Waiting for Review) Dependency injection User-DannyS712 (Others) Platform Team Initiatives (Decoupling (CDP2)) (Backlog)	T254537: UserGroupManager/PermissionManager cyclic dependency	T234921: Factor group membership management out of User class
T252853	T252853: updateSearchIndex.php sql error not all tables locked	resolved	Medium (orange)	MediaWiki-User-management (Backlog) MediaWiki-Maintenance-system (Backlog) Platform Team Workboards (Clinic Duty Team) (Later) Discovery-Search (Current work) (Blocked (from outside the team)) MW-1.36-notes (Backlog) MediaWiki-Search (Backlog) MW-1.35-notes Wikimedia-Rdbms (Untriaged) MW-1.37-notes (1.37.0-wmf.3; 2021-04-27) MW-1.35-release (Blocker)
T253431	T253431: Move information about user edits to a new service	resolved	Needs Triage (violet)	Platform Team Workboards (External Code Reviews) (External Code Review Needed) Patch-For-Review User-DannyS712 (Awaiting review and deployment) MediaWiki-User-management (Backlog) MW-1.35-notes (1.35.0-wmf.35; 2020-06-02) Dependency injection
T253432	T253432: Create a User factory	resolved	Medium (orange)	Patch-For-Review MW-1.36-notes (1.36.0-wmf.13; 2020-10-12) Dependency injection MediaWiki-User-management (Other) Platform Team Workboards (MW Expedition) (UserStore pile) User-DannyS712 (In progress) MW-1.35-notes (1.35.0-wmf.37; 2020-06-16)	T265311: Inject UserFactory into classes using DI
T254282	T254282: Reuse cached values for higher queryFlags in UserGroupManager if possible	resolved	Needs Triage (violet)	MediaWiki-User-management (User rights) MW-1.35-notes (1.35.0-wmf.37; 2020-06-16) Platform Team Workboards (Clinic Duty Team) (Done) Platform Team Initiatives (Decoupling (CDP2)) (Backlog)		T234921: Factor group membership management out of User class
T254822	T254822: CentralAuth's group membership is not reliable	resolved	Unbreak Now! (pink)	MW-1.35-notes (1.35.0-wmf.36; 2020-06-09) User-Urbanecm (Waiting on review) MediaWiki-User-management (Backlog) MediaWiki-extensions-CentralAuth (Incoming)		T234921: Factor group membership management out of User class
T254838	T254838: Move User::changeableGroups and User::changeableByGroup to UserGroupManager	resolved	Medium (orange)	MW-1.36-notes (1.36.0-wmf.28; 2021-01-26) MediaWiki-User-management (User rights) Platform Team Initiatives (Decoupling (CDP2)) (Backlog) Patch-For-Review Platform Team Workboards (MW Expedition) (Waiting for Review)	T273511: Convert CentralAuthUtilityService to Authority instead of PermissionManager T273510: Convert AuthManager to Authority	T234921: Factor group membership management out of User class
T254912	T254912: CheckUser is using UserGroupMembership::getGroupMemberships for foreign wikis	resolved	Needs Triage (violet)	MediaWiki-User-management (Backlog) MW-1.35-notes (1.35.0-wmf.36; 2020-06-09) Platform Team Workboards (Clinic Duty Team) (Done) Platform Team Initiatives (Decoupling (CDP2)) (Backlog)		T234921: Factor group membership management out of User class
T255309	T255309: Remove UserRightsProxy and replace it's usages with UserGroupManager	open	Needs Triage (violet)	MW-1.37-notes (1.37.0-wmf.23; 2021-09-13) Platform Team Initiatives (Decoupling (CDP2)) (Backlog) MediaWiki-extensions-CentralAuth (Incoming) MediaWiki-User-management (User rights) Platform Team Workboards (MW Expedition) (UserStore pile)		T234921: Factor group membership management out of User class T275148: Prepare User group methods for hard deprecation
T255330	T255330: [Regression] user rights log entries no longer include expiry	resolved	High (red)	MediaWiki-User-management (Backlog) Platform Team Workboards (Clinic Duty Team) (Done) MediaWiki-Logevents (Backlog) MW-1.35-notes (1.35.0-wmf.37; 2020-06-16) Community-Tech (New & TBD Tickets) Regression User-DannyS712 (Reports)
