Page MenuHomePhabricator

Mstyles (Maryum)
User

Projects (7)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Saturday

  • Clear sailing ahead.

User Details

User Since
Nov 18 2019, 7:30 PM (230 w, 2 d)
Availability
Available
LDAP User
Mstyles
MediaWiki User
MStyles (WMF) [ Global Accounts ]

Recent Activity

Mon, Apr 15

Mstyles closed T362199: Security Issue Access Request for jrbranaa as Resolved.

security issue access has been granted

Mon, Apr 15, 5:32 PM · SecTeam-Processed, Security-Team, Security
Mstyles added a member for acl*security_management: Jrbranaa.
Mon, Apr 15, 5:29 PM

Sat, Apr 13

Mstyles created T362460: Pentest FY2023/24 - Fundraising Tech.
Sat, Apr 13, 12:20 AM · secscrum
Mstyles created T362459: Pentest FY2023/24 - Kartographer.
Sat, Apr 13, 12:17 AM · secscrum

Wed, Apr 10

Mstyles reassigned T360070: Application Security Review Request : Extension:IPReputation from Mstyles to sbassett.
Wed, Apr 10, 4:34 PM · user-sbassett, MediaWiki-extensions-IPReputation, secscrum, Security, Application Security Reviews

Mon, Apr 8

Mstyles added a comment to T361690: Application Security Review Request : AutoModerator.

@Samwalton9-WMF this review will be scoped to the extension only, the models will be out of scope for this review. Is it possible that this tool will replace existing auto moderator tools? For the timeline, does that mean the review can start in May? We're planning to do this review this quarter.

Mon, Apr 8, 6:27 PM · Automoderator, secscrum, Security, Application Security Reviews

Fri, Apr 5

Mstyles added a comment to T361943: Decide on a Software Bill of Materials (SBOM) format for MediaWiki.

It looks like it's not too bad to convert from CycloneDX to SPDX, so even if we decide to go with CycloneDX we can still get the SPDX data if we want it. CycloneDX seems to have more tooling and also provides a license scanner to look at the licenses @Jdforrester-WMF was referencing.

Fri, Apr 5, 6:30 PM · SecTeam-Processed, Security-Team, Security

Tue, Apr 2

Mstyles moved T361260: Add limits to loop condition from Incoming to Watching on the Security-Team board.
Tue, Apr 2, 5:48 PM · MW-1.43-notes (1.43.0-wmf.1; 2024-04-16), Patch-For-Review, Security-Team, Security, function-schemata, Abstract Wikipedia Fix-It tasks, Abstract Wikipedia team
Mstyles added a project to T361260: Add limits to loop condition: Security-Team.
Tue, Apr 2, 5:48 PM · MW-1.43-notes (1.43.0-wmf.1; 2024-04-16), Patch-For-Review, Security-Team, Security, function-schemata, Abstract Wikipedia Fix-It tasks, Abstract Wikipedia team
Mstyles edited projects for T361260: Add limits to loop condition, added: Security; removed secscrum.
Tue, Apr 2, 5:47 PM · MW-1.43-notes (1.43.0-wmf.1; 2024-04-16), Patch-For-Review, Security-Team, Security, function-schemata, Abstract Wikipedia Fix-It tasks, Abstract Wikipedia team

Thu, Mar 28

Mstyles closed T353827: Pentest FY2023/24 - Wikifunctions as Resolved.

Resolving this ticket as the report has been delivered and reviewed by the team

Thu, Mar 28, 5:00 PM · Abstract Wikipedia team, secscrum
Mstyles closed T353828: Pentest FY2023/24 - LiftWing as Resolved.

