-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
This is a security and bugfix release of MediaWiki 1.12 and MediaWiki 1.13. A vulnerability has been discovered which allows arbitrary HTML injection and thus possible user account compromise. The vulnerability is only present when $wgUseSiteCss is turned on, which is the default. Versions 1.11 and earlier are NOT vulnerable, nor is development branch later than July 28, 2008.
Also, there was the potential for a subtle user error while editing $wgGroupPermissions in LocalSettings.php to cause all restrictions to be disabled. This has been rectified.
Full release notes: http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_2/phase3/RELEASE-NOT... http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_1/phase3/RELEASE-NOT...
See below for downloads.
********************************************************************** MEDIAWIKI 1.13.2 **********************************************************************
Download: http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.2.tar.gz
Patch to previous version (1.13.1), without interface text: http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.2.patch.gz Interface text changes: http://download.wikimedia.org/mediawiki/1.13/mediawiki-i18n-1.13.2.patch.gz
GPG signatures: http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.2.tar.gz.sig http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.2.patch.gz.sig http://download.wikimedia.org/mediawiki/1.13/mediawiki-i18n-1.13.2.patch.gz....
Public keys: https://secure.wikimedia.org/keys.html
SHA-1 checksums: b05bc48d3d0959f2954c0f1f8a17c2d28bbf2f30 mediawiki-1.13.2.tar.gz a0c49a51190c129fc47d226352cb4fa720151921 mediawiki-1.13.2.patch.gz 837c7d26e9957ee4e8cd952777809cb8dbe2aea8 mediawiki-i18n-1.13.2.patch.gz
MD5 checksums: 74f1877802b663ade2b25ae9e35eef94 mediawiki-1.13.2.tar.gz f3fb6f268f82b9a2287a64d739cdf76f mediawiki-1.13.2.patch.gz c9593580018eb54f5bd5cf6b1f88331e mediawiki-i18n-1.13.2.patch.gz
********************************************************************** MEDIAWIKI 1.12.1 **********************************************************************
Download: http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.1.tar.gz
Patch to previous version (1.12.0), without interface text: http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.1.patch.gz Interface text changes: http://download.wikimedia.org/mediawiki/1.12/mediawiki-i18n-1.12.1.patch.gz
GPG signatures: http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.1.tar.gz.sig http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.1.patch.gz.sig http://download.wikimedia.org/mediawiki/1.12/mediawiki-i18n-1.12.1.patch.gz....
Public keys: https://secure.wikimedia.org/keys.html
SHA-1 checksums: 652e4de6be737d26938041e406fb523713104724 mediawiki-1.12.1.tar.gz 402dd9161bd8d12871210aacc5080a9c775b44b4 mediawiki-1.12.1.patch.gz 1cd7f13cfa1d33ba38fdbd5ba390b78b742cad78 mediawiki-i18n-1.12.1.patch.gz
MD5 checksums: 032cce49559e406ce8890608484cc610 mediawiki-1.12.1.tar.gz c35ab55de943287bb9d81bd2f47e65a7 mediawiki-1.12.1.patch.gz e674e4f3e096a14c56273d715d895be5 mediawiki-i18n-1.12.1.patch.gz
wikitech-l@lists.wikimedia.org