[MediaWiki-announce] MediaWiki Security Release: 1.20.6 and 1.19.7

Chris Steipp csteipp at wikimedia.org
Tue May 21 20:14:52 UTC 2013


I would like to announce the release of MediaWiki 1.20.6 and 1.19.7.
These releases fix a security related issue that could affect users of
MediaWiki. Download links are given at the end of this email.

* MediaWiki user Marco discovered that security checks for file
uploads were not being run when the file was uploaded in chunks
through the API. This option has been available to users who can
upload files since MediaWiki 1.19.
<https://bugzilla.wikimedia.org/show_bug.cgi?id=48306>

Full release notes for 1.20.6:
<https://www.mediawiki.org/wiki/Release_notes/1.20>

Full release notes for 1.19.7:
<https://www.mediawiki.org/wiki/Release_notes/1.19>

For information about how to upgrade, see
<https://www.mediawiki.org/wiki/Manual:Upgrading>


**********************************************************************
   1.20.6
**********************************************************************
Download:
http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.6.tar.gz

Patch to previous version (1.20.5):
http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.6.patch.gz

GPG signatures:
http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.6.tar.gz.sig
http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.6.patch.gz.sig

Public keys:
https://secure.wikimedia.org/keys.html


**********************************************************************
   1.19.7
**********************************************************************
Download:
http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.7.tar.gz

Patch to previous version (1.19.6):
http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.7.patch.gz

GPG signatures:
http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.7.tar.gz.sig
http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.7.patch.gz.sig

Public keys:
https://secure.wikimedia.org/keys.html



More information about the MediaWiki-announce mailing list