Version 1.8.3 of MediaWiki

Release Notes: An XSS injection vulnerability was located in the Ajax support module, affecting MediaWiki 1.6.x and up when the optional $wgUseAjax setting is enabled. There is no danger in the default configuration, with $wgUseAjax off. If you are using an extension based on the optional Ajax module, either disable it or upgrade to a version containing the fix: 1.8.3, 1.7.2, 1.6.9, or 1.9.0rc2 release candidate.

Other releases

  •  12 Sep 2013 23:32

    Release Notes: This is a security and maintenance release of the 1.21 branch. It fixes extension detection with 2 .'s. Support for the 'gettoken' parameter to action=block and action=unblock, deprecated since 1.20, has been removed. This release sanitizes ResourceLoader exception messages. It will purge upstream caches when deleting file assets. The unit test suite now runs the AutoLoader tests. The autoloading entry for the PageORMTableForTesting class has also been fixed, though it had no impact.

    •  25 Oct 2012 20:25

    Release Notes: Several bugs have been fixed.

    Release Notes: A cross-site scripting (XSS) vulnerability was fixed. Fatal errors with unusual file repository configurations, such as ForeignAPIRepo were fixed. The "change password" link on Special:Preferences was changed to have the correct returnto parameter.

    •  15 Dec 2008 13:44

    Release Notes: XSS and CSRF vulnerabilities were fixed.

    •  02 Oct 2008 17:06

    Release Notes: An XSS vulnerability has been fixed.


    Project Spotlight


    Estimates the duration of a download.


    Project Spotlight


    A utility to program Logitech Harmony remote controls.