Team has confirmed that there are no action items from the report

Thu, Mar 28, 5:00 PM · secscrum
Mstyles updated the task description for T353827: Pentest FY2023/24 - Wikifunctions.
Thu, Mar 28, 4:58 PM · Abstract Wikipedia team, secscrum
Mstyles created T361260: Add limits to loop condition.
Thu, Mar 28, 4:58 PM · MW-1.43-notes (1.43.0-wmf.1; 2024-04-16), Patch-For-Review, Security-Team, Security, function-schemata, Abstract Wikipedia Fix-It tasks, Abstract Wikipedia team
Mstyles closed T358619: Security Issue Access Request for SGupta-WMF as Resolved.

security issue access has been granted.

Thu, Mar 28, 4:34 PM · SecTeam-Processed, Data Products, Security-Team, Security
Mstyles added a member for Security: SGupta-WMF.
Thu, Mar 28, 4:33 PM
Mstyles added a member for acl*security_developer: SGupta-WMF.
Thu, Mar 28, 4:33 PM

Wed, Mar 27

Mstyles closed T353826: Pentest FY2023/24 - Wikipedia Library as Resolved.

Report has been released, gone over with the team and subtasks created so I'm resolving this ticket.

Wed, Mar 27, 11:36 PM · The-Wikipedia-Library, secscrum
Mstyles added a comment to T353828: Pentest FY2023/24 - LiftWing.

The report has been released to team members. Still checking in about any fixes due to the report

Wed, Mar 27, 11:35 PM · secscrum
Mstyles added a comment to T351657: Application Security Review Request : Matomo upgrade and its campaign reporter plugin.

@SCampos-WMF thank you, I'll check back

Wed, Mar 27, 11:20 PM · SecTeam-Processed, secscrum, Security, Application Security Reviews

Mon, Mar 25

Mstyles added a comment to T360504: i18n XSS vulnerability in message 'tux-nojs'.

I updated the existing patch to used escaped instead of parsed. If we agree to move forward with this, I can upload this on gerrit so that we can address this issue faster.

Mon, Mar 25, 8:09 PM · SecTeam-Processed, MW-1.42-notes (1.42.0-wmf.25; 2024-04-02), Vuln-XSS, MediaWiki-extensions-Translate, Security, Security-Team

Fri, Mar 22

Mstyles updated the task description for T347659: Write and send supplementary release announcement for extensions and skins with security patches (1.35.14/1.39.6/1.40.2/1.41.0).
Fri, Mar 22, 8:24 PM · user-sbassett, SecTeam-Processed, MediaWiki-Releasing, Security
Mstyles updated subscribers of T357101: Special:MergeLexemes makes edits on GET requests without edit tokens.

pushing the rebased patch to gerrit for the supplemental release: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/WikibaseLexeme/+/1013359

Fri, Mar 22, 6:42 PM · MW-1.42-notes (1.42.0-wmf.23; 2024-03-19), Vuln-CSRF, SecTeam-Processed, Wikidata Dev Team (Wikidata.org Slice), Wikidata Lexicographical data, Wikidata, Security, Security-Team

Mar 18 2024

Mstyles reassigned T359087: Redirecting @priv_eng_sync Phab account (Asana sync) to new email address from Mstyles to Cleo_Lemoisson.

Reassigning to Cleo to figure this out with the privacy team

Mar 18 2024, 5:10 PM · SecTeam-Processed, Security-Team

Mar 9 2024

Mstyles reopened T351657: Application Security Review Request : Matomo upgrade and its campaign reporter plugin as "Open".

I did do a review for the Matomo upgrade as well since that was requested. I'm reopening this ticket in case you have any questions.

Mar 9 2024, 2:12 AM · SecTeam-Processed, secscrum, Security, Application Security Reviews
Mstyles reopened T351657: Application Security Review Request : Matomo upgrade and its campaign reporter plugin, a subtask of T319013: Enable the Marketing Campaigns Reporting plugin for matomo, as Open.
Mar 9 2024, 2:11 AM · Data-Platform-SRE (2024.03.04 - 2024.03.24), Data-Engineering, Foundational Technology Requests
Mstyles reopened T351657: Application Security Review Request : Matomo upgrade and its campaign reporter plugin, a subtask of T351552: Upgrade matomo (piwik.wikimedia.org) to latest stable version, as Open.
Mar 9 2024, 2:11 AM · Data-Platform-SRE (2024.04.15 - 2024.05.05), Patch-For-Review

Mar 8 2024

Mstyles closed T358618: Security Issue Access Request for Sfaci as Resolved.

security issue access granted!

