MediaWiki 1.16.4 is a second security release this week. Shortly after previous release (1.16.3), Masato Kinugawa discovered that one of the XSS problems that the 1.16.3 release was designed to address hadn’t been fully addressed, and reported bug 28507. As a consequence, Internet Explorer 6 users visiting a site running 1.16.3 will still be vulnerable to an XSS attack. After more thorough testing (thanks Roan Kattouw!), we’re releasing 1.16.4.
Full details are in Tim Starling’s 1.16.4 release announcement. Sorry for the inconvenience of a second release, and thank you everyone involved in getting this fixed!
Can you help us translate this article?
In order for this article to reach as many people as possible we would like your help. Can you translate this article to get the message out?Start translation