[MediaWiki-announce] MediaWiki 1.5alpha2 released [SECURITY]

Brion Vibber brion at pobox.com
Fri Jun 3 15:33:11 UTC 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MediaWiki 1.5 alpha 2 includes a lot of bug fixes, feature merges,
and a security update.

THIS IS AN EXPERIMENTAL RELEASE FOR TESTING ONLY. Public or
in-production servers should use the stable MediaWiki 1.4.5 release.


Incorrect handling of page template inclusions made it possible to
inject JavaScript code into HTML attributes, which could lead to
cross-site scripting attacks on a publicly editable wiki.

Vulnerable releases and fix:
* 1.5 prerelease: fixed in 1.5alpha2
* 1.4 stable series: fixed in 1.4.5
* 1.3 legacy series: fixed in 1.3.13
* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended

For a relatively full list of changes since 1.5alpha1, see the changelog
in the release notes.


Release notes:
http://sourceforge.net/project/shownotes.php?release_id=332229

Download:
http://prdownloads.sf.net/wikipedia/mediawiki-1.5alpha2.tar.gz?download

Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ

Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

Bug report system:
http://bugzilla.wikipedia.org/

Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net

- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCoHg3wRnhpk1wk44RAgK2AKCUiTvJ7fKmlwfy1ICpShBMFYNGvACgkiGn
oBhbMAqlYR9q0v9Q+vylRsY=
=N4ka
-----END PGP SIGNATURE-----



More information about the MediaWiki-announce mailing list