Ticket #733 (closed maintenance: fixed)

Opened 2 years ago

Last modified 2 years ago

Mediawiki 1.22.7 security update

Reported by: chris Owned by: chris
Priority: major Milestone: Maintenance
Component: Mediawiki Keywords:
Cc: ed Estimated Number of Hours: 0.0
Add Hours to Ticket: 0 Billable?: yes
Total Hours: 0.25

Change History

comment:1 Changed 2 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Status changed from new to closed
  • Total Hours changed from 0.0 to 0.25
  • Resolution set to fixed
  • Summary changed from Mediawiki 1.22.6 security update to Mediawiki 1.22.7 security update

The MediaWiki Security and Maintenance Releases: 1.19.16, 1.21.10 and 1.22.7 announcement email:


  • (bug 65501) SECURITY: Don't parse usernames as wikitext on Special:PasswordReset.

Bugfixes in 1.22.7

  • (bug 36356) Add space between two feed links.
  • (bug 63269) Email notifications were not correctly handling the [[MediaWiki:Helppage]] message being set to a full URL. This is a regression from the 1.22.5 point release, which made the default value for it a URL. If you customized [[MediaWiki:Enotif body]] (the text of email notifications), you'll need to edit it locally to include the URL via the new variable $HELPPAGE instead of the parser functions fullurl and canonicalurl; otherwise you don't have to do anything.
  • Add missing uploadstash.us_props for PostgreSQL.
  • (bug 56047) Fixed stream wrapper in PhpHttpRequest.

Bugfixes in 1.21.10

  • (bug 36356) Add space between two feed links.

Full release notes for 1.22.7:

Following the notes at wiki:MediaWiki#Updates

cd /web/wiki.transitionnetwork.org
export MW="1.22.7"
wget http://releases.wikimedia.org/mediawiki/1.22/mediawiki-$MW.tar.gz -O mediawiki-$MW.tar.gz
wget http://releases.wikimedia.org/mediawiki/1.22/mediawiki-$MW.tar.gz.sig -O mediawiki-$MW.tar.gz.sig
gpg --verify mediawiki-$MW.tar.gz.sig 
  gpg: Signature made Thu May 29 21:14:08 2014 BST using RSA key ID 5DC00AA7
  gpg: Can't check signature: public key not found
  gpg --search-keys 5DC00AA7
  gpg: searching for "5DC00AA7" from hkp server keys.gnupg.net
  (1)     Markus Glaser <glaser@hallowelt.biz>
            2048 bit RSA key 5DC00AA7, created: 2014-03-27
  Keys 1-1 of 1 for "5DC00AA7".  Enter number(s), N)ext, or Q)uit > 1
  gpg: requesting key 5DC00AA7 from hkp server keys.gnupg.net
  gpg: key 5DC00AA7: public key "Markus Glaser <glaser@hallowelt.biz>" imported
  gpg: no ultimately trusted keys found
  gpg: Total number processed: 1
  gpg:               imported: 1  (RSA: 1)
tar -zxvf mediawiki-$MW.tar.gz
rsync -av mediawiki-$MW/ www/
chown root:root -R www/
chown -R www-data:www-data www/cache/
chown -R www-data:www-data www/images/
cd www/maintenance/
php update.php 
cd /web/wiki.transitionnetwork.org
rm mediawiki-$MW.tar.gz mediawiki-$MW.tar.gz.sig
rm -rf mediawiki-$MW

Checked ​https://wiki.transitionnetwork.org/Special:Version and everythig seems be be working OK, closing.

Note: See TracTickets for help on using tickets.