See meta.wikimedia.org/wiki/User:RhinosF1
A list of valid alts is at https://meta.wikimedia.org/wiki/User:RhinosF1/Alts
See meta.wikimedia.org/wiki/User:RhinosF1
A list of valid alts is at https://meta.wikimedia.org/wiki/User:RhinosF1/Alts
In T370632#10003626, @sbassett wrote:Thanks, @Yaron_Koren. Miraheze folks - are you ok with us making this task public now? This will also be re-announced within the next supplemental security release.
I imagine paste is probably the far more well used that property.
In T367856#10056182, @GTrang wrote:If one is pessimistic, then the enwiki.analytics.db.svc.wikimedia.cloud replag will continue to increase for all eternity. This would mean that the replag would increase to 9,000 hours on August 13, 2025, if this task is still not completed by then. Otherwise, if one is optimistic, then the replag will eventually go back to zero.
Replication lag is normal during these schema changes. It will naturally go down significantly faster than it went up once the change completes.
In T372022#10050428, @Xaosflux wrote:Lock actions are not secret, so this is certainly not an inappropriate information disclosure problem; no issues with it being turned off if it is useless noise though.
Test - ignore
In T188236#9857925, @Igorsolovki wrote:not sure if it helps but mainpage is saying
Effective June 1, 2021: Phabricator is no longer actively maintained.
I'm not sure what that's got to to do with this task. This is a bug in mediawiki and has nothing to do with the underlying software used to report the bug.
Both of these will be automatically fixed I believe when the relevant scripts have been ran.
Wiki Created by @Zabe
In T365644#9827614, @Chocapikk1337 wrote:I also have another question. I don't think this is necessary. But a CVE ID can be assigned to this bug or not? If yes, how is it going? Do I do the process or do you?
And I want to confirm that the vulnerability is indeed fixed after some tests.
We've been running Phorge since T333885: Migrate phabricator.wikimedia.org to Phorge as upstream
Adding project tags for areas affected
I am discussing this task with a steward on IRC
11:04:05 <@Urbanecm> RhinosF1: wargo: i tired, it did not help. however, manually constructing the URL where the thumbnail is supposed to be (https://upload.wikimedia.org/wikipedia/commons/thumb/archive/8/82/20230929224435%21PL_JI_Kraszewski_Zygzaki.djvu/page1-87px-PL_JI_Kraszewski_Zygzaki.djvu.jpg) appears to have worked
In T297942#9644062, @Wargo wrote:Maybe RefreshImageMetadata.php on PL_JI_Kraszewski_Zygzaki.djvu would help?
In T353904#9642344, @sbassett wrote:In T353904#9641879, @RhinosF1 wrote:I added the ManageWiki one too.
Thanks. @Mstyles - we should plan to include these with the upcoming release, and I don't think we need to worry about any release-branch backports for them.
In T353904#9529744, @sbassett wrote:In T353904#9526984, @RhinosF1 wrote:I've added https://github.com/miraheze/WikiDiscover/security/advisories/GHSA-cfcf-94jv-455f to the tracker listing the GSHA as there's no task for it on Wikimedia. WikiTide have requested the CVE.
Thanks.
With thanks to Martin, this is now deployed.
I will get the patch deployed this evening ready for you
In T360357#9639368, @Ezarate wrote:Hi RhinosF1, one day of duration (24 hs) y 30 persons maximum and 100 new articles created. Regards!!!
To provide needed info
Can you also advise the time of the event and duration?
Can you advise the expected number of creations?
I've added https://github.com/miraheze/WikiDiscover/security/advisories/GHSA-cfcf-94jv-455f to the tracker listing the GSHA as there's no task for it on Wikimedia. WikiTide have requested the CVE.
Can someone manually change the email and unblock?
18:01, 10 January 2024 WMFOffice talk contribs blocked UOzurumba talk contribs with an expiration time of indefinite (account creation disabled, autoblock disabled, email disabled, cannot edit own talk page) (Using unreachable wikimedia.org email address (T218239))
I've added a checklist based on the private task.
You look still to be blocked on wikitech https://wikitech.wikimedia.org/wiki/Special:Contributions/Conniecc1 - not sure if that's related but it should probably be undone
SRE were paged and are responding
+ affects-Miraheze as user asked question in our discord first
@MMiller_WMF was going to look at if a WMF sponsor could be found the week of the 16th October. I never got a reply.
This has now been fixed in Wikimedia's codebase. I am closing this task as there is nothing further that should be tracked on Wikimedia Phabricator.
In T354274#9436176, @Umherirrender wrote:Seems that was fixed as part of T309714: Unable to upload TTF due to deprecated mime type with b8a3f02403384220ef5cb58b1694a64a88f33ad2, that is part of REL1_41
Thanks for pointing the patch. I've put a backport for 1.40 up so this can be fixed for earlier versions.
Thanks for correcting the tagging @Aklapper.
As far as I can tell, this is the first task you've ever commented on. Spaces also can't have mixed visibility.
I've fixed the UA being malformed although the configured UA is a browser one. I'm leaving this open in case @Dzahn has anything to add when back or wants to change to a more informative UA.