MediaWiki-announce

mediawiki-announce@lists.wikimedia.org

1 participants
334 discussions

MediaWiki 1.4.2 and 1.3.12 released
by Brion Vibber 20 Apr '05

20 Apr '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki 1.4.2 is a security and bug fix release for the 1.4 stable release series. A cross-site scripting injection vulnerability was discovered, which affects only MSIE clients and is only open if MediaWiki has been manually configured to run output through HTML Tidy ($wgUseTidy). Several other bugs are fixed in this release. All new installations are highly recommended to use 1.4.2 instead of 1.3.x; existing 1.3.x users should consider upgrading for bug fixes and new features. A 1.3.12 maintenance release is available with the Tidy fix; the relevant change is in includes/Parser.php. === Changes from 1.4.1 to 1.4.2 === * Fix math options in Finnish localization * Use in-process Tidy extension if available when $wgUseTidy is on * (bug 1933) Fix PATH_INFO usage under IIS with PHP ISAPI module * (bug 1188) <nowiki> in {{subst:}} includes fixed * (bug 1936)  in {{subst:}} includes fixed * Fix a potential MSIE JavaScript injection vector in Tidy mode Release notes for 1.4.2: http://sourceforge.net/project/shownotes.php?release_id=322146 Download: http://prdownloads.sf.net/wikipedia/mediawiki-1.4.2.tar.gz?download http://prdownloads.sf.net/wikipedia/mediawiki-1.3.12.tar.gz?download Before asking for help, try the FAQ: http://meta.wikimedia.org/wiki/MediaWiki_FAQ Low-traffic release announcements mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l Bug report system: http://bugzilla.wikipedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- brion vibber (brion @ pobox.com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCZxJewRnhpk1wk44RAj0EAKCKfIGUwsFpSZySXIUFLvqIpXGavgCeIFrN dEbjqvbZHQBzvfg/+WixDL4= =5TdO -----END PGP SIGNATURE-----

1 0

MediaWiki 1.4.1 released
by Brion Vibber 17 Apr '05

17 Apr '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki 1.4.1 is a bug fix release for the 1.4 stable release series. All new installations are highly recommended to use 1.4.1 instead of 1.3.x; 1.3.x users should consider upgrading for bug fixes and new features. 1.4.0 and 1.4 beta or release candidate users should upgrade to this release for relevant bug fixes; see the changelog. === Changes since 1.4.0 === * (bug 1720) fix genitive month names for uk * (bug 1704) fixed untranslateable string in Special:Log * (bug 1638) Added Belrusian language file * (bug 1736) typo in SpecialValidate.php * (bug 73) Upload doesn't run edit updates on description page (links, ~ search index and categories) * (bug 646) <math> fails to recognize \ll and \gg * (bug 926) \div element from TeX not supported in <math> element * (bug 1147) add \checkmark to whitelist in texutil.ml * (bug 937) \limits function from LaTeX not supported in <math> element * Support for manually converting article title to different Chinese ~ variants (for zh) * (bug 1488, bug 1744) Fix encoding for preferences, dates in Latin-1 ~ mode * (bug 1042) Fix UTF-8 case conversion for PHP <4.3 with mbstring ~ extension * Fix code typo that broke article credits display * Installation fixes for running under IIS * (bug 1556) login page tab order. "remember" checkbox now come after ~ password. * SQL debug log fixlets * (bug 1815) Fix namespace in old revision display with mismatched title * (bug 1788) Fix link duplication when edit/upload comment includes ~ newlines * Change default on $wgSysopUserBans and $wgSysopRangeBans to true * Fix link conversion for URL request * (bug 1851) Updated download URL for the SCIM packages used by zhtable * (bug 1853) Try stripping quotes from term for 'go' title match * Fix missing function in Latin1 mode * (bug 1860) Anchors of interwiki links did not get normalized * (bug 1847) accept lowercase x in ISBN, do not accept invalid A-W,Y,Z * Fix link conversion for URL request, hopefully without breaking the ~ wiki * (bug 1849) New option allows to consider categorized images as used on ~ Special:Unusedimages * Localized category namespace for ka (Georgian) * (bug 1107) Work around includes problem in installer when parent dir ~ is not readable by the web server Release notes: http://sourceforge.net/project/shownotes.php?release_id=321333 Download: http://prdownloads.sf.net/wikipedia/mediawiki-1.4.1.tar.gz?download Before asking for help, try the FAQ: http://meta.wikimedia.org/wiki/MediaWiki_FAQ Low-traffic release announcements mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l Bug report system: http://bugzilla.wikipedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- brion vibber (brion @ pobox.com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCYvS3wRnhpk1wk44RAuuWAJ0UTCcqhySiixX9wqPC3UoSgr7GZgCePGWm s+JFQI56cB10geYUWZqvc4w= =i3qQ -----END PGP SIGNATURE-----

