Forwarding for those who might not be on wikitech-l.
-Chad
---------- Forwarded message --------- From: Brad Jorsch (Anomie) bjorsch@wikimedia.org Date: Mon, Aug 15, 2016 at 10:14 AM Subject: [Wikitech-l] Security update for CentralAuth To: Wikimedia developers wikitech-l@lists.wikimedia.org
A bug[1] was identified in CentralAuth that would allow a user to log in to a wiki with a reserved or otherwise "unusable" account if that account was not reserved on another wiki in the CentralAuth cluster.
Patches for supported branches are: * master (1.28 alpha): https://gerrit.wikimedia.org/r/304856 * REL1_27: https://gerrit.wikimedia.org/r/304857 * REL1_26: https://gerrit.wikimedia.org/r/304858 * REL1_23: https://gerrit.wikimedia.org/r/304861
If you are using an earlier version, you should upgrade your MediaWiki installation.
[1]: https://phabricator.wikimedia.org/T130384
-- Brad Jorsch (Anomie) Senior Software Engineer Wikimedia Foundation _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
mediawiki-l@lists.wikimedia.org