Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [MediaWiki-announce] Security and maintenance release: 1.31.16 / 1.35.4 / 1.36.2

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [MediaWiki-announce] Security and maintenance release: 1.31.16 / 1.35.4 / 1.36.2


Chronologisch Thread 
  • From: Sam Reed <reedy AT wikimedia.org>
  • To: mediawiki-announce AT lists.wikimedia.org, MediaWiki announcements and site admin list <mediawiki-l AT lists.wikimedia.org>, wikitech-l AT lists.wikimedia.org
  • Subject: [IT-SecNots] [MediaWiki-announce] Security and maintenance release: 1.31.16 / 1.35.4 / 1.36.2
  • Date: Thu, 30 Sep 2021 18:41:01 +0100
  • Archived-at: <https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce AT lists.wikimedia.org/message/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/>
  • Authentication-results: mail02.piratenpartei.de; dkim=pass header.d=lists.wikimedia.org header.s=wikimedia header.b=Szya0qZE; dmarc=pass (policy=none) header.from=wikimedia.org; spf=pass (mail02.piratenpartei.de: domain of mediawiki-announce-bounces AT lists.wikimedia.org designates 208.80.154.21 as permitted sender) smtp.mailfrom=mediawiki-announce-bounces AT lists.wikimedia.org
  • List-archive: <https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce AT lists.wikimedia.org/>
  • List-id: MediaWiki update and security announcements list <mediawiki-announce.lists.wikimedia.org>

I would like to announce the release of MediaWiki 1.31.16, 1.35.4 and
1.36.2!

These releases also serve as a maintenance release for these branches.

This is the final release of the 1.31 branch, and it is considered EOL as
of today, September 30, 2021.

While tarballs have already been uploaded, git tags will follow later on
today.

An "MediaWiki Extensions Security Release Supplement" email will follow
this one.

== Security fixes ==
* (T285515, CVE-2021-41798) SECURITY: XSS vulnerability in Special:Search.
* (T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full
table scan.
* (T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of
Special:Contributions.

=== Extension security fixes ===
* (T279090, CVE-2021-41801) SECURITY: ReplaceText continues performing
actions if the user no longer has the correct permission (such as by being
blocked).

== Links to all mentioned tasks ==
* https://phabricator.wikimedia.org/T285515
* https://phabricator.wikimedia.org/T290379
* https://phabricator.wikimedia.org/T284419
* https://phabricator.wikimedia.org/T279090

== Release notes ==

Full release notes for 1.31.16:
https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_31/RELEASE-NOTES-1.31
https://www.mediawiki.org/wiki/Release_notes/1.31

Full release notes for 1.35.4:
https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_35/RELEASE-NOTES-1.35
https://www.mediawiki.org/wiki/Release_notes/1.35

Full release notes for 1.36.2:
https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_36/RELEASE-NOTES-1.36
https://www.mediawiki.org/wiki/Release_notes/1.36

For information about how to upgrade, see
<https://www.mediawiki.org/wiki/Manual:Upgrading>

**********************************************************************
Download:
https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.16.tar.gz
https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.16.zip

Download without bundled extensions:
https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.16.tar.gz
https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.16.zip

Patch to previous version (1.31.15):
https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.16.patch.gz
https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.16.patch.zip

GPG signatures:
https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.16.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.16.zip.sig
https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.16.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.16.zip.sig
https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.16.patch.gz.sig
https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.16.patch.zip.sig

Public keys:
https://www.mediawiki.org/keys/keys.html

**********************************************************************
Download:
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.4.tar.gz
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.4.zip

Download without bundled extensions:
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.4.tar.gz
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.4.zip

Patch to previous version (1.35.3):
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.4.patch.gz
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.4.patch.zip

GPG signatures:
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.4.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.4.zip.sig
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.4.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.4.zip.sig
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.4.patch.gz.sig
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.4.patch.zip.sig

Public keys:
https://www.mediawiki.org/keys/keys.html

**********************************************************************
Download:
https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.2.tar.gz
https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.2.zip

Download without bundled extensions:
https://releases.wikimedia.org/mediawiki/1.36/mediawiki-core-1.36.2.tar.gz
https://releases.wikimedia.org/mediawiki/1.36/mediawiki-core-1.36.2.zip

Patch to previous version (1.36.1):
https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.2.patch.gz
https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.2.patch.zip

GPG signatures:
https://releases.wikimedia.org/mediawiki/1.36/mediawiki-core-1.36.2.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.36/mediawiki-core-1.36.2.zip.sig
https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.2.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.2.zip.sig
https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.2.patch.gz.sig
https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.2.patch.zip.sig

Public keys:
https://www.mediawiki.org/keys/keys.html
_______________________________________________
MediaWiki announcements mailing list
To unsubscribe, go to:


  • [IT-SecNots] [MediaWiki-announce] Security and maintenance release: 1.31.16 / 1.35.4 / 1.36.2, Sam Reed, 30.09.2021

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang