[MediaWiki-l] Security announcement for Extension:GoogleDocTag and Extension:YotpoReviews

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[MediaWiki-l] Security announcement for Extension:GoogleDocTag and Extension:YotpoReviews

Brian Wolff-2
Hi everyone,

The following is an unofficial security announcement for
Extension:GoogleDocTag and Extension:YotpoReviews. (It is unofficial
because Wikimedia doesn't maintain these extensions).

We recently discovered an XSS vulnerability in both these extensions. If
you use either of these extensions we strongly urge you to upgrade.

For YotpoReviews please upgrade to either: 0.4 or 0.3.1
For GoogleDocTag please upgrade to either: 0.6 or 0.4.1

New versions of these extensions can be downloaded from
https://www.mediawiki.org/wiki/Special:ExtensionDistributor or directly
from the git repo.

Relevant gerrit patches:


Brian Wolff
MediaWiki-l mailing list
To unsubscribe, go to: