[go: nahoru, domu]
Page MenuHomePhabricator
Projects acl*security

acl*securityPolicy
ActivePublic
Watch Project

Subprojects
View All

Members (207)

Watchers (33)

Details

Description
IMPORTANT: This object is meant to be used for ACLs. Tagging with acl*security does not make a task (or any object) private!
NOTE: Do not add new members unless you know what you are doing! Membership in this group is managed by a documented process.

To create a security related task that is only visible to the acl*security group members, you must use the Report Security Issue form for new, and Protect as security issue option in the right menu for existing tasks.

To create a sensitive task that is restricted to WMF-NDA holders, you must use the New WMF-NDA Task form.

PermanentlyPrivate can be added to tasks known to contain sensitive information that can never be made public.

NOTICE: significant work related to this project was done as part of T244165

Recent Activity
View All

Fri, Jul 26

Cathykid1999 added a watcher for acl*security: Cathykid1999.
Fri, Jul 26, 3:16 PM

Mar 7 2024

Przemek added a watcher for acl*security: Przemek.
Mar 7 2024, 3:30 AM

Aug 17 2023

acooper added a watcher for acl*security: acooper.
Aug 17 2023, 1:37 PM

Jul 19 2023

Farhadsny added a watcher for acl*security: Farhadsny.
Jul 19 2023, 10:02 AM

Jul 2 2023

Uata1122 added a watcher for acl*security: Uata1122.
Jul 2 2023, 10:49 AM

Feb 20 2023

Reedy changed the edit policy for acl*security.
Feb 20 2023, 5:30 PM

Dec 3 2022

Treethippayanipa added a watcher for acl*security: Treethippayanipa.
Dec 3 2022, 2:07 PM

May 19 2022

AnnWF added a watcher for acl*security: AnnWF.
May 19 2022, 5:32 PM

May 11 2022

SBVels removed a watcher for acl*security: SBVels.
May 11 2022, 2:49 AM
SBVels added a watcher for acl*security: SBVels.
May 11 2022, 2:48 AM

Feb 16 2022

karapayneWMDE added a watcher for acl*security: karapayneWMDE.
Feb 16 2022, 5:05 PM

Feb 14 2022

Heroinonline removed a watcher for acl*security: Heroinonline.
Feb 14 2022, 3:13 PM
Heroinonline added a watcher for acl*security: Heroinonline.
Feb 14 2022, 3:13 PM

Jan 10 2022

Ontomoly added a watcher for acl*security: Ontomoly.
Jan 10 2022, 10:12 AM

Sep 13 2021

W333Com added a watcher for acl*security: W333Com.
Sep 13 2021, 1:40 PM

Jul 5 2021

NoblyDev removed a watcher for acl*security: NoblyDev.
Jul 5 2021, 5:54 AM

Jun 7 2021

NoblyDev added a watcher for acl*security: NoblyDev.
Jun 7 2021, 1:26 PM

Apr 2 2021

sguebo_WMF shifted T279140: Prototyping a vulnerability management dashboard from the S1 Public space to the Restricted Space space.
Apr 2 2021, 12:24 PM · SecTeam-Processed, Security-Team, Security
sguebo_WMF added a project to T279140: Prototyping a vulnerability management dashboard: acl*security.
Apr 2 2021, 12:23 PM · SecTeam-Processed, Security-Team, Security

Mar 27 2021

K7h7k11 added a watcher for acl*security: K7h7k11.
Mar 27 2021, 7:14 AM

Mar 7 2021

Rxy removed a watcher for acl*security: Rxy.
Mar 7 2021, 1:12 AM

Feb 2 2021

SURACHAI.P.SAIWONG removed a watcher for acl*security: SURACHAI.P.SAIWONG.
Feb 2 2021, 6:46 AM
SURACHAI.P.SAIWONG added a watcher for acl*security: SURACHAI.P.SAIWONG.
Feb 2 2021, 6:46 AM

Jan 5 2021

Pavone9919 added a watcher for acl*security: Pavone9919.
Jan 5 2021, 5:05 PM

Nov 5 2020

Devnull added a watcher for acl*security: Devnull.
Nov 5 2020, 8:28 PM

Oct 16 2020

Anomie removed a watcher for acl*security: Anomie.
Oct 16 2020, 3:18 PM

Aug 14 2020

Jony added a watcher for acl*security: Jony.
Aug 14 2020, 2:12 PM

Aug 13 2020

dsharpe_test removed a watcher for acl*security: dsharpe_test.
Aug 13 2020, 8:19 PM
dsharpe_test added a watcher for acl*security: dsharpe_test.
Aug 13 2020, 8:14 PM
mmodell added a watcher for acl*security: mmodell.
Aug 13 2020, 7:54 PM

Jul 12 2020

Jiejiiie added a watcher for acl*security: Jiejiiie.
Jul 12 2020, 7:43 AM

May 17 2020

Dollasdee added a watcher for acl*security: Dollasdee.
May 17 2020, 5:30 AM

Feb 20 2020

chasemp edited Description on acl*security.
Feb 20 2020, 8:00 PM
Stashbot added a comment to T244165: Convert #Security to acl*Security.

