==================================================================== CERT-Renater Note d'Information No. 2019/VULN331 _____________________________________________________________________ DATE : 21/10/2019 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running MediaWiki versions prior to 1.33.1, 1.32.4, 1.31.4. ===================================================================== https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-October/000236.html _____________________________________________________________________ I would like to announce the release of MediaWiki 1.33.1, 1.32.4 and 1.31.4! In a change to normal proceedings, the security patches are already merged to the various branches. This was due to the low severity of the patches. This is therefore the reason no pre-release announcement was sent. It is noted that these patches are fairly large in comparison to normal, this is due to the splitting of some schema change patches from a single file to multiple files to attempt to mitigate some migration issues identified in T227662. This release also serves as a maintenance release for these branches. == Security fixes == * (T230402, CVE-2019-16738) SECURITY: Add permission check for suppressed account to Special:Redirect. == Links to all mentioned tasks == * https://phabricator.wikimedia.org/T230402 * https://phabricator.wikimedia.org/T227662 == Release notes == Full release notes for 1.31.4: https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_31/RELEASE-NOTES-1.31 https://www.mediawiki.org/wiki/Release_notes/1.31 Full release notes for 1.32.4: https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_32/RELEASE-NOTES-1.32 https://www.mediawiki.org/wiki/Release_notes/1.32 Full release notes for 1.33.1: https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_33/RELEASE-NOTES-1.33 https://www.mediawiki.org/wiki/Release_notes/1.33 For information about how to upgrade, see ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.4.tar.gz Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.4.tar.gz Patch to previous version (1.31.3): https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.4.patch.gz GPG signatures: https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.4.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.4.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.4.patch.gz.sig Public keys: https://www.mediawiki.org/keys/keys.html ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.32/mediawiki-1.32.4.tar.gz Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.32/mediawiki-core-1.32.4.tar.gz Patch to previous version (1.32.3): https://releases.wikimedia.org/mediawiki/1.32/mediawiki-1.32.4.patch.gz GPG signatures: https://releases.wikimedia.org/mediawiki/1.32/mediawiki-core-1.32.4.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.32/mediawiki-1.32.4.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.32/mediawiki-1.32.4.patch.gz.sig Public keys: https://www.mediawiki.org/keys/keys.html ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.33/mediawiki-1.33.1.tar.gz Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.33/mediawiki-core-1.33.1.tar.gz Patch to previous version (1.33.0): https://releases.wikimedia.org/mediawiki/1.33/mediawiki-1.33.1.patch.gz GPG signatures: https://releases.wikimedia.org/mediawiki/1.33/mediawiki-core-1.33.1.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.33/mediawiki-1.33.1.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.33/mediawiki-1.33.1.patch.gz.sig Public keys: https://www.mediawiki.org/keys/keys.html ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================