[Mediawiki-l] upgrade pending....advice needed
tstarling at wikimedia.org
Thu Jan 6 02:09:31 UTC 2011
On 06/01/11 12:08, Eldon Neustaeter wrote:
> Hello folks,
> I am currently running a rather old version of Mediawiki 1.6.10 and have not
> upgraded because, well..... no one ever really complained. However,
> recently, there has been some noise about the limitations of SEARCH and the
> EASE of EDIT-ABILITY (not having to memorize all those darned wiki editing
> I have scoured the internet looking for a features listing of 1.6 compared
> to 1.16.... I cannot find a roadmap document or release note that don't go
> into nauseating detail.
You may find this useful:
> Will SEARCH be improved? Will EDIT-ABILITY be improved...
There was a problem with search in 1.6 involving an inability to
search for small or common words. I'm not sure if that is your
problem, but it is fixable without upgrading, by changing the MySQL
configuration. Upgrading MediaWiki would also fix it.
> anything else that
> will convince me that the effort will be worthwhile ?
I would think that patching the XSS vulnerabilities would be fairly
important. File deletion in 1.6 was irreversible, so an XSS attack
could lead to all your images being permanently deleted. I'm sure you
keep regular backups, but still, I would think that it would be a bit
of a nuisance.
Upgrading to 1.16 will allow you to use PHP 5.3, which is now the only
supported branch of PHP. Running an old version of PHP means that you
are exposed to the dangling pointer issues which are steadily
discovered in it. Memory corruption bugs in PHP are not fully
researched for potential security implications. At least, not in public.
Also there are a couple of hundred extensions which have been written
since you last upgraded, almost none of them support 1.6.10. Maybe you
can find something compelling in there. Maybe even something to do
with EDIT-ABILITY or SEARCH.
-- Tim Starling
More information about the MediaWiki-l