-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.5 beta 1 is a preview release, pretty much feature complete,
of the new 1.5 release series. There are several known and likely a
number of unknown bugs; it is not recommended to use this release in a
production environment but would be recommended for testing in mind of
an upcoming deployment.
A number of significant changes have been made since the alpha releases,
including database changes and a reworking of the user permissions
settings. See the file UPGRADE for details of upgrading and changing
your prior configuration settings for the new system.
For a relatively full list of changes since 1.5alpha2, see the changelog
in the release notes.
Release notes:
http://sourceforge.net/project/shownotes.php?release_id=337757
Download:
http://prdownloads.sf.net/wikipedia/mediawiki-1.5beta1.tar.gz?download
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCvolDwRnhpk1wk44RAvT8AKChqSlSP+vqxnVnBo0mdqzW+x7V0wCgyJLN
6C4aRnTwiScc6H43xf2ri+Q=
=JaIh
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.5 alpha 2 includes a lot of bug fixes, feature merges,
and a security update.
THIS IS AN EXPERIMENTAL RELEASE FOR TESTING ONLY. Public or
in-production servers should use the stable MediaWiki 1.4.5 release.
Incorrect handling of page template inclusions made it possible to
inject JavaScript code into HTML attributes, which could lead to
cross-site scripting attacks on a publicly editable wiki.
Vulnerable releases and fix:
* 1.5 prerelease: fixed in 1.5alpha2
* 1.4 stable series: fixed in 1.4.5
* 1.3 legacy series: fixed in 1.3.13
* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended
For a relatively full list of changes since 1.5alpha1, see the changelog
in the release notes.
Release notes:
http://sourceforge.net/project/shownotes.php?release_id=332229
Download:
http://prdownloads.sf.net/wikipedia/mediawiki-1.5alpha2.tar.gz?download
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikipedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCoHg3wRnhpk1wk44RAgK2AKCUiTvJ7fKmlwfy1ICpShBMFYNGvACgkiGn
oBhbMAqlYR9q0v9Q+vylRsY=
=N4ka
-----END PGP SIGNATURE-----
MediaWiki 1.4.5 is a security update and bugfix release.
Incorrect handling of page template inclusions made it possible to
inject JavaScript code into HTML attributes, which could lead to
cross-site scripting attacks on a publicly editable wiki.
Vulnerable releases and fix:
* 1.5 prerelease: fixed in 1.5alpha2
* 1.4 stable series: fixed in 1.4.5
* 1.3 legacy series: fixed in 1.3.13
* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended
This release also includes a number of bug fixes (see changelog below)
and merges some large-server load balancing patches from Wikipedia.
An experimental rate limiter for page edits and moves can be enabled
with global, per-IP, per-subnet, or per-user bases. See configuration
options in includes/DefaultSettings.php
=== Changes since 1.4.4 ===
* Fix for reading incorrectly re-gzipped HistoryBlob entries
* Generalize project namespace for Latin localization, update namespaces
* (bug 2075) Corrected namespace definitions in Tamil localization
* (bug 1692) Fix margin on unwatch tab
* Avoid overwriting shared image metadata cache with bogus encoding
conversions
* Fix reporting of minor edits in Special:Export output
* (bug 2150) Fix tab indexes on edit form
* Run ArticleSave hooks on image upload.
* (bug 2239) Fix non-ASCII chars in linktrail for Latin-1 mode
* (bug 1454) Backport edit/move rate limiter from CVS HEAD (experimental)
* (bug 1929) Fix documentation comment for $wgWhitelistRead
* (bug 1975) The name for Limburgish (li) changed from "Lèmburgs" to
"Limburgs"
* (bug 2019) Wrapped the output of Special:Version in <div dir='ltr'> in
order to preserve the correct flow of text on RTL wikis.
* (bug 2084) Fixed a regular expression in includes/Title.php that was
accepting invalid syntax like #REDIRECT [[foo] in redirects
* (bug 2087) Fixed a bug in special page handling which which stopped
"0" from
* (bug 2094) Multiple use of a template produced wrong results in some
cases being passed to all special pages Special:Page/0 syntax.
* Fixed a bug in Special:Allpages, Special:Contributions,
Special:Whatlinkshere, Special:Recentchangeslinked and
Special:Emailuser, they all mishandled being passed "0" with the
Special:Page/0 syntax (unrelated to bug 2087), this either required a
workaround in the form of passing "0" as a GET value or blocked the user
from passing that value at all.
* Fixed a bug in Special:Newimages that made it impossible to search for '0'
* (bug 2217) Negative ISO years were incorrectly converted to BC notation.
* (bug 2267) Don't generate thumbnail at the same size as the source image.
* Disable fulltext image name search in Special:Imagelist during MiserMode.
* Fix sorting of profiling output in debug log: largest last for easy
tailing
* (bug 2281) Fix regression with page moves taking the wrong talk pages
* Regression fix: watchlist day cutoff
* (bug 2173) Fatal error when removing an article with an empty title
from the watchlist
* (bug 2034) Armor HTML attributes against template inclusion and links
munging
Release notes:
http://sourceforge.net/project/shownotes.php?release_id=332231
Download:
http://prdownloads.sf.net/wikipedia/mediawiki-1.4.5.tar.gz?download
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikipedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
-- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.3.13 is a security maintenance release.
Incorrect handling of page template inclusions made it possible to
inject JavaScript code into HTML attributes, which could lead to
cross-site scripting attacks on a publicly editable wiki.
Vulnerable releases and fix:
* 1.5 prerelease: fixed in 1.5alpha2
* 1.4 stable series: fixed in 1.4.5
* 1.3 legacy series: fixed in 1.3.13
* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended
The 1.3.x series is no longer maintained except for security fixes;
new users and those seeking general bug fixes should install 1.4.5.
Existing 1.3.x installations not willing or able to upgrade to the
current stable relase should update the installation to 1.3.13; only
includes/Parser.php has changed from 1.3.12.
Release notes:
http://sourceforge.net/project/shownotes.php?release_id=332230
Download:
http://prdownloads.sf.net/wikipedia/mediawiki-1.3.13.tar.gz?download
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikipedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCoHbQwRnhpk1wk44RArfFAJ924sPPqqy14sfDPOlVVF/zq3m9AwCfaTKY
/C1EiL5nXaEou/aJNTqsdI8=
=6HE3
-----END PGP SIGNATURE-----