On Tue, Apr 26, 2016 at 2:44 PM, Jon Robson jrobson@wikimedia.org wrote:
A security vulnerability has been discovered in MediaWiki setups which use MobileFrontend.
Revisions who's visibility had been alerted were showing up in parts of the mobile UI.
All projects in the Wikimedia cluster have been since patched but if you use this extension please be sure to apply the fix.
Patch file and issue are documented on https://phabricator.wikimedia.org/T133700
Note there is some follow-up work to do which is tracked in: https://phabricator.wikimedia.org/T133722
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
For these sorts of things, could we include the extension in the subject line? Otherwise some people might think its a general mediawiki security issue.
Thanks, -- -bawolff