-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

MediaWiki 1.6.8 is a security and bugfix maintenance release of the Spring 2006 snapshot:

A potential HTML/JavaScript-injection vulnerability in a debugging script has been fixed. Only versions and configurations of PHP vulnerable to the $GLOBALS overwrite vulnerability are affected.

As a workaround for existing installs, profileinfo.php may simply be deleted if it's not being used.

* (bug 5957) Updates to Hebrew translation (he) * Respect language directionality when displaying arrow in Special:Brokenredirects * (bug 6415) Typo in Parser.php * Fixed potential XSS in profileinfo.php

Full release notes: http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_8/phase3/RELEASE-NOTES http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_8/phase3/HISTORY

Download: http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.6.8.tar.gz

MD5 checksum: 4befcbe776f8585efe705b9bd799a488 mediawiki-1.6.8.tar.gz

SHA-1 checksum: b2ac945ceef2cac253a1e73b9de1da5f79aa7e77 mediawiki-1.6.8.tar.gz

Before asking for help, try the FAQ: http://www.mediawiki.org/wiki/Help:FAQ

Low-traffic release announcements mailing list: (Please subscribe to receive announcements of security updates.) http://mail.wikimedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list: http://mail.wikimedia.org/mailman/listinfo/mediawiki-l

Bug report system: http://bugzilla.wikimedia.org/

Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net

- -- brion vibber (brion @ pobox.com)