Package mediawiki: Information
Binary package: mediawiki
Version: 1.40.1-alt2
Architecture: noarch
Build time: Feb 1, 2024, 07:55 PM
Source package: mediawiki
Category: Networking/WWW
Report package bugHome page: http://www.mediawiki.org/
License: GPLv2+
Summary: A wiki engine, typical installation (php8.2 with Apache2 and MySQL support)
Description:
MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Configure it through the web interface. Remember to secure the config dir after completing the configuration. This is a typical mediawiki installation (with Apache2 and MySQL support). Also you can install mediawiki-php8.0 (mediawiki-php8.1, mediawiki-php7) package to get all needed php requires. If you wish mediawiki without any php dependencies, install only mediawiki-common package.
Maintainer: Vitaly Lipatov
Last changed
Oct. 21, 2023 Vitaly Lipatov 1.40.1-alt2
- fix descriptions of php subpackages - restore .htaccess to disable php execution in data only dirs
Oct. 16, 2023 Vitaly Lipatov 1.40.1-alt1
- new version 1.40.1 (with rpmrb script) - build with php8.2 by default (ALT bug 48033) - (T333050, CVE-2023-45363) SECURITY: Fix infinite loop for self-redirects with variants conversion. - (T340217, CVE-2023-45359) SECURITY: Vector 2022: Numerous unescaped messages leading to potential XSS. - (T340220, CVE-2023-45361) SECURITY: Vector 2022: vector-intro-page message is assumed to yield a valid title. - (T340221, CVE-2023-45360) SECURITY: XSS via 'youhavenewmessagesmanyusers' and 'youhavenewmessages' messages. - (T341529, CVE-2023-45362) SECURITY: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression. - (T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted XML file to Special:Upload (non standard configuration).
Aug. 12, 2023 Vitaly Lipatov 1.40.0-alt1
- new version 1.40.0 (with rpmrb script) - disable AutoReq - (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker. - (T335203, CVE-2023-29197) Upgrade guzzlehttp/psr7 to >= 1.9.1/2.4.5. - (T335612, CVE-2023-36674) Manualthumb bypasses badFile lookup. - (T332889, CVE-2023-36675) XSS in BlockLogFormatter due to unsafe message use.