https://bugzilla.wikimedia.org/show_bug.cgi?id=26811
--- Comment #5 from PleaseStand <pleasest...@live.com> --- I disagree with the "security vulnerability" part as well; however, this report nevertheless describes an actual bug in the software, in that the database server's IP address may be shown even if both $wgShowHostnames and $wgShowSQLErrors are false. Note that in some environments, private IP addresses are considered to be sensitive information (cf. PCI-DSS 2.0 Requirement 1.3.8 "Do not disclose private IP addresses and routing information to unauthorized parties."). -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
