Context Navigation

← Previous Ticket
Next Ticket →

Ticket #733 (closed maintenance: fixed)

Opened 2 years ago

Last modified 2 years ago

Mediawiki 1.22.7 security update

Reported by:	chris	Owned by:	chris
Priority:	major	Milestone:	Maintenance
Component:	Mediawiki	Keywords:
Cc:	ed	Estimated Number of Hours:	0.0
Add Hours to Ticket:	0	Billable?:	yes
Total Hours:	0.25

Description

See https://www.mediawiki.org/wiki/Release_notes/1.22#MediaWiki_1.22.6

Change History

comment:1 Changed 2 years ago by chris

Add Hours to Ticket changed from 0.0 to 0.25
Status changed from new to closed
Total Hours changed from 0.0 to 0.25
Resolution set to fixed
Summary changed from Mediawiki 1.22.6 security update to Mediawiki 1.22.7 security update

The MediaWiki Security and Maintenance Releases: 1.19.16, 1.21.10 and 1.22.7 announcement email:

Security

(bug 65501) SECURITY: Don't parse usernames as wikitext on Special:PasswordReset.
Bugfixes in 1.22.7

(bug 36356) Add space between two feed links.
(bug 63269) Email notifications were not correctly handling the [[MediaWiki:Helppage]] message being set to a full URL. This is a regression from the 1.22.5 point release, which made the default value for it a URL. If you customized [[MediaWiki:Enotif body]] (the text of email notifications), you'll need to edit it locally to include the URL via the new variable $HELPPAGE instead of the parser functions fullurl and canonicalurl; otherwise you don't have to do anything.
Add missing uploadstash.us_props for PostgreSQL.
(bug 56047) Fixed stream wrapper in PhpHttpRequest.
Bugfixes in 1.21.10

(bug 36356) Add space between two feed links.
Full release notes for 1.22.7:
<https://www.mediawiki.org/wiki/Release_notes/1.22>

Following the notes at wiki:MediaWiki#Updates

cd /web/wiki.transitionnetwork.org
export MW="1.22.7"
wget http://releases.wikimedia.org/mediawiki/1.22/mediawiki-$MW.tar.gz -O mediawiki-$MW.tar.gz
wget http://releases.wikimedia.org/mediawiki/1.22/mediawiki-$MW.tar.gz.sig -O mediawiki-$MW.tar.gz.sig
gpg --verify mediawiki-$MW.tar.gz.sig 
  gpg: Signature made Thu May 29 21:14:08 2014 BST using RSA key ID 5DC00AA7
  gpg: Can't check signature: public key not found
  gpg --search-keys 5DC00AA7
  gpg: searching for "5DC00AA7" from hkp server keys.gnupg.net
  (1)     Markus Glaser <glaser@hallowelt.biz>
            2048 bit RSA key 5DC00AA7, created: 2014-03-27
  Keys 1-1 of 1 for "5DC00AA7".  Enter number(s), N)ext, or Q)uit > 1
  gpg: requesting key 5DC00AA7 from hkp server keys.gnupg.net
  gpg: key 5DC00AA7: public key "Markus Glaser <glaser@hallowelt.biz>" imported
  gpg: no ultimately trusted keys found
  gpg: Total number processed: 1
  gpg:               imported: 1  (RSA: 1)
tar -zxvf mediawiki-$MW.tar.gz
rsync -av mediawiki-$MW/ www/
chown root:root -R www/
chown -R www-data:www-data www/cache/
chown -R www-data:www-data www/images/
cd www/maintenance/
php update.php 
cd /web/wiki.transitionnetwork.org
rm mediawiki-$MW.tar.gz mediawiki-$MW.tar.gz.sig
rm -rf mediawiki-$MW

Checked https://wiki.transitionnetwork.org/Special:Version and everythig seems be be working OK, closing.

Note: See TracTickets for help on using tickets.

Download in other formats: