There is probably no "security" reason to restrict access to the detailed abuselog for non-sysops for filters which are not marked as private if enwiki, commons, mediawikiwiki, meta even grant this to *.
See gerrit change 32681.
Version: wmf-deployment
Severity: normal
This change shouldn't affect the wiki which chose the current config on purpose, so either you browse all bugzilla requests or you should probably set the current config explicitly for all wikis which requested/got the abusefilter before it was enabled for all wikis.
Copying from the bug:
I personally agree with the change, but wikis may be relying on the defaults: wikis which didn't set it explicitly as it was the default will probably want to keep their current config. Almost surely the wikis which raised abusefilter-log from '*' to 'autoconfirmed' actually want abusefilter-log-detail to be at 'sysop' https://meta.wikimedia.org/wiki/Abuse_filter (example: itwiki), so you should probably check the configuration overrides they have and also their bugzilla requests.
Ok, so, of all wikis whose abusefilter rights config differs from the default,
the following wikis grant abusefilter-log-detail to everyone:
-arwiki, elwiki, enwiki, eswiktionary itwikiquote, ltwiki, ltwiktionary, hewiki, hiwiki, metawiki, ruwiki, ruwikinews, rowiki, zh_yuewiki [Btw I notice that I need to correct my initial comment regarding commons and mediawikiwiki]
The following wikis grant it to autoconfirmed users:
-cawiki, dewiki, frwiki, mrwiki, nlwiki, ukwiki, zhwiki, ptwiki.
This leaves the following wikis which have specific abusefilter settings, which however do not concern granting this right to * or autoconfirmed:
-be_x_oldwiki, jawiki, frwiktionary, ruwikisource, commonswiki, hewiki, mlwiki, mlwiktionary, enwikisource, eswiki, itwiki, nowiki, plwiki, ptwiktionary, thwiki, eswikibooks, enwikibooks, eewiki, mediawikiwiki.
Would it in your opinion now be sufficient to notify these wikis for objections and/or set the current default setting explicitly for them?
(In reply to comment #2)
Would it in your opinion now be sufficient to notify these wikis for objections
and/or set the current default setting explicitly for them?
I'd suggest you to do the latter and only later, if you want, to contact them to suggest adopting the new default (opening a new bug or multiple bugs if there's consensus).
I think this bug should anyway be notified on [[m:Wikimedia Forum]], waiting a week or two for objections, before actually deploying the change.
https://meta.wikimedia.org/wiki/Wikimedia_Forum#Abusefilter-log-detail
...and I uploaded a new patch set to exclude the mentioned wikis from this change.
The new proposal doesn't affect previous users (double-checking the patch is useful) and nobody opposed the idea for the default, so switching to 'shell'.