Hi,
I just wanted to quickly let you know that on Friday Lucie discovered
that it's possible to use the wbmergeitems API without passing an edit
token to it, also it was possible to use it via GET requests.
Not requiring a token made that module vulnerable to CSRF attacks.
We opened a security
Hi Everyone,
We provide an interface for the Scribunto extension (Lua modules) in
Wikibase for quite some time now. Our integration with Scribunto was
very basic initially and not future proof enough for things like
arbitrary access or very big items.
Due to that we at some point deprecated the o
