MediaWiki 1.23.9
31 March 2015
MediaWiki version 1.23.9 is now available (security release).
Upgrading to MediaWiki 1.23.9
MediaWiki 1.23.9 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply MediaWiki updates as new versions are released, or use Installatron's Clone feature to duplicate an existing MediaWiki install to test the 1.23.9 upgrade prior to applying it live. Get started managing your MediaWiki installations with Installatron
What's New in MediaWiki 1.23.9
Security fixes
- (bug T85848, bug T71210) SECURITY: Don't parse XMP blocks that contain XML entities, to prevent various DoS attacks.
- (bug T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce likelihood of DoS.
- (bug T88310) SECURITY: Always expand xml entities when checking SVG's.
- (bug T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS.
- (bug T85855) SECURITY: Don't execute another user's CSS or JS on preview.
- (bug T85349, bug T85850, bug T86711) SECURITY: Multiple issues fixed in SVG filtering to prevent XSS and protect viewer's privacy.
- (bug T70087) Fix Special:ActiveUsers page for installations using PostgreSQL.