Logo name

Media Wiki:MediaWiki 1.5.5

From IpbWiki

  • Currently0.00/5
Jump to: navigation, search

January 5, 2006

MediaWiki 1.5.5 is a security and bugfix maintenance release.

Detection for uploads of Windows Metafile (.wmf) images has been added to help protect against a client-side vulnerability in unpatched Microsoft Windows operating systems.

Sites which have enabled uploads and added non-standard file types (such as .ogg, .doc, or .pdf) should upgrade to this release to ensure that malicious .wmf files can't be uploaded with a fake extension; such files could put visitors to the site at risk.

For more details on this, see: http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability

Additionally, a maintenance script removeUnusedAccounts.php has been added; this replaces an older Perl script which had not been updated for the new schema in 1.5.

Changes

  • Maintenance script to delete unused user accounts
  • Added detection for WMF files (application/x-msmetafile), added this MIME type to the default blacklist. Prevented inline display of images which are not of known image types. This is in response to http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
Retrieved from "http://www.ipbwiki.com/Media_Wiki:MediaWiki_1.5.5"
 This page was last modified on 11 November 2006, at 15:13.  This page has been accessed 1,892 times.  Content is available under GNU Free Documentation License 1.2Disclaimers 
Powered by IpbWiki: Integration Of Invision Power Board and MediaWiki © GlobalSoft
Powered by MediaWiki © Wikimedia