T256427	T256427: Normal admin cannot delete site-wide javascript page	invalid	Medium (orange)	MediaWiki-Page-deletion Security Platform Team Workboards (Clinic Duty Team) (Later) Regression Beta-Cluster-reproducible (Tag) MediaWiki-User-management (User rights)
T256706	T256706: Add a script to back fill missing user rights expirations	open	Medium (orange)	MediaWiki-Logevents (Backlog) WMF-General-or-Unknown Platform Team Workboards (External Code Reviews) (External Code Review Needed) Patch-For-Review MediaWiki-User-management (User rights) User-DannyS712 (Awaiting review and deployment)
T259719	T259719: UserEditTracker attempts to initialize edit count in read only mode	resolved	Needs Triage (violet)	Platform Team Workboards (External Code Reviews) (External Code Review Completed) MediaWiki-User-management (Backlog) MW-1.36-notes (1.36.0-wmf.4; 2020-08-11)
T260485	T260485: CentralAuth uses wrong actor ID when locally suppressing the user (CVE-2020-25869)	resolved	High (red)	Security-Team (Watching) MediaWiki-User-management (Backlog) MediaWiki-extensions-CentralAuth (Incoming) MW-1.35-release (Not a blocker) Platform Engineering (Tracking/Watching) MW-1.36-notes (1.36.0-wmf.18; 2020-11-17) Anti-Harassment (Untriaged) User-Urbanecm (Analytics/Under discussion) MW-1.35-notes MW-1.34-notes MW-1.31-release-notes MediaWiki-Blocks (Backlog) Security	T261143: Fix misattribution of block due to bad values in the ipblocks ipb_by_actor field T261325: Fix rows in ipblocks that point to a non-existing user in ipb_by_actor field, due to T260485
T260631	T260631: BotPasswords doesn't validate length of resultant bp_restrictions JSON	resolved	Medium (orange)	MediaWiki-User-management (Backlog) Security-Team (Watching) Platform Team Workboards (External Code Reviews) (External Code Review Completed) Security
T260633	T260633: BotPasswords doesn't validate length of resultant bp_grants JSON	resolved	Medium (orange)	Security-Team (Watching) MW-1.31-release-notes Platform Team Workboards (External Code Reviews) (External Code Review Completed) MW-1.35-notes MW-1.36-notes (1.36.0-wmf.21; 2020-12-08) Security MediaWiki-User-management (Backlog)
T260933	T260933: Make UserIdentity objects aware of which wiki they belong to	open	High (red)	Platform Team Workboards (MW Expedition) (Waiting for release) MW-1.36-notes (1.36.0-wmf.30; 2021-02-09) MediaWiki-User-management (Other)	T222380: Decide how to represent the identity of users from another wiki.	T222212: RevisionStore must not expose user IDs from a foreign wiki T272691: Extract UserAccount from User
T261963	T261963: Spike to explore Authority concept, implementation, and migration	resolved	High (red)	MediaWiki-User-management (Other) MW-1.36-notes (1.36.0-wmf.27; 2021-01-19) Platform Team Initiatives (Inbox) User-Daniel (Inbox) Platform Team Workboards (MW Expedition) (Waiting for Review) Patch-For-Review	T271459: User should implement Authority T271458: RevisionRecord should use Authority for permission checks	T231930: Introduce Authority objects to represent the user performing a given action T262296: Authority [high effort]
T263207	T263207: The `UserrightsPage` class is not safe to extend	open	Medium (orange)	Platform Team Workboards (MW Expedition) (UserStore pile) MediaWiki-extensions-CentralAuth (Incoming) MediaWiki-extensions-Other MediaWiki-User-management (User rights) User-DannyS712 (Reports) Patch-For-Review
T263911	T263911: Missing $wgServer in LocalSettings.php causes fatal error "Call to a member function getIP() on null"	resolved	Low (yellow)	MW-1.36-notes (1.36.0-wmf.25; 2021-01-05) MW-1.35-notes MediaWiki-Authentication-and-authorization (Backlog) MW-1.35-release (Not a blocker) MediaWiki-User-management (Other) Platform Team Workboards (Clinic Duty Team) (Later)
T264363	T264363: Instances of User are not serializable!	resolved	Needs Triage (violet)	Platform Engineering (Inbox) Wikimedia-production-error (Sep 2020) MediaWiki-User-management (Backlog) MW-1.36-notes (1.36.0-wmf.12; 2020-10-05; NEVER DEPLOYED)
