brion at pobox
Dec 21, 2005, 4:25 PM
Post #1 of 1
(1542 views)
Permalink
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.5.4 is a security and bugfix maintenance release.
A hardcoded internal placeholder string has been replaced with a random
one. This closes a hole where security checks in inline style attributes
could be bypassed, injecting JavaScript code that could execute in
Microsoft Internet Explorer.
Other browsers would not be vulnerable.
Several minor fixes are included in this release, most notably a fix
to clear the "you have new messages" flag properly for usernames
containing spaces when e-mail notification is enabled.
See the changelog at the end of the release notes for a full list of
fixes.
Release notes:
http://sourceforge.net/project/shownotes.php?release_id=379951
Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5.4.tar.gz?download
MD5 checksum:
c5cff706c4d2fc8dd5aabd10f1714be0 mediawiki-1.5.4.tar.gz
SHA-1 checksum:
12ccdbdd295152937595d4a00c41ae156bf19015 mediawiki-1.5.4.tar.gz
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFDqfJ+wRnhpk1wk44RAodbAKCP6RPb2vysJTeUMMMq5eT9EXUkUgCfXzKL
mL8OeBGrSnXpPWteNI42ylI=
=oCrk
-----END PGP SIGNATURE-----
_______________________________________________
MediaWiki-announce mailing list
MediaWiki-announce [at] wikimedia
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
|
