-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
MediaWiki 1.7.1 is a security and bugfix maintenance release of the Summer 2006 snapshot:
A potential HTML/JavaScript-injection vulnerability in a debugging script has been fixed. Only versions and configurations of PHP vulnerable to the $GLOBALS overwrite vulnerability are affected.
As a workaround for existing installs, profileinfo.php may simply be deleted if it's not being used.
* Fix for 'emailconfirmed' implicit user group * Fix for upgrades on some versions of MySQL 4.0.x * Fixed potential XSS in profileinfo.php * Installer now shows clear error message about old PHP versions rather than a confusing parse error
Note that MediaWiki 1.7 and above require PHP 5. If you are stuck with PHP 4, please install MediaWiki 1.6.8.
Full release notes: http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_7_1/phase3/RELEASE-NOTES http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_7_1/phase3/HISTORY
Download: http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.7.1.tar.gz
MD5 checksum: 50b74e2b5c86fb94c7201b72d2037662 mediawiki-1.7.1.tar.gz
SHA-1 checksum: bdd685d4fe5d7b0d8e0ef2cf9a843bbab60d20ac mediawiki-1.7.1.tar.gz
Before asking for help, try the FAQ: http://www.mediawiki.org/wiki/Help:FAQ
Low-traffic release announcements mailing list: (Please subscribe to receive announcements of security updates.) http://mail.wikimedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list: http://mail.wikimedia.org/mailman/listinfo/mediawiki-l
Bug report system: http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)