http://localhost:8080/trac/ticket/620 <p> See the announcement email: </p> <pre class="wiki">I would like to announce the release of MediaWiki 1.21.3, 1.20.8 and 1.19.9. These releases fix 2 security related bugs that could affect users of MediaWiki. Download links are given at the end of this email. * Kevin Israel (Wikipedia user PleaseStand) identified and reported two vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist (CVE-2013-4567, CVE-2013-4568). &lt;https://bugzilla.wikimedia.org/show_bug.cgi?id=55332&gt; * Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly setting cache headers when a user was autocreated, causing the user's session cookies to be cached, and returned to other users (CVE-2013-4572). &lt;https://bugzilla.wikimedia.org/show_bug.cgi?id=53032&gt; Additionally, the following extensions have been updated to fix security issues: * CleanChanges: MediaWiki steward Teles reported that revision-deleted IP's are not correctly hidden when this extension is used (CVE-2013-4569). &lt;https://bugzilla.wikimedia.org/show_bug.cgi?id=54294&gt; * ZeroRatedMobileAccess: Tomasz Chlebowski reported an XSS vulnerability (CVE-2013-4573). &lt;https://bugzilla.wikimedia.org/show_bug.cgi?id=55991&gt; * CentralAuth: MediaWiki developer Platonides reported a login CSRF in CentralAuth (CVE-2012-5394). &lt;https://bugzilla.wikimedia.org/show_bug.cgi?id=40747&gt; Full release notes for 1.21.3: &lt;https://www.mediawiki.org/wiki/Release_notes/1.21&gt; Full release notes for 1.20.8: &lt;https://www.mediawiki.org/wiki/Release_notes/1.20&gt; Full release notes for 1.19.9: &lt;https://www.mediawiki.org/wiki/Release_notes/1.19&gt; For information about how to upgrade, see &lt;https://www.mediawiki.org/wiki/Manual:Upgrading&gt; </pre><p> The steps followed for the last upgrade can be followed again, see <a class="closed ticket" href="http://localhost:8080/trac/ticket/595" title="maintenance: Upgrade Mediawiki to 1.19.8 from 1.19.7 (closed: fixed)">ticket:595</a> and see also the documentation at <a class="wiki" href="http://localhost:8080/trac/wiki/PenguinServer#wiki.transitionnetwork.org">wiki:PenguinServer#wiki.transitionnetwork.org</a> </p> en-us /trac/chrome/site/TransitionNetwork-Logo-Web-Small.jpg http://localhost:8080/trac/ticket/620 Trac 0.12.5 chris Thu, 21 Nov 2013 10:31:10 GMT http://localhost:8080/trac/ticket/620#comment:1 http://localhost:8080/trac/ticket/620#comment:1 <ul> <li><strong>hours</strong> changed from <em>0.0</em> to <em>0.25</em> </li> <li><strong>status</strong> changed from <em>new</em> to <em>closed</em> </li> <li><strong>resolution</strong> set to <em>fixed</em> </li> <li><strong>totalhours</strong> changed from <em>0.0</em> to <em>0.25</em> </li> </ul> <p> Following the last upgrade, <a class="closed ticket" href="http://localhost:8080/trac/ticket/595#comment:1" title="maintenance: Upgrade Mediawiki to 1.19.8 from 1.19.7 (closed: fixed)">ticket:595#comment:1</a> </p> <pre class="wiki">sudo -i cd /web/wiki.transitionnetwork.org export MW="1.19.9" wget http://download.wikimedia.org/mediawiki/1.19/mediawiki-$MW.tar.gz wget http://download.wikimedia.org/mediawiki/1.19/mediawiki-$MW.tar.gz.sig gpg --verify mediawiki-$MW.tar.gz.sig tar -zxvf mediawiki-$MW.tar.gz rsync -av mediawiki-$MW/ www/ chown root:root -R www/ chown -R www-data:www-data www/cache chown -R www-data:www-data www/images cd www/maintenance/ php update.php </pre><p> The version was checked: <a class="ext-link" href="http://wiki.transitionnetwork.org/Special:Version"><span class="icon">​</span>http://wiki.transitionnetwork.org/Special:Version</a> and everthing seems fine, so closing this ticket. </p> Ticket