As reported: Contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. For example, with the following configuration, newly registered accounts are able to edit 10 pages per hour instead of 5: $wgRateLimits[ 'edit' ] = [ 'user' => [ 10, 60*60 ], 'newbie' => [ 5, 60*60 ], ]; This seems to be the opposite of what documentation in DefaultSettings.php says: 'newbie' => [ x, y ], // each new autoconfirmed accounts; overrides 'user' (although that should probably be 'non-autoconfirmed'…). Upstream bug: https://phabricator.wikimedia.org/T169545 References: https://lists.wikimedia.org/pipermail/mediawiki-announce/2018-September/000223.html
Created mediawiki tracking bugs for this issue: Affects: fedora-all [bug 1634162]
Updating affected products; mediawiki-123 is the container name, mediawiki123 is the package name.
I'm not sure why I didn't file bugs against 3.9 and 3.10 earlier. I confirmed the latest tagged containers are still affected and am filing those trackers not. (3.6 and 3.7 went EOL, so those are just being marked as such)
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.11 Via RHSA-2019:3142 https://access.redhat.com/errata/RHSA-2019:3142
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-0503
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.10 Via RHSA-2019:3238 https://access.redhat.com/errata/RHSA-2019:3238
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.9 Via RHSA-2019:3813 https://access.redhat.com/errata/RHSA-2019:3813