[Systems] [mediawiki-widgets] Fwd: Security Release 0.8.10 Fixed a security whole in error message.
fgrose at gmail.com
Fri Nov 27 22:37:37 EST 2009
We have version 0.8.6 installed.
---------- Forwarded message ----------
From: sergey.chernyshev at gmail.com <sergey.chernyshev at gmail.com>
Date: Fri, Nov 27, 2009 at 9:59 PM
Subject: Security Release 0.8.10 Fixed a security whole in error message.
To: MediaWiki Widgets <mediawiki-widgets at googlegroups.com>
Thanks to Zai Lynch who found a security problem with error handling
in the extension!
I fixed it in 0.8.10 - it is now escaping whatever was entered as a
Widget name so it should not be usable for XSS.
It is highly recommended to upgrade!
Go ahead and upgrade from a downloadable package:
Or from SVN tag:
Let me know if you'll have troubles with the new version.
You received this message because you are subscribed to the Google Groups
"MediaWiki Widgets" group.
To post to this group, send email to mediawiki-widgets at googlegroups.com.
To unsubscribe from this group, send email to
mediawiki-widgets+unsubscribe at googlegroups.com<mediawiki-widgets%2Bunsubscribe at googlegroups.com>
For more options, visit this group at
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Systems