[MediaWiki-announce] MediaWiki 1.5.5, 1.4.13 released (SECURITY)

Brion Vibber brion at pobox.com
Fri Jan 6 00:43:27 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MediaWiki 1.5.5 and 1.4.13 are a security and bugfix maintenance releases.

Detection for uploads of Windows Metafile (.wmf) images has been added to help
protect against a client-side vulnerability in unpatched Microsoft Windows
operating systems.

Sites which have enabled uploads and added non-standard file types (such as
.ogg, .doc, or .pdf) should upgrade to this release to ensure that malicious
.wmf files can't be uploaded with a fake extension; such files could put
visitors to the site at risk.

For more details on this, see:
http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability


Additionally, a maintenance script removeUnusedAccounts.php has been added in
1.5.5; this replaces an older Perl script which had not been updated for the new
schema in 1.5.



Release notes:
1.5.5: http://sourceforge.net/project/shownotes.php?release_id=383209
1.4.13: http://sourceforge.net/project/shownotes.php?release_id=383208

Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.5.5.tar.gz?download
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.4.13.tar.gz?download

MD5 checksums:
4210fe8559e08bb9d1d0e6e34f68cf37  mediawiki-1.5.5.tar.gz
c297ba65d88b380d0cc31366d90cb23b  mediawiki-1.4.13.tar.gz

SHA-1 checksums:
7f4f2f6aedaaf7d1ab2515416ef7e02c8fae61a6 mediawiki-1.5.5.tar.gz
7a604714d595d0ac07f2f5c382254002732fa3b3 mediawiki-1.4.13.tar.gz


Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ

Low-traffic release announcements mailing list:
(Please subscribe to receive announcements of security updates.)
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

Bug report system:
http://bugzilla.wikimedia.org/

Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net

- -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFDvb0vwRnhpk1wk44RAgwuAKCW+Gihv5CVzSyGavlSjRSbZJ6HQgCgyqoU
urdWZTm/KVDQzseRIXAmYTQ=
=p7pM
-----END PGP SIGNATURE-----



More information about the MediaWiki-announce mailing list