MediaWiki 1.3.9 is a security and bug fix release.
A flaw in upload handling has been found which may allow upload and execution of arbitrary scripts with the permissions of the web server. Only wikis that have enabled uploads and have a vulnerable Apache configuration will be affected, but to be safe all wikis should upgrade.
Wikis with uploads available should either disable uploads or upgrade to 1.3.9 immediately; if other files are customized and require merging changes, includes/SpecialUpload.php may be replaced individually to add the fix.
MediaWiki 1.4beta4 includes this same fix for the beta series, as well as miscellaneous bug fixes.
1.3.9 release notes:
1.4beta3 release notes: