Closed yaronkoren closed 8 months ago
jeffw16
commented
9 months ago This poses a tough issue. On one hand, it's a great extension that's still being used by many. On the other, I'm not sure it's a great idea for Canasta to bundle unmaintained and dangerous extensions. If there really is no further attention given to this extension, I reluctantly support removing it.
yaronkoren
commented
9 months ago @jeffw16 - well, you might have special insight on this, since, at least according to the "Used by" template, MyWikis is the one wiki farm that includes WikiForum. If WikiForum is indeed being used on MyWikis, do you feel any need to get these security leaks fixed?
The WikiForum extension has been in Canasta since the beginning:
https://www.mediawiki.org/wiki/Extension:WikiForum
In August 2023, though, it was discovered that this extension has two separate major security risks - and they haven't been fixed in the last six months, which makes it doubtful whether they will any time soon. (Or whether this extension is actually being maintained at all). Given that, I think it should be removed. Any objections?