Hello,
We would like to announce the following security and maintenance updates to
the Wikibase 1.35 container image, which include fixes to severe security
issues in MediaWiki and instructions for disabling features in
ElasticSearch to mitigate the recently discovered log4shell vulnerability
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228>.
Here are links to important documentation related to the release, which
include instructions for updating MediaWiki to 1.35.5 and a security fix
for Wikibase:
-
MediaWiki release notes
<https://github.com/wikimedia/mediawiki/blob/REL1_35/RELEASE-NOTES-1.35>
-
Wikibase release notes
<https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/Wikibas…>
-
Upgrade instructions
<https://github.com/wmde/wikibase-release-pipeline/blob/main/docs/topics/upg…>
If updating your Wikibase installation is not an option, please refer to
these instructions on disabling the vulnerable code in MediaWiki in the
recent security release announcement.
<https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/…>
If you have any questions please feel free to ask on this mailing list or
leave a comment at Talk:Wikibase/FAQ
<https://www.mediawiki.org/wiki/Talk:Wikibase/FAQ>.
Cheers,
--
Mohammed Sadat
*Community Communications Manager for Wikidata/Wikibase*
Wikimedia Deutschland e. V. | Tempelhofer Ufer 23-24 | 10963 Berlin
Phone: +49 (0)30 219 158 26-0
https://wikimedia.de
Keep up to date! Current news and exciting stories about Wikimedia,
Wikipedia and Free Knowledge in our newsletter (in German): Subscribe now
<https://www.wikimedia.de/newsletter/>.
Imagine a world in which every single human being can freely share in the
sum of all knowledge. Help us to achieve our vision!
https://spenden.wikimedia.de
Wikimedia Deutschland – Gesellschaft zur Förderung Freien Wissens e. V.
Eingetragen im Vereinsregister des Amtsgerichts Berlin-Charlottenburg unter
der Nummer 23855 B. Als gemeinnützig anerkannt durch das Finanzamt für
Körperschaften I Berlin, Steuernummer 27/029/42207.