Previous work: {T285405}
Tracking bug for next security release, 1.35.5/1.36.3/1.37.1
**n.b.** T292763 [[ https://gerrit.wikimedia.org/r/728646 | already landed in mw core master ]] and, therefore, has been disclosed.
**n.b.** T294686 is for Nuke, which is bundled and deployed, but the vulnerability in this task was only on master for a week or so, so it was technically disclosed early, but should likely be mentioned within the release announcement.
| Maniphest ID | CVE ID | REL1_35 | REL1_36 | REL1_37 | master
| ---- | ---- | ---- | ---- | ---- | ----
| T293589 | CVE-2021- | | | | {F34750523}
| T292763 | CVE-2021- | merged | merged | merged | merged
| T294686 | n/a | merged | merged | merged | merged
| T271037 | CVE-2021- | | | | {F34527995}
| T297322 | CVE-2021-, CVE-2021- | | | |