Menü Schließen

MediaWiki 1.40.0 Bugfix und 1.35.11- 1.38.7 – 1.39.4 Security Releases

MediaWiki Logo

Das Open-Source Wiki MediaWiki wurde aktualisiert und steht nun in Version 1.40.0 in der aktuellsten Stable Version bereit. Die Versionen 1.35.11, 1.38.7 und 1.39.4 wurden ebenfalls aktualisiert und erhielten Sicherheitsupdates die 3 Sicherheitslücken schließen. Diese sind bereits in 1.40.0 gefixt.

MediaWiki 1.40.0 -1.35.11- 1.38.7 – 1.39.4 Security Notes

All three fixes apply to the unreleased 1.40, and will be included in the 1.40.0 release. They will be merged into the REL1_40 branch later today.

Various patches aimed at PHP 8.0, 8.1, and 8.2 support have been back-ported. This should fix a lot of log spam, and MediaWiki should work on both released versions (PHP 8.0 and 8.1).

As a reminder, 1.38 becomes of life (EOL) today, June 30 2023. 1.38.7 is expected to be the last release for this branch. It is recommended to upgrade to 1.39 (the next LTS after 1.35), which will be supported until November 2025, or the newly released 1.40, which will be supported until June 2024.

  • (T335203, CVE-2023-29197) Upgrade guzzlehttp/psr7 to >= 1.9.1/2.4.5.
  • (T335612, CVE-2023-36674) Manualthumb bypasses badFile lookup.
  • (T332889, CVE-2023-36675) XSS in BlockLogFormatter due to unsafe message use.

MediaWiki 1.40.0 -1.35.11- 1.38.7 – 1.39.4 Changelog

Full release notes for 1.35.11:…
Full release notes for 1.38.7:…
Full release notes for 1.39.4:…

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert