Unexpected Disruption Due to Extension Security Vulnerability

-

We have a follow up post regarding 503's and images being missing.

Hello, this is the Sekaipedia team! Recently, Miraheze disabled the Cargo extension on all of their wikis due to a security vulnerability. We've been told that it hasn't been exploited, however, all users have been logged out as a safety precaution. There is currently no ETA on when this extension will be re-enabled, however, should we get any updates from Miraheze, we will definitely let you all know.

How does this impact us?

    Cargo serves as our database, and is how we get data from one page to another. Without Cargo, we cannot automatically pull the most up to date data without having to manually edit all dependent pages. As you can imagine, the more pages that the wiki has, the more manual edits will need to be made for any updates.

    This means any and every data table on this wiki will no longer have any data on them. Here are a non-exhaustive list of pages that will be affected:

 Here is a non-exhaustive list of sections within pages that will be affected:
  • Card pages
    • Use in events section
  • Event pages
    • Cards and event bonus section
    • Event song link
  • Gacha pages
    • Rate-up cards section
    Even though there is no database anymore, all the data is safe, because they are still stored within pages. Please understand that browsing the wiki will be a bit more difficult without these lists, but almost all of the information will still be there.
    As of April 6 8:00 JST, only the "List of cards" page and its related pages, and Miku's card list page are affected.

Workarounds

    When our lists stop working, there are still categories and templates that provide navigation, but will be less user friendly.

    For cards, there is the general category page, Category:Cards, which includes subcategory pages such as Category:1☆ cards, Category:Cool cards, Category:Healer cards, Category:Limited cards, or Category:Akiyama Mizuki cards. Additionally, every character has a navbox like Template:Akiyama Mizuki cards.

    Similarly, events have category pages like Category:Events and template pages like Template:Events in 2020; gachas have category pages like Category:Gachas and template pages like Template:Gachas in 2020; items have category page Category:Items; costumes have category pages like Category:Costumes.

Future considerations

    Given how Cargo sometimes has erroneous behavior when adding new entries to the database, we have been considering using Wikibase. Currently, without an additional extension we are not able to generate data tables. The largest benefit of using Wikibase over Cargo is the ability to automatically pull translations for every language. This gives us the ability to translate all pages that are currently using Cargo.

    Due to Cargo being disabled indefinitely, this migration might be required if it is not resolved in a timely manner. Migrating from Cargo to Wikibase will take quite a while, and any help during this process would be greatly appreciated!

How can I help?

    The best way to help is to not edit any pages listed above, since editing will invalidate the state of the pages when Cargo was still enabled. Pages that do not use Cargo are still OK to edit.
    The second best way to help is to report any errors that arise from Cargo being disabled to our Discord server under the #error-reports channel. Eventually, pages will be rebuilt automatically by MediaWiki to ensure that the latest content is being served. When this happens, a previously fine page will now become a page with errors. Please let us know and we'll try to fix it ASAP.

Closing remarks

     Thanks for reading, and we hope to get this resolved soon.

Revisions

  • April 6, 8:15 JST - Added "Workarounds" section
  • April 12, 12:15 JST - Added follow up post comment