MediaWiki 1.5.5, 1.4.13 released

MediaWiki 1.5.5 and 1.4.13 are a security and bugfix maintenance releases.

Detection for uploads of Windows Metafile (.wmf) images has been added to help
protect against a client-side vulnerability in unpatched Microsoft Windows
operating systems.

Sites which have enabled uploads and added non-standard file types (such as
.ogg, .doc, or .pdf) should upgrade to this release to ensure that malicious
.wmf files can't be uploaded with a fake extension; such files could put
visitors to the site at risk.

For more details on this, see:
http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability

Additionally, a maintenance script removeUnusedAccounts.php has been added in
1.5.5; this replaces an older Perl script which had not been updated for the new
schema in 1.5.

Full release announcement and downloads:
http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-January/000037.html

Posted by Brion Vibber 2006-01-06

Log in to post a comment.