-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

MediaWiki 1.5.8 and 1.4.15 are security and bugfix maintenance releases.

A bug in decoding of certain encoded links could allow injection of raw HTML into page output; this could potentially lead to XSS attacks.

Some minor UI fixes were also made, see the change log at the bottom of the release notes.

Release notes: 1.5.8: http://sourceforge.net/project/shownotes.php?release_id=404871 1.4.15: http://sourceforge.net/project/shownotes.php?release_id=404869

Download: http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5.8.tar.gz http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.15.tar.gz

MD5 checksums: 1eef94157377fa8c3d049877a27c0163 mediawiki-1.5.8.tar.gz e729190a32d54118d24bec4021b0729e mediawiki-1.4.15.tar.gz

Before asking for help, try the FAQ: http://meta.wikimedia.org/wiki/MediaWiki_FAQ

Low-traffic release announcements mailing list: (Please subscribe to receive announcements of security updates.) http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

Bug report system: http://bugzilla.wikimedia.org/

Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net

- -- brion vibber (brion @ pobox.com)