Page MenuHomePhabricator
Create Task
Maniphest T388981

In our Rust POC of the function-evaluator, switch from wasi-common to wasmtime-wasi and upgrade wasmtime to 21.0.2+ (or replace)
Open, In Progress, HighPublic
Actions

Description

https://osv.dev/vulnerability/GHSA-7qmx-3fpx-r45m (and https://osv.dev/vulnerability/RUSTSEC-2024-0436 as a depdendency).

  • switch from wasi-common to wasmtime-wasi
    • verify that wasmtime dep is at least 34.0.2

Related Objects
Search...

Event Timeline

Jdforrester-WMF created this task.Mar 15 2025, 8:16 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 15 2025, 8:16 PM
Maintenance_bot added a project: Abstract Wikipedia team.Mar 15 2025, 8:30 PM
Jdforrester-WMF triaged this task as High priority.Mar 19 2025, 6:07 PM
Jdforrester-WMF moved this task from To Triage to Engineering Backlog on the Abstract Wikipedia team board.
Jdforrester-WMF mentioned this in T379088: Application Security Review Request : Wikifunctions Rust-Based Function Evaluator.Mar 27 2025, 7:01 PM
cmassaro added a parent task: T382433: Get the Rust prototype of the function-evaluator's executors into a state where it could be deployed.May 21 2025, 12:26 PM
DSantamaria edited projects, added Essential-Work, Abstract Wikipedia team (26Q1 (Jul–Sep)); removed Abstract Wikipedia team, Abstract Wikipedia Fix-It tasks.Jul 16 2025, 2:14 PM
DSantamaria moved this task from Incoming to Ready on the Abstract Wikipedia team (26Q1 (Jul–Sep)) board.
cmassaro added a parent task: T402956: Build the JS executor when compiling the Rust image rather than relying on the checked-in blob.Aug 26 2025, 5:57 PM
cmassaro removed a parent task: T382433: Get the Rust prototype of the function-evaluator's executors into a state where it could be deployed.
cmassaro claimed this task.Sep 16 2025, 9:49 PM

I believe the core issue is our use of wasi-common, which is outdated and unsupported. For independent reasons, we should switch our Rust dep to wasmtime-wasi, which will also allow us to bump our version of wasmtime to 34.0.2.

cmassaro changed the task status from Open to In Progress.Sep 16 2025, 9:50 PM
cmassaro moved this task from Ready to In Engineering on the Abstract Wikipedia team (26Q1 (Jul–Sep)) board.
cmassaro renamed this task from In our Rust POC of the function-evaluator, upgrade wasmtime to 21.0.2+ (or replace) to In our Rust POC of the function-evaluator, switch from wasi-common to wasmtime-wasi and upgrade wasmtime to 21.0.2+ (or replace).Sep 17 2025, 6:35 PM
cmassaro added a parent task: T404797: All (?) Python implementations currently time out.
cmassaro removed a parent task: T404797: All (?) Python implementations currently time out.
cmassaro updated the task description. (Show Details)Sep 17 2025, 6:52 PM
cmassaro added a parent task: T404905: [Rust Q2] Avoid reading .wasm binaries in async tasks.Sep 17 2025, 7:08 PM
cmassaro added a parent task: T405315: Add wasmedge-related metadata to Rust evaluator.Sep 23 2025, 3:03 AM
cmassaro added a parent task: T403669: Rust evaluator messaging protocol should handle arbitrary buffer sizes.
cmassaro edited projects, added Abstract Wikipedia team (26Q2 (Oct–Dec)); removed Abstract Wikipedia team (26Q1 (Jul–Sep)).Sep 30 2025, 2:22 PM
Jdforrester-WMF moved this task from Incoming to In Engineering on the Abstract Wikipedia team (26Q2 (Oct–Dec)) board.Oct 16 2025, 2:07 PM
cmassaro added a parent task: T409592: Re-enable Rust tests.Mon, Nov 10, 6:33 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits