-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.6.7 is a security and bugfix maintenance release of the
Spring 2006 snapshot:
An HTML/JavaScript-injection vulnerability in the edit form has been closed.
This vulnerability was new in 1.6.0; MediaWiki versions 1.5.x or earlier are
not affected.
Extensions, comments, and <nowiki> sections are now handled in a one-pass
way which is more reliable and safer. Under earlier versions of MediaWiki,
certain extensions could be abused to inject HTML/JavaScript into the page.
Additional precautions are made against offsite form submissions when
the restricted raw HTML mode is enabled.
Some small localization and user interface updates are also included.
* (bug 6051) Improvement to German localisation (de)
* (bug 6017) Update bookstore list for German language (de)
* (bug 6138) Minor grammar tweak in "loginreqlink"
* (bug 5957) Update for Hebrew language (he)
* Increase robustness of parser placeholders; fixes some glitches when
adjacent to identifier-ish constructs such as URLs.
* (bug 5384) Fix <!-- comments --> in <ref> extension
* Nesting of different tag extensions and comments should now work more
consistently and more safely. A cleaner, one-pass tag strip lets the
'outer' tag either take source (<nowiki>-style) or pass it down to
further parsing (<ref>-style). There should no longer be surprise
expansion of foreign extensions inside HTML output, or differences
in behavior based on the order tags are loaded.
* (bug 885) Pre-save transform no longer silently appends close tags
* Pre-save transform no longer changes the case of close tags
* Edit security precautions in raw HTML mode, etc
Full release notes:
http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_7/phase3/RELEASE-NOTEShttp://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_7/phase3/HISTORY
Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.6.7.tar.gz
MD5 checksum:
cbcba609339abb5688068e5dc379110b mediawiki-1.6.7.tar.gz
SHA-1 checksum:
b5aadd8240d63c644728d071e4f452d0efacf5bf mediawiki-1.6.7.tar.gz
Before asking for help, try the FAQ:
http://www.mediawiki.org/wiki/FAQ
Low-traffic release announcements mailing list:
(Please subscribe to receive announcements of security updates.)
http://mail.wikimedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikimedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEhUuXwRnhpk1wk44RAt3lAJ47O0Zy8n3AuM03GM5jvXETaC75ogCfdsEe
JFcS6FqSkz0485oU4HN7eBs=
=8x0L
-----END PGP SIGNATURE-----