Page MenuHomePhabricator
Create Task
Maniphest T410091

Security review for Extension:WP25EasterEggs
Open, Needs TriagePublic
Actions

Description

NOTE: Due to the time-sensitive nature of the Wikipedia 25 birthday celebrations, it is unreasonable to expect a full security review for this extension before a production deployment in January/February 2026. The developer @ATitkov will provide a self-review to the best of their abilities and @Jdrewniak will assume the security risk for deploying this to production. The self-review is tracked in T411130.

Project Information

Description of the tool/project:
The Wikipedia 25 Easter eggs extension will provide readers of Wikipedia with a celebratory mascot who will accompany them on their Wikipedia journey.

Description of how the tool will be used at WMF:
This extension is meant to celebrate Wikipedia's 25th birthday by enabling users to show an graphical mascot on the sidebar of Wikipedia articles on the Vector 2022 and MinervaNeue skins. This mascot may occasional be animated during parts of the users reading journey. Since the purpose of the extension is to celebrate Wikipedia's 25th birthday, it is by nature time-limited and temporary. There currently no intention of leaving this extension in production for longer than an a year after it has been deployed.

Dependencies
No external dependencies.

Has this project been reviewed before?
No, but we will undertake a detailed self-review as part of T411130.

Working test environment
Local setup available on documentation page:
https://www.mediawiki.org/wiki/Extension:WP25EasterEggs

Post-deployment
Primary developer is @ATitkov, manager is @cmadeo with support from the Reader Experience Team

Related Objects
Search...

Event Timeline

Jdrewniak created this task.Thu, Nov 13, 9:25 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptThu, Nov 13, 9:25 PM
A_smart_kitten subscribed.Fri, Nov 14, 10:05 AM
Aklapper added a comment.Fri, Nov 14, 4:04 PM

https://www.mediawiki.org/wiki/Writing_an_extension_for_deployment lists several steps which have not been resolved yet before requesting a Security review.

Jdrewniak mentioned this in T411065: Extension:WP25EasterEggs deployment checklist.Wed, Nov 26, 1:15 PM
Jdrewniak added a parent task: T411065: Extension:WP25EasterEggs deployment checklist.Wed, Nov 26, 1:18 PM
Jdrewniak added a project: MediaWiki-extensions-WP25EasterEggs.Wed, Nov 26, 1:37 PM
Jdrewniak created subtask T411130: [DRAFT] Security self-review for Extension:WP25EasterEggs.Wed, Nov 26, 8:17 PM
Jdrewniak renamed this task from [DRAFT]: Security review for Extension:WP25EasterEggs to Security review for Extension:WP25EasterEggs.Wed, Nov 26, 9:14 PM
Jdrewniak added a project: Application Security Reviews.
Jdrewniak updated the task description. (Show Details)
Restricted Application added a project: secscrum. · View Herald TranscriptWed, Nov 26, 9:14 PM
sbassett moved this task from Incoming to Upcoming Quarter Planning Queue on the secscrum board.Mon, Dec 1, 4:37 PM
bd808 mentioned this in T411408: Deploy extension:WP25EasterEggs to beta cluster.Mon, Dec 1, 9:54 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits