DPWiki:Upgrades/2006-06-07

From DPWiki
Jump to navigation Jump to search
Exquisite-khelpcenter.png The wiki has been upgraded to MediaWiki 1.6.7

(Note that we were running 1.6.5, with only the security fix from 1.6.6 applied, so any other changes in 1.6.6 will be new here.)

/bugs

From the release notes:

Mediawiki 1.6.7

June 6, 2006

MediaWiki 1.6.7 is a security and bugfix maintenance release of the Spring 2006 snapshot:

An HTML/JavaScript-injection vulnerability in the edit form has been closed. This vulnerability was new in 1.6.0; MediaWiki versions 1.5.x or earlier are not affected.

Extensions, comments, and <nowiki> sections are now handled in a one-pass way which is more reliable and safer. Under earlier versions of MediaWiki, certain extensions could be abused to inject HTML/JavaScript into the page.

Additional precautions are made against offsite form submissions when the restricted raw HTML mode is enabled.

Some small localization and user interface updates are also included.

  • (bug 6051) Improvement to German localisation (de)
  • (bug 6017) Update bookstore list for German language (de)
  • (bug 6138) Minor grammar tweak in "loginreqlink"
  • (bug 5957) Update for Hebrew language (he)
  • Increase robustness of parser placeholders; fixes some glitches when adjacent to identifier-ish constructs such as URLs.
  • (bug 5384) Fix in <ref> extension
  • Nesting of different tag extensions and comments should now work more consistently and more safely. A cleaner, one-pass tag strip lets the 'outer' tag either take source (<nowiki>-style) or pass it down to further parsing (<ref>-style). There should no longer be surprise expansion of foreign extensions inside HTML output, or differences in behavior based on the order tags are loaded.
  • (bug 885) Pre-save transform no longer silently appends close tags
  • Pre-save transform no longer changes the case of close tags
  • Edit security precautions in raw HTML mode, etc


MediaWiki 1.6.6

May 23, 2006

MediaWiki 1.6.6 is a security and bugfix maintenance release.

An XSS injection vector in brace replacement has been fixed, as have some potential problems with table parsing. Upgrading is strongly recommended for all users of 1.6. MediaWiki versions 1.5 and earlier are not affected.

Additionally some localization and user interface updates are included.

  • Correct "revertpage" message in English
  • (bug 5507) Logouttext uses now wiki markup
  • (bug 5857, 5957) Update for German localisation (de)
  • (bug 5586) <gallery> treated text as links
  • (bug 5957) Update for Hebrew language (he)
  • (bug 6025) SpecialImport: wrong message when no file selected
  • (bug 6015) EditPage: add spacing in the boxes "edit is minor" and "watch this"
  • (bug 6018) Userrights: new message when no user specified ('nouserspecified')
  • (bug 6055) Fix for HTML/JS injection bug in variable handler (found by Nick Jenkins)
  • Reordered wiki table handling and __TOC__ extraction in the parser to better handle some overlapping tag cases.
  • Only the first __TOC__ is now turned into a TOC.
  • (bug 361) URL in URL, they were almost fixed. Now they are.
Retrieved from "https://www.pgdp.net/w/index.php?title=DPWiki:Upgrades/2006-06-07&oldid=8308"