MediaWiki 1.6.7 released

MediaWiki 1.6.7 is a security and bugfix maintenance release of the
Spring 2006 snapshot:

An HTML/JavaScript-injection vulnerability in the edit form has been closed.
This vulnerability was new in 1.6.0; MediaWiki versions 1.5.x or earlier are
not affected.

Extensions, comments, and <nowiki> sections are now handled in a one-pass
way which is more reliable and safer. Under earlier versions of MediaWiki,
certain extensions could be abused to inject HTML/JavaScript into the page.

Additional precautions are made against offsite form submissions when
the restricted raw HTML mode is enabled.

Some small localization and user interface updates are also included.

Posted by Brion Vibber 2006-06-06