[Foundation-l] Security holes in Mediawiki

Domas Mituzas midom.lists at gmail.com
Tue Sep 15 17:57:25 UTC 2009


Hello Gregory,

> I was sort of surprised to learn today that Mediawiki software has  
> had 37
> security holes identified:


Why would you be surprised? It is web software, that allows _most_  
flexibility for its users, you can expect most problems because of  
that, especially in XSS area.
On the other hand, most of those identified vulnerabilities are ones  
published about _after_ they get fixed and releases delivered.

You should probably ask about actual vulnerabilities in other mailing  
lists, but it would be even better, if you did some basic research  
first. Posting walls of text to your blog and redirecting people there  
isn't constructive.

And by the way, our site security is getting better and better, once  
upon a time anyone could edit.

Domas




More information about the wikimedia-l mailing list