[Systems] [mediawiki-widgets] Fwd: Security Release 0.8.10 Fixed a security whole in error message.

[Frederick Grose]

We have version 0.8.6 installed.

---------- Forwarded message ----------
From: sergey.chernyshev at gmail.com <sergey.chernyshev at gmail.com>
Date: Fri, Nov 27, 2009 at 9:59 PM
Subject: Security Release 0.8.10 Fixed a security whole in error message.
To: MediaWiki Widgets <mediawiki-widgets at googlegroups.com>


Thanks to Zai Lynch who found a security problem with error handling
in the extension!

I fixed it in 0.8.10 - it is now escaping whatever was entered as a
Widget name so it should not be usable for XSS.

It is highly recommended to upgrade!

Go ahead and upgrade from a downloadable package:
http://mediawiki-widgets.googlecode.com/files/Widgets_0.8.10.tgz
http://mediawiki-widgets.googlecode.com/files/Widgets_0.8.10.zip

Or from SVN tag:
svn switch
http://svn.wikimedia.org/svnroot/mediawiki/tags/extensions/Widgets/REL_0_8_10/

Let me know if you'll have troubles with the new version.

Best,

       Sergey

--
Sergey Chernyshev
http://www.sergeychernyshev.com/

--

You received this message because you are subscribed to the Google Groups
"MediaWiki Widgets" group.
To post to this group, send email to mediawiki-widgets at googlegroups.com.
To unsubscribe from this group, send email to
mediawiki-widgets+unsubscribe at googlegroups.com<mediawiki-widgets%2Bunsubscribe at googlegroups.com>
.
For more options, visit this group at
http://groups.google.com/group/mediawiki-widgets?hl=en.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sugarlabs.org/private/systems/attachments/20091127/ea21a257/attachment.htm