Page MenuHomePhabricator
Create Task
Maniphest T106762

Security review for firebase/php-jwt
Closed, ResolvedPublic1 Estimated Story Points
Actions

Description

Parent tasks requires a jwt library.

Details

ProjectBranchLines +/-Subject
mediawiki/vendormaster+1 K -1Add firebase/php-jwt for ContentTranslation
Customize query in gerrit

Related Objects
Search...

Event Timeline

Nikerabbit created this task.Jul 23 2015, 11:12 PM
Nikerabbit claimed this task.
Nikerabbit raised the priority of this task from to High.
Nikerabbit updated the task description. (Show Details)
Nikerabbit added projects: MediaWiki-Vendor, LE-CX6-Sprint 1, ContentTranslation-Release6, Patch-For-Review, ContentTranslation.
Nikerabbit added subscribers: gerritbot, csteipp, Arrbee and 4 others.
Amire80 set Security to None.Jul 27 2015, 4:21 PM
Amire80 edited a custom field.
csteipp added projects: deprecated-security-team-reviews, Security-Team.Jul 28 2015, 12:25 AM
csteipp moved this task from Incoming to Ready on the Security-Team board.
Amire80 moved this task from Needs Triage to CX6 on the ContentTranslation board.Jul 28 2015, 6:19 PM
csteipp closed this task as Resolved.Jul 28 2015, 8:52 PM

We're already using an earlier version of php-jwt in Ex:OAuth. I just reviewed the latest version (fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1 on github), and it looks fine as well, although disappointing it still doesn't support EC signatures.

In production, you shouldn't set JWT::$leeway to more than a few seconds, if at all.

Arrbee moved this task from Backlog to Done on the LE-CX6-Sprint 1 board.Jul 29 2015, 7:03 AM
Amire80 moved this task from Backlog to Tech Debt on the ContentTranslation-Release6 board.Aug 2 2015, 6:37 AM
gerritbot added a comment.Aug 17 2015, 7:46 AM

Change 226616 had a related patch set uploaded (by Nikerabbit):
Add firebase/php-jwt for ContentTranslation

https://gerrit.wikimedia.org/r/226616

gerritbot added a comment.Aug 17 2015, 6:50 PM

Change 226616 merged by jenkins-bot:
Add firebase/php-jwt for ContentTranslation

https://gerrit.wikimedia.org/r/226616

Nikerabbit mentioned this in rMWVDad1427661afb: Add firebase/php-jwt for ContentTranslation.Aug 17 2015, 7:08 PM
Arrbee added a project: WorkType-Maintenance.Sep 7 2015, 11:40 AM
GWicke mentioned this in T111264: Decouple chronology protector from authentication .Sep 29 2015, 12:17 AM
csteipp moved this task from Ready to Our Part Is Done on the Security-Team board.Oct 13 2015, 11:56 PM
sbassett moved this task from Incoming to Done on the deprecated-security-team-reviews board.Apr 24 2019, 6:36 PM
chasemp removed a project: deprecated-security-team-reviews.Jan 8 2020, 4:14 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL