Security Open Tasks

Help.

109082 Goal: Privacy support for Analytics - UniqueID's, Pagecount API Done 2017-01-02 2016-08-13
109086 Goal: Security engineering support for FrTech PCI Done 2017-01-02 2016-08-13
109083 Goal: Support legal during rollout of email encryption initiative Done 2017-01-02 2016-08-13
124445 Design research support for two step authentication In Progress 2017-01-02 2017-01-19
116967 Gather information on the frequency of Wikimedia sites being framed In Progress 2017-01-02 2015-10-28
90033 Support 1password for login Security Other 2015-09-29 2016-09-02
88083 Mobile apps users should not be shown captchas when creating accounts Security Other 2016-09-28 2017-06-12
119494 Citoid converts ignores <302::aid-ajmg13> Security Other 2016-10-29 2017-09-13
123243 Ability to alert when we get a sudden increase in bad passwords for privileged accounts, to possibly detect password brute-forcing Security Other 2017-01-02 2016-09-17
152972 Accessing private information through SecurePoll should be logged Security Other 2017-01-02 2017-06-07
110620 Add code patterns that could impact privacy to MediaWiki secure code training. Security Other 2017-01-02 2015-08-27
130396 Add restbase test url to ZAP seeding Security Other 2017-01-02 2016-03-18
117618 Add restrictive CSP to upload.wikimedia.org Security Other 2017-01-02 2016-07-26
135963 Add support for Content-Security-Policy (CSP) headers in MediaWiki Security Other 2017-01-02 2017-05-16
108978 Add $wgAllowSiteJSOnRestrictedPages to allow JS on restricted special pages Security Other 2017-01-02 2015-08-13
137016 Allow more than 1 password reset per 24 hours Security Other 2017-01-02 2016-06-07
110249 Allow OAuth applications to be granted rights the user doesn't have Security Other 2017-01-02 2017-03-07
125589 Allow tools to have their own ".tools.wmflabs.org" subdomain Security Other 2017-01-02 2017-10-15
132720 ApiHelp on api.php should set OutputPage::disallowUserJs Security Other 2017-01-02 2016-09-02
119451 Consider using "pepper" for our hashed passwords Security Other 2017-01-02 2015-11-23
28508 Content Security Policy (CSP) Security Other 2017-01-02 2016-06-24
150853 Create a burn-down list of administrator accounts without 2FA or password changes since 11 November Security Other 2017-01-02 2016-11-16
109094 Create and document security training on mw.org, and document training processes Security Other 2017-01-02 2016-05-23
120888 Create optional XSS filter step for the parser Security Other 2017-01-02 2016-05-23
120484 Create password-authentication service for use by CentralAuth Security Other 2017-01-02 2017-04-20
149588 Create password policy using AntiSpoof Security Other 2017-01-02 2016-10-31
120889 Create preference to control using personal JS Security Other 2017-01-02 2015-12-08
118131 Credit security researchers that identify and disclose vulnerabilities Security Other 2017-01-02 2016-04-26
150647 Deploy EncryptedPassword to WMF Security Other 2017-01-02 2016-12-10
140270 Determine a core set or a checklist of permissions for deployment purpose Security Other 2017-01-02 2017-05-16
109524 DFIR process documented on officewiki Security Other 2017-01-02 2015-08-18
118750 Document and test security response process Security Other 2017-01-02 2016-05-23
109106 Document bug triage process Security Other 2017-01-02 2016-05-23
150577 Enable OATHAuth for all users Security Other 2017-01-02 2016-11-12
122220 Enable optional two-factor authentication for OTRS Security Other 2017-01-02 2016-01-20
150049 Enable $wgCaptchaDeleteOnSolve Security Other 2017-01-02 2017-09-04
151425 Enlarge Popular Password File to 100,000 entries Security Other 2017-01-02 2017-09-06
125382 Ensure DOMPurify meets our SVG sanitization requirements for Graphs Security Other 2017-01-02 2017-07-18
121136 Establish a process to periodically review and approve access for hadoop/hue users Security Other 2017-01-02 2016-08-22
123753 Establish retrospective reports for #security and #performance incidents Security Other 2017-01-02 2017-09-13
61702 Examine which extensions are installed on login.wikimedia.org (loginwiki) and vote.wikimedia.org (votewiki) Security Other 2017-01-02 2017-04-19
116305 Followup assessment for analytics cluster Security Other 2017-01-02 2016-07-28
133735 Formalize procedures for doing security releases of MediaWiki extensions Security Other 2017-01-02 2016-04-26
109084 Goal: Security engineering support for AuthManager Security Other 2017-01-02 2016-08-13
150300 icinga notification if elevated writing to badpass.log Security Other 2017-01-02 2017-09-07
121175 Implement password age password policy check Security Other 2017-01-02 2015-12-11
121179 Implement password complexity password policy check Security Other 2017-01-02 2015-12-11
121181 Implement password policy preventing user using their real name Security Other 2017-01-02 2017-07-20
121186 Implement results of enwiki Security review RfC Security Other 2017-01-02 2016-10-31
100375 Improve user experience of Two-Factor process Security Other 2017-01-02 2016-11-17
122013 Investigate additional password reset methods (apart from email) Security Other 2017-01-02 2015-12-20
109102 Investigate / test hardware tokens for WMF identity key Security Other 2017-01-02 2015-08-14
152934 Log accessing private information by those with 'abusefilter-private' permission Security Other 2017-01-02 2017-10-20
120495 Major overhaul to Special reports Security Other 2017-01-02 2016-01-28
120886 Make javascript editing permissions more fine grained and separate from normal edit-interface Security Other 2017-01-02 2017-08-30
137599 MediaWiki as candidate for Mozilla funded code audit Security Other 2017-01-02 2016-06-10
56713 Non-NDA users cannot access graphite.wikimedia.org Security Other 2017-01-02 2016-06-10
28227 Notify user by email when password changed Security Other 2017-01-02 2016-11-13
122248 Password/login related security issues (Tracking) Security Other 2017-01-02 2015-12-22
76158 Pitfalls checklist for software using AGPL Security Other 2017-01-02 2017-02-07
149743 Prevent user from continuing until they change their password Security Other 2017-01-02 2016-11-01
109726 Privacy review of graphite and grafana data sets Security Other 2017-01-02 2015-08-20
150605 Publish an analysis of the OurMine hack Security Other 2017-01-02 2017-02-09
75958 Refactor Title to make permission checking it's own class Security Other 2017-01-02 2015-05-11
97869 Review access to security tasks Security Other 2017-01-02 2016-01-26
75953 RFC: MediaWiki HTTPS policy Security Other 2017-01-02 2016-07-27
132934 Security review of TWL Security Other 2017-01-02 2017-02-18
122375 Segment sensitive data within WMF cluster (tracking) Security Other 2017-01-02 2016-07-19
111820 Set default CSP header in service template to "default-src 'none'" Security Other 2017-01-02 2016-10-12
152219 Statistics on Captcha success/failure rate Security Other 2017-01-02 2017-09-03
153691 Strengthen two factor authentication by making it concurrent instead of sequential during the authentication process Security Other 2017-01-02 2016-12-19
150626 Suggest users with short passwords change them Security Other 2017-01-02 2016-11-14
150582 Support two-factor authentication in AutoWikiBrowser Security Other 2017-01-02 2017-07-01
138783 SVG Upload should (optionally) allow the xhtml namespace Security Other 2017-01-02 2016-12-02
103912 [Task] Ex:WikibaseQualityExternalValidation - performance review of Special:CrossCheck Security Other 2017-01-02 2017-04-05
99358 [Task] Security review of Wikibase-Quality-External-Validation branch master Security Other 2017-01-02 2017-04-06
122124 Tell users to use a unique password when creating an account. Security Other 2017-01-02 2017-03-23
150580 Throttle IP when doing many successful login attemps Security Other 2017-01-02 2016-11-12
109328 Undefined #Security-General and #Security-Other Security Other 2017-01-02 2017-01-20
120532 Use user-specific passwords for accessing EventLogging database Security Other 2017-01-02 2017-02-20
143790 $wgBlockDisablesLogin = true; + $wgEmailConfirmToEdit = true; causes the wiki to be inaccessible for anonymous users Security Other 2017-01-02 2017-04-16
156445 Streamline/automate MW tarball security release process Security Other 2017-01-28 2017-05-17
156757 Add examples of the three security review processes Security Other 2017-02-01 2017-02-03
157500 Query percentage of English Wikipedia admins without 2FA Security Other 2017-02-08 2017-02-14
160357 Allow those with CheckUser right to access AbuseLog private information on WMF projects Security Other 2017-03-14 2017-10-20
162171 Become a CVE Numbering Authority (CNA) for MediaWiki and extensions Security Other 2017-04-05 2017-04-04
164340 Request to add TerraCodes to the "oathauth-tester" group on meta Security Other 2017-05-04 2017-05-03
166622 Allow all users on all wikis to use OATHAuth Security Other 2017-05-31 2017-08-13
169676 Remove EducationProgram in favour of EducationDashboard Security Other 2017-07-05 2017-10-14
108360 Create "security pre-announce" group Security Other 2017-07-14 2017-07-13
173370 Support restricted execution of external commands (via firejail) Security Other 2017-08-16 2017-10-20
174813 Allow multiple password blacklists Security Other 2017-09-02 2017-09-01
174877 Spambots as IP addresses and as accounts again prolific within WMF wikis Security Other 2017-09-04 2017-09-07
175171 Implement bloom filter for popular password password lists Security Other 2017-09-07 2017-09-06
177895 Allow logged in users to disable MediaWiki:Common.js and MediaWiki:Common.css Security Other 2017-10-11 2017-10-10
178060 RawAction should set proper Content-Type header Security Other 2017-10-13 2017-10-13