MediaWiki

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A second release candidate for MediaWiki 1.13 is now available. Please try it out and tell us if it works for you. This is a beta release and should be used with care. Selected changes since MediaWiki ... [More] 1.13.0rc1: * Removed $wgForwardSearchUrl * Added magic word __STATICREDIRECT__ to suppress the redirect fixer * Fixed bugs 14907, 14966, 14987, 13376, 14904, 15035 and 14944. Selected changes since MediaWiki 1.12.0: * New special pages: FileDuplicateSearch, ListGroupRights * Special:UserRights and Special:SpecialPages have been redesigned * More options on Special:Recentchangeslinked and Special:WhatLinksHere * New parser functions: PAGESINCATEGORY, PAGESIZE * Can hide categories with __HIDDENCAT__ * Friendlier behaviour for users who click a red link but can't edit * Image redirects are now enabled by default * Drop-down AJAX search suggestions ($wgEnableMWSuggest) * Search results show image thumbnails * The search box in the MonoBook sidebar can be moved up by editing [[MediaWiki:Sidebar]] * Double redirects created by a page move can be fixed automatically Full release notes: http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_0RC2/phase3/RELEASE-NOTES Download: http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.0rc2.tar.gz GPG signatures: http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.0rc2.tar.gz.sig Public keys: https://secure.wikimedia.org/keys.html SHA-1 checksums: 20fa379f70f85b3f2bd72cb1d7eb06dd4cbd2846 mediawiki-1.13.0rc2.tar.gz MD-5 checksums: 82c24570ace0a90c4192b9225b3b019f mediawiki-1.13.0rc2.tar.gz - -- Tim Starling -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIn8aDdWgrCOij/sQRAueAAJsEO+UrhY7W7+wjM/TN125R3pUp0QCfUon2 jUoK8hqfZ0sIXtf/4G9cA2Q= =roc2 -----END PGP SIGNATURE----- [Less]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A release candidate for MediaWiki 1.13 is now available. Please try it out and tell us if it works for you. This is a beta release and is not recommended for use in a production environment (except if ... [More] you're really clever like us). Selected changes since MediaWiki 1.12.0: * New special pages: FileDuplicateSearch, ListGroupRights * Special:UserRights and Special:SpecialPages have been redesigned * More options on Special:Recentchangeslinked and Special:WhatLinksHere * New parser functions: PAGESINCATEGORY, PAGESIZE * Can hide categories with __HIDDENCAT__ * Friendlier behaviour for users who click a red link but can't edit * Image redirects are now enabled by default * Drop-down AJAX search suggestions ($wgEnableMWSuggest) * Search results show image thumbnails * The search box in the MonoBook sidebar can be moved up by editing [[MediaWiki:Sidebar]] * Double redirects created by a page move can be fixed automatically Full release notes: http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_0RC1/phase3/RELEASE-NOTES Download: http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.0rc1.tar.gz GPG signatures: http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.0rc1.tar.gz.sig Public keys: https://secure.wikimedia.org/keys.html SHA-1 checksums: be9a2645ea38d074b05a726e5ac2f3699ab482f8 mediawiki-1.13.0rc1.tar.gz MD-5 checksums: 042a8662d2fcce0e8c5a3a5c17ce6d59 mediawiki-1.13.0rc1.tar.gz Before asking for help, try the FAQ: http://www.mediawiki.org/wiki/Manual:FAQ Low-traffic release announcements mailing list: (Please subscribe to receive announcements of security updates.) http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce Wiki admin help mailing list: http://lists.wikimedia.org/mailman/listinfo/mediawiki-l Bug report system: http://bugzilla.wikimedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- Tim Starling -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIiJuPdWgrCOij/sQRAgEYAJ4tm0QG6RLQN/zL/zglMZG/HqenIACgg9aD qQdsAu v8xtclPuv2wl1ZMA= =RqPl -----END PGP SIGNATURE----- [Less]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A release candidate for MediaWiki 1.13 is now available. Please try it out and tell us if it works for you. This is a beta release and is not recommended for use in a production environment (except if ... [More] you're really clever like us). Selected changes since MediaWiki 1.12.0: * New special pages: FileDuplicateSearch, ListGroupRights * Special:UserRights and Special:SpecialPages have been redesigned * More options on Special:Recentchangeslinked and Special:WhatLinksHere * New parser functions: PAGESINCATEGORY, PAGESIZE * Can hide categories with __HIDDENCAT__ * Friendlier behaviour for users who click a red link but can't edit * Image redirects are now enabled by default * Drop-down AJAX search suggestions ($wgEnableMWSuggest) * Search results show image thumbnails * The search box in the MonoBook sidebar can be moved up by editing [[MediaWiki:Sidebar]] * Double redirects created by a page move can be fixed automatically Full release notes: http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_0RC1/phase3/RELEASE-NOTES Download: http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.0rc1.tar.gz GPG signatures: http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.0rc1.tar.gz.sig Public keys: https://secure.wikimedia.org/keys.html SHA-1 checksums: be9a2645ea38d074b05a726e5ac2f3699ab482f8 mediawiki-1.13.0rc1.tar.gz MD-5 checksums: 042a8662d2fcce0e8c5a3a5c17ce6d59 mediawiki-1.13.0rc1.tar.gz Before asking for help, try the FAQ: http://www.mediawiki.org/wiki/Manual:FAQ Low-traffic release announcements mailing list: (Please subscribe to receive announcements of security updates.) http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce Wiki admin help mailing list: http://lists.wikimedia.org/mailman/listinfo/mediawiki-l Bug report system: http://bugzilla.wikimedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- Tim Starling -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIiJuPdWgrCOij/sQRAgEYAJ4tm0QG6RLQN/zL/zglMZG/HqenIACgg9aD qQdsAu+v8xtclPuv2wl1ZMA= =RqPl -----END PGP SIGNATURE----- [Less]

The following extensions had cross-site scripting (XSS) vulnerabilities: * geo * MetavidWiki * wikihiero These vulnerabilities are exploitable even if the extensions are disabled. If you have any of these extensions installed, please update them ... [More] immediately. Many shared hosting services have the php.ini setting "register_globals" enabled, despite the fact that it is known to be detrimental to security. A new automated vulnerability scanner has found a large number of security vulnerabilities in MediaWiki extensions, when register_globals is enabled. Unless you are sure you have register_globals disabled, the following extensions should be immediately updated: Cross-site scripting vulnerabilities: * Call * ChangeAuthor * EditOwn * SignDocument * TemplateLink * WatchSubpages * WhoIsWatching * php/ext/MediaWiki Arbitrary script inclusion vulnerabilities: * CategoryIntersection * Makebot * PasswordReset * regexBlock * SemanticCalendar * SemanticForms * SemanticMediaWiki * SocialProfile * SpamRegex * StalePages * TodoTasks * WhiteList * Wikidata All these extensions are vulnerable regardless of whether they are enabled in LocalSettings.php. They only need to be installed, with their installation directory accessible from the public internet. Downloads in .tar.gz form for all these MediaWiki extensions are available from: http://www.mediawiki.org/wiki/Special:ExtensionDistributor Or using a subversion client from: http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions [Less]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 No problems reported with 1.12.0rc1, so here's the final release. Enjoy! Full release notes: http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_0/phase3/RELEASE-NOTES Download: ... [More] http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.0.tar.gz GPG signature: http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.0.tar.gz.sig SHA-1 checksum: 48bf1877f60c317cbe93c072187dfe9c1aa3b857 mediawiki-1.12.0.tar.gz MD-5 checksum: MD5 (mediawiki-1.12.0.tar.gz) = 117a1360f440883a51f0ebca32906ea0 Before asking for help, try the FAQ: http://www.mediawiki.org/wiki/Manual:FAQ Low-traffic release announcements mailing list: (Please subscribe to receive announcements of security updates.) http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce Wiki admin help mailing list: http://lists.wikimedia.org/mailman/listinfo/mediawiki-l Bug report system: http://bugzilla.wikimedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- brion vibber (brion < at > wikimedia.org) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfi4fcACgkQwRnhpk1wk46HEACaAvMj2oHe0stHrXdhKWUR2fF8 CosAoKvS5oWuitWIgT7rTh N06kNNmqt =j1cY -----END PGP SIGNATURE----- [Less]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 No problems reported with 1.12.0rc1, so here's the final release. Enjoy! Full release notes: http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_0/phase3/RELEASE-NOTES Download: ... [More] http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.0.tar.gz GPG signature: http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.0.tar.gz.sig SHA-1 checksum: 48bf1877f60c317cbe93c072187dfe9c1aa3b857 mediawiki-1.12.0.tar.gz MD-5 checksum: MD5 (mediawiki-1.12.0.tar.gz) = 117a1360f440883a51f0ebca32906ea0 Before asking for help, try the FAQ: http://www.mediawiki.org/wiki/Manual:FAQ Low-traffic release announcements mailing list: (Please subscribe to receive announcements of security updates.) http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce Wiki admin help mailing list: http://lists.wikimedia.org/mailman/listinfo/mediawiki-l Bug report system: http://bugzilla.wikimedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- brion vibber (brion < at > wikimedia.org) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfi4fcACgkQwRnhpk1wk46HEACaAvMj2oHe0stHrXdhKWUR2fF8 CosAoKvS5oWuitWIgT7rTh+N06kNNmqt =j1cY -----END PGP SIGNATURE----- [Less]

Ok, the release schedule got disrupted with all the busy Wikimedia Foundation stuff over the last few months, but we're getting back on track with this release candidate for the Winter 2008 quarterly release, MediaWiki 1.12. There's a *lot* of ... [More] updates, small and large... Perhaps most significant is a rewrite of much of the parser, changing how templates and extensions are expanded. Among other things, this should ensure that complex mixes of templates and HTML tables should render more similarly between Wikipedia and default installations of MediaWiki. For this release candidate, we're very interested to hear back about regressions or problems with the installer / updaters. Note that, as with most previous releases, you will have to run the updaters to apply some database schema updates when you upgrade. Full release notes: http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_12_0RC1/phase3/RELEASE-NOTES Download: http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.0rc1.tar.gz GPG signatures: http://download.wikimedia.org/mediawiki/1.12/mediawiki-1.12.0rc1.tar.gz.sig SHA-1 checksums: ee5c298a667b6fa476a5c6de9ddb4c23f2cfd03d mediawiki-1.12.0rc1.tar.gz MD-5 checksums: MD5 (mediawiki-1.12.0rc1.tar.gz) = a77fbae59e70f4623564c5d45bb1eb9f Before asking for help, try the FAQ: http://www.mediawiki.org/wiki/Manual:FAQ Low-traffic release announcements mailing list: (Please subscribe to receive announcements of security updates.) http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce Wiki admin help mailing list: http://lists.wikimedia.org/mailman/listinfo/mediawiki-l Bug report system: http://bugzilla.wikimedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net [Less]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki 1.11.2 is a security release of the Fall 2007 snapshot release of MediaWiki. Possible cross-site information leaks using the callback parameter for JSON-formatted results in the API are ... [More] prevented by dropping user credentials. MediaWiki release versions prior to 1.11 are not vulnerable, as they do not include the callback feature which allows client-side JavaScript on other sites to reach API data. Changes in this release: * User credentials are dropped for API JSON requests using a callback * Edit tokens are not reported for API JSON requests using a callback Full release notes: http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_2/phase3/RELEASE-NOTES Download: http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.2.tar.gz http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.2.patch GPG signatures: http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.2.tar.gz.sig http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.2.patch.sig SHA-1 checksums: c5d5e99d73e646cff421b3bb92dd638fb93cd575 mediawiki-1.11.2.tar.gz ce13da8071c4618deda28cf6e8c2eea110d258ef mediawiki-1.11.2.patch MD-5 checksums: MD5 (mediawiki-1.11.2.tar.gz) = 12e81f27a37b15b9d1ed110d6f48b35f MD5 (mediawiki-1.11.2.patch) = 7cac126c2bdda3b32160da8faab246b4 Before asking for help, try the FAQ: http://www.mediawiki.org/wiki/Manual:FAQ Low-traffic release announcements mailing list: (Please subscribe to receive announcements of security updates.) http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce Wiki admin help mailing list: http://lists.wikimedia.org/mailman/listinfo/mediawiki-l Bug report system: http://bugzilla.wikimedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- brion vibber (brion < at > wikimedia.org) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfLps0ACgkQwRnhpk1wk46ZLgCfa1/wygI6y3ncmGiLW/AUqFku YWEAoMTCedybr2GHmz7zldVk894rg8wL =s6Xl -----END PGP SIGNATURE----- [Less]

