[MediaWiki-announce] MediaWiki 1.5beta3 released [SECURITY]

Brion Vibber brion at pobox.com
Thu Jul 7 07:34:53 UTC 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MediaWiki 1.5 beta 3 is a preview release of the new 1.5 release
series, with a security update over beta 2.

Incorrect escaping of a parameter in the page move template could
be used to inject JavaScript code by getting a victim to visit a
maliciously constructed URL. Users of vulnerable releases are
recommended to upgrade to this release.

Vulnerable versions:
* 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3
* 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6
* 1.3 legacy series: not vulnerable

This release also includes several bug fixes and localization updates.
See the changelog in the release notes for a detailed list.


Release notes:
http://sourceforge.net/project/shownotes.php?release_id=340291

Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5beta3.tar.gz?download

MD5 checksum: ee2abd543d1f23bdb67da87d902cbb09

Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ

Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

Bug report system:
http://bugzilla.wikimedia.org/

Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net

- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCzNsdwRnhpk1wk44RAkrLAKCZa9XjYcdjbyFdDU+K9MXr3yJHYgCghN1v
QZ22oXJi+jdm1Db2hB2mHR4=
=wTY+
-----END PGP SIGNATURE-----



More information about the MediaWiki-announce mailing list