Page MenuHomePhabricator
Create Task
Maniphest T159008

Determine appropriate response/guidance for Cloudbleed issue
Closed, InvalidPublic
Actions

Description

Background:

Event Timeline

dpatrick created this task.Feb 24 2017, 11:03 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 24 2017, 11:03 PM
dpatrick triaged this task as High priority.Feb 24 2017, 11:03 PM
dpatrick updated the task description. (Show Details)
dpatrick added subscribers: Jgreen, Bawolff, Reedy, cwdent.
Reedy added a comment.Feb 24 2017, 11:51 PM

cf email thread

TBH, I think anything that is hosted behind CloudFlare in any shape or form should be considered compromised. I think CloudFlare claiming that only this specific set of sites they identified are affected is bordering on reckless. They have no way of knowing for sure, and probably have no way of working it back to find out where it actually has been used.
We've also no idea if a third party has actually been exploiting this for a longer time.
Best to err on the side of caution at least!

Bawolff added a comment.Mar 28 2018, 7:03 AM

This is very old news at this point.

Does anyone have any reason to suspect we were affected by this (We don't host stuff on cloudflare). If not, and if there are no objections, I would like to close this bug and make it public.

chasemp changed the visibility from "Custom Policy" to "Public (No Login Required)".Dec 20 2018, 8:07 PM
chasemp added a project: Security.Feb 10 2020, 10:55 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:05 PM
Aklapper added a comment.May 15 2021, 10:07 AM

Security Team: Close this task as non-actionable?

Aklapper added a project: Security-Team.Jul 21 2021, 11:54 AM

See previous comment

sbassett moved this task from Incoming to Our Part Is Done on the Security-Team board.EditedJul 26 2021, 3:36 PM
sbassett subscribed.

@Aklapper - the Security-Team agrees with @Bawolff's last comment. Will resolve this task and move on our board as there are no actionable items here for WMF.

sbassett closed this task as Declined.Jul 26 2021, 3:37 PM
sbassett changed the task status from Declined to Invalid.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL