On 19/07/2017 04:45, Brian Wolff wrote: > Hello Everyone. > > This is an advisory that the SimpleSecurity extension has unfixed > security issues, and that people relying on it should consider moving > to a different solution. > > The extension does not take caching into consideration, and is not > secure when $wgMainCacheType is something other than CACHE_NONE. We > received a bug report about this quite a long time ago, however it > appears nobody is maintaining the extension, and we were unable to > find anyone to forward the report to who was interested in fixing > the issue. So instead we are making the issue public and issuing > this warning about it. > > The issue in question is https://phabricator.wikimedia.org/T48843 > The extension in question is > https://www.mediawiki.org/wiki/Extension:SimpleSecurity > > Sincerely, > > Brian Wolff > Wikimedia Security Team > > P.S. This is the first time I've ever written a warning like this > for an extension. In the past, we've just put security alerts on > the extension page or sometimes just ignored them (which I consider bad). > I would like feedback from mediawiki-l if people on this list appreciate > getting a notice like this, or if you folks consider it off topic. > Any other feedback about how we handle security issues reported to > us for extensions we do not make or maintain is also appreciated. >
I would appreciate getting this kind of notice. I never go back to the extension's page, the notice there would help me only the first time, when I'm about to installed it. Thank you! Eduardo
signature.asc
Description: OpenPGP digital signature
_______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
