[MediaWiki-announce] MediaWiki Security Release: 1.20.6 and 1.19.7

I would like to announce the release of MediaWiki 1.20.6 and 1.19.7. These releases fix a security related issue that could affect users of MediaWiki. Download links are given at the end of this email. * MediaWiki user Marco discovered that security checks for file uploads were not being run when the file was uploaded in chunks through the API. This option has been available to users who can upload files since MediaWiki 1.19. <https://bugzilla.wikimedia.org/show_bug.cgi?id=48306> Full release notes for 1.20.6: <https://www.mediawiki.org/wiki/Release_notes/1.20> Full release notes for 1.19.7: <https://www.mediawiki.org/wiki/Release_notes/1.19> For information about how to upgrade, see <https://www.mediawiki.org/wiki/Manual:Upgrading> ********************************************************************** 1.20.6 ********************************************************************** Download: http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.6.tar.gz Patch to previous version (1.20.5): http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.6.patch.gz GPG signatures: http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.6.tar.gz.sig http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.6.patch.gz.sig Public keys: https://secure.wikimedia.org/keys.html ********************************************************************** 1.19.7 ********************************************************************** Download: http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.7.tar.gz Patch to previous version (1.19.6): http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.7.patch.gz GPG signatures: http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.7.tar.gz.sig http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.7.patch.gz.sig Public keys: https://secure.wikimedia.org/keys.html