Brion Vibber | 27 Mar 02:35 2006
Picon

MediaWiki 1.5.8, 1.4.15 released [SECURITY]


MediaWiki 1.5.8 and 1.4.15 are security and bugfix maintenance releases.

A bug in decoding of certain encoded links could allow injection of raw
HTML into page output; this could potentially lead to XSS attacks.

Some minor UI fixes were also made, see the change log at the bottom of
the release notes.

Release notes:
1.5.8: http://sourceforge.net/project/shownotes.php?release_id=404871
1.4.15: http://sourceforge.net/project/shownotes.php?release_id=404869

Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5.8.tar.gz
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.15.tar.gz

MD5 checksums:
1eef94157377fa8c3d049877a27c0163  mediawiki-1.5.8.tar.gz
e729190a32d54118d24bec4021b0729e  mediawiki-1.4.15.tar.gz

Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ

Low-traffic release announcements mailing list:
(Please subscribe to receive announcements of security updates.)
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
(Continue reading)


Gmane