MediaWiki 1.4.6, 1.5beta3 released (SECURITY)

MediaWiki 1.4.6 is a bug fix and security update release. Incorrect escaping of a parameter in the page move template could be used to inject JavaScript code by getting a victim to visit a maliciously constructed URL. Users of vulnerable releases are recommended to upgrade to this release.

Vulnerable versions:
* 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3
* 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6
* 1.3 legacy series: not vulnerable

This release also includes fixes for some rare but annoying HTTP errors, a PHP 4.1.2 breakage bug, and works around some template limitations introduced in 1.4.5. See the changelog at the end of this file for a detailed list of bugs fixed.

Release notes:


MD5 checksum: f4f82bd486756c279f0c1977b290ce3b

Before asking for help, try the FAQ:

Low-traffic release announcements mailing list:

Wiki admin help mailing list:

Bug report system:

Play "stump the developers" live on IRC:
#mediawiki on

Posted by Brion Vibber 2005-07-08

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks