A security bug [1] has been fixed in CentralAuth; the bug caused logouts to
silently fail if the local account on the central login wiki was
unattached. That does not happen under normal circumstances, so the
vulnerability can only be exposed if some other error causes attaching
accounts to fail; nevertheless you are advised to update your
installations. The fix has been backported to all supported versions (those
for MediaWiki 1.23, 1.26 and 1.27).
Gergő
https://www.mediawiki.org/wiki/User:Tgr_(WMF)
[1] https://phabricator.wikimedia.org/T137551
_______________________________________________
MediaWiki announcements mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
silently fail if the local account on the central login wiki was
unattached. That does not happen under normal circumstances, so the
vulnerability can only be exposed if some other error causes attaching
accounts to fail; nevertheless you are advised to update your
installations. The fix has been backported to all supported versions (those
for MediaWiki 1.23, 1.26 and 1.27).
Gergő
https://www.mediawiki.org/wiki/User:Tgr_(WMF)
[1] https://phabricator.wikimedia.org/T137551
_______________________________________________
MediaWiki announcements mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce