What's true for Special:ExpandTemplates is true for Special:TemplateSandbox, too:
Description
Details
Related Objects
- Mentioned In
- rMEXTfd3f6c69e52a: Updated mediawiki/extensions Project: mediawiki/extensions/TemplateSandbox…
rMEXT3e5f7ef5a736: Updated mediawiki/extensions Project: mediawiki/extensions/TemplateSandbox…
rETSA7484d5da2386: Require post with edit token if $wgRawHtml is set
rETSAc0143ccbcc18: Require post with edit token if $wgRawHtml is set
rETSAba3e93d5a018: Require post with edit token if $wgRawHtml is set
rETSA2fc676fcffb0: Require post with edit token if $wgRawHtml is set
Event Timeline
This patch is currently deployed to the cluster in 1.25wmf11 and 1.25wmf12, so it should be good to publish.
Change 180646 merged by jenkins-bot:
Require post with edit token if $wgRawHtml is set
Change 180660 had a related patch set uploaded (by Legoktm):
Require post with edit token if $wgRawHtml is set
Change 180660 merged by jenkins-bot:
Require post with edit token if $wgRawHtml is set
Had trouble with committing to the right branch and decided that time from disclosure to publication of _any_ fix should be kept as minimal as possible. Thanks for the REL1_23 backport.
Kunal,
Thanks to your patch, I was able to get REL1_22 patched: https://gerrit.wikimedia.org/r/#/c/180787/
This makes absolutely no sense. So no fix is preferable to a delayed fix??? This basically screwed over 1.23/1.22 users who, after the bug was publicly disclosed still had no patch, with absolutely no indication that 1.23/1.22 patches were not ready. So I'm in the middle of upgrading my wikis and then realize that hey, there's no patch!
If you're trying to reduce the time from disclosure to publication, there are many other things you could be doing (prepping patches beforehand, not putting them in git until after the release, not waiting hours for jenkins to -1 patches, etc.) but aren't, so *not* releasing a security fix is completely ridiculous.
Thank you.