Forwarding for those who might not be on wikitech-l.
-Chad
---------- Forwarded message ---------
From: Brad Jorsch (Anomie) <bjorsch(a)wikimedia.org>
Date: Mon, Aug 15, 2016 at 10:14 AM
Subject: [Wikitech-l] Security update for CentralAuth
To: Wikimedia developers <wikitech-l(a)lists.wikimedia.org>
A bug[1] was identified in CentralAuth that would allow a user to log in to
a wiki with a reserved or otherwise "unusable" account if that account was
not reserved on another wiki in the CentralAuth cluster.
Patches for supported branches are:
* master (1.28 alpha):
https://gerrit.wikimedia.org/r/304856
* REL1_27:
https://gerrit.wikimedia.org/r/304857
* REL1_26:
https://gerrit.wikimedia.org/r/304858
* REL1_23:
https://gerrit.wikimedia.org/r/304861
If you are using an earlier version, you should upgrade your MediaWiki
installation.
[1]:
https://phabricator.wikimedia.org/T130384
--
Brad Jorsch (Anomie)
Senior Software Engineer
Wikimedia Foundation
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l