Mostly rolled out the fix - I don't have the rights to do it on foundationwiki (it's not part of SUL so my GIE flag doesn't apply there), and zhwiki is not letting me save for some reason

Done zhwiki - I just had to edit the edit page DOM to remove the disabled flag on the save button. Not sure what that was about.
Edit: Turns out it's because that wiki tries to enforce that you preview before saving.

The only remaining wiki (based on https://tools.wmflabs.org/global-search/?namespaces=8&q=append%5C%28Twinkle%5C.talkback%5C.optout%5C%29&regex=1) is foundationwiki - @Varnent please take care of https://foundation.wikimedia.org/wiki/MediaWiki:Gadget-friendlytalkback.js by changing both instances of .append(Twinkle.talkback.optout); to .text(Twinkle.talkback.optout); (as was done on many other wikis) as you seem to be the only person in Wikimedia who holds editsitejs on foundationwiki right now (I think we should fix that at some point). Alternatively we can find a steward to grant someone else interface admin there, or maybe get the page deleted (why does foundationwiki even have Twinkle, it's a fishbowl?)

@sbassett: "External (Non-WMF) Issues" does not really feel correct here? This is about WMF websites...

@Aklapper - the Security-Team would classify most gadget maintenance issues not related to the extension or configuration code itself (including security-related issues) as on-wiki issues, typically handled by sysops and the like, external to the wmf (even if some happen to be wmf employees). The "External (Non-WMF) Issues" workboard column seemed the most appropriate given this reasoning, though we could potentially rename it or even add a new, more specifically-named column.

I've granted myself i-admin and made the change.

Thanks James.
@Amorymeltzer: I think the fix for this is fully rolled out now, can you confirm?
If confirmed please can someone make this task public.

All clear AFAICT, thanks all for the swift work.

Sorry to bug you again @Krenair but at your leisure, could I bother you for a tidy-up I've caused? There's no security issue thanks to this, but my change meant there's now an omnipresent "false" message that shouldn't be there. If you could do another simple change on those same Twinkle pages (listed here in global search) I'd be quite grateful. See https://github.com/azatoth/twinkle/pull/797 and https://github.com/azatoth/twinkle/pull/798

Change: if ($status.length)
To: if ($status.length && Twinkle.talkback.optout)

In T241950#5794909, @Amorymeltzer wrote:

Sorry to bug you again @Krenair but at your leisure, could I bother you for a tidy-up I've caused? There's no security issue thanks to this, but my change meant there's now an omnipresent "false" message that shouldn't be there. If you could do another simple change on those same Twinkle pages (listed here in global search) I'd be quite grateful. See https://github.com/azatoth/twinkle/pull/797 and https://github.com/azatoth/twinkle/pull/798

Change: if ($status.length)
To: if ($status.length && Twinkle.talkback.optout)

done - again with the exception of foundationwiki