Tasks related to enhancing the security of Phabricator.
Apr 8 2021
Yes. I closed down registration on this install (secure.phabricator.com) several years ago because the overwhelming majority of users who registered accounts here didn't read or follow the rules. Access to secure.phabricator.com is now invite-only.
Jan 28 2021
Jan 25 2021
Jan 20 2021
Jan 19 2021
Please use Discourse to report bugs. See https://discourse.phabricator-community.org/t/repository-view-git-command-failed-error/4510/.
It works with Git 2.1.4 (shipped with Debian Wheezy), but not with Git 2.20.1 (shipped with Debian Buster), or Git 2.30.0 (latest version).
My apologies if this is not the right place to post about this, but seems like due to ea9cb0b625fb6922c45aecbfdebacc60788ed92d we now get following error message when visiting diffusion repository page, i.e. URL /diffusion/$REPOID/:
Jan 15 2021
Jan 12 2021
Aug 5 2020
Apr 30 2020
Jul 31 2019
Jul 30 2019
Jul 15 2019
Jul 10 2019
Apr 18 2019
This could be made slightly cleaner with a setSummary() to set a shorter summary:
Apr 11 2019
Apr 10 2019
Feb 2 2019
Jan 29 2019
Some guidance about "configure captchas if you're a public-facing, password-login install" would be good here too
Jan 25 2019
After T13222, this is more relevant:
From T13222, MFA on related flows should generally be updated.
Jan 21 2019
Thanks! I get the same behavior locally, I filed this upstream: https://bugs.php.net/bug.php?id=77496
I can't get MYSQLI_OPT_LOCAL_INFILE to work on secure, either. I tried on secure001 and secure004 (where the database is not local). As far as I can tell, this option doesn't do anything, anywhere, ever?
Jan 20 2019
We're probably done here, but ideally the next steps are:
Jan 18 2019
Maybe another point in favor of this claim is that the option does not work is the behavior of this:
I think that maybe mysql_nonapi.c just overrides the conn->options() call? Near line 269 of PHP 7.2.3:
I can't get MYSQLI_OPT_LOCAL_INFILE to work on secure, either. I tried on secure001 and secure004 (where the database is not local). As far as I can tell, this option doesn't do anything, anywhere, ever? I'm going to look at the source and see if I can figure out what's going on, but I'll back it out of D19998 if I can't find some evidence that it's useful.