headers
Tim Starling | 7 Feb 2009 05:34
Picon

MediaWiki releases: security update and new major branch


This is a security release of 1.13.4, 1.12.4 and 1.6.12.

A number of cross-site scripting (XSS) security vulnerabilities were
discovered
in the web-based installer (config/index.php). These vulnerabilities all
require a live installer -- once the installer has been used to
install a wiki,
it is deactivated.

Note that cross-site scripting vulnerabilities can be used to attack
any website
in the same cookie domain. So if you have an uninstalled copy of
MediaWiki on
the same site as an active web service, MediaWiki could be used to
attack the
active service.

If you are hosting an old copy of MediaWiki that you have never
installed, we advise you to remove it from the web.

Additionally, we are releasing 1.14.0rc1, the first release candidate
of the 2009 Q1 branch. Brave souls are encouraged to download it and
try it out.

Note that we have disabled SQLite installation in 1.14, due to the
incompleteness of the implementation. We intend to restore it in 1.15.
We're not sure how many people are using SQLite, so contact us if our
treatment of it is causing you problems.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Tim Starling | 22 Feb 2009 12:31
Picon

MediaWiki 1.14.0 and 1.13.5 released


We are proud to announce the first stable release of the 2009 Q1
branch of MediaWiki, version 1.14.0.

We are also releasing MediaWiki 1.13.5. This is a maintenance release
which corrects some bugs in the installer, introduced during the hasty
security release of 1.13.4. It is not necessary to upgrade if you do
not intend on using the installer.

Thanks to our localisation community at translatewiki.net, MediaWiki
1.14.0 now has 311,000 localised interface text fragments spread
across 298 languages, that's 17% more than in 1.13.0.

MediaWiki is now using a "continuous integration" development model
with quarterly snapshot releases. The latest development code is
always kept "ready to run", and in fact runs our own sites on Wikipedia.

Release branches will continue to receive security updates for about a
year from first release, but nonessential bugfixes and feature
developments will be made on the development trunk and appear in the
next quarterly release.

Those wishing to use the latest code instead of a branch release can
obtain it from source control:
<http://www.mediawiki.org/wiki/Download_from_SVN>

Upgrade FAQ:
http://www.mediawiki.org/wiki/Manual:FAQ#Upgrading

Full release notes:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Tim Starling | 7 Feb 2009 05:34
Picon

MediaWiki releases: security update and new major branch


This is a security release of 1.13.4, 1.12.4 and 1.6.12.

A number of cross-site scripting (XSS) security vulnerabilities were
discovered
in the web-based installer (config/index.php). These vulnerabilities all
require a live installer -- once the installer has been used to
install a wiki,
it is deactivated.

Note that cross-site scripting vulnerabilities can be used to attack
any website
in the same cookie domain. So if you have an uninstalled copy of
MediaWiki on
the same site as an active web service, MediaWiki could be used to
attack the
active service.

If you are hosting an old copy of MediaWiki that you have never
installed, we advise you to remove it from the web.

Additionally, we are releasing 1.14.0rc1, the first release candidate
of the 2009 Q1 branch. Brave souls are encouraged to download it and
try it out.

Note that we have disabled SQLite installation in 1.14, due to the
incompleteness of the implementation. We intend to restore it in 1.15.
We're not sure how many people are using SQLite, so contact us if our
treatment of it is causing you problems.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Tim Starling | 22 Feb 2009 12:31
Picon

MediaWiki 1.14.0 and 1.13.5 released


We are proud to announce the first stable release of the 2009 Q1
branch of MediaWiki, version 1.14.0.

We are also releasing MediaWiki 1.13.5. This is a maintenance release
which corrects some bugs in the installer, introduced during the hasty
security release of 1.13.4. It is not necessary to upgrade if you do
not intend on using the installer.

Thanks to our localisation community at translatewiki.net, MediaWiki
1.14.0 now has 311,000 localised interface text fragments spread
across 298 languages, that's 17% more than in 1.13.0.

MediaWiki is now using a "continuous integration" development model
with quarterly snapshot releases. The latest development code is
always kept "ready to run", and in fact runs our own sites on Wikipedia.

Release branches will continue to receive security updates for about a
year from first release, but nonessential bugfixes and feature
developments will be made on the development trunk and appear in the
next quarterly release.

Those wishing to use the latest code instead of a branch release can
obtain it from source control:
<http://www.mediawiki.org/wiki/Download_from_SVN>

Upgrade FAQ:
http://www.mediawiki.org/wiki/Manual:FAQ#Upgrading

Full release notes:
(Continue reading)

Permalink | Reply | 0 comments |

Gmane