Page MenuHomePhabricator

Tracking bug for 1.27.4/1.28.3/1.29.2 security releases
Closed, ResolvedPublic

Description

Previous work: T140591: MediaWiki 1.28.1/1.27.2/1.23.16 security release

Just a tracking bug for tasks that should be in the next security release.

Although 1.30 hasn't been released yet, security patches will need backporting for that too, though, hopefully, they shouldn't be too far away from the ones for HEAD of master...

Maniphest IDCVE IDREL1_27REL1_28REL1_29REL1_30master
T178451CVE-2017-8808
T165846
T128209CVE-2017-8809
T134100CVE-2017-8810
T176247CVE-2017-8811
T125163CVE-2017-8812gerrit 362326gerrit 362326
T180231/T180237CVE-2017-9841
T124404CVE-2017-8814
T119158CVE-2017-8815
T180488CVE-2017-0361n/an/a

Vendor
Should trivially cherry pick onto all branches

Related Objects

StatusAssignedTask
ResolvedReedy
Resolveddemon
ResolvedReedy
ResolvedBawolff
ResolvedAnomie
ResolvedBawolff
ResolvedBawolff
ResolvedMaxSem
ResolvedMoritzMuehlenhoff
ResolvedMaxSem
ResolvedReedy
ResolvedReedy
DeclinedNone
DeclinedNone
ResolvedLegoktm
ResolvedBawolff
ResolvedBawolff
ResolvedAnomie

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 26 2017, 8:27 AM
Aklapper renamed this task from Tracking bug for 1.28.3/1.27.4 (And maybe 1.29.1) Security release to Tracking bug for 1.28.3/1.27.4 (And maybe 1.29.2) Security release.Sep 25 2017, 11:01 AM
Reedy renamed this task from Tracking bug for 1.28.3/1.27.4 (And maybe 1.29.2) Security release to Tracking bug for 1.27.4/1.29.2 security releases.Nov 1 2017, 10:56 PM
Reedy removed a project: MW-1.28-release.
Reedy added a subscriber: Reedy.
Reedy updated the task description. (Show Details)
Reedy updated the task description. (Show Details)Nov 2 2017, 7:41 PM
Reedy updated the task description. (Show Details)Nov 2 2017, 8:01 PM
Reedy updated the task description. (Show Details)Nov 2 2017, 10:41 PM
Reedy updated the task description. (Show Details)
Reedy updated the task description. (Show Details)Nov 2 2017, 11:57 PM
Reedy updated the task description. (Show Details)
dpatrick updated the task description. (Show Details)Nov 8 2017, 5:58 PM
Bawolff updated the task description. (Show Details)Nov 9 2017, 9:11 PM
Reedy renamed this task from Tracking bug for 1.27.4/1.29.2 security releases to Tracking bug for 1.27.4/1.28.3/1.29.2 security releases.Nov 10 2017, 8:13 PM
Reedy added a project: MW-1.28-release.
Reedy updated the task description. (Show Details)Nov 10 2017, 10:21 PM
Reedy updated the task description. (Show Details)Nov 10 2017, 10:52 PM
Reedy updated the task description. (Show Details)Nov 10 2017, 11:19 PM
Reedy updated the task description. (Show Details)Nov 11 2017, 12:28 AM
Reedy updated the task description. (Show Details)Nov 11 2017, 12:44 AM
Reedy updated the task description. (Show Details)Nov 11 2017, 12:52 AM
Reedy updated the task description. (Show Details)
Reedy updated the task description. (Show Details)Nov 11 2017, 1:02 AM
Reedy updated the task description. (Show Details)Nov 11 2017, 1:19 AM
Reedy updated the task description. (Show Details)
Reedy updated the task description. (Show Details)Nov 11 2017, 1:26 AM

When we have a complete complement of cherry-picks/rebases... These patches need rebasing, RELEASE-NOTES adding where missing and stacking in a patch order

Reedy updated the task description. (Show Details)Nov 11 2017, 1:48 AM
Bawolff updated the task description. (Show Details)Nov 13 2017, 4:29 PM
Bawolff updated the task description. (Show Details)Nov 13 2017, 4:32 PM
Reedy updated the task description. (Show Details)Nov 13 2017, 6:20 PM
Bawolff updated the task description. (Show Details)Nov 13 2017, 6:33 PM

Note, that T124404 and T119158 conflict with each other. T124404 should be applied first.

Bawolff updated the task description. (Show Details)Nov 13 2017, 8:22 PM
Bawolff updated the task description. (Show Details)Nov 14 2017, 5:38 PM
Reedy updated the task description. (Show Details)Nov 14 2017, 7:33 PM
Reedy closed this task as Resolved.Nov 14 2017, 11:53 PM
Reedy claimed this task.
Reedy changed the visibility from "Custom Policy" to "Public (No Login Required)".