-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 These are security and maintenance releases, which fix two cross-site scripting bugs. All internet-facing wikis are recommended to upgrade to the current release in their series. Incorrect handling of <math> tags when TeX rendering is disabled, as in the default configuration. (Wikis where the optional math support has been *enabled* are not vulnerable.) * 1.5 vulnerable: <= 1.5rc3 fixed: >= 1.5rc4 * 1.4 vulnerable: <= 1.4.8 fixed: >= 1.4.9 * 1.3 vulnerable: <= 1.3.14 fixed: >= 1.3.15 Incorrect handling of <nowiki> and extension tags in table styles: * 1.5 vulnerable: <= 1.5rc3 fixed: >= 1.5rc4 * 1.4 vulnerable: <= 1.4.8 fixed: >= 1.4.9 * 1.3 not vulnerable Additionally, 1.5rc4 fixes some compatibility issues with PHP 5.1 beta. Release notes: 1.5rc4 http://sourceforge.net/project/shownotes.php?release_id=352778 1.4.9 http://sourceforge.net/project/shownotes.php?release_id=352777 1.3.15 http://sourceforge.net/project/shownotes.php?release_id=352776 Download: http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5rc4.tar.gz?downlo… http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.9.tar.gz?download http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.3.15.tar.gz?downlo… File checksums: MD5 (mediawiki-1.5rc4.tar.gz) = 5a27beedfa4107813296307fe52b20ad MD5 (mediawiki-1.4.9.tar.gz) = fae30b065d08152735b2c2edd61aadf4 MD5 (mediawiki-1.3.15.tar.gz) = f1279514435143bd6840e1d570d8c4f4 Before asking for help, try the FAQ: http://meta.wikimedia.org/wiki/MediaWiki_FAQ Low-traffic release announcements mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l Bug report system: http://bugzilla.wikimedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- brion vibber (brion @ pobox.com)