[Pkg-mediawiki-devel] [MediaWiki-announce] MediaWiki Security Release: 1.20.5 and 1.19.6

Chris Steipp csteipp at wikimedia.org
Tue Apr 30 20:14:43 UTC 2013


I would like to announce the release of MediaWiki 1.20.5 and 1.19.6.
These releases fix 2 security related issues that could affect users
of MediaWiki. Download links are given at the end of this email.

* Jan Schejbal / Hatforce.com reported that SVG script filtering could
be bypassed for Chrome and Firefox clients by using an encoding that
MediaWiki understood, but these browsers interpreted as UTF-8.
<https://bugzilla.wikimedia.org/show_bug.cgi?id=47304>

* Internal review discovered that extensions were not given the
opportunity to disable a password reset, which could lead to
circumvention of two-factor authentication.
<https://bugzilla.wikimedia.org/show_bug.cgi?id=46590>

Full release notes for 1.20.5:
<https://www.mediawiki.org/wiki/Release_notes/1.20>

Full release notes for 1.19.6:
<https://www.mediawiki.org/wiki/Release_notes/1.19>

For information about how to upgrade, see
<https://www.mediawiki.org/wiki/Manual:Upgrading>


**********************************************************************
   1.20.5
**********************************************************************
Download:
http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.5.tar.gz

Patch to previous version (1.20.4), without interface text:
http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.5.patch.gz
Interface text changes:
http://download.wikimedia.org/mediawiki/1.20/mediawiki-i18n-1.20.5.patch.gz

GPG signatures:
http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.5.tar.gz.sig
http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.5.patch.gz.sig
http://download.wikimedia.org/mediawiki/1.20/mediawiki-i18n-1.20.5.patch.gz.sig

Public keys:
https://secure.wikimedia.org/keys.html


**********************************************************************
   1.19.6
**********************************************************************
Download:
http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.6.tar.gz

Patch to previous version (1.19.5), without interface text:
http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.6.patch.gz
Interface text changes:
http://download.wikimedia.org/mediawiki/1.19/mediawiki-i18n-1.19.6.patch.gz

GPG signatures:
http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.6.tar.gz.sig
http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.6.patch.gz.sig
http://download.wikimedia.org/mediawiki/1.19/mediawiki-i18n-1.19.6.patch.gz.sig

Public keys:
https://secure.wikimedia.org/keys.html

_______________________________________________
MediaWiki announcements mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce


More information about the Pkg-mediawiki-devel mailing list