-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.10 is the quarterly release snapshot for Spring 2007. While
the code has been running on Wikipedia for some time, installation and
upgrade bits may be less well tested. Bug fix releases may follow in the
coming days or weeks.
This is a release candidate -- 1.10.0 final will be released very
shortly, after a few more people have had a chance to test it in
additional environments.
Changes since 1.10.0rc1:
* Various l10n fixes and updates
* Fix for upgrade of page_restrictions table
* (bug 9780) Fix normalization of titles with initial colon followed by
whitespace
* Fix for regression in upload: wrong size info saved into image table
* Avoid cyclic stub problems when authorization hooks do funny things
with the user and the database at load time
MediaWiki is now using a "continuous integration" development model with
quarterly snapshot releases. The latest development code is always kept
"ready to run", and in fact runs our own sites on Wikipedia.
Release branches will continue to receive security updates for about a
year from first release, but nonessential bugfixes and feature
development happen will be made on the development trunk and appear in
the next quarterly release.
Those wishing to use the latest code instead of a branch release can
obtain it from source control:
http://www.mediawiki.org/wiki/Download_from_SVN
Full release notes:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_10_0RC2/phase3/RELEASE…
Download:
http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.0rc2.tar.gzhttp://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.0rc2.patch
PGP signature:
http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.0rc2.tar.gz.sighttp://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.0rc2.patch.sig
MD5 checksum:
988d8f642693f95e62efc56200baa99b mediawiki-1.10.0rc2.tar.gz
692572fa067c5797172ef4d2471259d1 mediawiki-1.10.0rc2.patch
SHA-1 checksum:
37e17e2a75a407f8d4888f61b7d2d3ad74b43ab4 mediawiki-1.10.0rc2.tar.gz
c99d890a30532d3daba73ba84c4a9e2cdc34bbd1 mediawiki-1.10.0rc2.patch
Before asking for help, try the FAQ:
http://www.mediawiki.org/wiki/Manual:FAQ
Low-traffic release announcements mailing list:
(Please subscribe to receive announcements of security updates.)
http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGO6o3wRnhpk1wk44RAh3MAKCwbDGUWXho9ITx99YcZmRl3c2eXgCghAqe
twRgei6PzF/xn/n06x4Dkf0=
=JfKz
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.10 is the quarterly release snapshot for Spring 2007. While
the code has been running on Wikipedia for some time, installation and
upgrade bits may be less well tested. Bug fix releases may follow in the
coming days or weeks.
This is a release candidate -- 1.10.0 final will be released later this
week after a few more people have had a chance to test it in additional
environments.
MediaWiki is now using a "continuous integration" development model with
quarterly snapshot releases. The latest development code is always kept
"ready to run", and in fact runs our own sites on Wikipedia.
Release branches will continue to receive security updates for about a
year from first release, but nonessential bugfixes and feature
development happen will be made on the development trunk and appear in
the next quarterly release.
Those wishing to use the latest code instead of a branch release can
obtain it from source control:
http://www.mediawiki.org/wiki/Download_from_SVN
Full release notes:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_10_0RC1/phase3/RELEASE…
Download:
http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.0rc1.tar.gz
PGP signature:
http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.0rc1.tar.gz.sig
MD5 checksum:
5dc4d3910c2e2f06ae341fcf56e63a81 mediawiki-1.10.0rc1.tar.gz
SHA-1 checksum:
b7821187cccf89bc20250ddbcad0782fadd8336b mediawiki-1.10.0rc1.tar.gz
Before asking for help, try the FAQ:
http://www.mediawiki.org/wiki/Manual:FAQ
Low-traffic release announcements mailing list:
(Please subscribe to receive announcements of security updates.)
http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGNn0/wRnhpk1wk44RAjLcAJ9liFXx3qrRZztaw10963PlApgKFACgnFE4
Ct7zY86JF7x+DMgheLj/3l0=
=0DHU
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
February 20, 2007
MediaWiki 1.9.3 is a security and bug-fix update to the Winter 2007
quarterly release. Minor compatibility fixes for IIS and PostgreSQL are
included.
An XSS injection vulnerability based on Microsoft Internet Explorer's
UTF-7 charset autodetection was located in the AJAX support module,
affecting MSIE users on MediaWiki 1.6.x and up when the optional setting
$wgUseAjax is enabled.
If you are using an extension based on the optional Ajax module,
either disable it or upgrade to a version containing the fix:
* 1.9: fixed in 1.9.3
* 1.8: fixed in 1.8.4
* 1.7: fixed in 1.7.3
* 1.6: fixed in 1.6.10
There is no known danger in the default configuration, with $wgUseAjax off.
* (bug 8992) Fix a remaining raw use of REQUEST_URI in history
* (bug 8984) Fix a database error in Special:Recentchangeslinked
when using the PostgreSQL database.
* Add 'charset' to Content-Type headers on various HTTP error responses
to forestall additional UTF-7-autodetect XSS issues. PHP sends only
'text/html' by default when the script didn't specify more details,
which some inconsiderate browsers consider a license to autodetect
the deadly, hard-to-escape UTF-7.
This fixes an issue with the Ajax interface error message on MSIE
when $wgUseAjax is enabled (not default configuration); this UTF-7
variant on a previously fixed attack vector was discovered by Moshe BA
from BugSec: http://www.bugsec.com/articles.php?Security=24
* Trackback responses now specify XML content type
Full release notes:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_3/phase3/RELEASE-NOT…
Download:
http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.3.tar.gz
Patch against 1.9.2:
http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.3.patch
Downloads, checksums, and GPG signatures for all versions:
http://download.wikimedia.org/mediawiki/1.9/http://download.wikimedia.org/mediawiki/1.8/http://download.wikimedia.org/mediawiki/1.7/http://download.wikimedia.org/mediawiki/1.6/
Before asking for help, try the FAQ:
http://www.mediawiki.org/wiki/Manual:FAQ
Low-traffic release announcements mailing list:
(Please subscribe to receive announcements of security updates.)
http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF27NDwRnhpk1wk44RAhmmAKCVZNGTidpNmCJUwUs5JA1CIJL3OwCfUsxy
uny25mn0vihjgNoDxl2ZDiw=
=bvTp
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
January 24, 2007
This is a bug-fix update that fixes some installation and upgrade issues
with the original 1.9.0 release.
* (bug 3000) Fall back to SCRIPT_NAME plus QUERY_STRING when REQUEST_URI
is not available, as on IIS with PHP-CGI
* Security fix for DjVu images. (Only affects servers where .djvu file
uploads are enabled and $wgDjvuToXML is set.)
* (bug 8638) Fix update from 1.4 and earlier
* (bug 8641) Fix order of updates to ipblocks table for updates from <=1.7
* (bug 8673) Minor fix for web service API content-type header
* Fix API revision list on PHP 5.2.1; bad reference assignment
* Fixed up the AjaxSearch
* Exclude settings files when generating documentation. That could
expose the database user and password to remote users.
* ar: fix the 'create a new page' on search page when no exact match found
* Correct tooltip accesskey hint for Opera on the Macintosh (uses
Shift-Esc-, not Ctrl-).
* (bug 8719) Firefox release notes lie! Fix tooltips for Firefox 2 on
x11; accesskeys default settings appear to be same as Windows.
Full release notes:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_1/phase3/RELEASE-NOT…
Download:
http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.1.tar.gzhttp://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.1.patch
MD5 checksum:
89f77d8f39fbefa4325e0fe4d06746c7 mediawiki-1.9.1.tar.gz
e9e3785068f9edc6169c4215bc65eff0 mediawiki-1.9.1.patch
SHA-1 checksum:
11418c10ac59c044ece1cc0dd20a32c74b96ec86 mediawiki-1.9.1.tar.gz
6eaf11390c1aaea87ff48d798f7fe564a341f249 mediawiki-1.9.1.patch
PGP signatures:
http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.1.tar.gz.sighttp://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.1.patch.sig
Before asking for help, try the FAQ:
http://www.mediawiki.org/wiki/Manual:FAQ
Low-traffic release announcements mailing list:
(Please subscribe to receive announcements of security updates.)
http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFtyKJwRnhpk1wk44RAmIQAJsH/xB/lV+/gFHAbhEVWsXv1yoMLgCfWChB
r3LSI7FwfucNJ4qOliFJ8QA=
=rKzE
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
January 10, 2007
MediaWiki 1.9.0 is the quarterly release snapshot for Winter 2007. While
the code has been running on Wikipedia for some time, installation and
upgrade bits may be less well tested. Bug fix releases may follow in the
coming days or weeks.
MediaWiki is now using a "continuous integration" development model with
quarterly snapshot releases. The latest development code is always kept
"ready to run", and in fact runs our own sites on Wikipedia.
Release branches will continue to receive security updates for about a
year from first release, but nonessential bugfixes and feature
development happen will be made on the development trunk and appear in
the next quarterly release.
Those wishing to use the latest code instead of a branch release can
obtain it from source control:
http://www.mediawiki.org/wiki/Download_from_SVN
1.9 includes a number of compatibility fixes since 1.8 as well as many
bug fixes and some new features, so all users who can run PHP 5 are
strongly encouraged to upgrade.
There are no changes from 1.9.0rc2 to 1.9.0 final except the version number.
Full release notes:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0/phase3/RELEASE-NOT…
Download:
http://sourceforge.net/project/showfiles.php?group_id=34373
MD5 checksums:
cb58560858e2b85ac7b94097ad3e4531 mediawiki-1.9.0.tar.gz
SHA-1 checksums:
c60e212ae5c02501405d91014db6c53499fafa39 mediawiki-1.9.0.tar.gz
Before asking for help, try the FAQ:
http://www.mediawiki.org/wiki/Manual:FAQ
Low-traffic release announcements mailing list:
(Please subscribe to receive announcements of security updates.)
http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFpVY9wRnhpk1wk44RAuaLAKDZMiz0XUxIEUdbB6/b90ETuPDKZgCcDM50
N2xH6gBQ5AW5ncvhvRRitGk=
=Uomr
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've made a snapshot release candidate from 1.9 branch; this is a chance
to get a few more possible installation/upgrade regressions tested and
fixed.
A more widely announced 'final' 1.9.0 release will come after another
day or two.
Full release notes:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC1/phase3/RELEASE-…
Download from:
http://sourceforge.net/project/showfiles.php?group_id=34373&package_id=93103
MD5 checksum: 55eb83d15a95db85ed002aace93a18d9
SHA-1 checksum: 1ee7d5ddc5b356288f7bdaa9b5800cb89a461216
- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFov17wRnhpk1wk44RAm0NAJ9cCdwCyI05uxYzub91uU19NYEu8ACfWSsB
1vXMvKj5Q3Hhb6h0gLphWWA=
=fhhJ
-----END PGP SIGNATURE-----