Version 1.6.7 of MediaWiki

Release Notes: An HTML/JavaScript-injection vulnerability in the edit form has been closed. This vulnerability was new in 1.6.0. Version 1.5.x or earlier are not affected. Extensions, comments, and <nowiki> sections are now handled in a one-pass way, which is more reliable and safer. Under earlier versions, certain extensions could be abused to inject HTML/JavaScript into the page. Additional precautions are made against offsite form submissions when the restricted raw HTML mode is enabled.

Other releases

  •  12 Sep 2013 23:32

    Release Notes: This is a security and maintenance release of the 1.21 branch. It fixes extension detection with 2 .'s. Support for the 'gettoken' parameter to action=block and action=unblock, deprecated since 1.20, has been removed. This release sanitizes ResourceLoader exception messages. It will purge upstream caches when deleting file assets. The unit test suite now runs the AutoLoader tests. The autoloading entry for the PageORMTableForTesting class has also been fixed, though it had no impact.

    •  25 Oct 2012 20:25

    Release Notes: Several bugs have been fixed.

    Release Notes: A cross-site scripting (XSS) vulnerability was fixed. Fatal errors with unusual file repository configurations, such as ForeignAPIRepo were fixed. The "change password" link on Special:Preferences was changed to have the correct returnto parameter.

    •  15 Dec 2008 13:44

    Release Notes: XSS and CSRF vulnerabilities were fixed.

    •  02 Oct 2008 17:06

    Release Notes: An XSS vulnerability has been fixed.

    Screenshot

    Project Spotlight

    ABC Path Solver

    An automated solver for the puzzle game ABC Path.

    Screenshot

    Project Spotlight

    RESTClient

    A Java Swing application to test RESTful Web services.