brion at pobox
Aug 23, 2005, 3:59 PM
Post #1 of 1
(1221 views)
Permalink
|
|
MediaWiki 1.3.14, 1.4.8, 1.5rc1 released [SECURITY]
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.5rc1 is a preview release of the new 1.5 release series.
Numerous bug fixes since last beta, plus a security fix; see change
log in the release notes for full details.
A flaw in the interaction between extensions and HTML attribute
sanitization was discovered which could allow unauthorized use
of offsite resources in style sheets, and possible exploitation
of a JavaScript injection feature on Microsoft Internet Explorer.
This version expands the returned text and properly checks it
before output.
MediaWiki 1.4.8 is a bug fix and security maintenance release. It fixes
the above bug, plus an update to skins/MonoBook.php ensures that sites
using the default MonoBook skin will display correctly in the Internet
Explorer 7 beta. (1.3 and 1.5 are not affected by this display problem.)
MediaWiki 1.3.14 is a security maintenance release.
The 1.3.x series is no longer maintained except for security fixes;
new users and those seeking bug fixes should upgrade to 1.4.8 or 1.5rc1.
Existing 1.3.x installations not willing to upgrade to the current
stable relase should apply the change manually; details are in the
release notes.
If you are actively using extensions to generate HTML attribute values,
upgrade to 1.4 or 1.5 for a full fix; 1.3.14 simply disables any attempt
to use such.
Release notes:
1.5rc1: http://sourceforge.net/project/shownotes.php?release_id=351260
1.4.8: http://sourceforge.net/project/shownotes.php?release_id=351258
1.3.14: http://sourceforge.net/project/shownotes.php?release_id=351257
Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5rc1.tar.gz?download
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.8.tar.gz?download
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.3.14.tar.gz?download
MD5 checksums:
mediawiki-1.5rc1.tar.gz f8b61f0cdac4ed8a7ed7aecf02d3bc78
mediawiki-1.4.8.tar.gz 69112673e0599049dc962d4c904feb6b
mediawiki-1.3.14.tar.gz 2d65015aff380620434e381a4d60b57a
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDC6prwRnhpk1wk44RAr3YAJ9Aqw7b3cQ6COpMvixX5ty1NEEJRACgi0rK
c5kgvf2tc/DMeMkFtI8TZqQ=
=oHMy
-----END PGP SIGNATURE-----
_______________________________________________
MediaWiki-announce mailing list
MediaWiki-announce [at] wikimedia
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
|
