headers
Brion Vibber | 3 Mar 2008 08:20
Picon
Gravatar

MediaWiki 1.11.2 released (security)


MediaWiki 1.11.2 is a security release of the Fall 2007 snapshot release
of MediaWiki. Possible cross-site information leaks using the callback
parameter for JSON-formatted results in the API are prevented by
dropping user credentials.

MediaWiki release versions prior to 1.11 are not vulnerable, as they do
not include the callback feature which allows client-side JavaScript on
other sites to reach API data.

Changes in this release:

* User credentials are dropped for API JSON requests using a callback
* Edit tokens are not reported for API JSON requests using a callback

Full release notes:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_2/phase3/RELEASE-NOTES

Download:
http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.2.tar.gz
http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.2.patch

GPG signatures:
http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.2.tar.gz.sig
http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.2.patch.sig

SHA-1 checksums:
c5d5e99d73e646cff421b3bb92dd638fb93cd575 mediawiki-1.11.2.tar.gz
ce13da8071c4618deda28cf6e8c2eea110d258ef mediawiki-1.11.2.patch
(Continue reading)

Permalink | Reply | 0 comments |
headers
Brion Vibber | 3 Mar 2008 08:20
Picon
Gravatar

MediaWiki 1.10.4, 1.9.6 released (bug fix)

Corrections for API path fix, broken in 1.10.3 and 1.9.5.

Full release notes:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_10_4/phase3/RELEASE-NOTES
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_6/phase3/RELEASE-NOTES

Download:
http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.4.tar.gz
http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.4.patch
http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.6.tar.gz
http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.6.patch

GPG signatures:
http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.4.tar.gz.sig
http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.4.patch.sig
http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.6.tar.gz.sig
http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.6.patch.sig

SHA-1 checksums:
df5b59aaf50ec674542cc928cfd58f2ddfb3b9f5 mediawiki-1.10.4.tar.gz
14dc1c1a796452158c2c2668def61ab2c9cd4abd mediawiki-1.10.4.patch
4a09172ec52fd3bb81861fcbebd63530fd5e8238 mediawiki-1.9.6.tar.gz
3ca1ab772ab39ccb9e84e3e02219dcec02a4de66 mediawiki-1.9.6.patch

MD-5 checksums:
MD5 (mediawiki-1.10.4.tar.gz) = d81e5607a365b71f09496864e0aa93bb
MD5 (mediawiki-1.10.4.patch) = d8f06822dcd4c110e10a6fb2e7273a0f
MD5 (mediawiki-1.9.6.tar.gz) = d7e49bc59c072b339495ece7ee3dd053
MD5 (mediawiki-1.9.6.patch) = 9be86077efe3d837a930c7e2d6379d31
(Continue reading)

Permalink | Reply | 0 comments |
headers
Brion Vibber | 11 Mar 2008 23:38
Picon
Gravatar

MediaWiki 1.12.0rc1 released

Ok, the release schedule got disrupted with all the busy Wikimedia 
Foundation stuff over the last few months, but we're getting back on 
track with this release candidate for the Winter 2008 quarterly release, 
MediaWiki 1.12.

There's a *lot* of updates, small and large... Perhaps most significant 
is a rewrite of much of the parser, changing how templates and 
extensions are expanded. Among other things, this should ensure that 
complex mixes of templates and HTML tables should render more similarly 
between Wikipedia and default installations of MediaWiki.

For this release candidate, we're very interested to hear back about 
regressions or problems with the installer / updaters. Note that, as 
with most previous releases, you will have to run the updaters to apply 
some database schema updates when you upgrade.

Full release notes:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_0RC1/phase3/RELEASE-NOTES

Download:
http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.0rc1.tar.gz

GPG signatures:
http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.0rc1.tar.gz.sig

SHA-1 checksums:
ee5c298a667b6fa476a5c6de9ddb4c23f2cfd03d mediawiki-1.12.0rc1.tar.gz

MD-5 checksums:
MD5 (mediawiki-1.12.0rc1.tar.gz) = a77fbae59e70f4623564c5d45bb1eb9f
(Continue reading)

Permalink | Reply | 0 comments |
headers
Brion Vibber | 20 Mar 2008 23:15
Picon
Gravatar

MediaWiki 1.12.0 released


No problems reported with 1.12.0rc1, so here's the final release. Enjoy!

Full release notes:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_0/phase3/RELEASE-NOTES

Download:
http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.0.tar.gz

GPG signature:
http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.0.tar.gz.sig

SHA-1 checksum:
48bf1877f60c317cbe93c072187dfe9c1aa3b857 mediawiki-1.12.0.tar.gz

MD-5 checksum:
MD5 (mediawiki-1.12.0.tar.gz) = 117a1360f440883a51f0ebca32906ea0

Before asking for help, try the FAQ:
http://www.mediawiki.org/wiki/Manual:FAQ

Low-traffic release announcements mailing list:
(Please subscribe to receive announcements of security updates.)
http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list:
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l

Bug report system:
http://bugzilla.wikimedia.org/
(Continue reading)

Permalink | Reply | 0 comments |
headers
Brion Vibber | 3 Mar 2008 08:20
Picon
Gravatar

MediaWiki 1.10.4, 1.9.6 released (bug fix)

Corrections for API path fix, broken in 1.10.3 and 1.9.5.

