-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
This is a bug-fix update that fixes some installation and other minor issues with the 1.9.1 release as well as a security issue which was introduced in the 1.9 branch.
JavaScript code which regenerated the "sortable tables" feature did not properly sanitize input, leading to an HTML injection vulnerability.
* (bug 8774) Fix path for GNU FDL rights icon on new installs * (bug 8819) Fix full path disclosure with skins dependencies * (bug 4268) Fixed data-loss bug in compressOld batch text compression affecting pages which had null edits (move, protect, etc) as second edit in a batch group. Isolated and patched by Travis Derouin. * Security fix for sortable tables JavaScript
All users of 1.9.x should upgrade.
Full release notes: http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_2/phase3/RELEASE-NOTE...
Download: http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.2.tar.gz http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.2.patch
MD5 checksums: c11aa0fd7ac10529606511913649a411 mediawiki-1.9.2.tar.gz b08777601899686bf4e672766ee5e49e mediawiki-1.9.2.patch
SHA-1 checksums: 2f63cba903444b0dc6559df29c57d1789c1284d1 mediawiki-1.9.2.tar.gz dcb64452dbe7d7563264e3883c657e70aabaa1ac mediawiki-1.9.2.patch
PGP signatures: http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.2.tar.gz.sig http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.2.patch.sig
Before asking for help, try the FAQ: http://www.mediawiki.org/wiki/Manual:FAQ
Low-traffic release announcements mailing list: (Please subscribe to receive announcements of security updates.) http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list: http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Bug report system: http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
On 2/4/07, Brion Vibber brion@pobox.com wrote:
All users of 1.9.x should upgrade.
Is it crucial I do so asap?
Download:
http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.2.patch
What's this?
On 05/02/07, Gary Kirk gary.kirk@gmail.com wrote:
All users of 1.9.x should upgrade.
Is it crucial I do so asap?
It's marked as a security update.
Download:
http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.2.patch
Looks like a patch file to do a quick upgrade between 1.9.1 and 1.9.2; we get requests for this sort of thing once in a while, and if there are no schema changes, it's a nice, convenient update.
Rob Church
Gary Kirk wrote:
All users of 1.9.x should upgrade.
Is it crucial I do so asap?
Brion Vibber wrote: "leading to an HTML injection vulnerability." This means YES: Apply before some vandal a) learns how to do it and b) find your unprotected wiki.
Download:
http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.2.patch
What's this?
A [[Patch (computing)]] which can be applied with [[patch (Unix)]] to upgrade from 1.9.1 to 1.9.2
mediawiki-l@lists.wikimedia.org