Previous work: {T263803}
Tracking bug for next security release, 1.31.13/1.35.2
| Maniphest ID | CVE ID | REL1_31 | REL1_35 | master
| ---- | ---- | ---- | ---- | ----
| T270453 | CVE-2021-30153 | {F34251703} | {F34251704} | {F33955445}
| T270713 | CVE-2021-30152 | {F33984659} | {F33984659} | {F33984659}
| T270988 | CVE-2021-30155 | {F34251707} | {F34251705} | {F34251706}
| T272386 | CVE-2021-30159 | {F34251710} | {F34251708} | {F34251709}
| T276843 | CVE-2021-20270, CVE-2021-27291 | {F34180145} | [[https://gerrit.wikimedia.org/r/c/mediawiki/extensions/SyntaxHighlight_GeSHi/+/670552|merged]] | merged
| T277009 | CVE-2021-30158 | merged | merged | merged
| T278058 | CVE-2021-30157 | merged | merged | merged
| T278014 | CVE-2021-30154 | merged | merged | merged
| T279451 | CVE-2021-30458 | | | |
**Notes:**
# T274883 never made it into a release, but I figured we'd track it here just in case. There's also a "better" patch that will be pushed through gerrit, as a replacement to the initial production security patch.
# T277009 went through gerrit as a **low-risk**, security-related bug.