[Scummvm-devel] Wiki update

Thierry Crozat criezy at scummvm.org
Wed Jul 28 22:29:54 CEST 2010


Hi all,

A new bug fix version of MediaWiki (1.1.5.5)  is available since this morning. It fixes a data leakage vulnerability (public caching headers were incorrectly set on API responses containing private data). By means of a CSRF-style attack, this can lead to the disclosure of various types of private data stored on a wiki.

I am planning to update our wiki this sunday morning starting around 10:00am UK time. It is a small update and should take about 30 minutes including the time needed to make a backup before updating. During that time the wiki will be set to read-only. If you think it would be better to wait a few more days or weeks until after the activity linked to SCI testing has decreased, please let me know. 

On a related note, the first stable version for MediaWiki 1.16 has also been released. I have no fixed plans to move to this release yet. I will take my time to look at it, check extensions compatibility and come back with a plan later. Since it is a major update which will likely need more work (and has a higher risk), it will not be done in the near future and not before a few weeks after the next release at the earliest.

Thierry



More information about the Scummvm-devel mailing list