Mailing List Archive

MediaWiki 1.4beta5 released (SECURITY)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MediaWiki 1.4beta5 is a security and bug fix release for the 1.4 beta
series. Previous MediaWiki 1.4 beta releases include an input
validation error which could lead to execution of arbitrary PHP code on
the server.

All users of 1.4 beta releases are strongly urged to upgrade to
1.4beta5 immediately. The 1.3.x stable release series is not affected
by this problem.

Beta 5 additionally fixes a number of non-security-related bugs, and
requires one minor database change. If upgrading from a previous beta,
see the file UPGRADE in the release archive for instructions.

Bugs fixed in beta 5:

* (bug 1124) Fix ImageGallery XHTML compliance
* (bug 1186) news: in the middle of a word
* (bug 1283) Use underlining and borders to highlight
additions/deletions
in diff-view
* Use user's local timezone in Special:Log display
* Show filename for images in gallery by default (restore beta 3
behaviour)
* (bug 1201) Double-escaping in brokenlinks, imagelinks, categorylinks,
searchindex
* When using squid reverse proxy, cache the redirect to the Main_Page
* (bug 1302) Fix Norwegian language file
* (bug 1205) Fix broken article saving in PHP 5.1
* (bug 1206) Implement CURRENTWEEK and CURRENTDOW magic keyword (will
give
number of the week and number of the day).
* (bug 1204) Blocks do not expire automatically
* (bug 1184) expiry time of indefinite blocks shown as the current time
* (bug 1317) Fix external links in image captions
* (bug 1084) Fix logo not rendering centrally in IE
* (bug 288) Fix tabs wrapping in IE6
* (bug 119) Fix full-width tabs with RTL text in IE
* (bug 1323) Fix logo rendering off-screen in IE with RTL language
* Show "block" link in Special:Recentchanges for logged in users, too,
if
wgUserSysopBans is true.
* (bug 1326) Use content language for '1movedto2' in edit history
* zh: Fix warning when HTTP_ACCEPT_LANGUAGE is not set
* zh: Fix double conversion for zh-sg and zh-hk
* (bug 1132) Fix concatenation of link lists in refreshLinks
* (bug 1101) Fix memory leak in refreshLinks
* (bug 1339) Fix order of @imports in Cologne Blue CSS
* Don't try to create links without namespaces ([[Category:]] link bug)
* Memcached data compression fixes
* Several valid XHTML fixes
* (bug 624) Fix IE freezing rendering whilst waiting for CSS with
MonoBook
* (bug 211) Fix tabbed preferences with XHTML MIME type
* Fix for script execution vulnerability.

Due to a temporary problem with SourceForge's file release system, this
release is currently hosted on Wikimedia's servers instead of the usual
location.

Release notes:
http://zwinger.wikimedia.org/mediawiki/RELEASE-NOTES

Download:
http://zwinger.wikimedia.org/mediawiki/mediawiki-1.4beta5.tar.gz
MD5 checksum: 11342e291b5af4e8d4668ad5c3a6d171
SHA1 checksum: 23178fdba265083186c6475a0c3d0ea4d2e06ae0

Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce

Bug report system:
http://bugzilla.wikipedia.org/

Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net

- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (Darwin)

iD8DBQFB64dDwRnhpk1wk44RArTfAKCtGNLWbDAz/2MQvaQDnyoYdZ9SAwCdELJn
YmxnTCkN8fULr1tPi9MMnYw=
=YaNq
-----END PGP SIGNATURE-----