Security announcement for Extension:GoogleDocTag and Extension:YotpoReviews - MediaWiki-l

1 Sep 2018


      Hi everyone,
The following is an unofficial security announcement for
Extension:GoogleDocTag and Extension:YotpoReviews. (It is unofficial
because Wikimedia doesn't maintain these extensions).
We recently discovered an XSS vulnerability in both these extensions. If
you use either of these extensions we strongly urge you to upgrade.
For YotpoReviews please upgrade to either: 0.4 or 0.3.1
For GoogleDocTag please upgrade to either: 0.6 or 0.4.1
New versions of these extensions can be downloaded from
https://www.mediawiki.org/wiki/Special:ExtensionDistributor or directly
from the git repo.
Relevant gerrit patches:
YotpoReviews:
https://gerrit.wikimedia.org/r/#/q/I5cbd95ed37a117740e59c66200141e08131a3111
GoogleDocTag:
https://gerrit.wikimedia.org/r/#/q/Iaae66049011e5a2b10d82ac2eaaa9aecebf16345
Thanks,
Brian Wolff