Fedora 37: mediawiki 2022-bca2c95559
Summary
MediaWiki is the software used for Wikipedia and the other Wikimedia
Foundation websites. Compared to other wikis, it has an excellent
range of features and support for high-traffic websites using multiple
servers
This package supports wiki farms. Read the instructions for creating wiki
instances under /usr/share/doc/mediawiki/README.RPM.
Remember to remove the config dir after completing the configuration.
MediaWiki 1.38.2 This is a security and maintenance release of the MediaWiki
1.38 branch. Changes since MediaWiki 1.38.1 Localisation updates.
(T309426) Repair language selector for SVGs. (T310013) Fix default value for
$wgShowEXIF and $wgUsePathInfo. (T308471) SECURITY: Escape welcomeuser
message passed to showSuccessPage(). (T308473) SECURITY: Escape
contributions-title msg for use within page title. (T311272) Call parent
constructor of AddSite maintenance script first. MediaWiki: Don't eagerly
initialize action name. (T311384, CVE-2022-27776) Updated guzzlehttp/guzzle
from 7.4.1 to 7.4.5. (T289926) Avoid passing null to trim() in SkinTemplate.
(T289879) Address deprecations for PHP 8.1. (T311473) rollbackEdits: Pass
user identity to RollbackPage. Upgrade wikimedia/remex-html from 3.0.1 to
3.0.2. (T311551) ShellboxClientFactory::getUrl(): Check if $this->key is
null. (T311552) ChangesListSpecialPage: Don't pass null to
FormatJson::decode(). (T311569) FileBackend::isStoragePath() Handle being
passed null. (T311544) Pass int to ApiUsageException::newWithMessage()'s
$httpCode param. (T311678) SpecialEditWatchlist: Prevent passing null to
strtolower(). (T311554) ChangeTags: Return early in formatSummaryRow() if
$tags === null. Upgrade wikimedia/common-passwords from 0.3.0 to 0.4.0.
* Thu Sep 1 2022 Michael Cronenworth
- Update to 1.38.2
- https://www.mediawiki.org/wiki/MediaWikiwiki/Release_notes/1.38#MediaWiki_1.38.2
[ 1 ] Bug #2101639 - MediaWiki 1.37.2 pulls in version of dependency (Parsoid 0.14.0) broken with PHP 8.1
https://bugzilla.redhat.com/show_bug.cgi?id=2101639
[ 2 ] Bug #2102955 - mediawiki-1.38.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2102955
[ 3 ] Bug #2112771 - CVE-2022-34911 mediawiki: Cross-site Scripting [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2112771
[ 4 ] Bug #2112773 - CVE-2022-34912 mediawiki: Username not escaped in the contributions-title message [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2112773
su -c 'dnf upgrade --advisory FEDORA-2022-bca2c95559' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam, report it: https://pagure.io/login/
FEDORA-2022-bca2c95559 2022-09-12 17:36:48.820008 Product : Fedora 37 Version : 1.38.2 Release : 1.fc37 URL : https://www.mediawiki.org/wiki/MediaWiki Summary : A wiki engine Description : MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki/README.RPM. Remember to remove the config dir after completing the configuration. MediaWiki 1.38.2 This is a security and maintenance release of the MediaWiki 1.38 branch. Changes since MediaWiki 1.38.1 Localisation updates. (T309426) Repair language selector for SVGs. (T310013) Fix default value for $wgShowEXIF and $wgUsePathInfo. (T308471) SECURITY: Escape welcomeuser message passed to showSuccessPage(). (T308473) SECURITY: Escape contributions-title msg for use within page title. (T311272) Call parent constructor of AddSite maintenance script first. MediaWiki: Don't eagerly initialize action name. (T311384, CVE-2022-27776) Updated guzzlehttp/guzzle from 7.4.1 to 7.4.5. (T289926) Avoid passing null to trim() in SkinTemplate. (T289879) Address deprecations for PHP 8.1. (T311473) rollbackEdits: Pass user identity to RollbackPage. Upgrade wikimedia/remex-html from 3.0.1 to 3.0.2. (T311551) ShellboxClientFactory::getUrl(): Check if $this->key is null. (T311552) ChangesListSpecialPage: Don't pass null to FormatJson::decode(). (T311569) FileBackend::isStoragePath() Handle being passed null. (T311544) Pass int to ApiUsageException::newWithMessage()'s $httpCode param. (T311678) SpecialEditWatchlist: Prevent passing null to strtolower(). (T311554) ChangeTags: Return early in formatSummaryRow() if $tags === null. Upgrade wikimedia/common-passwords from 0.3.0 to 0.4.0. * Thu Sep 1 2022 Michael Cronenworth - 1.38.2-1 - Update to 1.38.2 - https://www.mediawiki.org/wiki/MediaWikiwiki/Release_notes/1.38#MediaWiki_1.38.2 [ 1 ] Bug #2101639 - MediaWiki 1.37.2 pulls in version of dependency (Parsoid 0.14.0) broken with PHP 8.1 https://bugzilla.redhat.com/show_bug.cgi?id=2101639 [ 2 ] Bug #2102955 - mediawiki-1.38.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2102955 [ 3 ] Bug #2112771 - CVE-2022-34911 mediawiki: Cross-site Scripting [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2112771 [ 4 ] Bug #2112773 - CVE-2022-34912 mediawiki: Username not escaped in the contributions-title message [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2112773 su -c 'dnf upgrade --advisory FEDORA-2022-bca2c95559' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/ Do not reply to spam, report it: https://pagure.io/login/
Change Log
References