MediaWiki-announce October 2014

mediawiki-announce@lists.wikimedia.org

3 participants
6 discussions

by mah＠nichework.com

Hello everyone, The prior maintenance release announcement email titled MediaWiki Security and Maintenance Releases: 1.23.6, 1.22.13 and 1.19.21 included the word "Security" in the subject. This inclusion was a mistake. There are no security fixes included in these releases. Best, Mark A. Hershberger (Wiki Release Team)

9 years, 6 months

MediaWiki Security and Maintenance Releases: 1.23.6, 1.22.13 and 1.19.21

by mah＠nichework.com

Hello everyone, I would like to announce the release of MediaWiki 1.23.6, 1.22.13 and 1.19.21. These are regular maintenance releases. Download links are given at the end of this email. == Bugfixes in 1.23.6 == * (Bug 67440) Allow classes to be registered properly from installer * (Bug 72274) Job queue not running (HTTP 411) due to missing Content-Length: header == Bugfixes in 1.22.12 == * (Bug 67440) Allow classes to be registered properly from installer == Bugfixes in 1.19.21 == * (bug 67440) Allow classes to be registered properly from installer. * (bug 47281) Fixed a dumpBackup.php error with --uploads --include-files options: Unable to find the wrapper "mwstore". System administrators are encouraged to upgrade to this release or 1.22+ and produce a full data dump. https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Backing_up_a_wiki * (bug 63049) Removed anonymous functions from ApiFormatBase, added in 1.19.13 as part of the fix for bug 61362, for PHP 5.2 compatibility. Full release notes for 1.23.6: <https://www.mediawiki.org/wiki/Release_notes/1.23> Full release notes for 1.22.13: <https://www.mediawiki.org/wiki/Release_notes/1.22> Full release notes for 1.19.21: <https://www.mediawiki.org/wiki/Release_notes/1.19> Public keys: <https://www.mediawiki.org/keys/keys.html> ********************************************************************** 1.23.6 ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.23/mediawiki-core-1.23.6.tar.gz https://releases.wikimedia.org/mediawiki/1.23/mediawiki-1.23.6.tar.gz Patch to previous version (1.23.5): https://releases.wikimedia.org/mediawiki/1.23/mediawiki-1.23.6.patch.gz GPG signatures: https://releases.wikimedia.org/mediawiki/1.23/mediawiki-core-1.23.6.tar.gz.… https://releases.wikimedia.org/mediawiki/1.23/mediawiki-1.23.6.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.23/mediawiki-1.23.6.patch.gz.sig Note: There is no i18n patch as there are no changes in translation. ********************************************************************** 1.22.13 ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.22/mediawiki-core-1.22.13.tar.gz https://releases.wikimedia.org/mediawiki/1.22/mediawiki-1.22.13.tar.gz Patch to previous version (1.22.12): https://releases.wikimedia.org/mediawiki/1.22/mediawiki-1.22.13.patch.gz GPG signatures: https://releases.wikimedia.org/mediawiki/1.22/mediawiki-core-1.22.13.tar.gz… https://releases.wikimedia.org/mediawiki/1.22/mediawiki-1.22.13.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.22/mediawiki-1.22.13.patch.gz.sig Note: There is no i18n patch as there are no changes in translation. ********************************************************************** 1.19.21 ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.19/mediawiki-core-1.19.21.tar.gz https://releases.wikimedia.org/mediawiki/1.19/mediawiki-1.19.21.tar.gz Patch to previous version (1.19.20): https://releases.wikimedia.org/mediawiki/1.19/mediawiki-1.19.21.patch.gz GPG signatures: https://releases.wikimedia.org/mediawiki/1.19/mediawiki-core-1.19.21.tar.gz… https://releases.wikimedia.org/mediawiki/1.19/mediawiki-1.19.21.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.19/mediawiki-1.19.21.patch.gz.sig Note: There is no i18n patch as there are no changes in translation. Mark A. Hershberger (Wiki Release Team)

9 years, 6 months

Pre-release announcement for MediaWiki releases 1.23.6, 1.22.13 and 1.19.21

by mah＠nichework.com

Hello everyone, This is a notice that on Wednesday, October 28, 2014, between 20:00-22:00 UTC, we will release maintenance updates for current and supported branches of the MediaWiki software. Downloads and patches will be available at that time. Best, Mark. A. Hershberger (Wiki Release Team)

