Page MenuHomePhabricator
People mmartorana

mmartorana (manfredi martorana)
User

Projects

Calendar

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Monday

  • Clear sailing ahead.

User Details

User Since
Nov 5 2021, 2:54 PM (29 w, 1 d)
Availability
Available
LDAP User
Unknown
MediaWiki User
MMartorana (WMF) [ Global Accounts ]

Recent Activity
View All

Tue, May 24

mmartorana added a comment to T304291: Request to install Extension:Upload Wizard on id-internal.wikimedia.org.

Yes, you should file a new request using this form and we will triage it for next quarter's appsec reviews. You can also find additional information of the appsec review process.

Tue, May 24, 3:36 PM · SecTeam-Processed, Security-Team, Wikimedia-Extension-setup, Patch-For-Review, Wikimedia-Site-requests
mmartorana added a comment to T304291: Request to install Extension:Upload Wizard on id-internal.wikimedia.org.

The Extension:Upload_Wizard has not undergone any manual security review, and since it is an extension that may present a large subset of risky vulnerabilities, we would like to review it before approving the deployment in other wikis.

Tue, May 24, 3:03 PM · SecTeam-Processed, Security-Team, Wikimedia-Extension-setup, Patch-For-Review, Wikimedia-Site-requests

Tue, May 10

mmartorana moved T302772: Application Security Review Request : Codex from In Progress to Waiting on the secscrum board.
Tue, May 10, 2:10 PM · Design-Systems-team-20200324-20220422 (Design Systems Team FY2021-22 Kanban Board), Codex, secscrum, Security, Application Security Reviews
mmartorana changed the status of T304885: Application Security Review Request : Image Suggestions Service from Open to In Progress.
Tue, May 10, 2:08 PM · Generated Data Platform, secscrum, Security, Application Security Reviews
mmartorana moved T304885: Application Security Review Request : Image Suggestions Service from Waiting to In Progress on the secscrum board.
Tue, May 10, 2:07 PM · Generated Data Platform, secscrum, Security, Application Security Reviews

Mon, May 2

mmartorana added a comment to T304885: Application Security Review Request : Image Suggestions Service.

Ok, thank you.

Mon, May 2, 4:11 PM · Generated Data Platform, secscrum, Security, Application Security Reviews

Apr 27 2022

mmartorana added a comment to T304885: Application Security Review Request : Image Suggestions Service.

Hi @Eevans, we have also found these two extensions:

Apr 27 2022, 4:59 PM · Generated Data Platform, secscrum, Security, Application Security Reviews

Apr 21 2022

mmartorana added a comment to T304885: Application Security Review Request : Image Suggestions Service.

Perfect, thank you.

Apr 21 2022, 5:09 PM · Generated Data Platform, secscrum, Security, Application Security Reviews

Apr 20 2022

mmartorana added a comment to T304885: Application Security Review Request : Image Suggestions Service.

Hey @Eevans, I just wanted to have confirmation that the main branch is stable and I can work with the most recent commit, and that there shouldn't be any more substantial contributions before deployment.

Apr 20 2022, 4:59 PM · Generated Data Platform, secscrum, Security, Application Security Reviews

Apr 13 2022

mmartorana added a comment to T304885: Application Security Review Request : Image Suggestions Service.

Hello @WDoranWMF and @Eevans, I will be in charge of this security review.

Apr 13 2022, 4:22 PM · Generated Data Platform, secscrum, Security, Application Security Reviews

Apr 7 2022

mmartorana added a comment to T297839: Write and send supplementary release announcement for extensions and skins with security patches (1.35.6/1.36.4/1.37.2).

Subject: MediaWiki Extensions and Skins Security Release Supplement (1.35.6/1.36.4/1.37.2)

Apr 7 2022, 5:29 PM · Security-Team, user-sbassett, MediaWiki-Releasing, Security

Apr 4 2022

mmartorana added a comment to T295065: Security Readiness Review For WikiSEO.

Hi @RhinosF1, as per WMF's risk management framework, low risk (which this review has overall) is automatically accepted by the WMF.

Apr 4 2022, 4:37 PM · WikiSEO, secscrum, Security, Application Security Reviews

Apr 1 2022

mmartorana added a comment to T295065: Security Readiness Review For WikiSEO.

Security Review Summary - T295065 - 2022-03-31
Last commit reviewed: 08d39f11c9abdf22d10e6a0138d4ea3d6817cc62

Apr 1 2022, 5:24 PM · WikiSEO, secscrum, Security, Application Security Reviews
mmartorana updated the task description for T297839: Write and send supplementary release announcement for extensions and skins with security patches (1.35.6/1.36.4/1.37.2).
Apr 1 2022, 1:12 PM · Security-Team, user-sbassett, MediaWiki-Releasing, Security

Feb 22 2022

mmartorana added a comment to T295065: Security Readiness Review For WikiSEO.

Hi @RhinosF1, thanks a lot for your feedback!

Feb 22 2022, 6:11 PM · WikiSEO, secscrum, Security, Application Security Reviews

Feb 16 2022

mmartorana added a comment to T295065: Security Readiness Review For WikiSEO.

I will then ask @Octfx and @RhinosF1 to answer my questions, please.

Feb 16 2022, 3:47 PM · WikiSEO, secscrum, Security, Application Security Reviews

Feb 9 2022

mmartorana added a comment to T295065: Security Readiness Review For WikiSEO.

Before proceeding with the review, we would like to shed some light on a couple of points:

Feb 9 2022, 4:50 PM · WikiSEO, secscrum, Security, Application Security Reviews

Jan 14 2022

mmartorana added a comment to T289322: Pre-launch security review of Wikifunctions.

Security Review Summary - T289322 - 2022-01-14
Last commit reviewed: f8bfba32ddc266ead8a8bbd134e63ec669defba9

Jan 14 2022, 8:16 PM · user-sbassett, Application Security Reviews, secscrum, Abstract Wikipedia team (Phase λ – Launch)

Jan 11 2022

mmartorana claimed T295065: Security Readiness Review For WikiSEO.
Jan 11 2022, 5:34 PM · WikiSEO, secscrum, Security, Application Security Reviews

Jan 10 2022

mmartorana closed T290808: Users with no NDA can access confidential information at testwiki's SecurePoll instance (CVE-2021-46148), a subtask of T292236: Write and send supplementary release announcement for extensions and skins with security patches (1.35.5/1.36.3/1.37.1), as Resolved.
Jan 10 2022, 6:41 PM · Security Team AppSec, Security-Team, user-sbassett, MediaWiki-Releasing, Security
mmartorana closed T290808: Users with no NDA can access confidential information at testwiki's SecurePoll instance (CVE-2021-46148) as Resolved.
Jan 10 2022, 6:41 PM · MW-1.38-notes (1.38.0-wmf.13; 2021-12-13), Patch-For-Review, MediaWiki-extensions-SecurePoll, SecTeam-Processed, Anti-Harassment, Security, Security-Team
mmartorana closed T296578: Globally blocked IPs can edit EntitySchema items (CVE-2021-45471) as Resolved.
Jan 10 2022, 6:38 PM · MW-1.38-notes (1.38.0-wmf.16; 2022-01-03), wdwb-tech, Wikibase Release Strategy, SecTeam-Processed, Wikidata-Campsite (Team A Hearth 🏰🔥), Stewards-and-global-tools, Wikidata, Shape Expressions, Security, Security-Team
mmartorana closed T296578: Globally blocked IPs can edit EntitySchema items (CVE-2021-45471), a subtask of T292236: Write and send supplementary release announcement for extensions and skins with security patches (1.35.5/1.36.3/1.37.1), as Resolved.
Jan 10 2022, 6:37 PM · Security Team AppSec, Security-Team, user-sbassett, MediaWiki-Releasing, Security
mmartorana changed the visibility for T293749: /w/api.php?action=languagesearch denial of service (CVE-2021-46149).
Jan 10 2022, 6:12 PM · MW-1.37-notes, MW-1.36-notes, MW-1.35-notes, Vuln-DoS, UniversalLanguageSelector, Security, Security-Team
mmartorana changed the visibility for T293341: MassEditRegex is Vulnerable to CSRF Attacks (CVE-2021-46147).
Jan 10 2022, 6:11 PM · SecTeam-Processed, Vuln-CSRF, MediaWiki-extensions-MassEditRegex, Security
mmartorana changed the visibility for T292351: CVE-2021-41118: ReDOS in DPL3.
Jan 10 2022, 6:11 PM · SecTeam-Processed, MediaWiki-extensions-Other, Vuln-DoS, User-RhinosF1, Security
mmartorana renamed T290808: Users with no NDA can access confidential information at testwiki's SecurePoll instance (CVE-2021-46148) from Users with no NDA can access confidential information at testwiki's SecurePoll instance to Users with no NDA can access confidential information at testwiki's SecurePoll instance (CVE-2021-46148).
Jan 10 2022, 5:03 PM · MW-1.38-notes (1.38.0-wmf.13; 2021-12-13), Patch-For-Review, MediaWiki-extensions-SecurePoll, SecTeam-Processed, Anti-Harassment, Security, Security-Team
mmartorana renamed T293749: /w/api.php?action=languagesearch denial of service (CVE-2021-46149) from /w/api.php?action=languagesearch denial of service to /w/api.php?action=languagesearch denial of service (CVE-2021-46149).
Jan 10 2022, 5:03 PM · MW-1.37-notes, MW-1.36-notes, MW-1.35-notes, Vuln-DoS, UniversalLanguageSelector, Security, Security-Team
mmartorana renamed T293341: MassEditRegex is Vulnerable to CSRF Attacks (CVE-2021-46147) from MassEditRegex is Vulnerable to CSRF Attacks to MassEditRegex is Vulnerable to CSRF Attacks (CVE-2021-46147).
Jan 10 2022, 5:02 PM · SecTeam-Processed, Vuln-CSRF, MediaWiki-extensions-MassEditRegex, Security
mmartorana renamed T293556: Stored XSS via WikibaseMediaInfo caption fields at commons.wikimedia.org (CVE-2021-46146) from Stored XSS via WikibaseMediaInfo caption fields at commons.wikimedia.org to Stored XSS via WikibaseMediaInfo caption fields at commons.wikimedia.org (CVE-2021-46146).
Jan 10 2022, 5:02 PM · Structured-Data-Backlog (Current Work), SecTeam-Processed, Patch-For-Review, WikibaseMediaInfo, Vuln-XSS, Commons, Security, Security-Team
mmartorana renamed T292795: XSS vulnerability in Special:CheckUserLog (CVE-2021-46150) from XSS vulnerability in Special:CheckUserLog to XSS vulnerability in Special:CheckUserLog (CVE-2021-46150).
Jan 10 2022, 5:01 PM · MW-1.35-notes, MW-1.36-notes, MW-1.37-notes, MW-1.38-notes (1.38.0-wmf.5; 2021-10-19), SecTeam-Processed, CheckUser, Vuln-XSS, Security, Security-Team
mmartorana updated the task description for T292236: Write and send supplementary release announcement for extensions and skins with security patches (1.35.5/1.36.3/1.37.1).
Jan 10 2022, 10:46 AM · Security Team AppSec, Security-Team, user-sbassett, MediaWiki-Releasing, Security

Jan 7 2022

mmartorana moved T293369: Security Readiness Review For Wikipedia Preview Wordpress plugin from In Progress to Our Part Is Done on the secscrum board.
Jan 7 2022, 6:27 PM · Inuka-Team, Wikipedia-Preview, Security, secscrum, Application Security Reviews
mmartorana closed T293369: Security Readiness Review For Wikipedia Preview Wordpress plugin as Resolved.
Jan 7 2022, 6:27 PM · Inuka-Team, Wikipedia-Preview, Security, secscrum, Application Security Reviews
mmartorana added a comment to T293369: Security Readiness Review For Wikipedia Preview Wordpress plugin.

