[Systems] [mediawiki-widgets] Fwd: Security Release 0.8.10 Fixed a security whole in error message.

Frederick Grose fgrose at gmail.com
Fri Nov 27 22:37:37 EST 2009

We have version 0.8.6 installed.

---------- Forwarded message ----------
From: sergey.chernyshev at gmail.com <sergey.chernyshev at gmail.com>
Date: Fri, Nov 27, 2009 at 9:59 PM
Subject: Security Release 0.8.10 Fixed a security whole in error message.
To: MediaWiki Widgets <mediawiki-widgets at googlegroups.com>

Thanks to Zai Lynch who found a security problem with error handling
in the extension!

I fixed it in 0.8.10 - it is now escaping whatever was entered as a
Widget name so it should not be usable for XSS.

It is highly recommended to upgrade!

Go ahead and upgrade from a downloadable package:

Or from SVN tag:
svn switch

Let me know if you'll have troubles with the new version.



Sergey Chernyshev


You received this message because you are subscribed to the Google Groups
"MediaWiki Widgets" group.
To post to this group, send email to mediawiki-widgets at googlegroups.com.
To unsubscribe from this group, send email to
mediawiki-widgets+unsubscribe at googlegroups.com<mediawiki-widgets%2Bunsubscribe at googlegroups.com>
For more options, visit this group at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sugarlabs.org/private/systems/attachments/20091127/ea21a257/attachment.htm 

More information about the Systems mailing list