[Mediawiki-l] MediaWiki 1.6.9, 1.7.2, 1.8.3, 1.9.0rc2 released (security)

spencerp spencerp1 at gmail.com
Tue Jan 9 19:13:12 UTC 2007 

Okay, I haven't gotten to update my Wiki yet, needed major amounts of sleep lol. After seeing a few errors by others, and noticed these have been basically squashed now.. 

I was just wondering for sure, what'd be the easiest way for me to upgrade mine? I've the upgrade instructions MediaWiki's wiki site there, but still a bit confused.. Last time, I had finally gotten into the SSH or whatever, using PUTTY.. 

Made my way to the example: wiki.mydomain.net location, and tried a command line, but rather then it going over the files in the root, it placed a folder in there called:  phase3 .. =/

Now, just to be sure, what command line should I use on the subdomain name.. to upgrade mine right?  I've just backed up my MediaWiki here, database, files and such of course..

Also, when doing this upgrade stuff, I'm correct to assume, all those page changes I made before.. (customizing of the "login / create account" links and so forth) will be overwritten right? And I'll have to reapply these changes again... or? Just was wondering lol.. Thanks in advanced. :)

--
spencerp
http://spencerp.net






> An XSS injection vulnerability was located in the AJAX support module,
> affecting MediaWiki 1.6.x and up when the optional setting $wgUseAjax
> is enabled.
> 
> There is no danger in the default configuration, with $wgUseAjax off.
> 
> If you are using an extension based on the optional Ajax module,
> either disable it or upgrade to a version containing the fix:
> 
> * 1.9: fixed in 1.9.0rc2
> * 1.8: fixed in 1.8.3
> * 1.7: fixed in 1.7.2
> * 1.6: fixed in 1.6.9
> 
> Full release notes:
> http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES
> http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES
> http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES
> http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES
> 
> Download:
> http://sourceforge.net/project/showfiles.php?group_id=34373
> 
> MD5 checksums:
> 747d79037d3b90494d7e8b956a6bb9a0  mediawiki-1.9.0rc2.tar.gz
> 9ef825abfcf0888b22571bbb097480f0  mediawiki-1.8.3.tar.gz
> ef33231cb1689dc813f4b08e955f4b18  mediawiki-1.7.2.tar.gz
> 1ce42061b5f7ea6e4101826b969d2ee4  mediawiki-1.6.9.tar.gz
> 
> SHA-1 checksums:
> 1451e8a8a10f41e517c12ede266dd1a5a743d8fe mediawiki-1.9.0rc2.tar.gz
> fa4daa4376b80f61be5925e6172daa76938d9bad mediawiki-1.8.3.tar.gz
> f63468ce745bbda6d42f66fc64c713b4fd000ef2 mediawiki-1.7.2.tar.gz
> a00bcc6b306a92234da0c2cd3d564869a15045a0 mediawiki-1.6.9.tar.gz
> 
> 
> Before asking for help, try the FAQ:
> http://www.mediawiki.org/wiki/Manual:FAQ
> 
> Low-traffic release announcements mailing list:
> (Please subscribe to receive announcements of security updates.)
> http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
> 
> Wiki admin help mailing list:
> http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> 
> Bug report system:
> http://bugzilla.wikimedia.org/
> 
> Play "stump the developers" live on IRC:
> #mediawiki on irc.freenode.net
> 
> 
> - -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFFo1FGwRnhpk1wk44RAhkpAKCpAoOvgk+5C3Kb0l/3prvhOVd9bQCeL/AK
> WAUsj8tCaZfJ+X6f20piUoc=
> =s1qL
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at lists.wikimedia.org
> http://lists.wikimedia.org/mailman/listinfo/mediawiki-l

More information about the MediaWiki-l mailing list