From f7c717b09a44e76e703e29091aa9ef5e17152fbc Mon Sep 17 00:00:00 2001 From: Dreamy Jazz Date: Thu, 4 Sep 2025 18:22:47 +0100 Subject: [PATCH] SECURITY: Don't send suppressed recent changes to RCFeeds CVE-2025-61643 Why: * Some RecentChange objects being processed by RecentChangeRCFeedNotifier::notifyRCFeeds can be already deleted / suppressed ** This can happen for log entries which are deleted or suppressed when they are created such as described by T280413 * RecentChanges feeds are often not equipped to handle appropriate redaction of deleted or suppressed recent change entries ** Therefore, sending them suppressed recentchanges entries will likely publicly expose the suppressed information * As a short-term fix we can stop sending any defined RCFeed instances RecentChange objects which are suppressed ** We may want to consider making RCFeeds capable of suppressing information before publishing the data, but that would need a more considered approach. What: * Update RecentChangeRCFeedNotifier::notifyRCFeeds to return early if the rc_deleted attribute on the provided RecentChange object isn't zero (0 means not deleted). * Add a PHPUnit test to check for this Bug: T403757 Change-Id: Ic5e553bab8e82e7faee323a46ed6704043c5163b --- includes/recentchanges/RecentChange.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/includes/recentchanges/RecentChange.php b/includes/recentchanges/RecentChange.php index d0c710c2544..2b8b588c2f0 100644 --- a/includes/recentchanges/RecentChange.php +++ b/includes/recentchanges/RecentChange.php @@ -577,6 +577,12 @@ class RecentChange implements Taggable { * @param array|null $feeds Optional feeds to send to, defaults to $wgRCFeeds */ public function notifyRCFeeds( ?array $feeds = null ) { + // T403757: Don't send 'suppressed from creation' recent changes entries to the RCFeeds as they do not + // have systems to appropriately redact suppressed / deleted material + if ( $this->mAttribs['rc_deleted'] != 0 ) { + return; + } + $feeds ??= MediaWikiServices::getInstance()->getMainConfig()->get( MainConfigNames::RCFeeds );