Security Review Summary - T293369 - 2022-01-07
Last commit reviewed: 4583e736243d46857d982c16be0850112db892b1

Jan 7 2022, 6:26 PM · Inuka-Team, Wikipedia-Preview, Security, secscrum, Application Security Reviews

Dec 21 2021

mmartorana updated the task description for T292236: Write and send supplementary release announcement for extensions and skins with security patches (1.35.5/1.36.3/1.37.1).
Dec 21 2021, 5:37 PM · Security Team AppSec, Security-Team, user-sbassett, MediaWiki-Releasing, Security

Dec 1 2021

mmartorana claimed T295374: Create best practices / guidelines documentation for Gitlab application security ci templates.
Dec 1 2021, 5:12 PM · SecTeam-Processed, GitLab (CI & Job Runners), Security, Security Team AppSec, Security-Team

Nov 30 2021

mmartorana added a comment to T294312: Investigate SAST template options now included with Gitlab CE and formulate use-cases and documentation.

I have experimented with the GitLab SAST templates on many languages/frameworks repos containing vulnerable code and the results are not very satisfying.

Nov 30 2021, 7:34 PM · GitLab (CI & Job Runners), Security, Security Team AppSec, Security-Team

Nov 18 2021

mmartorana updated the task description for T295790: Add Manfredi Martorana to deployment and analytics-privatedata-users groups.
Nov 18 2021, 5:26 PM · SRE-Access-Requests, SRE, SecTeam-Processed, Security-Team
mmartorana added a comment to T295790: Add Manfredi Martorana to deployment and analytics-privatedata-users groups.

I have now provided all the required information.

Nov 18 2021, 5:25 PM · SRE-Access-Requests, SRE, SecTeam-Processed, Security-Team
mmartorana updated the task description for T295790: Add Manfredi Martorana to deployment and analytics-privatedata-users groups.
Nov 18 2021, 10:11 AM · SRE-Access-Requests, SRE, SecTeam-Processed, Security-Team

Nov 16 2021

mmartorana updated the task description for T295689: Onboard Manfredi Martorana to the Security Team.
Nov 16 2021, 6:10 PM · SecTeam-Processed, Security Team AppSec, Security-Team
mmartorana updated the task description for T295689: Onboard Manfredi Martorana to the Security Team.
Nov 16 2021, 2:14 PM · SecTeam-Processed, Security Team AppSec, Security-Team
mmartorana updated the task description for T295689: Onboard Manfredi Martorana to the Security Team.
Nov 16 2021, 1:46 PM · SecTeam-Processed, Security Team AppSec, Security-Team
mmartorana updated the task description for T295689: Onboard Manfredi Martorana to the Security Team.
Nov 16 2021, 1:45 PM · SecTeam-Processed, Security Team AppSec, Security-Team
mmartorana updated the task description for T295689: Onboard Manfredi Martorana to the Security Team.
Nov 16 2021, 1:45 PM · SecTeam-Processed, Security Team AppSec, Security-Team
mmartorana updated the task description for T295689: Onboard Manfredi Martorana to the Security Team.
Nov 16 2021, 12:54 PM · SecTeam-Processed, Security Team AppSec, Security-Team
mmartorana updated the task description for T295689: Onboard Manfredi Martorana to the Security Team.
Nov 16 2021, 12:53 PM · SecTeam-Processed, Security Team AppSec, Security-Team

Nov 8 2021

mmartorana removed a watcher for acl*security_secteam: mmartorana.
Nov 8 2021, 7:16 PM
mmartorana added a watcher for acl*security_secteam: mmartorana.
Nov 8 2021, 7:16 PM
mmartorana added a watcher for LDAP-Access-Requests: mmartorana.
Nov 8 2021, 7:16 PM

Nov 5 2021

mmartorana updated mmartorana.
Nov 5 2021, 2:56 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL