-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.5.1 is a bugfix and security maintenance release, and is a
recommended upgrade for all installations.
This release includes further corrections to the inline CSS style
sanitation which works around a JavaScript "feature" on Microsoft
Internet Explorer. Users of Microsoft Internet Explorer for Windows may
be vulnerable to XSS injections on prior versions; users of
standards-compliant browsers are not vulnerable.
Major fixes include:
* Image pages work again with resizing disabled
* Works in MySQL 5.0 strict mode
There is experimental support in this release for explicitly declaring
the UTF-8 charset in the database; this has been tested with MySQL
5.0.15 but should work on 4.1 as well.
IMPORTANT: Changing this setting on an existing wiki may produce
interesting data corruption, depending on server configuration. Page
contents should, usually, be unaffected, but page titles and other items
may be. Limitations in MySQL's Unicode support mean that characters
outside the BMP cannot be used in page titles or various other fields
when using this mode.
Table definitions are in maintenance/mysql5/tables.sql, and the runtime
option to send 'SET NAMES utf8' is set by $wgDBmysql5 = true.
(MySQL 3.23.x and 4.0.x do not support character set declarations; on
these versions MediaWiki simply works with UTF-8 data and MySQL is
blissfully unaware of it.)
Release notes:
http://sourceforge.net/project/shownotes.php?release_id=366110
Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5.1.tar.gz?download
MD5 checksum: f2030d3302a899f4e4f2e6d9f3842067
SHA-1 checksum: ff4c843f132ca54ef85b2a15fb42498a54f0ae33
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDX2C5wRnhpk1wk44RAjcFAKCreSnX6H9AlrTJPYAqW9cOcejTQgCgoqk3
k+lb4bVzuxytsf1Xvgv8z3E=
=flUz
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.5.0 is the new stable release branch of MediaWiki, and is
recommended for all new installations.
See the release notes (link below) for details of new features and
requirements.
Any wikis running a 1.5 beta or release candidate are strongly
recommended to upgrade to the final release, which includes a number of
bug fixes and a security fix for CSS bugs in Microsoft Internet Explorer.
IMPORTANT: Running a 1.3 or 1.4 wiki and don't want to jump to 1.5 yet?
Be sure to upgrade to 1.3.17 or 1.4.11, also released today. Versions
prior to 1.3.16 and 1.4.10 have a serious data corruption bug which is
triggered by a spambot known to operate in the wild.
Release notes:
http://sourceforge.net/project/shownotes.php?release_id=361506
Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5.0.tar.gz?download
MD5 checksum:
b431e82ee5fd0d619d17cb2d417387c3 mediawiki-1.5.0.tar.gz
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDRKyrwRnhpk1wk44RAjBhAKCwMKBNBviPZL/8h5/qgAm1WPKJUgCfcbBj
aTFHYRsaDB04lX5zs9R9CGI=
=M4I7
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.4.10 and 1.3.16 are security maintenance releases. A bug in
edit submission handling could cause corruption of the previous revision
in the database if an abnormal URL was used, such as those used by some
spambots.
Affected releases:
* 1.4.x <= 1.4.9; fixed in 1.4.10
* 1.3.x <= 1.3.15; fixed in 1.3.16
1.5 release candidates are not affected by this problem.
All publicly editable wikis are strongly recommended to upgrade
immediately. 1.4 releases can be manually patched by changing this bit
in EditPage.php:
~ function importFormData( &$request ) {
~ if( $request->wasPosted() ) {
to:
~ function importFormData( &$request ) {
~ if( $request->getVal( 'action' ) == 'submit' &&
~ $request->wasPosted() ) {
1.3 releases can be manually patched by changing this bit in EditPage.php:
~ if( $this->tokenOk( $request ) ) {
~ $this->save = $request->wasPosted() && !$this->preview;
~ } else {
to:
~ if( $this->tokenOk( $request ) ) {
~ $this->save = $request->getVal( 'action' ) == 'submit' &&
~ $request->wasPosted() && !$this->preview;
~ } else {
Release notes:
http://sourceforge.net/project/shownotes.php?release_id=358163http://sourceforge.net/project/shownotes.php?release_id=358162
Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.10.tar.gz?downlo…http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.3.16.tar.gz?downlo…
MD5 checksum:
mediawiki-1.4.10.tar.gz 2376f043109066d19830d05b6682c64b
mediawiki-1.3.16.tar.gz 7dae5d937c6803d970e803ddece750dc
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDMbnuwRnhpk1wk44RAhV5AJ4/1UljYlTQ6paaSkdX/Bkz8Kw6hACfVDuq
Imq2VMNjyi2TRyziRRa3O0Q=
=0YtO
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.5rc1 is a preview release of the new 1.5 release series.
Numerous bug fixes since last beta, plus a security fix; see change
log in the release notes for full details.
A flaw in the interaction between extensions and HTML attribute
sanitization was discovered which could allow unauthorized use
of offsite resources in style sheets, and possible exploitation
of a JavaScript injection feature on Microsoft Internet Explorer.
This version expands the returned text and properly checks it
before output.
MediaWiki 1.4.8 is a bug fix and security maintenance release. It fixes
the above bug, plus an update to skins/MonoBook.php ensures that sites
using the default MonoBook skin will display correctly in the Internet
Explorer 7 beta. (1.3 and 1.5 are not affected by this display problem.)
MediaWiki 1.3.14 is a security maintenance release.
The 1.3.x series is no longer maintained except for security fixes;
new users and those seeking bug fixes should upgrade to 1.4.8 or 1.5rc1.
Existing 1.3.x installations not willing to upgrade to the current
stable relase should apply the change manually; details are in the
release notes.
If you are actively using extensions to generate HTML attribute values,
upgrade to 1.4 or 1.5 for a full fix; 1.3.14 simply disables any attempt
to use such.
Release notes:
1.5rc1: http://sourceforge.net/project/shownotes.php?release_id=351260
1.4.8: http://sourceforge.net/project/shownotes.php?release_id=351258
1.3.14: http://sourceforge.net/project/shownotes.php?release_id=351257
Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5rc1.tar.gz?downlo…http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.8.tar.gz?downloadhttp://prdownloads.sourceforge.net/wikipedia/mediawiki-1.3.14.tar.gz?downlo…
MD5 checksums:
mediawiki-1.5rc1.tar.gz f8b61f0cdac4ed8a7ed7aecf02d3bc78
mediawiki-1.4.8.tar.gz 69112673e0599049dc962d4c904feb6b
mediawiki-1.3.14.tar.gz 2d65015aff380620434e381a4d60b57a
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDC6prwRnhpk1wk44RAr3YAJ9Aqw7b3cQ6COpMvixX5ty1NEEJRACgi0rK
c5kgvf2tc/DMeMkFtI8TZqQ=
=oHMy
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.5 beta 4 is a preview release of the new 1.5 release series.
== Changes since 1.5beta3 ==
* Fix talk page move handling
* (bug 2721) New language file for Vietnamese with the Vietnamese
~ number notation
* (bug 2749) would appear as a literal in image galleries
~ for Cs, Fr, Fur, Pl and Sv
* (bug 787) external links being rendered when they only have one slash
* Fixed a missing typecast in Language::dateFormat() that would cause
~ some interesting errors with signitures.
* (bug 2764) Number format for Nds
* (bug 1553) Stop forcing lowercase in Monobook skin for German
~ language.
* (bug 1064) Implements Special:Unusedcategories
* (bug 2311) New language file for Macedonian
* Fix nohistory message on empty page history
* Fix fatal error in history when validation on
* Cleaned up email notification message formatting
* Finally fixed Special:Disambiguations that was broke since SCHEMA_WORK
* (bug 2761) fix capitalization of "i" in Turkish
* (bug 2789) memcached image metadata now cleared after deletion
* Add serialized version number to image metadata cache records
* (bug 2780) Fix thumbnail generation with GD for new image schema
* (bug 2791) Slovene numeric format
* (bug 655) Provide empty search form when searching for nothing
* Nynorsk numeric format fix
* (bug 2825) Fix regression in newtalk notifications for anons w/
~ enotif off
* (bug 2833) Fix bug in previous fix
* With $wgCapitalLinks off, accept off-by-first-letter-case in 'go'
~ match
* Optional parameters for [[Special:Listusers]]
* (bug 2832) [[Special:Listadmins]] redirects to
~ [[Special:Listusers/sysop]]
* (bug 785) Parser did not get out of <pre> with list elements
* Some shared upload fixes
* (bug 2768) section=new on nonexistent talk page does not add heading
* support preload= parameter for section=new
* show comment subject in preview when using section=new
* use comment form when creating a new talk page
* (bug 460) Properly handle <center> tags as a block.
* Undo inconsistent editing behavior change
* (bug 2835) Back out fix for bug 2802, caused regressions in category
~ sort
* PHP 4.1.2 compatibility fix: define floatval() equivalent if missing
* (bug 2901) Number format for Catalan
* Special:Allpages performance hacks: index memcached caching, removed
~ inverse checkbox, use friendlier relative offsets in index build
* Bring back "Chick" skin for mobile devices. It needs testing.
* Fix spelling of $wgForwardSearchUrl in DefaultSettings.php
* Specify USE INDEX on Allpages chunk queries, sometimes gets lost
~ due to bogus optimization
* (bug 275) Section duplication fix
* Remove unused use of undefined variable in UserMailer
* Fix notice on search index update due to non-array
* (bug 2885) Fix fatal errors and notices in PHP 5.1.0beta3
* (bug 2931) Fix additional notices on reference use in PHP 4.4.0
* (bug 2774) Add three new $wgHooks to LogPage which enable extensions
~ to add their own logtypes, see
~ extensions/Renameuser/SpecialRenameuser.php for an example of this.
* (bug 740) Messages from extensions now appear in Special:Allmessages
* (bug 2857) fixed parsing of lists in <pre> sections
* (bug 796) Trackback support
* Fix 1.5 regression: weird, backwards diff links on new pages in
~ enhanced RC are now suppressed as before.
* New skin: Simple
* "uselang" and "useskin" URL parameters can now be used in the URL when
~ viewing a page, to change the language and skin of a page
~ respectively.
* Skins can now be previewed in preferences
* (bug 2943) AuthPlugin::getCanonicalName() name canonicalization hook,
~ patch from robla
* Wrap revision insert & page update in a transaction, rollback on late
~ edit conflict.
* (bug 2953) 'other' didn't work in Special:Blockip when localized
* (bug 2958) Rollback and delete auto-summary should be in the project's
~ content language
* Removed useless protectreason message
* Spelling fix: $wgUrlProtcols -> $wgUrlProtocols
* Switch Moldovan local name to cyrillic
* Fix typo in undefined array index access prevention
* (bug 2947) Update namespaces for sr localization
* (bug 2952) Added Asturian language file with translated namespaces
* (bug 2676) Apply a protective transformation on editing input/output
~ for browsers that hit the Unicode blacklist. Patch by plugwash.
* (bug 2999) Fix encoding conversion of pl_title in upgrade1_5.php
* compressOld.php disabled, as it's known to be broken.
Release notes:
http://sourceforge.net/project/shownotes.php?release_id=345894
Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5beta4.tar.gz?down…
MD5 checksum: 3cc4509799b6fbc8bf877db74468fbae
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFC6+8AwRnhpk1wk44RAliwAJ97KnmmttOhioWRohUiM1S8hi+OQACgnN2T
b7+i4SqzGjmYX6yuOnm+PdA=
=Ddgb
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.4.7 is a bug fix release. Those affected by the following
problems in 1.4.6 should upgrade:
* Watchlist breakage on MySQL 3.23.x and with table prefix enabled
* Possible breakage in watchlist, some image resizing modes on PHP 4.1.2
1.4.6 included a fix for a cross-site scripting vulnerability, so anyone
running older 1.4 releases is very strongly encouraged to upgrade as well.
Note to upgraders: current versions of MediaWiki are known to produce a
large number of notice-level warnings under the newly released PHP
4.4.0. These appear however to be harmless; if you encounter them add
this to your LocalSettings.php to suppress the notices:
~ error_reporting( E_ALL & ~E_NOTICE );
PHP 5.1.0beta3 is known to be incompatible at this time.
Release notes:
http://sourceforge.net/project/shownotes.php?release_id=342530
Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.7.tar.gz?download
MD5 checksum: 2ec40b5e53ad1eb762e39b502da247f9
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFC2LOOwRnhpk1wk44RArjSAKDRirQTGGP+rTLUNBV0oADWWlKXIQCeNMvA
8l4eHtMEWFRWees5tbls0uA=
=WGQc
-----END PGP SIGNATURE-----