1 0

MediaWiki 1.4.0 released
by Brion Vibber 20 Mar '05

20 Mar '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki 1.4.0 is the first official stable release in the 1.4 series. All new installations are highly recommended to use 1.4.0 instead of 1.3.x; 1.3.x users should consider upgrading for bug fixes and new features. 1.4 beta or release candidate users should upgrade to this release. See the release notes (link below) for a fuller list of changes from the previous 1.3.x series and installation notes. Changes since 1.4rc1: * (bug 65) Fix broken interwiki link encoding on Latin-1 wikis; ~ force to UTF-8 * (bug 563) Fix UTF-8 interwiki URL redirects via Latin-1 wikis * (bug 1536) Fix page info * Support os (Ossetic) as language code, using Russian localization base * (bug 1610) Support non (Old Norse) as language code, using Icelandic ~ localization base * (bug 1618) Properly list custom namespaces in Special:Allpages * (bug 1622) Remove trailing' >' when using category browser * (bug 1570) Fix php 4.2.x error on conflict merging * (bug 1585) Fix page title on post-login redirection page * Run UTF-8 validation on old text in Recentchanges RSS diffs * (bug 1642) fix a mime type typo in img_auth.php * Automated interwiki redirects only for local interwikis * Respect read-only mode on block removals * Trim old illegal characters from syndication feeds * Reduce message cache outage recovery delay from 1 day to 5 minutes * (bug 1403) Update Finnish localization * (bug 1478) Punjabi localization * (bug 1667) Update script 5 second countdown. * (bug 1057) Fix logging table encoding (error on MySQL 4.1) * (bug 1680) Fix linktrail for fo * (bug 1653) Removing hardcoded messages in Special:Allmessages * (bug 1594) Render a hyphen in a formula as − in HTML * (bug 1495) Fall back to default language MediaWiki: for custom ~ messages * (bug 1617) Show different error messages for "user does not ~ exist" and "wrong password" when using AuthPlugin * (bug 1532), (bug 1544) Changed language names for ~ 'bn', 'bo', 'dv', 'dz', 'ht', 'ii', 'li', 'lo', 'ng', 'or', 'pa', ~ 'si', 'ti', 've' * Fix editing on non-Esperanto wiki with user language pref set to ~ Esperanto * Make conversion table for zh-sg default to zh-cn, and zh-hk ~ default to zh-tw * Fix PHP notice in MonoBook when counters disabled * (bug 1696) Update namespaces, dates in uk localization * (bug 551) Installer warns about magic_quotes_runtime and ~ magic_quotes_sybase instead of trying to install with corrupt ~ table files * Installer no longer tries to move non-default MediaWiki: pages ~ into Template: * User-to-user email disabled by default ($wgEnableUserEmail) Release notes: http://sourceforge.net/project/shownotes.php?release_id=314389 Download: http://prdownloads.sf.net/wikipedia/mediawiki-1.4.0.tar.gz?download Low-traffic release announcements mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l Bug report system: http://bugzilla.wikipedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- brion vibber (brion @ pobox.com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCPkvUwRnhpk1wk44RAgyEAJ9MK0EHelAD2pnSOXaDH5rsQNCsuACgm4ya ynEocb9E0RH1LGHfdCAxcOQ= =D5gr -----END PGP SIGNATURE-----

