Previous work: {T318965}
Tracking bug for next security release, 1.35.10/1.38.6/1.39.3
Note: Added T326946: CVE-2020-36649: Bundled PapaParse copy in VisualEditor has known ReDos for a possible mention within the next release, even though it's already public and very wikimedia-specific.
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | Reedy | T325839 Release MediaWiki 1.35.10/1.38.6/1.39.3 | |||
| Resolved | Reedy | T325840 Tracking bug for MediaWiki 1.35.10/1.38.6/1.39.3 | |||
| Resolved | Security | None | T285159 CVE-2023-29141: X-Forwarded-For header allows brute-forcing autoblocked IP addresses | ||
| Resolved | Security | Esanders | T326946 CVE-2020-36649: Bundled PapaParse copy in VisualEditor has known ReDos | ||
| Resolved | Security | Reedy | T330086 CVE-2023-29142: OATHAuth allows replay attacks when MediaWiki is configured without ObjectCache; Insecure Default Configuration |
Change 905671 had a related patch set uploaded (by Reedy; author: Reedy):
[mediawiki/core@REL1_35] RELEASE-NOTES-1.35: Add CVEs
Change 905672 had a related patch set uploaded (by Reedy; author: Reedy):
[mediawiki/core@REL1_38] RELEASE-NOTES-1.38: Add CVE number
Change 905673 had a related patch set uploaded (by Reedy; author: Reedy):
[mediawiki/core@REL1_39] RELEASE-NOTES-1.39: Add CVE number
Change 905672 merged by jenkins-bot:
[mediawiki/core@REL1_38] RELEASE-NOTES-1.38: Add CVE number
Change 905671 merged by jenkins-bot:
[mediawiki/core@REL1_35] RELEASE-NOTES-1.35: Add CVE number
Change 905673 merged by jenkins-bot:
[mediawiki/core@REL1_39] RELEASE-NOTES-1.39: Add CVE number