-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
MediaWiki 1.5.3 is a security and bugfix maintenance release.
Validation of the user language option was broken by a code change in May 2005, opening the possibility of remote code execution as this parameter is used in forming a class name dynamically created with eval().
The validation has been corrected in this version. All prior 1.5 release and prerelease versions are affected; 1.4 and earlier and not affected.
Additionally several bugs have been fixed; see the changelog in the release notes for a complete list.
Release notes: http://sourceforge.net/project/shownotes.php?release_id=375755
Download: http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5.3.tar.gz?download
MD5 checksum: fc697787f04208d1842a2c646deca626 mediawiki-1.5.3.tar.gz
SHA-1 checksum: 070189e29ace2ef9ab0589db42ecf849f2b88ee5 mediawiki-1.5.3.tar.gz
Before asking for help, try the FAQ: http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system: http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)