[Mediawiki-l] MediaWiki 1.4.2 and 1.3.12 released

Brion Vibber brion at pobox.com
Thu Apr 21 02:39:26 UTC 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MediaWiki 1.4.2 is a security and bug fix release for the 1.4 stable
release series.

A cross-site scripting injection vulnerability was discovered, which
affects only MSIE clients and is only open if MediaWiki has been
manually configured to run output through HTML Tidy ($wgUseTidy).

Several other bugs are fixed in this release.

All new installations are highly recommended to use 1.4.2 instead of
1.3.x; existing 1.3.x users should consider upgrading for bug fixes and
new features. A 1.3.12 maintenance release is available with the Tidy
fix; the relevant change is in includes/Parser.php.


=== Changes from 1.4.1 to 1.4.2 ===

* Fix math options in Finnish localization
* Use in-process Tidy extension if available when $wgUseTidy is on
* (bug 1933) Fix PATH_INFO usage under IIS with PHP ISAPI module
* (bug 1188) <nowiki> in {{subst:}} includes fixed
* (bug 1936) <!-- comments --> in {{subst:}} includes fixed
* Fix a potential MSIE JavaScript injection vector in Tidy mode


Release notes for 1.4.2:
http://sourceforge.net/project/shownotes.php?release_id=322146

Download:
http://prdownloads.sf.net/wikipedia/mediawiki-1.4.2.tar.gz?download
http://prdownloads.sf.net/wikipedia/mediawiki-1.3.12.tar.gz?download

Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ

Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

Bug report system:
http://bugzilla.wikipedia.org/

Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net

- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCZxJewRnhpk1wk44RAj0EAKCKfIGUwsFpSZySXIUFLvqIpXGavgCeIFrN
dEbjqvbZHQBzvfg/+WixDL4=
=5TdO
-----END PGP SIGNATURE-----



More information about the MediaWiki-l mailing list