Any chance that Wikimedia Foundation can actually do proper releases of
this extension, rather than sending people a link to a phabricator page
that has a link to a gerrit change buried in the comments?
This seems like a pretty poor way to do a security release to third parties
that may be relying on this.
On Tue, Apr 26, 2016 at 11:44 AM, Jon Robson <jrobson(a)wikimedia.org> wrote:
A security vulnerability has been discovered in
MediaWiki setups which
use MobileFrontend.
Revisions who's visibility had been alerted were showing up in parts
of the mobile UI.
All projects in the Wikimedia cluster have been since patched but if
you use this extension please be sure to apply the fix.
Patch file and issue are documented on
https://phabricator.wikimedia.org/T133700
Note there is some follow-up work to do which is tracked in:
https://phabricator.wikimedia.org/T133722
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l