-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.4.2 is a security and bug fix release for the 1.4 stable
release series.
A cross-site scripting injection vulnerability was discovered, which
affects only MSIE clients and is only open if MediaWiki has been
manually configured to run output through HTML Tidy ($wgUseTidy).
Several other bugs are fixed in this release.
All new installations are highly recommended to use 1.4.2 instead of
1.3.x; existing 1.3.x users should consider upgrading for bug fixes and
new features. A 1.3.12 maintenance release is available with the Tidy
fix; the relevant change is in includes/Parser.php.
=== Changes from 1.4.1 to 1.4.2 ===
* Fix math options in Finnish localization
* Use in-process Tidy extension if available when $wgUseTidy is on
* (bug 1933) Fix PATH_INFO usage under IIS with PHP ISAPI module
* (bug 1188) <nowiki> in {{subst:}} includes fixed
* (bug 1936) <!-- comments --> in {{subst:}} includes fixed
* Fix a potential MSIE JavaScript injection vector in Tidy mode
Release notes for 1.4.2:
http://sourceforge.net/project/shownotes.php?release_id=322146
Download:
http://prdownloads.sf.net/wikipedia/mediawiki-1.4.2.tar.gz?download
http://prdownloads.sf.net/wikipedia/mediawiki-1.3.12.tar.gz?download
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikipedia.org/
Play "stump the developers" live on IRC:
#mediawiki on
irc.freenode.net
- -- brion vibber (brion @
pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird -
http://enigmail.mozdev.org
iD8DBQFCZxJewRnhpk1wk44RAj0EAKCKfIGUwsFpSZySXIUFLvqIpXGavgCeIFrN
dEbjqvbZHQBzvfg/+WixDL4=
=5TdO
-----END PGP SIGNATURE-----