[MediaWiki-announce] MediaWiki 1.4.11, 1.3.17 security updates
Brion Vibber
brion at pobox.com
Thu Oct 6 04:48:10 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.4.11 and 1.3.17 are a security maintenance releases. Unsafe
handling of CSS by Microsoft Internet Explorer could be exploited to
produce cross-site scripting attacks by JavaScript injection to clients
running that browser.
This release blacklists several additional variants from use in HTML
inline style attributes.
All publicly accessible wikis are recommended to upgrade to reduce the
risk to visitors using Microsoft web browsers.
Note: the MediaWiki 1.4.x and 1.3.x series are not compatible with PHP
5.0.5 or higher. Upgrade to the 1.5.0 release if you require this
version of PHP 5.
Release notes:
http://sourceforge.net/project/shownotes.php?release_id=361505 1.4.11
http://sourceforge.net/project/shownotes.php?release_id=361504 1.3.17
Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.11.tar.gz?download
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.3.17.tar.gz?download
MD5 checksums:
023e296dea4274af190f286064e1be27 mediawiki-1.4.11.tar.gz
d2fe05847162501f2aa7b8cb65114f69 mediawiki-1.3.17.tar.gz
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDRKyKwRnhpk1wk44RApYRAKCqXGkzbd1fHiX0+xgzxkH031mSbACfYIui
e5Vv1p3+XKOzu1MhjjF4lWA=
=1j+t
-----END PGP SIGNATURE-----
More information about the MediaWiki-announce
mailing list