Brion Vibber | 5 Sep 23:04 2007
Picon

MediaWiki 1.11.0 release candidate 1

Things have finally calmed down for a couple days, so here we go! :)
This is a release candidate of the Fall 2007 snapshot release of MediaWiki.

A final .0 release will come in a couple days; this is a chance to
double-check for any major regressions, say with installation or
compatibility with configurations we haven't had a chance to test ourselves.

Detailed release notes available at:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_0RC1/phase3/RELEASE-NOTES

Download:
http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.0rc1.tar.gz

PGP signature:
http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.0rc1.tar.gz.sig

MD5 checksum:
0fbe6157c0cd046dee7279c7ddb69367  mediawiki-1.11.0rc1.tar.gz

SHA-1 checksum:
e029956e3bbf3b2913703ecc93759840e87d1206 mediawiki-1.11.0rc1.tar.gz

Before asking for help, try the FAQ:
http://www.mediawiki.org/wiki/Manual:FAQ

Low-traffic release announcements mailing list:
(Please subscribe to receive announcements of security updates.)
http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list:
(Continue reading)

Brion Vibber | 11 Sep 00:11 2007
Picon

MediaWiki 1.11.0, 1.10.2, 1.9.4, 1.8.5 released

MediaWiki 1.11.0, the Fall 2007 snapshot release of MediaWiki, is now
available for download. An included security fix has also been included
in maintenance updates of the last three snapshots.

A possible HTML/XSS injection vector in the API pretty-printing mode has
been found and fixed.

The vulnerability may be worked around in an unfixed version by simply
disabling the API interface if it is not in use, by adding this to
LocalSettings.php:

  $wgEnableAPI = false;

(This is the default setting in 1.8.x.)

Not vulnerable versions:
* 1.11 >= 1.11.0
* 1.10 >= 1.10.2
* 1.9 >= 1.9.4
* 1.8 >= 1.8.5

Vulnerable versions:
* 1.11 <= 1.11.0rc1
* 1.10 <= 1.10.1
* 1.9 <= 1.9.3
* 1.8 <= 1.8.4 (if $wgEnableAPI has been switched on)

MediaWiki 1.7 and below are not affected as they do not include
the faulty function, however the BotQuery extension is similarly
vulnerable unless updated to the latest SVN version.
(Continue reading)

Brion Vibber | 5 Sep 23:04 2007
Picon

MediaWiki 1.11.0 release candidate 1

Things have finally calmed down for a couple days, so here we go! :)
This is a release candidate of the Fall 2007 snapshot release of MediaWiki.

A final .0 release will come in a couple days; this is a chance to
double-check for any major regressions, say with installation or
compatibility with configurations we haven't had a chance to test ourselves.

Detailed release notes available at:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_0RC1/phase3/RELEASE-NOTES

Download:
http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.0rc1.tar.gz

PGP signature:
http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.0rc1.tar.gz.sig

MD5 checksum:
0fbe6157c0cd046dee7279c7ddb69367  mediawiki-1.11.0rc1.tar.gz

SHA-1 checksum:
e029956e3bbf3b2913703ecc93759840e87d1206 mediawiki-1.11.0rc1.tar.gz

Before asking for help, try the FAQ:
http://www.mediawiki.org/wiki/Manual:FAQ

Low-traffic release announcements mailing list:
(Please subscribe to receive announcements of security updates.)
http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list:
(Continue reading)

Brion Vibber | 11 Sep 00:11 2007
Picon

MediaWiki 1.11.0, 1.10.2, 1.9.4, 1.8.5 released

MediaWiki 1.11.0, the Fall 2007 snapshot release of MediaWiki, is now
available for download. An included security fix has also been included
in maintenance updates of the last three snapshots.

A possible HTML/XSS injection vector in the API pretty-printing mode has
been found and fixed.

The vulnerability may be worked around in an unfixed version by simply
disabling the API interface if it is not in use, by adding this to
LocalSettings.php:

  $wgEnableAPI = false;

(This is the default setting in 1.8.x.)

Not vulnerable versions:
* 1.11 >= 1.11.0
* 1.10 >= 1.10.2
* 1.9 >= 1.9.4
* 1.8 >= 1.8.5

Vulnerable versions:
* 1.11 <= 1.11.0rc1
* 1.10 <= 1.10.1
* 1.9 <= 1.9.3
* 1.8 <= 1.8.4 (if $wgEnableAPI has been switched on)

MediaWiki 1.7 and below are not affected as they do not include
the faulty function, however the BotQuery extension is similarly
vulnerable unless updated to the latest SVN version.
(Continue reading)


Gmane