MediaWiki 1.5.8, 1.4.15 released [SECURITY]

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

MediaWiki 1.5.8, 1.4.15 released [SECURITY]

Brion Vibber
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MediaWiki 1.5.8 and 1.4.15 are security and bugfix maintenance releases.

A bug in decoding of certain encoded links could allow injection of raw
HTML into page output; this could potentially lead to XSS attacks.

Some minor UI fixes were also made, see the change log at the bottom of
the release notes.


Release notes:
1.5.8: http://sourceforge.net/project/shownotes.php?release_id=404871
1.4.15: http://sourceforge.net/project/shownotes.php?release_id=404869

Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5.8.tar.gz
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.15.tar.gz

MD5 checksums:
1eef94157377fa8c3d049877a27c0163  mediawiki-1.5.8.tar.gz
e729190a32d54118d24bec4021b0729e  mediawiki-1.4.15.tar.gz


Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ

Low-traffic release announcements mailing list:
(Please subscribe to receive announcements of security updates.)
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

Bug report system:
http://bugzilla.wikimedia.org/

Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net

- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEJzNXwRnhpk1wk44RAiyKAKCO/fKIb+kpw4XwUh7/88qjrCt66ACgjAuZ
Y69fJh94cryQBhCJlM2il10=
=Jv/Y
-----END PGP SIGNATURE-----
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l