[02:11:33] <kj7rrv>	 I think I found a denial of service bug. Where should I report it?
[02:13:44] <kj7rrv>	 It allows a wiki to be rendered basically unusable by an attacker with an average computer and Internet connection.
[02:15:24] <kj7rrv[m]>	 I have a proof of concept exploit. I'm pretty sure it's only DoS, not RCE or anything like that.
[02:20:19] <kj7rrv>	 (i know my exploit is only DoS, and I'm pretty sure the vulnerability only allows RCE)
[02:21:16] <MatmaRex>	 kj7rrv: hi
[02:21:30] <kj7rrv>	 Hi MatmaRex 
[02:22:19] <MatmaRex>	 kj7rrv: please see https://www.mediawiki.org/wiki/Reporting_security_bugs#Reporting_a_security_issue . you can email the security team, or report it in our phabricator if you already have an account there
[02:22:25] <MatmaRex>	 thank you :)
[02:22:52] <kj7rrv>	 Okay, I'll email the security team, thank you! Should I send my exploit?
[02:23:06] <MatmaRex>	 sure, you can
[02:23:29] <kj7rrv>	 Okay, I'll do that. Thank you!
[08:30:17] <Southparkfan>	 hi, anyone that can help me to get https://gerrit.wikimedia.org/r/c/mediawiki/core/+/787858/ backported?
[08:33:22] <Vulpix>	 Note that backporting won't necessarily mean a new 1.35 version will get released immediately... My guess is that it will be backported if/when 1.35.7 will be released
[08:34:55] <Southparkfan>	 Vulpix: I understand, but I can perform a git pull anytime soon (e.g. my usecase doesn't depend on a new tarball being released)
[16:48:02] <Guest10>	 Hi, I'm running MediaWiki 1.37.2 on Apache and getting the following error on all pages. "Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted" /dev/null has 666 permission.
[16:59:52] <mutante>	 Guest10: maybe https://www.mediawiki.org/wiki/Topic:Roc8u8kdlhgo3x6i can help a bit
[17:10:17] <Guest10>	 Thank you for replying mutante. I looked at the thread you provided and I can verify that /dev/null has the read and write permission but issue is still the same.
[17:11:17] <Guest10>	 I was running on Openlitespeed earlier and there was no Lua error on that but then due to some issues I shifted to Apache and start getting these errors.
[17:12:06] <mutante>	 Guest10: feels like it might be the " php/lua is restricted from accessing files outside its working directory or something like that."
[17:12:50] <mutante>	 Guest10: ah, here is another one: https://www.mediawiki.org/wiki/Topic:U1d7v1r2lfvt84cs
[17:13:05] <mutante>	 " "open_basedir restriction in effect". You'll need to disable that. You'll need to talk to your hosting provider, it might be an option in the configuration panel."
[17:13:08] <mutante>	 check that
[17:13:44] <mutante>	 "PHP configuration (php.ini) and disable the open_basedir restriction." maybe
[17:14:42] <Guest10>	 I have the access to this file as I'm on the dedicated server so let me see.
[17:23:34] <Guest10>	 Looking for open_basedir in php.ini I can only fine ;open_basedir =
[17:23:59] <Guest10>	 Nothing after "="
[17:27:44] <mutante>	 Guest10: hmm https://www.php.net/manual/en/ini.core.php#ini.open-basedir   says the default is to allow all. but also that it can be changed by scripts at runtime or in httpd config
[17:29:13] <Vulpix>	 Check also if you have SELinux enabled
[17:34:22] <Guest10>	 Sure thanks for the advice.