Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Wikipedia: Mediawiki-announce

MediaWiki 1.5rc4, 1.4.9, 1.3.15 released [SECURITY]

  

 
Wikipedia mediawiki-announce RSS feed   Index | Next | Previous | View Threaded


brion at pobox

Aug 29, 2005, 5:36 PM

Post #1 of 1 (1262 views)
Permalink
MediaWiki 1.5rc4, 1.4.9, 1.3.15 released [SECURITY]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

These are security and maintenance releases, which fix two cross-site
scripting bugs. All internet-facing wikis are recommended to upgrade to
the current release in their series.

Incorrect handling of <math> tags when TeX rendering is disabled, as in
the default configuration. (Wikis where the optional math support has
been *enabled* are not vulnerable.)

* 1.5 vulnerable: <= 1.5rc3 fixed: >= 1.5rc4
* 1.4 vulnerable: <= 1.4.8 fixed: >= 1.4.9
* 1.3 vulnerable: <= 1.3.14 fixed: >= 1.3.15

Incorrect handling of <nowiki> and extension tags in table styles:

* 1.5 vulnerable: <= 1.5rc3 fixed: >= 1.5rc4
* 1.4 vulnerable: <= 1.4.8 fixed: >= 1.4.9
* 1.3 not vulnerable

Additionally, 1.5rc4 fixes some compatibility issues with PHP 5.1 beta.


Release notes:
1.5rc4 http://sourceforge.net/project/shownotes.php?release_id=352778
1.4.9 http://sourceforge.net/project/shownotes.php?release_id=352777
1.3.15 http://sourceforge.net/project/shownotes.php?release_id=352776

Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5rc4.tar.gz?download
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.9.tar.gz?download
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.3.15.tar.gz?download

File checksums:
MD5 (mediawiki-1.5rc4.tar.gz) = 5a27beedfa4107813296307fe52b20ad
MD5 (mediawiki-1.4.9.tar.gz) = fae30b065d08152735b2c2edd61aadf4
MD5 (mediawiki-1.3.15.tar.gz) = f1279514435143bd6840e1d570d8c4f4

Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ

Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

Bug report system:
http://bugzilla.wikimedia.org/

Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net

- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDE6oqwRnhpk1wk44RAmdEAKCOpHUv6+k37TlDCjxS9FCaJU1qJgCfTB/f
eJmxsPTk1GVEq9DHDF8X86s=
=euNq
-----END PGP SIGNATURE-----
_______________________________________________
MediaWiki-announce mailing list
MediaWiki-announce [at] wikimedia
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce

Wikipedia mediawiki-announce RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.