Page MenuHomePhabricator

Phabricator XSS vulnerability
Closed, ResolvedPublic

Event Timeline

Danny_B triaged this task as High priority.Jul 2 2016, 1:27 PM
Danny_B added a project: Phabricator.
Luke081515 raised the priority of this task from High to Unbreak Now!.Jul 2 2016, 2:27 PM
Luke081515 added a project: SRE.

As I wrote there, the easiest solution is to apply the patch at https://secure.phabricator.com/T11257#183428.

greg added a subscriber: greg.

Let's not use a "Security (high priority)" column in the workboard. That only makes it easier for outsides to know information we don't want them to know. We don't need a "high priority" column.

Timing is tough on this. This is public in upstream sadly but it's a long weekend in the US and @mmodell is out.

I emailed our team list about this to increase visibility.

I just cherry-picked the upstream patch. I'll deploy it now

Fixed in wmf/stable and deployed to iridium.

Thanks for the holiday weekend response, Mukunda.

Upstream bug is already public and we're patched, can we open this up now?

@demon Feel free to do so including the merged task.

Bawolff changed the visibility from "Custom Policy" to "Public (No Login Required)".Jul 3 2016, 4:16 PM
Bawolff changed Security from Software security bug to None.