Low-traffic list for announcements of new MediaWiki releases and security updates.

Tim Starling | 2 Oct 2008 18:03

MediaWiki 1.13.2, 1.12.1 security update


This is a security and bugfix release of MediaWiki 1.12 and MediaWiki
1.13. A vulnerability has been discovered which allows arbitrary HTML
injection and thus possible user account compromise. The vulnerability
is only present when $wgUseSiteCss is turned on, which is the
default.  Versions 1.11 and earlier are NOT vulnerable, nor is
development branch later than July 28, 2008.

Also, there was the potential for a subtle user error while editing
$wgGroupPermissions in LocalSettings.php to cause all restrictions to
be disabled. This has been rectified.

Full release notes:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_1/phase3/RELEASE-NOTES

See below for downloads.

**********************************************************************
    MEDIAWIKI   1.13.2
**********************************************************************

Download:
http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.2.tar.gz

Patch to previous version (1.13.1), without interface text:
http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.2.patch.gz
Interface text changes:
http://download.wikimedia.org/mediawiki/1.13/mediawiki-i18n-1.13.2.patch.gz

(Continue reading)

headers

Tim Starling | 2 Oct 2008 19:29

Version number incorrect in latest releases


The MediaWiki version number, $wgVersion in
includes/DefaultSettings.php, wasn't updated in the release of 1.12.1
and 1.13.2. So these releases will report themselves as being 1.12.0
and 1.13.1 respectively, in [[Special:Version]] and other places. A
new, corrected tarball has been uploaded.

New SHA-1 checksums:
c6f6e404ee9152deeec63cdc3278a2a57d556efe  mediawiki-1.13.2.tar.gz
046206b342904cb729fd076ddd101534e23b6c07  mediawiki-1.13.2.patch.gz
4500cde3e60351ae2fc0382b8e91654f4cb6a0ff  mediawiki-i18n-1.13.2.patch.gz

6f315f88a481daa1a92b1a409e92e036aaca610b  mediawiki-1.12.1.tar.gz
1aed1e8083ebe98e884c924dad174c2fb1537d8b  mediawiki-1.12.1.patch.gz
71fb3d06c1fe331fecf25cca92ea50bb07ce7465  mediawiki-i18n-1.12.1.patch.gz

New MD5 checksums:
e10f791ba9ecd02dd751a5676cc84405  mediawiki-1.13.2.tar.gz
2e33ed21c5e889f546556066a2b53806  mediawiki-1.13.2.patch.gz
db1e3b46e04a2608ea5429d73465ad03  mediawiki-i18n-1.13.2.patch.gz

00229272c5e1881ff36a07ca95891ca2  mediawiki-1.12.1.tar.gz
885c6dc5bce177563c3d7a14e5167411  mediawiki-1.12.1.patch.gz
82f874b72a65e71e41f4dadf410e0eec  mediawiki-i18n-1.12.1.patch.gz

-- Tim Starling

headers

Tim Starling | 2 Oct 2008 18:03

MediaWiki 1.13.2, 1.12.1 security update


This is a security and bugfix release of MediaWiki 1.12 and MediaWiki
1.13. A vulnerability has been discovered which allows arbitrary HTML
injection and thus possible user account compromise. The vulnerability
is only present when $wgUseSiteCss is turned on, which is the
default.  Versions 1.11 and earlier are NOT vulnerable, nor is
development branch later than July 28, 2008.

Also, there was the potential for a subtle user error while editing
$wgGroupPermissions in LocalSettings.php to cause all restrictions to
be disabled. This has been rectified.

Full release notes:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOTES
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_1/phase3/RELEASE-NOTES

See below for downloads.

**********************************************************************
    MEDIAWIKI   1.13.2
**********************************************************************

Download:
http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.2.tar.gz

Patch to previous version (1.13.1), without interface text:
http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.2.patch.gz
Interface text changes:
http://download.wikimedia.org/mediawiki/1.13/mediawiki-i18n-1.13.2.patch.gz

(Continue reading)

2	May 2013
4	April 2013
2	March 2013
1	December 2012
3	November 2012
1	August 2012
3	June 2012
1	May 2012
3	April 2012
4	March 2012
2	January 2012
4	November 2011
4	June 2011
4	May 2011
4	April 2011
2	February 2011
4	January 2011
2	July 2010
2	May 2010
2	April 2010
4	March 2010
2	July 2009
2	June 2009
2	May 2009
4	February 2009
6	December 2008
3	October 2008
1	September 2008
4	August 2008
2	July 2008
1	June 2008
8	March 2008
2	January 2008
4	September 2007
4	July 2007
5	May 2007
4	February 2007
8	January 2007
5	October 2006
4	July 2006
2	June 2006
5	May 2006
7	April 2006
4	March 2006
4	January 2006
2	December 2005
2	November 2005
5	October 2005
1	September 2005
8	August 2005
6	July 2005
6	June 2005
2	May 2005
3	April 2005
1	March 2005
4	February 2005
2	January 2005
5	December 2004

Mon	Tue	Wed	Thu	Fri	Sat	Sun

		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31