Page MenuHomePhabricator

SecurityUmbrella
ActivePublic

Members (7)

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

Project for Security Issues

THIS IS NOT AN ACL. Please use the acl group for security issues.

Recent Activity

Jun 24 2021

Bukkit added a member for Security: Bukkit.
Jun 24 2021, 6:07 PM

May 31 2021

MacFan4000 set Security to security-bug on T254: Extensions on new phab aren't loaded.

test again

May 31 2021, 4:56 PM · Phabricator, MacFan4000
MacFan4000 set Security to security-bug on T254: Extensions on new phab aren't loaded.

test again

May 31 2021, 4:53 PM · Phabricator, MacFan4000
MacFan4000 set Security to security-bug on T254: Extensions on new phab aren't loaded.

testing

May 31 2021, 3:29 PM · Phabricator, MacFan4000

May 3 2021

RhinosF1 closed T245: Discuss Python 3.7 as Resolved.

3.7 will be EOL on October 4 with the support of 3.10

May 3 2021, 3:27 PM · Operations/Site Reliability Engineering, Security
RhinosF1 added a comment to T245: Discuss Python 3.7.

I slightly tweaked so we can drop 3.6 now with 3.8-dev.

May 3 2021, 3:24 PM · Operations/Site Reliability Engineering, Security
RhinosF1 added a comment to T245: Discuss Python 3.7.

The policy defines when its eligble for removal. Not when supoort must end.

May 3 2021, 3:23 PM · Operations/Site Reliability Engineering, Security
Sario528 added a comment to T245: Discuss Python 3.7.

I think we should stick with our 'previous+current+next' system. If Python has the volunteers to support extra versions, that's great for them but we don't. I recommend dropping 3.7 in October as planned.

May 3 2021, 11:48 AM · Operations/Site Reliability Engineering, Security
RhinosF1 added a comment to T245: Discuss Python 3.7.

Python changed support length which is why it's dodgy

May 3 2021, 11:17 AM · Operations/Site Reliability Engineering, Security
RhinosF1 created T245: Discuss Python 3.7.
May 3 2021, 11:13 AM · Operations/Site Reliability Engineering, Security

Apr 29 2021

Sario528 triaged T189: Overhaul our dependancy management as Normal priority.
Apr 29 2021, 9:37 PM · MirahezeBot-Plugins, Security, Web
RhinosF1 added projects to T180: Stop listening on port 80: Web, Security.
Apr 29 2021, 7:12 AM · Security, Web, MacFan4000

Apr 25 2021

Dmehus added a comment to T241: Expand permissions for bot-admins.
In T241#4301, @RhinosF1 wrote:

Thanks for the task. I said @Dmehus's access roll out would be in stages so we can use this when I've had a chat with him.

We should help him get used to where stuff are first.

Apr 25 2021, 6:29 PM · Operations/Site Reliability Engineering, Security, MacFan4000
RhinosF1 updated subscribers of T241: Expand permissions for bot-admins.

Thanks for the task. I said @Dmehus's access roll out would be in stages so we can use this when I've had a chat with him.

Apr 25 2021, 5:43 AM · Operations/Site Reliability Engineering, Security, MacFan4000

Apr 24 2021

MacFan4000 added projects to T241: Expand permissions for bot-admins: Security, Operations/Site Reliability Engineering.
Apr 24 2021, 11:33 PM · Operations/Site Reliability Engineering, Security, MacFan4000

Apr 10 2021

RhinosF1 claimed T235: Allow our modified sopel to use custom dependencies.

I started this.

Apr 10 2021, 2:13 PM · Security, MirahezeBot-Plugins
RhinosF1 triaged T235: Allow our modified sopel to use custom dependencies as Normal priority.
Apr 10 2021, 1:26 PM · Security, MirahezeBot-Plugins
RhinosF1 created T235: Allow our modified sopel to use custom dependencies.
Apr 10 2021, 1:26 PM · Security, MirahezeBot-Plugins

Mar 28 2021

MacFan4000 archived the blog 12 October 2020 Security Incident.
Mar 28 2021, 4:25 PM · MirahezeBot-Plugins, Security
MacFan4000 renamed Blog Post: 12 October 2020 Security incident blog post from Summary to 12 October 2020 Security incident.
Mar 28 2021, 4:25 PM · MirahezeBot-Plugins, Security
MacFan4000 changed the blog for post Blog Post: 12 October 2020 Security incident.
Mar 28 2021, 4:24 PM · MirahezeBot-Plugins, Security

Mar 26 2021

RhinosF1 updated the post content for Blog Post: requests-cache security incident.
Mar 26 2021, 6:12 PM · Security, Phabricator-API-Client, MirahezeBot-Plugins
RhinosF1 published Blog Post: requests-cache security incident.
Mar 26 2021, 6:12 PM · Security, Phabricator-API-Client, MirahezeBot-Plugins
RhinosF1 published Blog Post: HTTPS by default.
Mar 26 2021, 6:03 PM · Web, Security
RhinosF1 updated the task description for T226: Upgrade OpenSSL to 1.1.1d-0+deb10u6 where needed and reboot all servers.
Mar 26 2021, 6:03 PM · Security
RhinosF1 renamed T226: Upgrade OpenSSL to 1.1.1d-0+deb10u6 where needed and reboot all servers from Upgrade OpenSSL to 1.1.1d-0+deb10u6 and reboot all servers to Upgrade OpenSSL to 1.1.1d-0+deb10u6 where needed and reboot all servers.
Mar 26 2021, 6:03 PM · Security
RhinosF1 closed T226: Upgrade OpenSSL to 1.1.1d-0+deb10u6 where needed and reboot all servers as Resolved.
Mar 26 2021, 6:03 PM · Security

Mar 25 2021

RhinosF1 updated the task description for T226: Upgrade OpenSSL to 1.1.1d-0+deb10u6 where needed and reboot all servers.
Mar 25 2021, 9:40 PM · Security
RhinosF1 claimed T226: Upgrade OpenSSL to 1.1.1d-0+deb10u6 where needed and reboot all servers.
Mar 25 2021, 6:19 PM · Security
RhinosF1 created T226: Upgrade OpenSSL to 1.1.1d-0+deb10u6 where needed and reboot all servers.
Mar 25 2021, 6:19 PM · Security

Mar 14 2021

RhinosF1 triaged T224: Expose sopel logs behind CF access to some people as High priority.
Mar 14 2021, 4:14 PM · Security
RhinosF1 created T224: Expose sopel logs behind CF access to some people.
Mar 14 2021, 4:14 PM · Security

Mar 12 2021

RhinosF1 added a project to T223: Tokens/Settings being a bit stupid on repos: Security.
Mar 12 2021, 7:59 PM · Security, MirahezeBot-Plugins, CI / CD and Automation

Mar 9 2021

MacFan4000 added members for Security: Dmehus, Sario528.
Mar 9 2021, 2:29 PM

Mar 5 2021

RhinosF1 closed T217: Block non-GET traffic to mirahezebots.org as Resolved.
Mar 5 2021, 11:11 PM · MacFan4000, Web, Security

Mar 4 2021

MacFan4000 placed T217: Block non-GET traffic to mirahezebots.org up for grabs.

seems fine to me

Mar 4 2021, 12:36 PM · MacFan4000, Web, Security
RhinosF1 added a comment to T217: Block non-GET traffic to mirahezebots.org.

I added challenge for now to mirahezebots.org and phabdigests.mirahezebots.org.

Mar 4 2021, 8:21 AM · MacFan4000, Web, Security
RhinosF1 assigned T217: Block non-GET traffic to mirahezebots.org to MacFan4000.
Mar 4 2021, 8:17 AM · MacFan4000, Web, Security
RhinosF1 updated subscribers of T217: Block non-GET traffic to mirahezebots.org.

Requesting approval from @MacFan4000 on this

Mar 4 2021, 8:17 AM · MacFan4000, Web, Security
RhinosF1 added a parent task for T217: Block non-GET traffic to mirahezebots.org: Unknown Object (Maniphest Task).
Mar 4 2021, 8:16 AM · MacFan4000, Web, Security
RhinosF1 created T217: Block non-GET traffic to mirahezebots.org.
Mar 4 2021, 8:15 AM · MacFan4000, Web, Security

Feb 24 2021

Dmehus added a comment to T209: [New staff] Doug - Community Relations Specialist.
In T209#3719, @RhinosF1 wrote:

They're in the bar on the right but that sounds like it's working.

Feb 24 2021, 6:39 PM · Security
RhinosF1 closed T209: [New staff] Doug - Community Relations Specialist as Resolved.
Feb 24 2021, 6:38 PM · Security
RhinosF1 added a comment to T209: [New staff] Doug - Community Relations Specialist.

They're in the bar on the right but that sounds like it's working.

Feb 24 2021, 6:38 PM · Security
Dmehus added a comment to T209: [New staff] Doug - Community Relations Specialist.
In T209#3717, @RhinosF1 wrote:
Feb 24 2021, 6:37 PM · Security
RhinosF1 added a comment to T209: [New staff] Doug - Community Relations Specialist.

Everywhere, See https://docs.github.com/en/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization

Feb 24 2021, 6:31 PM · Security
Dmehus added a comment to T209: [New staff] Doug - Community Relations Specialist.
In T209#3711, @RhinosF1 wrote:

Please confirm you can see https://github.com/MirahezeBots/AntiSpamSopel and have fancy new buttons on Pull requests

Feb 24 2021, 6:30 PM · Security
Dmehus added a comment to T209: [New staff] Doug - Community Relations Specialist.
In T209#3714, @RhinosF1 wrote:

@Dmehus: Check your GitHub email for an invite link and make sure 2FA is enabled.

Feb 24 2021, 6:19 PM · Security
RhinosF1 added a comment to T209: [New staff] Doug - Community Relations Specialist.

@Dmehus: Check your GitHub email for an invite link and make sure 2FA is enabled.

Feb 24 2021, 6:16 PM · Security
Dmehus added a comment to T209: [New staff] Doug - Community Relations Specialist.
In T209#3711, @RhinosF1 wrote:

Please confirm you can see https://github.com/MirahezeBots/AntiSpamSopel and have fancy new buttons on Pull requests

Feb 24 2021, 6:15 PM · Security