Mar 8 2024, 12:39 AM · SecTeam-Processed, Data Products, Security-Team, Security
Mstyles added a member for Security: Sfaci.
Mar 8 2024, 12:39 AM
Mstyles added a member for acl*security_developer: Sfaci.
Mar 8 2024, 12:38 AM
Mstyles added a comment to T359087: Redirecting @priv_eng_sync Phab account (Asana sync) to new email address.

@Aklapper would you be able to update the @priv_eng_sync user so that it points to the email address above? If that's not possible, then I'll go ahead and have that account deleted.

Mar 8 2024, 12:36 AM · SecTeam-Processed, Security-Team
Mstyles added a comment to T358619: Security Issue Access Request for SGupta-WMF.

@SGupta-WMF could you please enable Two-Factor Authentication for your Phabricator account under Settings → Authentication → Multi-Factor Auth and read the warning under https://www.mediawiki.org/wiki/Phabricator/Help/Two-factor_Authentication_Resets ?

Mar 8 2024, 12:35 AM · SecTeam-Processed, Data Products, Security-Team, Security

Mar 6 2024

Mstyles added a comment to T351657: Application Security Review Request : Matomo upgrade and its campaign reporter plugin.

Security Review Summary - T351657 - Matomo Campaign Plugin- 2024-03-06

Mar 6 2024, 8:45 AM · SecTeam-Processed, secscrum, Security, Application Security Reviews

Mar 5 2024

Mstyles added a comment to T359087: Redirecting @priv_eng_sync Phab account (Asana sync) to new email address.

email address we want to try: x+1143023741172261@mail.asana.com

Mar 5 2024, 6:25 PM · SecTeam-Processed, Security-Team
Mstyles added a comment to T357760: CVE-2024-: Denial of service vector via GET request to Special:MovePage on pages with thousands of subpages.

@Dreamy_Jazz I'm glad that the patch works. I think adding the hard-coded message once this uploaded is fine. There was an issue with deployment which I wanted to note here: https://phabricator.wikimedia.org/T276237#9598800

Mar 5 2024, 6:50 AM · MW-1.42-notes (1.42.0-wmf.26; 2024-04-09), MW-1.41-notes, MW-1.40-notes, MW-1.39-notes, SecTeam-Processed, Patch-For-Review, MediaWiki-Page-rename, Vuln-DoS, Security, Security-Team

Mar 4 2024

Mstyles added a parent task for T357760: CVE-2024-: Denial of service vector via GET request to Special:MovePage on pages with thousands of subpages: T353895: Tracking bug for MediaWiki 1.39.7/1.40.3/1.41.1.
Mar 4 2024, 10:51 PM · MW-1.42-notes (1.42.0-wmf.26; 2024-04-09), MW-1.41-notes, MW-1.40-notes, MW-1.39-notes, SecTeam-Processed, Patch-For-Review, MediaWiki-Page-rename, Vuln-DoS, Security, Security-Team
Mstyles added a subtask for T353895: Tracking bug for MediaWiki 1.39.7/1.40.3/1.41.1: T357760: CVE-2024-: Denial of service vector via GET request to Special:MovePage on pages with thousands of subpages.
Mar 4 2024, 10:51 PM · MediaWiki-Releasing, Security
Mstyles moved T357760: CVE-2024-: Denial of service vector via GET request to Special:MovePage on pages with thousands of subpages from Security Patch To Deploy to Watching on the Security-Team board.
Mar 4 2024, 10:48 PM · MW-1.42-notes (1.42.0-wmf.26; 2024-04-09), MW-1.41-notes, MW-1.40-notes, MW-1.39-notes, SecTeam-Processed, Patch-For-Review, MediaWiki-Page-rename, Vuln-DoS, Security, Security-Team
Mstyles added a comment to T357760: CVE-2024-: Denial of service vector via GET request to Special:MovePage on pages with thousands of subpages.

