SMW security vulnerabilities: please update
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
SMW security vulnerabilities: please update
by Markus Krötzsch-2
::
Rate this Message:
Hi all,
MediaWiki's new security scanner has detected vulnerabilities in SMW (and many other extensions). In the worst case, an attacker might be able to trick your server into executing foreign PHP scripts. This is possible only if the "register_globals" option on your server is activated. To close all potential security wholes, we recommend to update SMW in one of the following ways: == Servers running the recent development version of SMW == Just update to the latest code from SVN. == Servers running SMW 1.1.1 == We have created a backport SMW 1.1.2 that has all security fixes. It is available in two places: * File release: get semediawiki-1.1.2 from sourceforge [1] * SVN: check out the 1.1.2 release from the SVN tag directory [2] In either case, no special update procedure is needed -- just replace the old SMW directory with the new files. == Servers running older version of SMW == Get SMW 1.1.2 as described above, and follow the update instructions given in INSTALL [3]. Cheers, Markus [1] https://sourceforge.net/project/showfiles.php?group_id=147937 [2] http://svn.wikimedia.org/svnroot/mediawiki/tags/extensions/SemanticMediaWiki/ [3] http://svn.wikimedia.org/svnroot/mediawiki/tags/extensions/SemanticMediaWiki/REL_1_1_2/INSTALL -- Markus Krötzsch Semantic MediaWiki http://semantic-mediawiki.org http://korrekt.org markus@... ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Semediawiki-devel mailing list Semediawiki-devel@... https://lists.sourceforge.net/lists/listinfo/semediawiki-devel |
|
|
Re: SMW security vulnerabilities: please update
by Sergey Chernyshev-3
::
Rate this Message:
|
|
|
Re: SMW security vulnerabilities: please update
by Markus Krötzsch-2
::
Rate this Message:
On Samstag, 21. Juni 2008, Sergey Chernyshev wrote:
> WOW, thanks for the tags! It made upgrade a piece of cake! > > All you need to do is to run: > > svn switch > http://svn.wikimedia.org/svnroot/mediawiki/tags/extensions/SemanticMediaWik >i/REL_1_1_2/<http://svn.wikimedia.org/svnroot/mediawiki/tags/extensions/Sema >nticMediaWiki/REL_1_1_2/INSTALL> > > in extensions/SemanticMediaWiki/ folder. > > Please keep this practice so we can roll back as easily. tag all future releases. -- Markus > > Thank you, > > Sergey > > > On Sat, Jun 14, 2008 at 10:35 AM, Markus Krötzsch < > > markus@...> wrote: > > Hi all, > > > > MediaWiki's new security scanner has detected vulnerabilities in SMW (and > > many > > other extensions). In the worst case, an attacker might be able to trick > > your > > server into executing foreign PHP scripts. This is possible only if > > the "register_globals" option on your server is activated. > > > > To close all potential security wholes, we recommend to update SMW in one > > of > > the following ways: > > > > == Servers running the recent development version of SMW == > > > > Just update to the latest code from SVN. > > > > == Servers running SMW 1.1.1 == > > > > We have created a backport SMW 1.1.2 that has all security fixes. It is > > available in two places: > > > > * File release: get semediawiki-1.1.2 from sourceforge [1] > > * SVN: check out the 1.1.2 release from the SVN tag directory [2] > > > > In either case, no special update procedure is needed -- just replace the > > old > > SMW directory with the new files. > > > > == Servers running older version of SMW == > > > > Get SMW 1.1.2 as described above, and follow the update instructions > > given in > > INSTALL [3]. > > > > > > Cheers, > > > > Markus > > > > > > [1] https://sourceforge.net/project/showfiles.php?group_id=147937 > > [2] > > > > http://svn.wikimedia.org/svnroot/mediawiki/tags/extensions/SemanticMediaW > >iki/ [3] > > > > http://svn.wikimedia.org/svnroot/mediawiki/tags/extensions/SemanticMediaW > >iki/REL_1_1_2/INSTALL > > > > -- > > Markus Krötzsch > > Semantic MediaWiki http://semantic-mediawiki.org > > http://korrekt.org markus@... > > > > ------------------------------------------------------------------------- > > Check out the new SourceForge.net Marketplace. > > It's the best place to buy or sell services for > > just about anything Open Source. > > http://sourceforge.net/services/buy/index.php > > _______________________________________________ > > Semediawiki-devel mailing list > > Semediawiki-devel@... > > https://lists.sourceforge.net/lists/listinfo/semediawiki-devel -- Markus Krötzsch Semantic MediaWiki http://semantic-mediawiki.org http://korrekt.org markus@... ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Semediawiki-devel mailing list Semediawiki-devel@... https://lists.sourceforge.net/lists/listinfo/semediawiki-devel |
signature.asc (196 bytes) 
| Free Forum Powered by Nabble | Forum Help |