[MediaWiki-l] Security release: I18nTags extension

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[MediaWiki-l] Security release: I18nTags extension

Niklas Laxström
Updates are available for the I18nTags extension to fix an XSS
vulnerability [1].

The XSS vulnerability is exploitable by all users who can edit pages.
The stored XSS is executed by anyone viewing an affected page. It is
recommended to clear the parser cache after updating. All versions
older than 2018-08-06 are affected.

If you are running I18nTags, please update to the latest code from git
or download updated snapshots for release versions 1.27, 1.30, 1.31 or
git master from [2].

Many thanks to Kevin Israel for finding the XSS vulnerability.

[1] https://phabricator.wikimedia.org/T200973
[2] https://www.mediawiki.org/wiki/Special:ExtensionDistributor/I18nTags

  -Niklas

_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l