Proposed patch:

Note: Due to https://wikitech.wikimedia.org/wiki/How_to_deploy_code#Guidelines_for_creating_patches, this patch has a hardcoded message which is used when the list of subpages is truncated.

Mar 4 2024, 10:48 PM · MW-1.42-notes (1.42.0-wmf.26; 2024-04-09), MW-1.41-notes, MW-1.40-notes, MW-1.39-notes, SecTeam-Processed, Patch-For-Review, MediaWiki-Page-rename, Vuln-DoS, Security, Security-Team
Mstyles closed T356297: Offboard James Fishback from Security Team as Resolved.

Moved the privacy engineering sync to a separate ticket

Mar 4 2024, 5:18 PM · SecTeam-Processed, Security-Team
Mstyles updated the task description for T356297: Offboard James Fishback from Security Team.
Mar 4 2024, 5:17 PM · SecTeam-Processed, Security-Team
Mstyles moved T359087: Redirecting @priv_eng_sync Phab account (Asana sync) to new email address from Incoming to In Progress on the Security-Team board.
Mar 4 2024, 5:14 PM · SecTeam-Processed, Security-Team
Mstyles created T359087: Redirecting @priv_eng_sync Phab account (Asana sync) to new email address.
Mar 4 2024, 5:14 PM · SecTeam-Processed, Security-Team

Mar 1 2024

Mstyles added a comment to T348780: Integrate a risk factor related to how many production projects an extension or skin is deployed.

@sbassett this looks really good! glad it's fast since the other methods were not as fast.

Mar 1 2024, 2:45 AM · Patch-For-Review, SecTeam-Processed, Code-Health, Security, Security Team AppSec, Security-Team, production-risk-assessment

Feb 28 2024

Mstyles added subtasks for T353826: Pentest FY2023/24 - Wikipedia Library : Unknown Object (Task), Unknown Object (Task), Unknown Object (Task), Unknown Object (Task), Unknown Object (Task), Unknown Object (Task), Unknown Object (Task), Unknown Object (Task).
Feb 28 2024, 7:05 PM · The-Wikipedia-Library, secscrum
Mstyles merged T358257: Wikipedia Library January 2024 Pentest into T353826: Pentest FY2023/24 - Wikipedia Library .
Feb 28 2024, 7:02 PM · The-Wikipedia-Library, secscrum
Mstyles merged task T358257: Wikipedia Library January 2024 Pentest into T353826: Pentest FY2023/24 - Wikipedia Library .
Feb 28 2024, 7:02 PM · The-Wikipedia-Library, Moderator-Tools-Team, Epic
Mstyles reopened T353826: Pentest FY2023/24 - Wikipedia Library as "In Progress".
Feb 28 2024, 7:02 PM · The-Wikipedia-Library, secscrum
Mstyles merged T353826: Pentest FY2023/24 - Wikipedia Library into T358257: Wikipedia Library January 2024 Pentest.
Feb 28 2024, 7:01 PM · The-Wikipedia-Library, Moderator-Tools-Team, Epic
Mstyles merged task T353826: Pentest FY2023/24 - Wikipedia Library into T358257: Wikipedia Library January 2024 Pentest.
Feb 28 2024, 7:00 PM · The-Wikipedia-Library, secscrum

Feb 27 2024

Mstyles closed T358140: Security Issue Access Request for @MShilova_WMF as Resolved.

