30 Apr 2013 22:14
MediaWiki Security Release: 1.20.5 and 1.19.6
Chris Steipp <csteipp <at> wikimedia.org>
2013-04-30 20:14:43 GMT
2013-04-30 20:14:43 GMT
I would like to announce the release of MediaWiki 1.20.5 and 1.19.6. These releases fix 2 security related issues that could affect users of MediaWiki. Download links are given at the end of this email. * Jan Schejbal / Hatforce.com reported that SVG script filtering could be bypassed for Chrome and Firefox clients by using an encoding that MediaWiki understood, but these browsers interpreted as UTF-8. <https://bugzilla.wikimedia.org/show_bug.cgi?id=47304> * Internal review discovered that extensions were not given the opportunity to disable a password reset, which could lead to circumvention of two-factor authentication. <https://bugzilla.wikimedia.org/show_bug.cgi?id=46590> Full release notes for 1.20.5: <https://www.mediawiki.org/wiki/Release_notes/1.20> Full release notes for 1.19.6: <https://www.mediawiki.org/wiki/Release_notes/1.19> For information about how to upgrade, see <https://www.mediawiki.org/wiki/Manual:Upgrading> ********************************************************************** 1.20.5 ********************************************************************** Download: http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.5.tar.gz Patch to previous version (1.20.4), without interface text:(Continue reading)
RSS Feed