[Mediawiki-l] MediaWiki 1.6.9, 1.7.2, 1.8.3, 1.9.0rc2 released (security)

Brion Vibber brion at pobox.com
Tue Jan 9 08:24:38 UTC 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

An XSS injection vulnerability was located in the AJAX support module,
affecting MediaWiki 1.6.x and up when the optional setting $wgUseAjax
is enabled.

There is no danger in the default configuration, with $wgUseAjax off.

If you are using an extension based on the optional Ajax module,
either disable it or upgrade to a version containing the fix:

* 1.9: fixed in 1.9.0rc2
* 1.8: fixed in 1.8.3
* 1.7: fixed in 1.7.2
* 1.6: fixed in 1.6.9

Full release notes:
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES

Download:
http://sourceforge.net/project/showfiles.php?group_id=34373

MD5 checksums:
747d79037d3b90494d7e8b956a6bb9a0  mediawiki-1.9.0rc2.tar.gz
9ef825abfcf0888b22571bbb097480f0  mediawiki-1.8.3.tar.gz
ef33231cb1689dc813f4b08e955f4b18  mediawiki-1.7.2.tar.gz
1ce42061b5f7ea6e4101826b969d2ee4  mediawiki-1.6.9.tar.gz

SHA-1 checksums:
1451e8a8a10f41e517c12ede266dd1a5a743d8fe mediawiki-1.9.0rc2.tar.gz
fa4daa4376b80f61be5925e6172daa76938d9bad mediawiki-1.8.3.tar.gz
f63468ce745bbda6d42f66fc64c713b4fd000ef2 mediawiki-1.7.2.tar.gz
a00bcc6b306a92234da0c2cd3d564869a15045a0 mediawiki-1.6.9.tar.gz


Before asking for help, try the FAQ:
http://www.mediawiki.org/wiki/Manual:FAQ

Low-traffic release announcements mailing list:
(Please subscribe to receive announcements of security updates.)
http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list:
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l

Bug report system:
http://bugzilla.wikimedia.org/

Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net


- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFo1FGwRnhpk1wk44RAhkpAKCpAoOvgk+5C3Kb0l/3prvhOVd9bQCeL/AK
WAUsj8tCaZfJ+X6f20piUoc=
=s1qL
-----END PGP SIGNATURE-----



More information about the MediaWiki-l mailing list