-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

This is a bug-fix update that fixes some installation and other minor issues with the 1.9.1 release as well as a security issue which was introduced in the 1.9 branch.

JavaScript code which regenerated the "sortable tables" feature did not properly sanitize input, leading to an HTML injection vulnerability.

* (bug 8774) Fix path for GNU FDL rights icon on new installs * (bug 8819) Fix full path disclosure with skins dependencies * (bug 4268) Fixed data-loss bug in compressOld batch text compression affecting pages which had null edits (move, protect, etc) as second edit in a batch group. Isolated and patched by Travis Derouin. * Security fix for sortable tables JavaScript

All users of 1.9.x should upgrade.

Full release notes: http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_2/phase3/RELEASE-NOTE...

Download: http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.2.tar.gz http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.2.patch

MD5 checksums: c11aa0fd7ac10529606511913649a411 mediawiki-1.9.2.tar.gz b08777601899686bf4e672766ee5e49e mediawiki-1.9.2.patch

SHA-1 checksums: 2f63cba903444b0dc6559df29c57d1789c1284d1 mediawiki-1.9.2.tar.gz dcb64452dbe7d7563264e3883c657e70aabaa1ac mediawiki-1.9.2.patch

PGP signatures: http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.2.tar.gz.sig http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.2.patch.sig

Before asking for help, try the FAQ: http://www.mediawiki.org/wiki/Manual:FAQ

Low-traffic release announcements mailing list: (Please subscribe to receive announcements of security updates.) http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list: http://lists.wikimedia.org/mailman/listinfo/mediawiki-l

Bug report system: http://bugzilla.wikimedia.org/

Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net

- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)