Page MenuHomePhabricator
Create Task
Maniphest T108064

MediaWiki Security release 1.25.3
Closed, ResolvedPublic
Actions

Related Objects
Search...

Event Timeline

csteipp created this task.Aug 5 2015, 5:15 PM
csteipp raised the priority of this task from to Needs Triage.
csteipp updated the task description. (Show Details)
csteipp added a project: acl*security.
csteipp changed the visibility from "Public (No Login Required)" to "Custom Policy".
csteipp changed the edit policy from "All Users" to "Custom Policy".
csteipp changed Security from None to Software security bug.
csteipp subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 5 2015, 5:15 PM
csteipp added a subtask: T71367: page_recent_contributors leaks revdeleted user names (CVE-2021-31545).Aug 5 2015, 5:16 PM
csteipp added subtasks: T90300: Suppressed username shown on File pages, Restricted Task, T91850: No rate limits on uploading files, T91205: ApiUpload needs sanity check on chunk size.
csteipp added a subtask: T95589: Users with viewsuppressed but not suppressrevision can remove suppression.Aug 11 2015, 9:05 PM
dpatrick added a subtask: T108616: Local path disclosure when using ImageMagick as a scaler.Aug 12 2015, 4:23 PM
csteipp triaged this task as Medium priority.Aug 12 2015, 8:34 PM
dpatrick subscribed.Aug 12 2015, 9:29 PM
csteipp added a subtask: T110553: Echo ignores hideuser for non-revision based notifications (e.g. thanks).Sep 1 2015, 4:11 PM
csteipp closed subtask T95589: Users with viewsuppressed but not suppressrevision can remove suppression as Resolved.Sep 8 2015, 5:39 PM
csteipp closed subtask T91850: No rate limits on uploading files as Resolved.Sep 9 2015, 10:13 PM
csteipp closed subtask T108616: Local path disclosure when using ImageMagick as a scaler as Resolved.
csteipp closed subtask T91205: ApiUpload needs sanity check on chunk size as Resolved.
csteipp added a subtask: T91203: ApiUpload allows overrun without error.Sep 10 2015, 3:54 PM
Legoktm renamed this task from Mediawiki Security release 1.25.3 to MediaWiki Security release 1.25.3.Sep 10 2015, 4:29 PM
matmarex reopened subtask T91205: ApiUpload needs sanity check on chunk size as Open.Sep 12 2015, 9:21 PM
Anomie closed subtask T91205: ApiUpload needs sanity check on chunk size as Resolved.Sep 14 2015, 5:09 PM
Catrope added a subtask: T111029: XSS possible in PageTriage toolbar.Oct 7 2015, 10:32 PM
dpatrick changed the status of subtask T71367: page_recent_contributors leaks revdeleted user names (CVE-2021-31545) from Stalled to Open.Oct 13 2015, 9:53 PM
csteipp removed subtasks: Restricted Task, T90300: Suppressed username shown on File pages, T71367: page_recent_contributors leaks revdeleted user names (CVE-2021-31545).Oct 16 2015, 4:47 PM
csteipp added subtasks: T103022: OAuth IP restrictions only apply to Special:OAuth/initiate, not to general API requests, T103023: API requests don't get validated if signed by the correct OAuth consumer.Oct 16 2015, 4:57 PM
csteipp closed subtask T110553: Echo ignores hideuser for non-revision based notifications (e.g. thanks) as Resolved.Oct 16 2015, 6:10 PM
csteipp closed subtask T111029: XSS possible in PageTriage toolbar as Resolved.Oct 16 2015, 6:12 PM
demon closed this task as Resolved.Oct 16 2015, 10:36 PM
demon changed the visibility from "Custom Policy" to "Public (No Login Required)".
demon changed the edit policy from "Custom Policy" to "All Users".
demon changed Security from Software security bug to None.
chasemp added a project: Security.Feb 10 2020, 10:59 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:17 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits