[MediaWiki-announce] MediaWiki 1.6.7 released

Brion Vibber brion at pobox.com
Tue Jun 6 09:32:08 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MediaWiki 1.6.7 is a security and bugfix maintenance release of the
Spring 2006 snapshot:

An HTML/JavaScript-injection vulnerability in the edit form has been closed.
This vulnerability was new in 1.6.0; MediaWiki versions 1.5.x or earlier are
not affected.

Extensions, comments, and <nowiki> sections are now handled in a one-pass
way which is more reliable and safer. Under earlier versions of MediaWiki,
certain extensions could be abused to inject HTML/JavaScript into the page.

Additional precautions are made against offsite form submissions when
the restricted raw HTML mode is enabled.

Some small localization and user interface updates are also included.

* (bug 6051) Improvement to German localisation (de)
* (bug 6017) Update bookstore list for German language (de)
* (bug 6138) Minor grammar tweak in "loginreqlink"
* (bug 5957) Update for Hebrew language (he)
* Increase robustness of parser placeholders; fixes some glitches when
  adjacent to identifier-ish constructs such as URLs.
* (bug 5384) Fix <!-- comments --> in <ref> extension
* Nesting of different tag extensions and comments should now work more
  consistently and more safely. A cleaner, one-pass tag strip lets the
  'outer' tag either take source (<nowiki>-style) or pass it down to
  further parsing (<ref>-style). There should no longer be surprise
  expansion of foreign extensions inside HTML output, or differences
  in behavior based on the order tags are loaded.
* (bug 885) Pre-save transform no longer silently appends close tags
* Pre-save transform no longer changes the case of close tags
* Edit security precautions in raw HTML mode, etc


Full release notes:
http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_7/phase3/RELEASE-NOTES
http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_7/phase3/HISTORY

Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.6.7.tar.gz

MD5 checksum:
cbcba609339abb5688068e5dc379110b  mediawiki-1.6.7.tar.gz

SHA-1 checksum:
b5aadd8240d63c644728d071e4f452d0efacf5bf mediawiki-1.6.7.tar.gz


Before asking for help, try the FAQ:
http://www.mediawiki.org/wiki/FAQ

Low-traffic release announcements mailing list:
(Please subscribe to receive announcements of security updates.)
http://mail.wikimedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list:
http://mail.wikimedia.org/mailman/listinfo/mediawiki-l

Bug report system:
http://bugzilla.wikimedia.org/

Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net

- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEhUuXwRnhpk1wk44RAt3lAJ47O0Zy8n3AuM03GM5jvXETaC75ogCfdsEe
JFcS6FqSkz0485oU4HN7eBs=
=8x0L
-----END PGP SIGNATURE-----



More information about the MediaWiki-announce mailing list