headers
Brion Vibber | 3 Jun 2005 17:27
Picon
Favicon
Gravatar

MediaWiki 1.3.13 released [SECURITY]


MediaWiki 1.3.13 is a security maintenance release.

Incorrect handling of page template inclusions made it possible to
inject JavaScript code into HTML attributes, which could lead to
cross-site scripting attacks on a publicly editable wiki.

Vulnerable releases and fix:
* 1.5 prerelease: fixed in 1.5alpha2
* 1.4 stable series: fixed in 1.4.5
* 1.3 legacy series: fixed in 1.3.13
* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended

The 1.3.x series is no longer maintained except for security fixes;
new users and those seeking general bug fixes should install 1.4.5.
Existing 1.3.x installations not willing or able to upgrade to the
current stable relase should update the installation to 1.3.13; only
includes/Parser.php has changed from 1.3.12.

Release notes:
http://sourceforge.net/project/shownotes.php?release_id=332230

Download:
http://prdownloads.sf.net/wikipedia/mediawiki-1.3.13.tar.gz?download

Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ

Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
(Continue reading)

Permalink | Reply | 0 comments |
headers
Brion Vibber | 3 Jun 2005 17:33
Picon
Favicon
Gravatar

MediaWiki 1.5alpha2 released [SECURITY]


MediaWiki 1.5 alpha 2 includes a lot of bug fixes, feature merges,
and a security update.

THIS IS AN EXPERIMENTAL RELEASE FOR TESTING ONLY. Public or
in-production servers should use the stable MediaWiki 1.4.5 release.

Incorrect handling of page template inclusions made it possible to
inject JavaScript code into HTML attributes, which could lead to
cross-site scripting attacks on a publicly editable wiki.

Vulnerable releases and fix:
* 1.5 prerelease: fixed in 1.5alpha2
* 1.4 stable series: fixed in 1.4.5
* 1.3 legacy series: fixed in 1.3.13
* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended

For a relatively full list of changes since 1.5alpha1, see the changelog
in the release notes.

Release notes:
http://sourceforge.net/project/shownotes.php?release_id=332229

Download:
http://prdownloads.sf.net/wikipedia/mediawiki-1.5alpha2.tar.gz?download

Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ

Low-traffic release announcements mailing list:
(Continue reading)

Permalink | Reply | 1 comment |
headers
Brion Vibber | 3 Jun 2005 17:27
Picon
Favicon
Gravatar

MediaWiki 1.4.5 released [SECURITY]

MediaWiki 1.4.5 is a security update and bugfix release.

Incorrect handling of page template inclusions made it possible to
inject JavaScript code into HTML attributes, which could lead to
cross-site scripting attacks on a publicly editable wiki.

Vulnerable releases and fix:
* 1.5 prerelease: fixed in 1.5alpha2
* 1.4 stable series: fixed in 1.4.5
* 1.3 legacy series: fixed in 1.3.13
* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended

This release also includes a number of bug fixes (see changelog below)
and merges some large-server load balancing patches from Wikipedia.

An experimental rate limiter for page edits and moves can be enabled
with global, per-IP, per-subnet, or per-user bases. See configuration
options in includes/DefaultSettings.php

=== Changes since 1.4.4 ===

* Fix for reading incorrectly re-gzipped HistoryBlob entries
* Generalize project namespace for Latin localization, update namespaces
* (bug 2075) Corrected namespace definitions in Tamil localization
* (bug 1692) Fix margin on unwatch tab
* Avoid overwriting shared image metadata cache with bogus encoding
conversions
* Fix reporting of minor edits in Special:Export output
* (bug 2150) Fix tab indexes on edit form
* Run ArticleSave hooks on image upload.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Brion Vibber | 26 Jun 2005 12:53
Picon
Favicon
Gravatar

MediaWiki 1.5beta1 released


MediaWiki 1.5 beta 1 is a preview release, pretty much feature complete,
of the new 1.5 release series. There are several known and likely a
number of unknown bugs; it is not recommended to use this release in a
production environment but would be recommended for testing in mind of
an upcoming deployment.

A number of significant changes have been made since the alpha releases,
including database changes and a reworking of the user permissions
settings. See the file UPGRADE for details of upgrading and changing
your prior configuration settings for the new system.

For a relatively full list of changes since 1.5alpha2, see the changelog
in the release notes.

Release notes:
http://sourceforge.net/project/shownotes.php?release_id=337757

Download:
http://prdownloads.sf.net/wikipedia/mediawiki-1.5beta1.tar.gz?download

Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ

Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
(Continue reading)

Permalink | Reply | 0 comments |
headers
Brion Vibber | 3 Jun 2005 17:27
Picon
Favicon
Gravatar

MediaWiki 1.3.13 released [SECURITY]


MediaWiki 1.3.13 is a security maintenance release.

Incorrect handling of page template inclusions made it possible to
inject JavaScript code into HTML attributes, which could lead to
cross-site scripting attacks on a publicly editable wiki.

Vulnerable releases and fix:
* 1.5 prerelease: fixed in 1.5alpha2
* 1.4 stable series: fixed in 1.4.5
* 1.3 legacy series: fixed in 1.3.13
* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended

The 1.3.x series is no longer maintained except for security fixes;
new users and those seeking general bug fixes should install 1.4.5.
Existing 1.3.x installations not willing or able to upgrade to the
current stable relase should update the installation to 1.3.13; only
includes/Parser.php has changed from 1.3.12.

Release notes:
http://sourceforge.net/project/shownotes.php?release_id=332230

Download:
http://prdownloads.sf.net/wikipedia/mediawiki-1.3.13.tar.gz?download

Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ

Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
(Continue reading)

Permalink | Reply | 0 comments |
headers
Brion Vibber | 26 Jun 2005 12:53
Picon
Favicon
Gravatar

MediaWiki 1.5beta1 released


MediaWiki 1.5 beta 1 is a preview release, pretty much feature complete,
of the new 1.5 release series. There are several known and likely a
number of unknown bugs; it is not recommended to use this release in a
production environment but would be recommended for testing in mind of
an upcoming deployment.

A number of significant changes have been made since the alpha releases,
including database changes and a reworking of the user permissions
settings. See the file UPGRADE for details of upgrading and changing
your prior configuration settings for the new system.

For a relatively full list of changes since 1.5alpha2, see the changelog
in the release notes.

Release notes:
http://sourceforge.net/project/shownotes.php?release_id=337757

Download:
http://prdownloads.sf.net/wikipedia/mediawiki-1.5beta1.tar.gz?download

Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ

Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
(Continue reading)

Permalink | Reply | 0 comments |

Gmane