[go: up one dir, main page]
Page MenuHomePhabricator
Create Task
Maniphest T274875

Security Readiness Review For mapbox-gl-leaflet
Closed, ResolvedPublic
Actions

Description

Project Information

Description of the tool/project:
This project is a Leaflet plugin that will be used to integrate MaplibreGL and the Maps (Kartographer) extension. MaplibreGL review is a subtask of this task because the Leaflet plugin depends on MaplibreGL and Leaflet to work

Description of how the tool will be used at WMF:
The tool will be used alongside Leaflet, which we already use as Map client-side framework for dynamic maps display, and MaplibreGL which will be reviewed T274356: Security Readiness Review For maplibre-gl-js. The intention is to move the tile rendering to the client and simplify the server-side architecture as part of the following epic T263854: [Maps] Modernize Vector Tile Infrastructure. This library will be packaged and deployed in the Kartographer extension as part of its assets.

Dependencies

List dependencies, or upstream projects that this project relies on.

No dependencies listed, but the project depends on MaplibreGL and Leaflet to work.

Has this project been reviewed before?
No

Working test environment

Please link or describe setup process for setting up a test environment.

Post-deployment

Name of team responsible for tool/project after deployment and primary contact.

#product-infrastructure-team-backlog is the official maintainer of the extension and will continue it afterwards.

Related Objects

Event Timeline

MSantos created this task.Feb 16 2021, 11:32 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 16 2021, 11:32 AM
MSantos moved this task from Needs triage to Tracking on the Product-Infrastructure-Team-Backlog-Deprecated board.Feb 16 2021, 11:39 AM
RhinosF1 subscribed.Feb 16 2021, 11:39 AM
sbassett moved this task from Incoming to Upcoming Quarter Planning Queue on the secscrum board.Feb 17 2021, 3:51 PM
sbassett changed the task status from Open to Stalled.Feb 17 2021, 3:57 PM
sbassett subscribed.

Added to Q4 planning column for Q4 review.

sbassett triaged this task as Low priority.Feb 17 2021, 3:57 PM
sbassett moved this task from Upcoming Quarter Planning Queue to Q1:2021 Review Queue on the secscrum board.Apr 6 2021, 3:45 PM
sbassett added a comment.Apr 14 2021, 6:52 PM

Hey @MSantos - we're looking at having an external vendor complete this review. Whether or not that happens, or we perform the review internally, we'll plan to have an update for you within two weeks (2021-04-28).

Jcross moved this task from Q1:2021 Review Queue to Upcoming Quarter Planning Queue on the secscrum board.Apr 20 2021, 4:03 PM
sbassett moved this task from Upcoming Quarter Planning Queue to Vendor Confirmed on the secscrum board.May 11 2021, 2:49 PM
sbassett added a comment.EditedAug 4 2021, 8:52 PM

@MSantos - We had one of our vendors (ROS) perform a security audit of mapbox-gl-leaflet. They found no obvious vulnerabilities with this code, so the risk level is low, which is automatically accepted. Please let us know if you have any questions or concerns.

sbassett closed this task as Resolved.Aug 4 2021, 8:52 PM
sbassett claimed this task.
sbassett moved this task from Vendor Confirmed to Our Part Is Done on the secscrum board.
MSantos added a comment.Aug 5 2021, 9:00 AM

@sbassett thank you so much!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits