Change Details

Previous work: {T285405} Tracking bug for next security release, 1.35.5/1.36.3/1.37.1 **n.b.** T292763 [[ https://gerrit.wikimedia.org/r/728646 | already landed in mw core master ]] and, therefore, has been disclosed. **n.b.** T294686 is for Nuke, which is bundled and deployed, but the vulnerability in this task was only on master for a week or so, so it was technically disclosed early, but should likely be mentioned within the release announcement. | Maniphest ID | CVE ID | REL1_35 | REL1_36 | REL1_37 | master | ---- | ---- | ---- | ---- | ---- | ---- | T293589 | CVE-2021- | | | | {F34750523} | T292763 | CVE-2021- | merged | merged | merged | merged | T294686 | n/a | merged | merged | merged | merged | T271037 | CVE-2021- | | | | {F34527995} | T297322 | CVE-2021-, CVE-2021- | | | |

Previous work: {T285405} Tracking bug for next security release, 1.35.5/1.36.3/1.37.1 **n.b.** T292763 [[ https://gerrit.wikimedia.org/r/728646 | already landed in mw core master ]] and, therefore, has been disclosed. **n.b.** T294686 is for Nuke, which is bundled and deployed, but the vulnerability in this task was only on master for a week or so, so it was technically disclosed early, but should likely be mentioned within the release announcement. | Maniphest ID | CVE ID | REL1_35 | REL1_36 | REL1_37 | master | ---- | ---- | ---- | ---- | ---- | ---- | T293589 | CVE-2021- | | | | {F34750523} | T292763 | CVE-2021- | merged | merged | merged | merged | T294686 | n/a | merged | merged | merged | merged | T271037 | CVE-2021- | {F34527995} | {F34527995} | {F34527995} | {F34527995} | T297322 | CVE-2021-, CVE-2021- | | | |

Previous work: {T285405} Tracking bug for next security release, 1.35.5/1.36.3/1.37.1 **n.b.** T292763 [[ https://gerrit.wikimedia.org/r/728646 | already landed in mw core master ]] and, therefore, has been disclosed. **n.b.** T294686 is for Nuke, which is bundled and deployed, but the vulnerability in this task was only on master for a week or so, so it was technically disclosed early, but should likely be mentioned within the release announcement. | Maniphest ID | CVE ID | REL1_35 | REL1_36 | REL1_37 | master | ---- | ---- | ---- | ---- | ---- | ---- | T293589 | CVE-2021- | | | | {F34750523} | T292763 | CVE-2021- | merged | merged | merged | merged | T294686 | n/a | merged | merged | merged | merged | T271037 | CVE-2021- | | |{F34527995} | {F34527995} | {F34527995} | {F34527995} | T297322 | CVE-2021-, CVE-2021- | | | |