I'm making this task after the problem has already been solved as a record just in case there are any similar issues in the future. Its private for now in case there are other affected wikis that we haven't noticed yet; Security-Team this should be ok to publish by your clinic meeting on Monday unless you have other reasons to keep this private.
A patch renaming the MediaWiki:Autoblock_whitelist page was deployed on Wednesday during the train and was rolled back on Thursday due to an unrelated issue. A user moved the interface page to the new name on Commons about a day after the initial deploy, just before the train was rolled back. When the patch was reverted on the train rollback, the original name was no longer available until it was re-created about 12 hours later.
After reports from Toolforge users about autoblocks I started investigating and realized that due to caching in DatabaseBlock::isWhitelistedFromAutoblocks the version without the old (and at that point only working) exemption list page was being cached, effectively removing its effects completely.
@Urbanecm cleared those caches on commonswiki like seen below:
>>> \MediaWiki\Block\DatabaseBlock::isWhitelistedFromAutoblocks("172.16.7.167") => false >>> $cache = \MediaWiki\MediaWikiServices::getInstance()->getMainWANObjectCache(); => WANObjectCache {#527} >>> $key = $cache->makeKey( 'ip-autoblock', 'whitelist' ) => "commonswiki:ip-autoblock:whitelist" >>> $cache->get($key) => [ "", ] >>> $cache->delete($key) => true >>> $cache->get($key) => false >>> \MediaWiki\Block\DatabaseBlock::isWhitelistedFromAutoblocks("172.16.7.167") => true
(for anyone wondering, 172.16.7.167 is a Toolforge bastion)
He also removed commonswiki autoblock #405016 with a maintenance script to remove the already-present autoblock.