MediaWiki 1.6.7 is a security and bugfix maintenance release of the
Spring 2006 snapshot:
An HTML/JavaScript-injection vulnerability in the edit form has been closed.
This vulnerability was new in 1.6.0; MediaWiki versions 1.5.x or earlier are
not affected.
Extensions, comments, and <nowiki> sections are now handled in a one-pass
way which is more reliable and safer. Under earlier versions of MediaWiki,
certain extensions could be abused to inject HTML/JavaScript into the page.
Additional precautions are made against offsite form submissions when
the restricted raw HTML mode is enabled.
Some small localization and user interface updates are also included.