Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [MediaWiki-announce] Security pre-release announcement: 1.39.12 / 1.42.6 / 1.43.1

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [MediaWiki-announce] Security pre-release announcement: 1.39.12 / 1.42.6 / 1.43.1


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Sam Reed <reedy AT wikimedia.org>
  • To: MediaWiki announcements and site admin list <mediawiki-l AT lists.wikimedia.org>, mediawiki-announce AT lists.wikimedia.org, wikitech-l AT lists.wikimedia.org
  • Subject: [IT-SecNots] [MediaWiki-announce] Security pre-release announcement: 1.39.12 / 1.42.6 / 1.43.1
  • Date: Wed, 9 Apr 2025 21:57:04 +0100
  • Archived-at: <https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce AT lists.wikimedia.org/message/J62QRHBYZP4YN5LETRG7YQG4MMBBBX3D/>
  • Authentication-results: lists.piratenpartei.de; dkim=pass header.d=lists.wikimedia.org header.s=wikimedia header.b=c7Ic5M9Y; spf=pass (lists.piratenpartei.de: domain of mediawiki-announce-bounces AT lists.wikimedia.org designates 2620:0:861:3:208:80:154:81 as permitted sender) smtp.mailfrom=mediawiki-announce-bounces AT lists.wikimedia.org; dmarc=pass (policy=none) header.from=wikimedia.org
  • List-archive: <https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce AT lists.wikimedia.org/>
  • List-id: MediaWiki update and security announcements list <mediawiki-announce.lists.wikimedia.org>
Hi all,

Apologies for this release being late, as it was due in the last week of
March. Unfortunately, due to the events of [2], that took priority in terms
of resources.

On Thursday we will be issuing a security and maintenance release to all
supported branches of MediaWiki.

The new releases will be:

- 1.39.12
- 1.42.6
- 1.43.1

This will also resolve a security issue in a bundled extension, along with
bug fixes included for maintenance reasons.

These security issues also affect many unsupported versions of MediaWiki.

We will make the fixes available in the respective release branches and
master in git. Tarballs will be available for the above mentioned point
releases as well.

A summary of some of the security fixes that have gone into non-bundled
MediaWiki extensions will also follow later.

As a reminder, MediaWiki 1.35 became end of life (EOL) in December 2023,
MediaWiki 1.40 became EOL in June 2024 and MediaWiki 1.41 became EOL in
December 2024.

MediaWiki 1.39 (the old LTS before 1.43) becomes EOL in November 2025.

It is strongly recommended to upgrade to either 1.42, which will be
supported until June 2025, or ideally to 1.43 (the next LTS after 1.39),
which will be supported until December 2027.

[1] https://www.mediawiki.org/wiki/Version_lifecycle
[2]
https://meta.wikimedia.org/wiki/Wikimedia_Foundation/March_2025_discovery_of_account_compromises
_______________________________________________
MediaWiki-announce mailing list -- mediawiki-announce AT lists.wikimedia.org
To unsubscribe send an email to mediawiki-announce-leave AT lists.wikimedia.org

  • [IT-SecNots] [MediaWiki-announce] Security pre-release announcement: 1.39.12 / 1.42.6 / 1.43.1, Sam Reed, 09.04.2025

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang