-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
MediaWiki 1.4.6 is a bug fix and security update release.
Incorrect escaping of a parameter in the page move template could be used to inject JavaScript code by getting a victim to visit a maliciously constructed URL. Users of vulnerable releases are recommended to upgrade to this release.
Vulnerable versions: * 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3 * 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6 * 1.3 legacy series: not vulnerable
This release also includes fixes for some rare bug annoying HTTP errors, a PHP 4.1.2 breakage bug, and works around some template limitations introduced in 1.4.5. See the changelog in the release notes for a detailed list of bugs fixed.
Release notes: http://sourceforge.net/project/shownotes.php?release_id=340290
Download: http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.6.tar.gz?download
MD5 checksum: f4f82bd486756c279f0c1977b290ce3b
Before asking for help, try the FAQ: http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system: http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)