Brion Vibber | 5 Jul 11:25 2005
Picon

MediaWiki 1.5beta2 released


MediaWiki 1.5 beta 2 is a preview release of the new 1.5 release series.
While most exciting new bugs should have been ironed out at this point,
third-party wiki operators should probably not run this beta release
on a public site without closely following additional development.

Anyone who _has_ been running beta 1 is very very strongly advised to
upgrade to beta 2, as it fixes many bugs from the previous beta
including a couple of HTML and SQL injections.

This release should be followed by one or two release candidates and
a 1.5.0 final within the next few weeks.

Beta upgraders, note there are some minor database changes. For upgrades
from 1.4, see the file UPGRADE for details on significant database and
configuration file changes.

Beta 2 includes a preliminary command-line XML wiki dump importer tool,
maintenance/importDump.php, paired with maintenance/dumpBackup.php.
These use the same format as Special:Export and Special:Import, able
to package a wiki's entire page set independent of the backend database
and compression format.

Release notes:
http://sourceforge.net/project/shownotes.php?release_id=339820

Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5beta2.tar.gz?download

MD5 checksum: 00b867fce68f0549ecb9a4938191dd19
(Continue reading)

Brion Vibber | 7 Jul 09:34 2005
Picon

MediaWiki 1.4.6 released [SECURITY]


MediaWiki 1.4.6 is a bug fix and security update release.

Incorrect escaping of a parameter in the page move template could
be used to inject JavaScript code by getting a victim to visit a
maliciously constructed URL. Users of vulnerable releases are
recommended to upgrade to this release.

Vulnerable versions:
* 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3
* 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6
* 1.3 legacy series: not vulnerable

This release also includes fixes for some rare bug annoying HTTP errors,
a PHP 4.1.2 breakage bug, and works around some template limitations
introduced in 1.4.5. See the changelog in the release notes for a
detailed list of bugs fixed.

Release notes:
http://sourceforge.net/project/shownotes.php?release_id=340290

Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.6.tar.gz?download

MD5 checksum: f4f82bd486756c279f0c1977b290ce3b

Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ

Low-traffic release announcements mailing list:
(Continue reading)

Brion Vibber | 7 Jul 09:34 2005
Picon

MediaWiki 1.5beta3 released [SECURITY]


MediaWiki 1.5 beta 3 is a preview release of the new 1.5 release
series, with a security update over beta 2.

Incorrect escaping of a parameter in the page move template could
be used to inject JavaScript code by getting a victim to visit a
maliciously constructed URL. Users of vulnerable releases are
recommended to upgrade to this release.

Vulnerable versions:
* 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3
* 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6
* 1.3 legacy series: not vulnerable

This release also includes several bug fixes and localization updates.
See the changelog in the release notes for a detailed list.

Release notes:
http://sourceforge.net/project/shownotes.php?release_id=340291

Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5beta3.tar.gz?download

MD5 checksum: ee2abd543d1f23bdb67da87d902cbb09

Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ

Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
(Continue reading)

Brion Vibber | 16 Jul 09:13 2005
Picon

MediaWiki 1.4.7 released


MediaWiki 1.4.7 is a bug fix release. Those affected by the following
problems in 1.4.6 should upgrade:

* Watchlist breakage on MySQL 3.23.x and with table prefix enabled
* Possible breakage in watchlist, some image resizing modes on PHP 4.1.2

1.4.6 included a fix for a cross-site scripting vulnerability, so anyone
running older 1.4 releases is very strongly encouraged to upgrade as well.

Note to upgraders: current versions of MediaWiki are known to produce a
large number of notice-level warnings under the newly released PHP
4.4.0. These appear however to be harmless; if you encounter them add
this to your LocalSettings.php to suppress the notices:

~  error_reporting( E_ALL & ~E_NOTICE );

PHP 5.1.0beta3 is known to be incompatible at this time.

Release notes:
http://sourceforge.net/project/shownotes.php?release_id=342530

Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.7.tar.gz?download

MD5 checksum: 2ec40b5e53ad1eb762e39b502da247f9

Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ

(Continue reading)

Brion Vibber | 30 Jul 23:20 2005
Picon

MediaWiki 1.5beta4 released


MediaWiki 1.5 beta 4 is a preview release of the new 1.5 release series.

== Changes since 1.5beta3 ==

* Fix talk page move handling
* (bug 2721) New language file for Vietnamese with the Vietnamese
~  number notation
* (bug 2749) &nbsp; would appear as a literal in image galleries
~  for Cs, Fr, Fur, Pl and Sv
* (bug 787) external links being rendered when they only have one slash
* Fixed a missing typecast in Language::dateFormat() that would cause
~  some interesting errors with signitures.
* (bug 2764) Number format for Nds
* (bug 1553) Stop forcing lowercase in Monobook skin for German
~  language.
* (bug 1064) Implements Special:Unusedcategories
* (bug 2311) New language file for Macedonian
* Fix nohistory message on empty page history
* Fix fatal error in history when validation on
* Cleaned up email notification message formatting
* Finally fixed Special:Disambiguations that was broke since SCHEMA_WORK
* (bug 2761) fix capitalization of "i" in Turkish
* (bug 2789) memcached image metadata now cleared after deletion
* Add serialized version number to image metadata cache records
* (bug 2780) Fix thumbnail generation with GD for new image schema
* (bug 2791) Slovene numeric format
* (bug 655) Provide empty search form when searching for nothing
* Nynorsk numeric format fix
* (bug 2825) Fix regression in newtalk notifications for anons w/
(Continue reading)

Brion Vibber | 16 Jul 09:13 2005
Picon

MediaWiki 1.4.7 released


MediaWiki 1.4.7 is a bug fix release. Those affected by the following
problems in 1.4.6 should upgrade:

* Watchlist breakage on MySQL 3.23.x and with table prefix enabled
* Possible breakage in watchlist, some image resizing modes on PHP 4.1.2

1.4.6 included a fix for a cross-site scripting vulnerability, so anyone
running older 1.4 releases is very strongly encouraged to upgrade as well.

Note to upgraders: current versions of MediaWiki are known to produce a
large number of notice-level warnings under the newly released PHP
4.4.0. These appear however to be harmless; if you encounter them add
this to your LocalSettings.php to suppress the notices:

~  error_reporting( E_ALL & ~E_NOTICE );

PHP 5.1.0beta3 is known to be incompatible at this time.

Release notes:
http://sourceforge.net/project/shownotes.php?release_id=342530

Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.7.tar.gz?download

MD5 checksum: 2ec40b5e53ad1eb762e39b502da247f9

Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ

(Continue reading)


Gmane