From: Markus K. <ma...@se...> - 2008-06-14 14:35:08
|
Hi all, MediaWiki's new security scanner has detected vulnerabilities in SMW (and many other extensions). In the worst case, an attacker might be able to trick your server into executing foreign PHP scripts. This is possible only if the "register_globals" option on your server is activated. To close all potential security wholes, we recommend to update SMW in one of the following ways: == Servers running the recent development version of SMW == Just update to the latest code from SVN. == Servers running SMW 1.1.1 == We have created a backport SMW 1.1.2 that has all security fixes. It is available in two places: * File release: get semediawiki-1.1.2 from sourceforge [1] * SVN: check out the 1.1.2 release from the SVN tag directory [2] In either case, no special update procedure is needed -- just replace the old SMW directory with the new files. == Servers running older version of SMW == Get SMW 1.1.2 as described above, and follow the update instructions given in INSTALL [3]. Cheers, Markus [1] https://sourceforge.net/project/showfiles.php?group_id=147937 [2] http://svn.wikimedia.org/svnroot/mediawiki/tags/extensions/SemanticMediaWiki/ [3] http://svn.wikimedia.org/svnroot/mediawiki/tags/extensions/SemanticMediaWiki/REL_1_1_2/INSTALL -- Markus Krötzsch Semantic MediaWiki http://semantic-mediawiki.org http://korrekt.org ma...@se... |