-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

MediaWiki 1.3.13 is a security maintenance release.

Incorrect handling of page template inclusions made it possible to inject JavaScript code into HTML attributes, which could lead to cross-site scripting attacks on a publicly editable wiki.

Vulnerable releases and fix: * 1.5 prerelease: fixed in 1.5alpha2 * 1.4 stable series: fixed in 1.4.5 * 1.3 legacy series: fixed in 1.3.13 * 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended

The 1.3.x series is no longer maintained except for security fixes; new users and those seeking general bug fixes should install 1.4.5. Existing 1.3.x installations not willing or able to upgrade to the current stable relase should update the installation to 1.3.13; only includes/Parser.php has changed from 1.3.12.

Release notes: http://sourceforge.net/project/shownotes.php?release_id=332230

Download: http://prdownloads.sf.net/wikipedia/mediawiki-1.3.13.tar.gz?download

Before asking for help, try the FAQ: http://meta.wikimedia.org/wiki/MediaWiki_FAQ

Low-traffic release announcements mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

Bug report system: http://bugzilla.wikipedia.org/

Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net

- -- brion vibber (brion @ pobox.com)