MediaWiki 1.4.2 released

MediaWiki 1.4.2 is a security and bug fix release for the 1.4 stable release series. A cross-site scripting injection vulnerability was discovered, which affects only MSIE clients and is only open if MediaWiki has been manually configured to run output through HTML Tidy ($wgUseTidy).

Several other bugs are also fixed in 1.4.2.

A 1.3.12 maintenance release is also available with the Tidy
fix only.

Release notes for 1.4.2:


Before asking for help, try the FAQ:

Low-traffic release announcements mailing list:

Wiki admin help mailing list:

Bug report system:

Play "stump the developers" live on IRC:
#mediawiki on

Posted by Brion Vibber 2005-04-22