Security issue access has been granted

Feb 27 2024, 7:21 PM · SecTeam-Processed, Security-Team, Security
Mstyles added a member for acl*security_program_manager: MShilova_WMF.
Feb 27 2024, 7:20 PM
Mstyles added a member for Security: MShilova_WMF.
Feb 27 2024, 7:19 PM
Mstyles claimed T358140: Security Issue Access Request for @MShilova_WMF .
Feb 27 2024, 12:44 AM · SecTeam-Processed, Security-Team, Security
Mstyles updated the task description for T356297: Offboard James Fishback from Security Team.
Feb 27 2024, 12:37 AM · SecTeam-Processed, Security-Team

Feb 26 2024

Mstyles updated the task description for T356297: Offboard James Fishback from Security Team.
Feb 26 2024, 5:14 PM · SecTeam-Processed, Security-Team
Mstyles updated the task description for T356297: Offboard James Fishback from Security Team.
Feb 26 2024, 5:05 PM · SecTeam-Processed, Security-Team

Feb 22 2024

Mstyles closed T354607: Security Issue Access Request for jhsoby as Resolved.

Security issues access has been granted

Feb 22 2024, 6:15 PM · SecTeam-Processed, Security-Team, Security
Mstyles closed T354607: Security Issue Access Request for jhsoby, a subtask of T353393: Request to add jhsoby to WMF-NDA group, as Resolved.
Feb 22 2024, 6:14 PM · WMF-NDA-Requests
Mstyles added a member for Security: jhsoby.
Feb 22 2024, 6:13 PM
Mstyles added a member for acl*security_volunteer: jhsoby.
Feb 22 2024, 6:13 PM

Feb 20 2024

Mstyles added a comment to T353393: Request to add jhsoby to WMF-NDA group.

Katie Francis from Legal confirmed that the NDA has been signed and now I'm going to get @jhsoby added to the WMF-NDA once I find a policy admin to do it

Feb 20 2024, 11:17 PM · WMF-NDA-Requests
Mstyles closed T357622: Requesting access to security@wikimedia.org as Resolved.

security@ mailing list access has been granted.

Feb 20 2024, 7:17 PM · SecTeam-Processed, Security-Team
Mstyles added a comment to T356297: Offboard James Fishback from Security Team.

privacy is planning to switch ownership of @priv_eng_sync to a privacy google group that is being created. However the account currently has 2FA tied to James Fishback's phab account, and that account has been disabled, so there might be some issues

Feb 20 2024, 6:36 PM · SecTeam-Processed, Security-Team

Feb 15 2024

Mstyles updated the task description for T356297: Offboard James Fishback from Security Team.
Feb 15 2024, 10:26 PM · SecTeam-Processed, Security-Team
Mstyles updated the task description for T356297: Offboard James Fishback from Security Team.
Feb 15 2024, 7:52 PM · SecTeam-Processed, Security-Team
Mstyles updated the task description for T356297: Offboard James Fishback from Security Team.
Feb 15 2024, 6:20 PM · SecTeam-Processed, Security-Team
Mstyles removed a member for Trusted-Contributors: JFishback_WMF.
Feb 15 2024, 6:10 PM
Mstyles removed a member for Security-Team: JFishback_WMF.
Feb 15 2024, 6:09 PM
Mstyles removed a member for Privacy: JFishback_WMF.
Feb 15 2024, 6:07 PM
Mstyles removed a watcher for Privacy Engineering: JFishback_WMF.
Feb 15 2024, 6:04 PM
Mstyles removed a member for Privacy Engineering: JFishback_WMF.
Feb 15 2024, 6:04 PM
Mstyles removed a member for acl*security_team: JFishback_WMF.
Feb 15 2024, 6:03 PM
Mstyles closed T356852: Security Issue Access Request for SecurityPatchBot as Resolved.

Security issue access has been granted to the SecurityPatchBot

Feb 15 2024, 5:55 PM · SecTeam-Processed, Security-Team, Security
Mstyles added a member for acl*security_bots: SecurityPatchBot.
Feb 15 2024, 5:53 PM
Mstyles added a member for Security: SecurityPatchBot.
Feb 15 2024, 5:53 PM

Feb 14 2024

Mstyles removed a member for acl*security_secteam: JFishback_WMF.
Feb 14 2024, 12:08 AM
Mstyles added a comment to T356852: Security Issue Access Request for SecurityPatchBot.

@jnuche I completely agree, I just wanted to make sure we were thorough in the approach. I'm creating a subproject for security bots in T357487 and after that's done, I'll go ahead and add security issue access.

Feb 14 2024, 12:07 AM · SecTeam-Processed, Security-Team, Security
Mstyles created T357487: Create new subproject "acl*security_bots" under acl*security.
Feb 14 2024, 12:06 AM · SecTeam-Processed, Project-Admins, Security-Team
Mstyles removed a member for Security: JFishback_WMF.
Feb 14 2024, 12:00 AM

Feb 13 2024

Mstyles updated the task description for T356297: Offboard James Fishback from Security Team.
Feb 13 2024, 10:02 PM · SecTeam-Processed, Security-Team
Mstyles added a comment to T354607: Security Issue Access Request for jhsoby.

@jhsoby T353393 is still open so I didn't think the NDA had been signed.

Feb 13 2024, 9:56 PM · SecTeam-Processed, Security-Team, Security
Mstyles closed T345448: Improve task backlog checks, a subtask of T343366: [EPIC] Production Risk Assessment Work - Phase 2, as Resolved.
Feb 13 2024, 8:40 PM · Epic, user-sbassett, SecTeam-Processed, Code-Health, Security, Security Team AppSec, Security-Team, production-risk-assessment
Mstyles closed T345448: Improve task backlog checks as Resolved.

Task backlog has been improved so closing this task

Feb 13 2024, 8:40 PM · SecTeam-Processed, Code-Health, Security, production-risk-assessment

Feb 12 2024

Mstyles moved T357101: Special:MergeLexemes makes edits on GET requests without edit tokens from Security Patch To Deploy to Watching on the Security-Team board.
Feb 12 2024, 10:45 PM · MW-1.42-notes (1.42.0-wmf.23; 2024-03-19), Vuln-CSRF, SecTeam-Processed, Wikidata Dev Team (Wikidata.org Slice), Wikidata Lexicographical data, Wikidata, Security, Security-Team
Mstyles added a comment to T357101: Special:MergeLexemes makes edits on GET requests without edit tokens.

Okay, I think this should work:

diff --git a/src/MediaWiki/Specials/SpecialMergeLexemes.php b/src/MediaWiki/Specials/SpecialMergeLexemes.php
index dca2111390..71de16fd34 100644
--- a/src/MediaWiki/Specials/SpecialMergeLexemes.php
+++ b/src/MediaWiki/Specials/SpecialMergeLexemes.php
@@ -168,6 +168,18 @@ private function anonymousEditWarning(): string {
 	private function mergeLexemes( $serializedSourceId, $serializedTargetId ): void {
 		$sourceId = $this->getLexemeId( $serializedSourceId );
 		$targetId = $this->getLexemeId( $serializedTargetId );
+		// TODO inject interactor+localizer and move this check down a bit once this is public
+		// phpcs:disable MediaWiki.Classes.FullQualifiedClassName.Found
+		try {
+			\Wikibase\Repo\WikibaseRepo::getTokenCheckInteractor()
+				->checkRequestToken( $this->getContext(), 'wpEditToken' );
+		} catch ( \Wikibase\Repo\Interactors\TokenCheckException $e ) {
+			$message = \Wikibase\Repo\WikibaseRepo::getExceptionLocalizer()
+				->getExceptionMessage( $e );
+			$this->showErrorHTML( $message->parse() );
+			return;
+		}
+		// phpcs:enable
 
 		if ( !$sourceId ) {
 			$this->showInvalidLexemeIdError( $serializedSourceId );
 			return;
 		}
 		if ( !$targetId ) {
 			$this->showInvalidLexemeIdError( $serializedTargetId );
 			return;
 		}
 
 		try {
 			$this->mergeInteractor->mergeLexemes(

The mergeLexemes() call at the end there will probably be touched soon, so I put the check a bit higher up to (hopefully) avoid merge conflicts.

