-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
MediaWiki 1.3.13 is a security maintenance release.
Incorrect handling of page template inclusions made it possible to inject JavaScript code into HTML attributes, which could lead to cross-site scripting attacks on a publicly editable wiki.
Vulnerable releases and fix: * 1.5 prerelease: fixed in 1.5alpha2 * 1.4 stable series: fixed in 1.4.5 * 1.3 legacy series: fixed in 1.3.13 * 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended
The 1.3.x series is no longer maintained except for security fixes; new users and those seeking general bug fixes should install 1.4.5. Existing 1.3.x installations not willing or able to upgrade to the current stable relase should update the installation to 1.3.13; only includes/Parser.php has changed from 1.3.12.
Release notes: http://sourceforge.net/project/shownotes.php?release_id=332230
Download: http://prdownloads.sf.net/wikipedia/mediawiki-1.3.13.tar.gz?download
Before asking for help, try the FAQ: http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system: http://bugzilla.wikipedia.org/
Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)
mediawiki-announce@lists.wikimedia.org