[MediaWiki-l] Security announcement for Extension:GoogleDocTag and Extension:YotpoReviews

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[MediaWiki-l] Security announcement for Extension:GoogleDocTag and Extension:YotpoReviews

Brian Wolff-2
Hi everyone,

The following is an unofficial security announcement for
Extension:GoogleDocTag and Extension:YotpoReviews. (It is unofficial
because Wikimedia doesn't maintain these extensions).

We recently discovered an XSS vulnerability in both these extensions. If
you use either of these extensions we strongly urge you to upgrade.

For YotpoReviews please upgrade to either: 0.4 or 0.3.1
For GoogleDocTag please upgrade to either: 0.6 or 0.4.1

New versions of these extensions can be downloaded from
https://www.mediawiki.org/wiki/Special:ExtensionDistributor or directly
from the git repo.

Relevant gerrit patches:

YotpoReviews:
https://gerrit.wikimedia.org/r/#/q/I5cbd95ed37a117740e59c66200141e08131a3111
GoogleDocTag:
https://gerrit.wikimedia.org/r/#/q/Iaae66049011e5a2b10d82ac2eaaa9aecebf16345

Thanks,
Brian Wolff
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l