-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
These are security and maintenance releases, which fix two cross-site
scripting bugs. All internet-facing wikis are recommended to upgrade to
the current release in their series.
Incorrect handling of <math> tags when TeX rendering is disabled, as in
the default configuration. (Wikis where the optional math support has
been *enabled* are not vulnerable.)
* 1.5 vulnerable: <= 1.5rc3 fixed: >= 1.5rc4
* 1.4 vulnerable: <= 1.4.8 fixed: >= 1.4.9
* 1.3 vulnerable: <= 1.3.14 fixed: >= 1.3.15
Incorrect handling of <nowiki> and extension tags in table styles:
* 1.5 vulnerable: <= 1.5rc3 fixed: >= 1.5rc4
* 1.4 vulnerable: <= 1.4.8 fixed: >= 1.4.9
* 1.3 not vulnerable
Additionally, 1.5rc4 fixes some compatibility issues with PHP 5.1 beta.
Release notes:
1.5rc4 http://sourceforge.net/project/shownotes.php?release_id=352778
1.4.9 http://sourceforge.net/project/shownotes.php?release_id=352777
1.3.15 http://sourceforge.net/project/shownotes.php?release_id=352776
Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5rc4.tar.gz?download
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.9.tar.gz?download
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.3.15.tar.gz?download
File checksums:
MD5 (mediawiki-1.5rc4.tar.gz) = 5a27beedfa4107813296307fe52b20ad
MD5 (mediawiki-1.4.9.tar.gz) = fae30b065d08152735b2c2edd61aadf4
MD5 (mediawiki-1.3.15.tar.gz) = f1279514435143bd6840e1d570d8c4f4
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDE6oqwRnhpk1wk44RAmdEAKCOpHUv6+k37TlDCjxS9FCaJU1qJgCfTB/f
eJmxsPTk1GVEq9DHDF8X86s=
=euNq
-----END PGP SIGNATURE-----
_______________________________________________
MediaWiki-announce mailing list
MediaWiki-announce@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Hash: SHA1
These are security and maintenance releases, which fix two cross-site
scripting bugs. All internet-facing wikis are recommended to upgrade to
the current release in their series.
Incorrect handling of <math> tags when TeX rendering is disabled, as in
the default configuration. (Wikis where the optional math support has
been *enabled* are not vulnerable.)
* 1.5 vulnerable: <= 1.5rc3 fixed: >= 1.5rc4
* 1.4 vulnerable: <= 1.4.8 fixed: >= 1.4.9
* 1.3 vulnerable: <= 1.3.14 fixed: >= 1.3.15
Incorrect handling of <nowiki> and extension tags in table styles:
* 1.5 vulnerable: <= 1.5rc3 fixed: >= 1.5rc4
* 1.4 vulnerable: <= 1.4.8 fixed: >= 1.4.9
* 1.3 not vulnerable
Additionally, 1.5rc4 fixes some compatibility issues with PHP 5.1 beta.
Release notes:
1.5rc4 http://sourceforge.net/project/shownotes.php?release_id=352778
1.4.9 http://sourceforge.net/project/shownotes.php?release_id=352777
1.3.15 http://sourceforge.net/project/shownotes.php?release_id=352776
Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5rc4.tar.gz?download
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.9.tar.gz?download
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.3.15.tar.gz?download
File checksums:
MD5 (mediawiki-1.5rc4.tar.gz) = 5a27beedfa4107813296307fe52b20ad
MD5 (mediawiki-1.4.9.tar.gz) = fae30b065d08152735b2c2edd61aadf4
MD5 (mediawiki-1.3.15.tar.gz) = f1279514435143bd6840e1d570d8c4f4
Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ
Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDE6oqwRnhpk1wk44RAmdEAKCOpHUv6+k37TlDCjxS9FCaJU1qJgCfTB/f
eJmxsPTk1GVEq9DHDF8X86s=
=euNq
-----END PGP SIGNATURE-----
_______________________________________________
MediaWiki-announce mailing list
MediaWiki-announce@wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce