Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

MediaWiki 1.3.13, 1.4.5, 1.5alpha2 released (SECURITY)

MediaWiki 1.3.13 is a security maintenance release.

Incorrect handling of page template inclusions made it possible to inject JavaScript code into HTML attributes, which could lead to cross-site scripting attacks on a publicly editable wiki.

Vulnerable releases and fix:
* 1.5 prerelease: fixed in 1.5alpha2
* 1.4 stable series: fixed in 1.4.5
* 1.3 legacy series: fixed in 1.3.13
* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended

The 1.3.x series is no longer maintained except for security fixes;
new users and those seeking general bug fixes should install 1.4.5. Existing 1.3.x installations not willing or able to upgrade to the current stable relase should update the installation to 1.3.13; only includes/Parser.php has changed from 1.3.12.

1.4.5 includes a number of bug fixes as well.

Tarballs are available for download:
http://sourceforge.net/projects/wikipedia/

Posted by Brion Vibber 2005-06-03