Bug 292360 (wiki145)

Upgrade wikis to MediaWiki 1.4.5

RESOLVED FIXED

Status

mozilla.org Graveyard
Server Operations
P4
critical
RESOLVED FIXED
13 years ago
3 years ago

People

(Reporter: tom, Assigned: justdave)

Tracking

Details

(URL)

(Reporter)

Description

13 years ago
bug 287722 was resolved right before 1.4.3 came out.  JustDave told me to file a
new bug.

http://sourceforge.net/project/shownotes.php?release_id=323971
(Reporter)

Comment 1

13 years ago
MediaWiki 1.4.4 is a bugfix release for the 1.4 stable release series.

Some bugs in the installer/updater and refreshLinks maintenance script
were introduced in the last release and have been corrected.

== Changes from 1.4.3 ==

* (bug 725) Let dir="ltr" attribute work again in MonoBook on RTL languages
* (bug 2024) Skip JavaScript error for custom skins where .js message
not set
* (bug 2025) Updated Indonesian localization
* (bug 2039) Updated Lithuanian localization
* Don't die on PHP <4.3.0 when calling mysql_ping()
* Fix refreshLinks cleanup step on MySQL 3.x
* Fix breakage on rerunning the site_stats update
* Localized namespaces for csb

Release notes:
http://sourceforge.net/project/shownotes.php?release_id=325088

Download:
http://prdownloads.sf.net/wikipedia/mediawiki-1.4.4.tar.gz?download
MD5 checksum: 85553d464041e36b85939810d79f5bf4

Before asking for help, try the FAQ:
http://meta.wikimedia.org/wiki/MediaWiki_FAQ

Low-traffic release announcements mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce

Wiki admin help mailing list:
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

Bug report system:
http://bugzilla.wikimedia.org/

Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net

- -- brion vibber (brion @ pobox.com)
Summary: Upgrade wikis to MediaWiki 1.4.3 → Upgrade wikis to MediaWiki 1.4.4
Just FYI, we're not going to upgrade every time a release comes out unless they
contain security fixes or new features we really want.  They're coming too fast
for us to have any hope of keeping up otherwise.  (just so you don't get your
hopes up :)
Priority: -- → P4
(Reporter)

Comment 3

13 years ago
MediaWiki 1.4.5 is a security update and bugfix release.

Incorrect handling of page template inclusions made it possible to
inject JavaScript code into HTML attributes, which could lead to
cross-site scripting attacks on a publicly editable wiki.

Vulnerable releases and fix:
* 1.5 prerelease: fixed in 1.5alpha2
* 1.4 stable series: fixed in 1.4.5
* 1.3 legacy series: fixed in 1.3.13
Alias: wiki145
Severity: major → critical
Summary: Upgrade wikis to MediaWiki 1.4.4 → Upgrade wikis to MediaWiki 1.4.5
Marking as INVALID as wiki.mozilla.org reports itself as MW 1.4.6 :)
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → INVALID
(Reporter)

Comment 5

13 years ago
reopening for a sec
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
(Reporter)

Comment 6

13 years ago
bug is fixed, at time of bug creation wiki was at 1.4.2 and now it's at 1.4.5+, thus bug was fixed inadvertently and was not 'invalid'.
Status: REOPENED → RESOLVED
Last Resolved: 13 years ago13 years ago
Resolution: --- → FIXED
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.