Page MenuHomePhabricator
Create Task
Maniphest T128911

Update Sentry to 8.2.2
Closed, DeclinedPublic
Actions

Description

Sentry 8.2.2 / 8.1.4 is a security update. Code execution vulnerability that's only exploitable by Sentry superusers, so nothing too urgent.

Related Objects

Event Timeline

Tgr created this task.Mar 4 2016, 9:16 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 4 2016, 9:16 PM
Tgr mentioned this in T129367: Upgrade Sentry to 8.2.1+ on vagrant.Mar 9 2016, 10:48 PM
Tgr added a comment.Mar 29 2016, 6:04 PM

8.2.4 / 8.1.5 is another security update. "If being run in multi-organization mode, it was possible for a user to craft a URL which would allow them to view membership details of other users." - not a big deal.

Gilles has pointed out that Sentry 8 dropped MySQL support. Our PostgreSQL puppet roles need a lot of love, so this upgrade will be a big task.

Reedy subscribed.Nov 4 2016, 1:25 AM

8.2.5 is also another security update "Fixed a bug which allows API keys more permission than granted within the organization."

But they're upto 8.10.0 now...

Tgr added a comment.Nov 4 2016, 1:55 AM

And apparently stopped announcing security updates on the mailing list :/

JeanFred subscribed.Nov 8 2016, 10:55 AM
JeanFred added a comment.Nov 13 2016, 10:45 AM

But they're upto 8.10.0 now...

The release cycle has roughly been one release per month.
(In my organisation the Sentry instances run using Docker and docker-compose, using the on-premise setup, which takes away most of the upgrade pain).

Phabricator_maintenance added a project: acl*security.Sep 20 2018, 9:14 AM
Quennlatifa0303 renamed this task from Update Sentry to 8.2.2 to Update Sentry to 8..Feb 19 2019, 4:05 AM
Quennlatifa0303 triaged this task as Unbreak Now! priority.
Restricted Application added subscribers: Liuxinyu970226, TerraCodes. · View Herald TranscriptFeb 19 2019, 4:05 AM
Krinkle renamed this task from Update Sentry to 8. to Update Sentry to 8.2.2.Feb 19 2019, 4:10 AM
Krinkle lowered the priority of this task from Unbreak Now! to Needs Triage.
Krinkle removed subscribers: TerraCodes, Liuxinyu970226.
Aklapper removed a project: Security-Other.Nov 27 2019, 1:38 PM
chasemp triaged this task as High priority.Dec 9 2019, 5:22 PM
chasemp added a project: Security.Feb 10 2020, 10:55 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:05 PM
Aklapper removed Tgr as the assignee of this task.Jun 19 2020, 4:18 PM

This task has been assigned to the same task owner for more than two years. Resetting task assignee due to inactivity, to decrease task cookie-licking and to get a slightly more realistic overview of plans. Please feel free to assign this task to yourself again if you still realistically work or plan to work on this task - it would be welcome!

For tips how to manage individual work in Phabricator (noisy notifications, lists of task, etc.), see https://phabricator.wikimedia.org/T228575#6237124 for available options.
(For the records, two emails were sent to assignee addresses before resetting assignees. See T228575 for more info and for potential feedback. Thanks!)

Tgr closed this task as Declined.Jun 20 2020, 2:37 PM

Sentry is at 10.0 now (actually, 20.6, but they have changed their versioning schema) so this task is a bit pointless.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL