Mailing List Archive

MediaWiki security release 1.17.1
I would like to announce the release of MediaWiki 1.17.1. Two security
issues were discovered.

Alexandre Emsenhuber discovered an issue where page titles on private
wikis could be exposed bypassing different page ids to index.php. In the
case of the user not having correct permissions, they will now be redirected
to Special:BadTitle.

For more details, see

The second issue was found by Tim Starling, who discovered that action=ajax
requests were dispatched to the relevant function without any read
permission checks being done. This could have led to data leakage on
private wikis.

For more details, see


Patch to previous version (1.17.0), without interface text:
Interface text changes:

GPG signatures:

Public keys:

MediaWiki announcements mailing list
To unsubscribe, go to: