In December 2021, I discovered CVE-2022-28201, which is that it's possible to get MediaWiki's Title::newMainPage() to go into infinite recursion. More specifically, if the local interwikis feature is configured (not used by default, but enabled on Wikimedia wikis), any on-wiki administrator could fully brick the wiki by editing the [[MediaWiki:Mainpage]]…
You're seeing the world through a web browser; what does it see about you? As part of my work on the Freedom of the Press Foundation's Digital Security Team, I updated our guide comparing the privacy and security features of popular browsers in 2020.https://freedom.press/training/-depth-guide-choosing-web-browser/
For the past 5ish years, I've been working on a project called libraryupgrader (LibUp for short) to semi-automatically upgrade dependency libraries in the 900+ MediaWiki extension and related git repositories. For those that use GitHub, it's similar to the new dependabot tool, except LibUp is free software. One cool feature…
My first CVE: CVE-2015-8007!