T264393	T264393: Mark user object as non-serializable	open	Needs Triage (violet)	Platform Engineering Roadmap Decision Making (Icebox) MediaWiki-User-management (Other)	T264391: FeaturedFeedChannel must not contain a User object, since it cannot be serialized safely. T264389: ProofreadPageContent must not contain User object, since it cannot be serialized safely.	T274189: Remove usage of PHP serialization from WANObjectCache
T265197	T265197: Make class UserrightsPage a real special page and move all helper function to own service	open	Needs Triage (violet)	Dependency injection MediaWiki-User-management (Backlog)		T259960: Inject services into API modules and special pages
T265298	T265298: Provide a public method for logging user rights changes	open	Lowest (sky)	MediaWiki-User-management (User rights) Platform Engineering (Volunteer Needed Tasks) Technical-Debt (Unsorted)
T265311	T265311: Inject UserFactory into classes using DI	resolved	Needs Triage (violet)	MediaWiki-User-management (Other) MW-1.36-notes (1.36.0-wmf.14; 2020-10-20) User-DannyS712 (In progress) Dependency injection Platform Team Workboards (External Code Reviews) (External Code Review In Progress)		T253432: Create a User factory
T267013	T267013: How to replace deprecated User::getTokenFromOption for the watchlisttoken?	open	Needs Triage (violet)	MediaWiki-Watchlist (Backlog) Growth-Team-Filtering Technical-Debt (Deprecation process) (Untriaged) Platform Team Workboards (MW Expedition) (UserStore pile) MediaWiki-User-management (Other) Growth-Team (Inbox)
T267215	T267215: Changes to Session ID interface for MediaWiki event instrumentation	open	Needs Triage (violet)	Better Use Of Data (Inbox) MediaWiki-User-management (Other) Product-Data-Infrastructure (Goal Backlog) Performance-Team (Radar) (Watching)	T267218: MediaWiki Session ID should persist according to user inactivity T267217: MediaWiki Session ID should have per-subdomain and cross-subdomain variants T263041: OperationError: The operation failed for an operation-specific reason in generateRandomSessionId T266813: mw.user.generateRandomSessionId should return a UUID	T259704: BUOD-KR1-Q2: Upgrade MEP clients to full release status
T267217	T267217: MediaWiki Session ID should have per-subdomain and cross-subdomain variants	open	Low (yellow)	MediaWiki-User-management (Other) Better Use Of Data (Inbox) Product-Data-Infrastructure (Task Backlog) Metrics-Platform (Backlog)		T267215: Changes to Session ID interface for MediaWiki event instrumentation
T267218	T267218: MediaWiki Session ID should persist according to user inactivity	resolved	Medium (orange)	MW-1.36-notes (1.36.0-wmf.30; 2021-02-09) MediaWiki-User-management (Other) Better Use Of Data (Sign-off) Product-Data-Infrastructure (Doing)	T248987: Session Length Metric. Web implementation	T267215: Changes to Session ID interface for MediaWiki event instrumentation
T267861	T267861: [GOAL] Emit deprecation warnings reading from $wgUser	resolved	Medium (orange)	MediaWiki-User-management (Other) User-DannyS712 (In progress) MW-1.37-release (To deprecate or remove) Goal Patch-For-Review Platform Team Workboards (Epics) (Epic Backlog) MW-1.37-notes Technical-Debt (Deprecation process) (2021) MW-1.38-notes (1.38.0-wmf.1; 2021-09-21)	T243708: Mediawiki core needs uses of global $wgUser removed T245959: WMF deployed extensions need uses of global $wgUser removed &#91 tracking&#93	T159299: Deprecate and remove $wgUser
T271458	T271458: RevisionRecord should use Authority for permission checks	resolved	High (red)	Patch-For-Review MW-1.36-notes (1.36.0-wmf.28; 2021-01-26) MediaWiki-User-management (Other) Platform Team Workboards (MW Expedition) (On the train)	T271300: Stop using the global service locator in RevisionRecord::userCanBitfield	T261963: Spike to explore Authority concept, implementation, and migration

... further results