Mentioned in SAL (#wikimedia-operations) [2020-02-20T19:51:10Z] <twentyafterfour> deploying phabricator hotfix: https://phabricator.wikimedia.org/rPHEX2f36eee7ce67eb0c09e9bb0e79b42fc3b41d3597 for T244165

Feb 20 2020, 7:51 PM · Security, Phabricator, Security-Team
mmodell added a hashtag to acl*security: #acl_security.
Feb 20 2020, 7:50 PM
chasemp added a hashtag to acl*security: #aclsecurity.
Feb 20 2020, 7:38 PM
chasemp updated the task description for T244165: Convert #Security to acl*Security.
Feb 20 2020, 7:34 PM · Security, Phabricator, Security-Team
chasemp updated the task description for T245201: Update protect as security issue to use acl*security.
Feb 20 2020, 7:33 PM · Security, Phabricator, Security-Team
chasemp updated the task description for T244165: Convert #Security to acl*Security.
Feb 20 2020, 7:31 PM · Security, Phabricator, Security-Team
chasemp updated the task description for T244165: Convert #Security to acl*Security.
Feb 20 2020, 7:27 PM · Security, Phabricator, Security-Team
chasemp added a comment to T245201: Update protect as security issue to use acl*security.

working in real time with @mmodell now to do this dance with minimal impact :)

Feb 20 2020, 7:26 PM · Security, Phabricator, Security-Team
chasemp removed a hashtag from acl*security: #security.
Feb 20 2020, 7:24 PM
chasemp renamed acl*security from Security to acl*security.
Feb 20 2020, 7:24 PM
matmarex added a comment to T242134: Security Review For Talk pages project.

Sorry if I was rude. I am unhappy that we received instructions about the changes to make, complete with example code that straight up doesn't work, but no explanation on why the changes are needed.

Feb 20 2020, 7:07 PM · secscrum, MW-1.35-notes (1.35.0-wmf.21; 2020-02-25), Security, user-sbassett, Editing-team (Tracking), DiscussionTools, Application Security Reviews
Legoktm changed the visibility for T242689: SocialProfile: classic CSRF (no token check) in various special pages which perform write actions.
Feb 20 2020, 3:15 PM · Security, Social-Tools, Vuln-CSRF, SocialProfile, Security-Team
ashley closed T242689: SocialProfile: classic CSRF (no token check) in various special pages which perform write actions as Resolved.

Now fixed in https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/SocialProfile/+/573580/ , thanks to @Legoktm for the +2. :)

Feb 20 2020, 3:14 PM · Security, Social-Tools, Vuln-CSRF, SocialProfile, Security-Team
Urbanecm merged Restricted Task into T205908: Unable to change visibility of log entries when MediaWiki:Mainpage uses Special:MyLanguage (CVE-2020-35477).
Feb 20 2020, 9:23 AM · Vuln-Misconfiguration, MW-1.35-notes, MW-1.31-release-notes, MW-1.36-notes (1.36.0-wmf.25; 2021-01-05), User-DannyS712, Security-Team, Security, MediaWiki-Logevents, WMF-General-or-Unknown, Trust-and-Safety, Regression, MediaWiki-Revision-deletion
bd808 added a comment to T219676: Symfony Twig - Sandbox Information Disclosure (iegreview, wikimania-scholarships, slimapp).
In T219676#5898837, @sbassett wrote:

I think everything is updated and merged for these now. Not sure if the patches auto-deploy post-merge in gerrit or if a manual deploy is still required, but confirmation or execution of that step would be all that was needed to resolve and make this task public.

Feb 20 2020, 2:56 AM · User-bd808, Security, Wikimedia-IEG-grant-review, Security-Team

Feb 19 2020

Jgreen moved T142205: use granularity (g=) restrictions for wikimedia.org fundraising DKIM records from Triage to Watching on the fundraising-tech-ops board.
Feb 19 2020, 10:51 PM · Security, fundraising-tech-ops
sbassett added a comment to T219676: Symfony Twig - Sandbox Information Disclosure (iegreview, wikimania-scholarships, slimapp).

I think everything is updated and merged for these now. Not sure if the patches auto-deploy post-merge in gerrit or if a manual deploy is still required, but confirmation or execution of that step would be all that was needed to resolve and make this task public.

Feb 19 2020, 9:12 PM · User-bd808, Security, Wikimedia-IEG-grant-review, Security-Team
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits