Low-traffic list for announcements of new MediaWiki releases and security updates.

headers Chris Steipp | 30 Apr 2013 22:14

I would like to announce the release of MediaWiki 1.20.5 and 1.19.6.
These releases fix 2 security related issues that could affect users
of MediaWiki. Download links are given at the end of this email.

* Jan Schejbal / Hatforce.com reported that SVG script filtering could
be bypassed for Chrome and Firefox clients by using an encoding that
MediaWiki understood, but these browsers interpreted as UTF-8.
<https://bugzilla.wikimedia.org/show_bug.cgi?id=47304>

* Internal review discovered that extensions were not given the
opportunity to disable a password reset, which could lead to
circumvention of two-factor authentication.
<https://bugzilla.wikimedia.org/show_bug.cgi?id=46590>

Full release notes for 1.20.5:
<https://www.mediawiki.org/wiki/Release_notes/1.20>

Full release notes for 1.19.6:
<https://www.mediawiki.org/wiki/Release_notes/1.19>

For information about how to upgrade, see
<https://www.mediawiki.org/wiki/Manual:Upgrading>

**********************************************************************
   1.20.5
**********************************************************************
Download:
http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.5.tar.gz

Patch to previous version (1.20.4), without interface text:

Mon	Tue	Wed	Thu	Fri	Sat	Sun

		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

4	April 2013
2	March 2013
1	December 2012
3	November 2012
1	August 2012
3	June 2012
1	May 2012
3	April 2012
4	March 2012
2	January 2012
4	November 2011
4	June 2011
4	May 2011
4	April 2011
2	February 2011
4	January 2011
2	July 2010
2	May 2010
2	April 2010
4	March 2010
2	July 2009
2	June 2009
2	May 2009
4	February 2009
6	December 2008
3	October 2008
1	September 2008
4	August 2008
2	July 2008
1	June 2008
8	March 2008
2	January 2008
4	September 2007
4	July 2007
5	May 2007
4	February 2007
8	January 2007
5	October 2006
4	July 2006
2	June 2006
5	May 2006
7	April 2006
4	March 2006
4	January 2006
2	December 2005
2	November 2005
5	October 2005
1	September 2005
8	August 2005
6	July 2005
6	June 2005
2	May 2005
3	April 2005
1	March 2005
4	February 2005
2	January 2005
5	December 2004

MediaWiki Security Release: 1.20.5 and 1.19.6

Pre-Release Announcement for MediaWiki 1.19.6 and 1.20.5

MediaWiki Security Release: 1.20.4 and 1.19.5

Pre-Release Announcement for MediaWiki 1.19.5 and 1.20.4

MediaWiki security release: 1.20.3 and 1.19.4

Pre-Release Announcement for MediaWiki 1.19.4 and 1.20.3

MediaWiki maintenance release 1.20.2

MediaWiki security release: 1.20.1, 1.19.3 and 1.18.6

Pre-Release Announcement for MediaWiki 1.18.6, 1.19.3, and 1.20.1

MediaWiki 1.20.0 released

MediaWiki security release: 1.19.2 and 1.18.5