[MediaWiki-l] Security announcement for TemplateData extension

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[MediaWiki-l] Security announcement for TemplateData extension

Brian Wolff-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello everyone,

This is an announcement of a security release for
the TemplateData extension.

Version 0.1.1 and earlier of this extension
is vulnerable to a stored XSS vulnerability.

Please upgrade your wikis to version 0.1.2 of
this extension. The fix is included in git
commit f6c8566aa3 (for master), 3817a3dbb
(for REL1_30), bcd2508da (for REL1_29) and
eeaba019 (for REL1_27).

For information about the extension and where
to download, see its description page:
https://www.mediawiki.org/wiki/Extension:TemplateData

For more information about the flaw, see the ticket:
https://phabricator.wikimedia.org/T118682

Thank you,
Brian Wolff
Wikimedia Security Team
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJaODEUAAoJEDYflDsVwI3U7q0P+weJjUHZ7nd4c669jw5aXg82
jQ1bT88YsoXr5vFr22etdFyN4VjgM+ZoMfKWGwxh7V2FjYQocKvOm1A5fCyWRaXp
MMz6+5uOFWOLnN7OABKI2KoSjS3Xi/yhMBGLOJr9WFaQ8o+peMTZL3qs5uxaASI6
UyLGMO1Tq1r+aAp7283LSHr6OA5YAqD8G6YIFbLeIgPQ5SZwNsRPWggn0b10W3lc
ET7THcPRvWMChTrwNVgURzQC2yeTJ2cpuq6agFzH0gy+bB7Gw9mLdvz8cWcWJbJ9
w0CplBYDAj9nVRVoRXlgDpZL6UzIYKzTWBtwydKBENVh5dXKtaRAAuh8VWTSTfMj
QvryH+jWIDsDcStXnmn4+w6WBUmnfMAxKylZv03oGjIgcwLmNdXLv/oQo2sgbDTk
gUHg3bj+fYrr6eiLyIsB8sj6tf5ZC7/toDAWbk2DbPmURjH4R4jCDUgHm5pmzW+l
b2SN6rOxDIofXEjs7gVdkAfPF9Hen6ojVemml0NtVIVMofQInfHzsvhQOScuigoX
mRGemuxJ5kh4ktf5KVSSB/PDIaiSuOGCOW59DPniz7O0HvEvtTZYYNKlgl8Obosa
ExMsQGBnDFoc7/GQZnlLEGSK+lnJv2rCpbxBpEXg7zbtARlpyp3HdsSX29Gk+vXi
VzEGdX5z0w185AtsSRn8
=PKzo
-----END PGP SIGNATURE-----
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l