Page MenuHomePhabricator

Remove `sync` scripts from mediawiki docker image used for wbstack/
Closed, ResolvedPublicSecurity


Currently the scripts used for updating the Mediawiki code end up also being built into the docker image.


At the least this probably exposes a DDOS but perhaps also a more critical one since these scripts are able to modify files on disc.


Risk Rating
Author Affiliation
Wikimedia Deutschland

Event Timeline

This doesn't directly contribute to our sprint goal but should be picked up if there is nothing else to be done

This adds a .dockerignore file which excludes wbstack/sync from the build process.

sbassett changed the visibility from "Custom Policy" to "Public (No Login Required)".
sbassett changed the edit policy from "Custom Policy" to "All Users".
sbassett changed Risk Rating from N/A to Low.