Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Wikipedia: Mediawiki-announce

MediaWiki 1.6.6 released (security)

 

 

Wikipedia mediawiki-announce RSS feed   Index | Next | Previous | View Threaded


brion at pobox

May 23, 2006, 4:00 AM

Post #1 of 1 (2606 views)
Permalink
MediaWiki 1.6.6 released (security)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MediaWiki 1.6.6 is a security and bugfix maintenance release.

An XSS injection vector in brace replacement has been fixed, as have some
potential problems with table parsing. Upgrading is strongly recommended
for all users of 1.6. MediaWiki versions 1.5 and earlier are not affected.

As a quick fix, if you are not able to fully upgrade to 1.6.6 you can apply this
two-line patch to fix the main known problems:
http://svn.wikimedia.org/viewvc/mediawiki/branches/REL1_6/phase3/includes/Sanitizer.php?r1=14042&r2=14351&view=patch&pathrev=14351


Additionally some localization and user interface updates are included.

* Correct "revertpage" message in English
* (bug 5507) Logouttext uses now wiki markup
* (bug 5857, 5957) Update for German localisation (de)
* (bug 5586) <gallery> treated text as links
* (bug 5957) Update for Hebrew language (he)
* (bug 6025) SpecialImport: wrong message when no file selected
* (bug 6015) EditPage: add spacing in the boxes "edit is minor" and "watch this"
* (bug 6018) Userrights: new message when no user specified ('nouserspecified')
* (bug 6055) Fix for HTML/JS injection bug in variable handler (found by Nick
Jenkins)
* Reordered wiki table handling and __TOC__ extraction in the parser to better
handle some overlapping tag cases.
* Only the first __TOC__ is now turned into a TOC.
* (bug 361) URL in URL, they were almost fixed. Now they are.


Full release notes:
http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_6/phase3/RELEASE-NOTES
http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_6/phase3/HISTORY

Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.6.6.tar.gz

MD5 checksum:
b19b11dbe4a9c61bf857f6584e4d6010 mediawiki-1.6.6.tar.gz

SHA-1 checksum:
debb5970dd30632b0d6fff6dd95727da9d730f6f mediawiki-1.6.6.tar.gz


Before asking for help, try the FAQ:
http://www.mediawiki.org/wiki/FAQ

Low-traffic release announcements mailing list:
(Please subscribe to receive announcements of security updates.)
http://mail.wikimedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list:
http://mail.wikimedia.org/mailman/listinfo/mediawiki-l

Bug report system:
http://bugzilla.wikimedia.org/

Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net

- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEcutRwRnhpk1wk44RAudPAKDJg58CEg9ROIbTDL3kG8jBrW0AgACfeWTk
25YeMM3CnncCe/QQGK1fyrs=
=JbhE
-----END PGP SIGNATURE-----
_______________________________________________
MediaWiki-announce mailing list
MediaWiki-announce [at] wikimedia
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce

Wikipedia mediawiki-announce RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.