9 years, 6 months

Security fixes for CentralAuth and MobileFrontend extensions

by Chris Steipp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 A number of security issues in MediaWiki extensions have been fixed. Users of these extensions should update to the latest version. * CentralAuth: Internal review found multiple issues that have been resolved: ** (bug 70469) Special:MergeAccount failed to validate the anti-csrf token in its forms when performing actions. <https://bugzilla.wikimedia.org/show_bug.cgi?id=70469> ** (bug 70468) The internal function to attach multiple local wiki accounts into a single, global account did not re-check that the requesting user owned the "home wiki" for that username, but assumed that user did own this account. This could allow a user to add their local account edits to a global account that they didn't own. <https://bugzilla.wikimedia.org/show_bug.cgi?id=70468> ** (bug 71749) Incomplete fix for bug 70468. The fix wasn't applied to the new feature where accounts were globalized automatically on login. <https://bugzilla.wikimedia.org/show_bug.cgi?id=71749> ** (bug 70620) When globally renaming a user, the antispoof table, which prevents similar looking names from being created, weren't updated. This potentially allowed another user to register an account with a name that looked identical to the username of a user who had been globally renamed. <https://bugzilla.wikimedia.org/show_bug.cgi?id=70620> * MobileFrontend: (bug 70009) Sherif Mansour discovered that POST parameters were being added to links generated by MobileFrontend, which could reveal the user's password after login. <https://bugzilla.wikimedia.org/show_bug.cgi?id=70009> ********************************************************************** Extension:CentralAuth ********************************************************************** Information and Download: https://www.mediawiki.org/wiki/Extension:CentralAuth ********************************************************************** Extension:MobileFrontend ********************************************************************** Information and Download: https://www.mediawiki.org/wiki/Extension:MobileFrontend -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlQ1lJoACgkQ7h9mNGLYTwGdgAD/X7q6WfaBoE2SdKjZeoLE9yvs wg07Fs4kytmmSQDXa4IBAKBgaYuhuRt5j+G5Q9YNdfCCkvlSqnz7heCIX1Ddn5ma =cOb1 -----END PGP SIGNATURE-----

9 years, 6 months

MediaWiki Security and Maintenance Releases: 1.19.20, 1.22.12 and 1.23.5

by Markus Glaser

Hello everyone, I would like to announce the release of MediaWiki 1.19.20, 1.22.12 and 1.23.5. This is a security release. Download links are given at the end of this email. == Security == * (bug 70672) SECURITY: OutputPage: Remove separation of css and js module allowance. Full release notes for 1.23.5: <https://www.mediawiki.org/wiki/Release_notes/1.23> Full release notes for 1.22.12: <https://www.mediawiki.org/wiki/Release_notes/1.22> Full release notes for 1.19.20: <https://www.mediawiki.org/wiki/Release_notes/1.19> Public keys: <https://www.mediawiki.org/keys/keys.html> ********************************************************************** 1.23.5 ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.23/mediawiki-1.23.5.tar.gz Patch to previous version (1.23.4): https://releases.wikimedia.org/mediawiki/1.23/mediawiki-1.23.5.patch.gz GPG signatures: https://releases.wikimedia.org/mediawiki/1.23/mediawiki-core-1.23.5.tar.gz.… https://releases.wikimedia.org/mediawiki/1.23/mediawiki-1.23.5.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.23/mediawiki-1.23.5.patch.gz.sig Note: There is no i18n patch as there are no changes in translation. ********************************************************************** 1.22.12 ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.22/mediawiki-1.22.12.tar.gz Patch to previous version (1.22.11): https://releases.wikimedia.org/mediawiki/1.22/mediawiki-1.22.12.patch.gz GPG signatures: https://releases.wikimedia.org/mediawiki/1.22/mediawiki-core-1.22.12.tar.gz… https://releases.wikimedia.org/mediawiki/1.22/mediawiki-1.22.12.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.22/mediawiki-1.22.12.patch.gz.sig Note: There is no i18n patch as there are no changes in translation. ********************************************************************** 1.19.20 ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.19/mediawiki-1.19.20.tar.gz Patch to previous version (1.19.19): https://releases.wikimedia.org/mediawiki/1.19/mediawiki-1.19.20.patch.gz GPG signatures: https://releases.wikimedia.org/mediawiki/1.19/mediawiki-core-1.19.20.tar.gz… https://releases.wikimedia.org/mediawiki/1.19/mediawiki-1.19.20.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.19/mediawiki-1.19.20.patch.gz.sig Note: There is no i18n patch as there are no changes in translation. Markus Glaser (Wiki Release Team)

9 years, 6 months

Pre-release announcement for MediaWiki releases 1.19.20, 1.22.12 and 1.23.5

by Markus Glaser

Hello everyone, this is a notice that on Wednesday, 1st October 2014, between 20:00-22:00 UTC we will release security updates for current and supported branches of the MediaWiki software. Downloads and patches will be available at that time. Best, Markus Glaser (Wiki Release Team)

9 years, 6 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

MediaWiki-announce October 2014