[Pkg-mediawiki-devel] [MediaWiki-announce] MediaWiki 1.5.4 released

Brion Vibber brion at pobox.com
Thu Dec 22 00:25:34 UTC 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MediaWiki 1.5.4 is a security and bugfix maintenance release.

A hardcoded internal placeholder string has been replaced with a random
one. This closes a hole where security checks in inline style attributes
could be bypassed, injecting JavaScript code that could execute in
Microsoft Internet Explorer.

Other browsers would not be vulnerable.

Several minor fixes are included in this release, most notably a fix
to clear the "you have new messages" flag properly for usernames
containing spaces when e-mail notification is enabled.

See the changelog at the end of the release notes for a full list of
fixes.


Release notes:
http://sourceforge.net/project/shownotes.php?release_id=379951

Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5.4.tar.gz?download

MD5 checksum:
c5cff706c4d2fc8dd5aabd10f1714be0  mediawiki-1.5.4.tar.gz

SHA-1 checksum:
12ccdbdd295152937595d4a00c41ae156bf19015 mediawiki-1.5.4.tar.gz


Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ

Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

Bug report system:
http://bugzilla.wikimedia.org/

Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net

- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFDqfJ+wRnhpk1wk44RAodbAKCP6RPb2vysJTeUMMMq5eT9EXUkUgCfXzKL
mL8OeBGrSnXpPWteNI42ylI=
=oCrk
-----END PGP SIGNATURE-----
_______________________________________________
MediaWiki-announce mailing list
MediaWiki-announce at wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce



More information about the Pkg-mediawiki-devel mailing list