Full release notes:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_10_4/phase3/RELEASE-NOTES
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_6/phase3/RELEASE-NOTES

Download:
http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.4.tar.gz
http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.4.patch
http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.6.tar.gz
http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.6.patch

GPG signatures:
http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.4.tar.gz.sig
http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.4.patch.sig
http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.6.tar.gz.sig
http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.6.patch.sig

SHA-1 checksums:
df5b59aaf50ec674542cc928cfd58f2ddfb3b9f5 mediawiki-1.10.4.tar.gz
14dc1c1a796452158c2c2668def61ab2c9cd4abd mediawiki-1.10.4.patch
4a09172ec52fd3bb81861fcbebd63530fd5e8238 mediawiki-1.9.6.tar.gz
3ca1ab772ab39ccb9e84e3e02219dcec02a4de66 mediawiki-1.9.6.patch

MD-5 checksums:
MD5 (mediawiki-1.10.4.tar.gz) = d81e5607a365b71f09496864e0aa93bb
MD5 (mediawiki-1.10.4.patch) = d8f06822dcd4c110e10a6fb2e7273a0f
MD5 (mediawiki-1.9.6.tar.gz) = d7e49bc59c072b339495ece7ee3dd053
MD5 (mediawiki-1.9.6.patch) = 9be86077efe3d837a930c7e2d6379d31
(Continue reading)

Permalink | Reply | 0 comments |
headers
Brion Vibber | 3 Mar 2008 08:20
Picon
Gravatar

MediaWiki 1.11.2 released (security)


MediaWiki 1.11.2 is a security release of the Fall 2007 snapshot release
of MediaWiki. Possible cross-site information leaks using the callback
parameter for JSON-formatted results in the API are prevented by
dropping user credentials.

MediaWiki release versions prior to 1.11 are not vulnerable, as they do
not include the callback feature which allows client-side JavaScript on
other sites to reach API data.

Changes in this release:

* User credentials are dropped for API JSON requests using a callback
* Edit tokens are not reported for API JSON requests using a callback

Full release notes:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_2/phase3/RELEASE-NOTES

Download:
http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.2.tar.gz
http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.2.patch

GPG signatures:
http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.2.tar.gz.sig
http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.2.patch.sig

SHA-1 checksums:
c5d5e99d73e646cff421b3bb92dd638fb93cd575 mediawiki-1.11.2.tar.gz
ce13da8071c4618deda28cf6e8c2eea110d258ef mediawiki-1.11.2.patch
(Continue reading)

Permalink | Reply | 0 comments |
headers
Brion Vibber | 11 Mar 2008 23:38
Picon
Gravatar

MediaWiki 1.12.0rc1 released

Ok, the release schedule got disrupted with all the busy Wikimedia 
Foundation stuff over the last few months, but we're getting back on 
track with this release candidate for the Winter 2008 quarterly release, 
MediaWiki 1.12.

There's a *lot* of updates, small and large... Perhaps most significant 
is a rewrite of much of the parser, changing how templates and 
extensions are expanded. Among other things, this should ensure that 
complex mixes of templates and HTML tables should render more similarly 
between Wikipedia and default installations of MediaWiki.

For this release candidate, we're very interested to hear back about 
regressions or problems with the installer / updaters. Note that, as 
with most previous releases, you will have to run the updaters to apply 
some database schema updates when you upgrade.

Full release notes:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_0RC1/phase3/RELEASE-NOTES

Download:
http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.0rc1.tar.gz

GPG signatures:
http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.0rc1.tar.gz.sig

SHA-1 checksums:
ee5c298a667b6fa476a5c6de9ddb4c23f2cfd03d mediawiki-1.12.0rc1.tar.gz

MD-5 checksums:
MD5 (mediawiki-1.12.0rc1.tar.gz) = a77fbae59e70f4623564c5d45bb1eb9f
(Continue reading)

Permalink | Reply | 0 comments |
headers
Brion Vibber | 20 Mar 2008 23:15
Picon
Gravatar

MediaWiki 1.12.0 released


No problems reported with 1.12.0rc1, so here's the final release. Enjoy!

Full release notes:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_0/phase3/RELEASE-NOTES

Download:
http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.0.tar.gz

GPG signature:
http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.0.tar.gz.sig

SHA-1 checksum:
48bf1877f60c317cbe93c072187dfe9c1aa3b857 mediawiki-1.12.0.tar.gz

MD-5 checksum:
MD5 (mediawiki-1.12.0.tar.gz) = 117a1360f440883a51f0ebca32906ea0

Before asking for help, try the FAQ:
http://www.mediawiki.org/wiki/Manual:FAQ

Low-traffic release announcements mailing list:
(Please subscribe to receive announcements of security updates.)
http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list:
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l

Bug report system:
http://bugzilla.wikimedia.org/
(Continue reading)

Permalink | Reply | 0 comments |

Gmane