Download Mediawiki 1.13.2 / 1.12.1

Mediawiki is a wiki engine that is released under the gpl license and can be used to create and manage content. It is used, among other things, for the Wikimedia Foundation websites, including Wikipedia and Wiktionary. The appearance of Mediawiki can be completely adjusted to your own wishes with the help of skins, on this page are some examples of different skins. The developers have released two new versions of the wiki engine, which bear 1.13.2 and 1.12.1 as the version numbers, respectively. The developers have released the following announcement:

MediaWiki 1.13.2, 1.12.1 security update

This is a security and bugfix release of MediaWiki 1.12 and MediaWiki 1.13. A vulnerability has been discovered which allows arbitrary HTML injection and thus possible user account compromise. The vulnerability is only present when $wgUseSiteCss is turned on, which is the default. Versions 1.11 and earlier are NOT vulnerable, nor is development branch later than July 28, 2008.

Also, there was the potential for a subtle user error while editing $wgGroupPermissions in LocalSettings.php to cause all restrictions to be disabled. This has been rectified.

Version 1.13.2:

• Security: Work around misconfiguration by requiring strict comparisons for in_array in User::isAllowed().
• (bug 14944) Added $wgShellLocale for configuration of an appropriate locale to use for LC_CTYPE during shell invocation. For servers that don’t have en_US.utf8. Also added local detection during install.
• Localization updates
• Security: Fixed XSS vulnerability in useskin parameter.

Version 1.12.1:

• (bug 13522) Fix fatal error in Parser::extractTagsAndParams
• (bug 12077) Fix HTML nesting for TOC
• (bug 13532) Use proper timestamp call when reverting images
• (bug 13649, 14084) Bad call to wfTimestamp()
• (bug 13770) Use Preprocessor_Hash by default to avoid missing DOM module errors
• (bug 13442) API: Missing pages in prop=langlinks and prop=extlinks are now handled properly.
• (bug 13482) API: Disabled search types handled properly
• (bug 13836) API: Fixed fatal errors resulting from combining iiprop=metadata with format=xml
• (bug 11633) API: Explicitly convert redirect titles to strings due to PHP’s very weak typing on array keys.
• API: Fixing main page display in meta=siteinfo
• (bug 11719) API: Remove trailing blanks in YAML output.
• (bug 13718) API: Return the proper continue parameter for cmsort=timestamp
• Security: Work around misconfiguration by requiring strict comparisons for in_array in User::isAllowed().
• Security: Fixed XSS vulnerability in useskin parameter.