Feb 12 2024, 10:40 PM · MW-1.42-notes (1.42.0-wmf.23; 2024-03-19), Vuln-CSRF, SecTeam-Processed, Wikidata Dev Team (Wikidata.org Slice), Wikidata Lexicographical data, Wikidata, Security, Security-Team
Mstyles added a comment to T356852: Security Issue Access Request for SecurityPatchBot.

@thcipriani do you know if it's possible to add MFA to a bot account? I understand the team will be protecting credentials which is great. I looked around in the phabricator documentation and I didn't see anything, but I wanted to be thorough.

Feb 12 2024, 9:37 PM · SecTeam-Processed, Security-Team, Security
Mstyles added a comment to T354607: Security Issue Access Request for jhsoby.

@jhsoby @Ladsgroup we still need the NDA signed in T353393 to move forward.

Feb 12 2024, 8:28 PM · SecTeam-Processed, Security-Team, Security
Mstyles added a comment to T356852: Security Issue Access Request for SecurityPatchBot.

@thcipriani do you approve this as the manager of Release Engineering?

Feb 12 2024, 6:23 PM · SecTeam-Processed, Security-Team, Security
Mstyles changed the visibility for T357203: XSS through interface message in UnlinkedWikibase.
Feb 12 2024, 5:31 PM · Vuln-XSS, SecTeam-Processed, MediaWiki-extensions-UnlinkedWikibase, affects-Miraheze, Security, Security-Team
Mstyles moved T357203: XSS through interface message in UnlinkedWikibase from Incoming to Our Part Is Done on the Security-Team board.
Feb 12 2024, 5:29 PM · Vuln-XSS, SecTeam-Processed, MediaWiki-extensions-UnlinkedWikibase, affects-Miraheze, Security, Security-Team

Feb 7 2024

Mstyles moved T353828: Pentest FY2023/24 - LiftWing from Vendor Confirmed to In Progress on the secscrum board.
Feb 7 2024, 5:26 PM · secscrum

Jan 31 2024

Mstyles closed T355690: Security Issue Access Request for Scott_French as Resolved.

security issue access has been granted, marking this ticket as done.

Jan 31 2024, 5:18 PM · Security-Team, Security
Mstyles added a member for Security: Scott_French.
Jan 31 2024, 5:16 PM
Mstyles added a member for acl*security_sre: Scott_French.
Jan 31 2024, 5:16 PM

Jan 29 2024

Mstyles updated subscribers of T355690: Security Issue Access Request for Scott_French.

@Kappakayala we need manager approval for this request so if you could please respond here saying that you approve

Jan 29 2024, 9:50 PM · Security-Team, Security

Jan 24 2024

Mstyles added a subtask for T353826: Pentest FY2023/24 - Wikipedia Library : T355804: Cross-Site Scripting vulnerability in The Wikipedia Library.
Jan 24 2024, 7:55 PM · The-Wikipedia-Library, secscrum
Mstyles added a parent task for T355804: Cross-Site Scripting vulnerability in The Wikipedia Library: T353826: Pentest FY2023/24 - Wikipedia Library .
Jan 24 2024, 7:55 PM · Security, Security-Team, Moderator-Tools-Team (Kanban)
Mstyles moved T353826: Pentest FY2023/24 - Wikipedia Library from Vendor Confirmed to In Progress on the secscrum board.
Jan 24 2024, 7:54 PM · The-Wikipedia-Library, secscrum
Mstyles changed the visibility for T355804: Cross-Site Scripting vulnerability in The Wikipedia Library.
Jan 24 2024, 7:53 PM · Security, Security-Team, Moderator-Tools-Team (Kanban)