Corrections for API path fix, broken in 1.10.3 and 1.9.5. Full release notes: http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_10_4/phase3/RELEASE-NOTES http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_6/phase3/RELEASE-NOTES Download: ... [More] http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.4.tar.gz http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.4.patch http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.6.tar.gz http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.6.patch GPG signatures: http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.4.tar.gz.sig http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.4.patch.sig http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.6.tar.gz.sig http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.6.patch.sig SHA-1 checksums: df5b59aaf50ec674542cc928cfd58f2ddfb3b9f5 mediawiki-1.10.4.tar.gz 14dc1c1a796452158c2c2668def61ab2c9cd4abd mediawiki-1.10.4.patch 4a09172ec52fd3bb81861fcbebd63530fd5e8238 mediawiki-1.9.6.tar.gz 3ca1ab772ab39ccb9e84e3e02219dcec02a4de66 mediawiki-1.9.6.patch MD-5 checksums: MD5 (mediawiki-1.10.4.tar.gz) = d81e5607a365b71f09496864e0aa93bb MD5 (mediawiki-1.10.4.patch) = d8f06822dcd4c110e10a6fb2e7273a0f MD5 (mediawiki-1.9.6.tar.gz) = d7e49bc59c072b339495ece7ee3dd053 MD5 (mediawiki-1.9.6.patch) = 9be86077efe3d837a930c7e2d6379d31 Before asking for help, try the FAQ: http://www.mediawiki.org/wiki/Manual:FAQ Low-traffic release announcements mailing list: (Please subscribe to receive announcements of security updates.) http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce Wiki admin help mailing list: http://lists.wikimedia.org/mailman/listinfo/mediawiki-l Bug report system: http://bugzilla.wikimedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net [Less]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a security and bugfix release of the Fall, Spring, and Winter 2007 snapshot releases of MediaWiki. A potential XSS injection vector affecting api.php only for Microsoft Internet Explorer users ... [More] has been closed. To work around the vulnerability without upgrading, you may disable the API if you don't need it: ~ $wgEnableAPI = false; Not vulnerable versions: * 1.12 or later * 1.11 >= 1.11.1 * 1.10 >= 1.10.3 * 1.9 >= 1.9.5 * 1.8 any version (if $wgEnableAPI has been left off) Vulnerable versions: * 1.11 <= 1.11.0rc1 * 1.10 <= 1.10.2 * 1.9 <= 1.9.4 * 1.8 any version (if $wgEnableAPI has been switched on) MediaWiki 1.7 and below are not affected as they do not include the API functionality, however the BotQuery extension is similarly vulnerable unless updated to the latest SVN version. Full release notes: http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_11_1/phase3/RELEASE-NOTES http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_10_3/phase3/RELEASE-NOTES http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_5/phase3/RELEASE-NOTES Download: http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.1.tar.gz http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.1.patch http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.3.tar.gz http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.3.patch http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.5.tar.gz http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.5.patch GPG signatures: http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.1.tar.gz.sig http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.1.patch.sig http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.3.tar.gz.sig http://download.wikimedia.org/mediawiki/1.10/mediawiki-1.10.3.patch.sig http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.5.tar.gz.sig http://download.wikimedia.org/mediawiki/1.9/mediawiki-1.9.5.patch.sig SHA-1 checksums: d452e0013969b064a2166eeae8d03227a8ff1fa3 mediawiki-1.11.1.tar.gz 1de49e3f8e4cf3965f8725d8389f69259bc7345c mediawiki-1.11.1.patch 2545518fde24b9b5fe8754bbe57cf4c8413d7cd5 mediawiki-1.10.3.tar.gz 815930de473097aa1f2047cf8fce37cab0e39940 mediawiki-1.10.3.patch cd38fbd4dc255d13bdf5b04057469f87c9f85ae2 mediawiki-1.9.5.tar.gz 3a37c7146e96d471aead18bd65c951905c3a590f mediawiki-1.9.5.patch MD5 checksums: a7c9c31c3e6ab1d1137930b7dc86b2a7 mediawiki-1.11.1.tar.gz 206888cefca030ace4e96008d0ea4f3b mediawiki-1.11.1.patch e5e798b400c955a519c65efab8d25192 mediawiki-1.9.5.tar.gz f71b5debbaa78a48740e74fe6965d3b1 mediawiki-1.9.5.patch 8a4be92512b428d6c6301febf96ea2bf mediawiki-1.10.3.tar.gz eaec534dcd957d59022148f9d075d028 mediawiki-1.10.3.patch Before asking for help, try the FAQ: http://www.mediawiki.org/wiki/Manual:FAQ Low-traffic release announcements mailing list: (Please subscribe to receive announcements of security updates.) http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce Wiki admin help mailing list: http://lists.wikimedia.org/mailman/listinfo/mediawiki-l Bug report system: http://bugzilla.wikimedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- brion vibber (brion < at > wikimedia.org) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHl+LiwRnhpk1wk44RAp2kAKDAdCn0ZJynAItqo2NRosNbWdLkfgCeOjGj 9zZ6KS9kj3ia+g7VLKmW15Q= =nrpu -----END PGP SIGNATURE----- [Less]