1 0

MediaWiki 1.4rc1 released [SECURITY]
by Brion Vibber 21 Feb '05

21 Feb '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki 1.4rc1 is a security and bug fix release for the 1.4 beta series. == Important security updates == A security audit found and fixed a number of problems. Users of MediaWiki 1.3.10 and earlier should upgrade to 1.3.11; users of 1.4 beta releases should upgrade to 1.4rc1. === Cross-site scripting vulnerability === XSS injection points can be used to hijack session and authentication cookies as well as more serious attacks. * Media: links output raw text into an attribute value, potentially ~ abusable for JavaScript injection. This has been corrected. * Additional checks added to file upload to protect against MSIE and ~ Safari MIME-type autodetection bugs. As of 1.3.10/1.4beta6, per-user customized CSS and JavaScript is disabled by default as a general precaution. Sites which want this ability may set $wgAllowUserCss and $wgAllowUserJs in LocalSettings.php. === Cross-site request forgery === An attacker could use JavaScript-submitted forms to perform various restricted actions by tricking an authenticated user into visiting a malicious web page. A fix for page editing in 1.3.10/1.4beta6 has been expanded in this release to other forms and functions. Authors of bot tools may need to update their code to include the additional fields. === Directory traversal === An unchecked parameter in image deletion could allow an authenticated administrator to delete arbitary files in directories writable by the web server, and confirm existence of files not deletable. == Changes since 1.4beta6 == * Fix notice error on nonexistent template in wikitext system message * (bug 1469) add missing <ul> tags on Special:Log * (bug 1470) remove extra <ul> tags from Danish log messages * Fix notice on purge w/ squid mode off * (bug 1477) hide details of SQL error messages by default ~ Set $wgShowSQLErrors = true for debugging. * (bug 1430) Don't check for template data when editing page that doesn't exist * Recentchanges table purging fixed when using table prefix * (bug 1431) Avoid redundant objectcache garbage collection * (bug 1474) Switch to better-cached index for statistics page count * Run Unicode normalization on all input fields * Fix translation for allpagesformtext2 in LanguageZh_cn and LanguageZh_tw * Block image revert without valid login * (bug 1446) stub Bambara (bm) language file using French messages * (bug 1432) Update Estonian localization * (bug 1471) unclosed <p> tag in Danish messages * convertLinks script fixes * Corrections to template loop detection * XHTML encoding fix for usernames containing & in Special:Emailuser * (for zh) Search for variant links even when conversion is turned off, ~ to help prevent duplicate articles. * Disallow ISO 8859-1 C1 characters and "no-break space" in user names ~ on Latin-1 wikis. * Correct the name of the main page it LanguageIt * Allow Special:Makesysop to work for usernames containing SQL special ~ characters. * Fix annoying blue line in Safari on scaled-down images on description page * Increase upload sanity checks * Fix XSS bug in Media: links * Add cross-site form submission protection to various actions * Fix fatal error on some dubious page titles * Stub threshold displays correctly again Release notes: http://sourceforge.net/project/shownotes.php?release_id=307068 Download: http://prdownloads.sf.net/wikipedia/mediawiki-1.4rc1.tar.gz?download Low-traffic release announcements mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l Bug report system: http://bugzilla.wikipedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- brion vibber (brion @ pobox.com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCGYICwRnhpk1wk44RAp4SAJ9tUo4wzkeAwe7uJ3tQbKI2ZBYNXwCgyK1a T6y4UfuG7ejvIOzyiOGq85Q= =idOV -----END PGP SIGNATURE-----

1 0

MediaWiki 1.3.11 released [SECURITY]
by Brion Vibber 21 Feb '05

21 Feb '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki 1.3.11 is a security release. == Important security updates == A security audit found and fixed a number of problems. Users of MediaWiki 1.3.10 and earlier should upgrade to 1.3.11; users of 1.4 beta releases should upgrade to 1.4rc1. === Cross-site scripting vulnerability === XSS injection points can be used to hijack session and authentication cookies as well as more serious attacks. * Media: links output raw text into an attribute value, potentially ~ abusable for JavaScript injection. This has been corrected. * Additional checks added to file upload to protect against MSIE and ~ Safari MIME-type autodetection bugs. As of 1.3.10/1.4beta6, per-user customized CSS and JavaScript is disabled by default as a general precaution. Sites which want this ability may set $wgAllowUserCss and $wgAllowUserJs in LocalSettings.php. === Cross-site request forgery === An attacker could use JavaScript-submitted forms to perform various restricted actions by tricking an authenticated user into visiting a malicious web page. A fix for page editing in 1.3.10/1.4beta6 has been expanded in this release to other forms and functions. Authors of bot tools may need to update their code to include the additional fields. === Directory traversal === An unchecked parameter in image deletion could allow an authenticated administrator to delete arbitary files in directories writable by the web server, and confirm existence of files not deletable. Release notes: http://sourceforge.net/project/shownotes.php?release_id=307067 Download: http://prdownloads.sf.net/wikipedia/mediawiki-1.3.11.tar.gz?download Low-traffic release announcements mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l Bug report system: http://bugzilla.wikipedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- brion vibber (brion @ pobox.com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCGYHOwRnhpk1wk44RAhlzAKDSk3J8cRhBxD/arNc84uaLqeKAtgCfcJ2m VRX58OZ0qf0b1dqhmfMFFe4= =oYqv -----END PGP SIGNATURE-----

1 0

MediaWiki 1.4beta6 released (SECURITY)
by Brion Vibber 04 Feb '05

04 Feb '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki 1.4beta6 is a security and bug fix release for the 1.4 beta series. In previous 1.4beta and 1.3.x releases an attacker could craft a URL which, when visited by a particular logged-in user, would execute arbitrary JavaScript code on the user's browser in the wiki's site context. This attack has been blocked, and as an extra precaution the user CSS and JavaScript subpage support is now disabled by default. Sites which want this ability may set $wgAllowUserCss and $wgAllowUserJs in LocalSettings.php. Additional protections have been added against off-site form submissions hijacking user credentials. Authors of bot tools may need to update their code to include additional fields. 1.3.x users not using the 1.4 beta should upgrade to 1.3.10. Note that 1.4 beta releases prior to beta 5 include an input validation error which could lead to execution of arbitrary PHP code on the server. Users of older betas should upgrade immediately to the current version. Beta 6 also introduces the use of rel="nofollow" attributes on external links in wiki pages to reduce the effectiveness of wiki spam. This will cause participating search engines to ignore external URL links from wiki pages for purposes of page relevancy ranking. The current implementation adds this attribute to _all_ external URL links in wiki text (but not internal [[wiki links]] or interwiki links). To disable the attribute for _all_ external links, add this line to your LocalSettings.php: ~ $wgNoFollowLinks = false For background information on nofollow see: ~ http://www.google.com/googleblog/2005/01/preventing-comment-spam.html === Changes since beta 5 === * (bug 1335) implement 'tooltip-watch' in Language.php * Fix linktrail for nn: language * (bug 1214) Fix prev/next links in Special:Log * (bug 1354) Fix linktrail for fo: language * (bug 512) Reload generated CSS on preference change * (bug 63) Fix displaying as if logged in after logout * Set default MediaWiki:Sitenotice to '-', avoiding extra database hits * Skip message cache initialization on raw page view (quick hack) * Fix notice errors in wfDebugDieBacktrace() in XML callbacks * Suppress notice error on bogus timestamp input (returns epoch as before) * Remove unnecessary initialization and double-caching of parser variables * Call-tree output mode for profiling * (bug 730) configurable $wgRCMaxAge; don't try to update purged RC entries * Add $wgNoFollowLinks option to add rel="nofollow" on external links ~ (on by default) * (bug 1130) Show actual title when moving page instead of encoded one. * (bug 925) Fix headings containing <math> * (bug 1131) Fix headings containing interwiki links * (bug 1380) Update Nynorsk language file * (bug 1232) Fix sorting of cached Special:Wantedpages in miser mode * (bug 1217) Image within an image caption broke rendering * (bug 1384) Make patrol signs have the same width for page moves as for edits * (bug 1364) fix "clean up whitespace" in Title:SecureAndSplit * (bug 1389) i18n for proxyblocker message * Add fur/Furlan/Friulian to language names list * Add TitleMoveComplete hook on page renames * Allow simple comments for each translation rules in MW:Zhconversiontable * (bug 1402) Make link color of tab subject page link on talk page indicate whether article exists * (bug 1368) Fix SQL error on stopword/short word search w/ MySQL 3.x * Translated Hebrew namespace names * (bug 1429) Stop double-escaping of block comments; fix formatting * (bug 829) Fix URL-escaping on block success * (bug 1228) Fix double-escaping on & sequences in [enclosed] URLs * (bug 1435) Fixed many CSS errors * (bug 1457) Fix XHTML validation on category column list * (bug 1458) Don't save if edit form submission is incomplete * Logged-in edits and preview of user CSS/JS are now locked to a session token. * Per-user CSS and JavaScript subpage customizations now disabled by default. ~ They can be re-enabled via $wgAllowUserJs and $wgAllowUserCss. * Removed .ogg from the default uploads whitelist as an extra precaution. ~ If your web server is configured to serve Ogg files with the correct ~ Content-Type header, you can re-add it in LocalSettings.php: ~ $wgFileExtensions[] = 'ogg'; Release notes: http://sourceforge.net/project/shownotes.php?release_id=302312 Download: http://prdownloads.sf.net/wikipedia/mediawiki-1.4beta6.tar.gz?download Low-traffic release announcements mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l Bug report system: http://bugzilla.wikipedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- brion vibber (brion @ pobox.com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCAyhRwRnhpk1wk44RAnIUAKDdqRHUZeEM8g9+qazg+9yxtLpMogCgxNGb 0cawqMHSyQSVbc7CFav4hMg= =qmq7 -----END PGP SIGNATURE-----

1 0

MediaWiki 1.3.10 released (SECURITY)
by Brion Vibber 04 Feb '05

04 Feb '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki 1.3.10 is a security release. In earlier 1.3.x releases an attacker could craft a URL which, when visited by a particular logged-in user, would execute arbitrary JavaScript code on the user's browser in the wiki's site context. This attack has been blocked, and as an extra precaution the user CSS and JavaScript subpage support is now disabled by default. Sites which want this ability may set $wgAllowUserCss and $wgAllowUserJs in LocalSettings.php. Additional protections have been added against off-site form submissions hijacking user credentials. Authors of bot tools may need to update their code to include additional fields. All wikis running 1.3.x are strongly urged to upgrade to 1.3.10. === Changes from 1.3.9 === * Logged-in edits and preview of user CSS/JS are now locked to a session token. * Per-user CSS and JavaScript subpage customizations now disabled by default. They can be re-enabled via $wgAllowUserJs and $wgAllowUserCss. * Removed .ogg from the default uploads whitelist as an extra precaution. If your web server is configured to serve Ogg files with the correct Content-Type header, you can re-add it in LocalSettings.php: ~ $wgFileExtensions[] = 'ogg'; Release notes: http://sourceforge.net/project/shownotes.php?release_id=302313 Download: http://prdownloads.sf.net/wikipedia/mediawiki-1.3.10.tar.gz?download Low-traffic release announcements mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l Bug report system: http://bugzilla.wikipedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- brion vibber (brion @ pobox.com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCAyTSwRnhpk1wk44RAtX7AJkBo1tLdta5ooHjg02ZVdnGpyoQKQCgsG1K 8j2DYMGGs3LbysjOrLCvudA= =eAx7 -----END PGP SIGNATURE-----

1 0

MediaWiki 1.4beta5 released (SECURITY)
by Brion Vibber 17 Jan '05

17 Jan '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki 1.4beta5 is a security and bug fix release for the 1.4 beta series. Previous MediaWiki 1.4 beta releases include an input validation error which could lead to execution of arbitrary PHP code on the server. All users of 1.4 beta releases are strongly urged to upgrade to 1.4beta5 immediately. The 1.3.x stable release series is not affected by this problem. Beta 5 additionally fixes a number of non-security-related bugs, and requires one minor database change. If upgrading from a previous beta, see the file UPGRADE in the release archive for instructions. Bugs fixed in beta 5: * (bug 1124) Fix ImageGallery XHTML compliance * (bug 1186) news: in the middle of a word * (bug 1283) Use underlining and borders to highlight additions/deletions in diff-view * Use user's local timezone in Special:Log display * Show filename for images in gallery by default (restore beta 3 behaviour) * (bug 1201) Double-escaping in brokenlinks, imagelinks, categorylinks, searchindex * When using squid reverse proxy, cache the redirect to the Main_Page * (bug 1302) Fix Norwegian language file * (bug 1205) Fix broken article saving in PHP 5.1 * (bug 1206) Implement CURRENTWEEK and CURRENTDOW magic keyword (will give number of the week and number of the day). * (bug 1204) Blocks do not expire automatically * (bug 1184) expiry time of indefinite blocks shown as the current time * (bug 1317) Fix external links in image captions * (bug 1084) Fix logo not rendering centrally in IE * (bug 288) Fix tabs wrapping in IE6 * (bug 119) Fix full-width tabs with RTL text in IE * (bug 1323) Fix logo rendering off-screen in IE with RTL language * Show "block" link in Special:Recentchanges for logged in users, too, if wgUserSysopBans is true. * (bug 1326) Use content language for '1movedto2' in edit history * zh: Fix warning when HTTP_ACCEPT_LANGUAGE is not set * zh: Fix double conversion for zh-sg and zh-hk * (bug 1132) Fix concatenation of link lists in refreshLinks * (bug 1101) Fix memory leak in refreshLinks * (bug 1339) Fix order of @imports in Cologne Blue CSS * Don't try to create links without namespaces ([[Category:]] link bug) * Memcached data compression fixes * Several valid XHTML fixes * (bug 624) Fix IE freezing rendering whilst waiting for CSS with MonoBook * (bug 211) Fix tabbed preferences with XHTML MIME type * Fix for script execution vulnerability. Due to a temporary problem with SourceForge's file release system, this release is currently hosted on Wikimedia's servers instead of the usual location. Release notes: http://zwinger.wikimedia.org/mediawiki/RELEASE-NOTES Download: http://zwinger.wikimedia.org/mediawiki/mediawiki-1.4beta5.tar.gz MD5 checksum: 11342e291b5af4e8d4668ad5c3a6d171 SHA1 checksum: 23178fdba265083186c6475a0c3d0ea4d2e06ae0 Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l Low-traffic release announcements mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce Bug report system: http://bugzilla.wikipedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- brion vibber (brion @ pobox.com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (Darwin) iD8DBQFB64dDwRnhpk1wk44RArTfAKCtGNLWbDAz/2MQvaQDnyoYdZ9SAwCdELJn YmxnTCkN8fULr1tPi9MMnYw= =YaNq -----END PGP SIGNATURE-----

1 0

MediaWiki 1.4beta4 released
by Brion Vibber 07 Jan '05

07 Jan '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki 1.4beta4 is an experimental release, to help flush out remaining major problems in the code prior to a final public 1.4.0 release. It is not recommended to use this beta on a public site unless you're familiar with MediaWiki innards and are willing and able to help diagnose and fix problems that come up. Users of the earlier beta releases should upgrade to keep up with bug fixes. Anyone running a version _earlier_ than beta 3 should upgrade immediately if uploads are enabled due to potential security vulnerabilities on some Apache configurations. === Beta 4 fixes === * (bug 1090) Fix sitesupport links in CB/classic skins * Gracefully ignore non-legal titles in a <gallery> * Fix message page caching behavior when $wgCapitalLinks is turned off after installation and the wiki is subsequently upgraded * Database error messages include the database server name/address * Paging support for large categories * Fix image page scaling when thumbnail generation is disabled * Select the content language in prefs when bogus interface language is set * Fix interwiki links in edit comments * Fix crash on banned user visit * Avoid PHP warning messages when thumbnail not generated * (bug 1157) List unblocks correctly in Special:Log * Fix fatal errors in LanguageLi.php * Undo overly bright, difficult to read colors in Cologne Blue * (bug 1162) fix five-tilde date inserter * Add raw signatures option for those who simply must have cute sigs * (bug 1164) Let wikitext be used in Loginprompt and Loginend messages * Add the dreaded <span> to the HTML whitelist * (bug 1170) Fix Russian linktrail * (bug 1168) Missing text on the bureaucrat log * (bug 1180) Fix Makesysop on shared-user-table sites * (bug 1178) Fix previous diff link when using 'oldid=0' * (bug 1173) Stop blocked accounts from reverting/deleting images * Keep generated stylesheets cache-separated for each user * (bug 1175) Fix "preview on first edit" mode * Fix revert bug caused by bug 1175 fix * Fix CSS classes on minor, new, unpatrolled markers in enhanced RC * Set MySQL 4 boolean search back to 'and' mode by default * (bug 1193) Fix move-only page protection mode * Fix zhtable Makefile to include the traditional manual table * Add memcache timeout for the zh conversion tables * Allow user customization of the zh conversion tables through Mediawiki:zhconversiontable * Add zh-min-man (back) to language names list * Ported $wgCopyrightIcon setting from REL1_3A * (bug 1218) Show the original image on image pages if the thumbnail would be bigger than the original image * (bug 1213) i18n of Special:Log labels * (bug 1013) Fix jbo, minnan in language names list * Added magic word MAG_NOTITLECONVERT to indicate that the title of the page do not need to be converted. Useful in zh: * (bug 1224) Use proper date messages for date reformatter * (bug 1241) Don't show 'cont.' for first entry of the category list * (bug 1240) Special:Preferences was broken in Slovenian locale when $wgUseDynamicDates is enabled * Added magic word MAG_NOCONTENTCONVERT to supress the conversion of the content of an article. Useful in zh: * write-lock for updating the zh conversion tables in memcache * recursively parse subpages of MediaWiki:Zhconversiontable * (bug 1144) Fix export for fy language * make removal of an entry from zhconversiontable work * (bug 752) Don't insert newline in link title for url with %0a * Fix missing search box contents in MonoBook skin * Add option to forward search directly to an external URL (eg google) * Correctly highlight the fallback language variant when the selected variant is disabled. Used in zh: only for now. Release notes: http://sourceforge.net/project/shownotes.php?release_id=295298 Download: http://prdownloads.sf.net/wikipedia/mediawiki-1.4beta4.tar.gz?download Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l Low-traffic release announcements mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce Bug report system: http://bugzilla.wikipedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- brion vibber (brion @ pobox.com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (Darwin) iD8DBQFB3zGFwRnhpk1wk44RAuB/AKCWvLqX6Yl6JKY5AYlEkllyCPU/ZACfda3Z ebLrrXyDG6roJzxW5bWdoYo= =uvCv -----END PGP SIGNATURE-----

1 0

MediaWiki 1.3.9 released [security]
by Brion Vibber 12 Dec '04

12 Dec '04

MediaWiki 1.3.9 is a security and bug fix release. A flaw in upload handling has been found which may allow upload and execution of arbitrary scripts with the permissions of the web server. Only wikis that have enabled uploads and have a vulnerable Apache configuration will be affected, but to be safe all wikis should upgrade. Wikis with uploads available should either disable uploads or upgrade to 1.3.9 immediately; if other files are customized and require merging changes, includes/SpecialUpload.php may be replaced individually to add the fix. (It is also recommended to configure your web server to disable script execution in the 'images' subdirectory where uploads are placed, which prevents most attacks even if the wiki fails.) Changes from 1.3.8: * Backported "Templates used in this page"-feature of EditPage * Allow "MySkin" as a default skin. * (bug 938) Parse namespaces correctly on self-interwiki links * (bug 1010) fix broken Commons image link on Classic & Cologne Blue * (bug 1004) Norsk language names for interwiki links changed, Nauruan language name changed * Fix upload extension blacklist to protect against vulnerable Apache configurations Release notes: http://sourceforge.net/project/shownotes.php?release_id=289468 Download: http://prdownloads.sf.net/wikipedia/mediawiki-1.3.9.tar.gz?download Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l Low-traffic release announcements mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce Bug report system: http://bugzilla.wikipedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- brion vibber (brion @ pobox.com)

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

MediaWiki-announce