This results in the editing history of the IP address being displayed in the article. This issue has been addressed by reassigning the edits to a different user account, or by disabling the editing history feature for the specific IP address.
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. If an administrator changes the name of the administrator interface, the administrator menu will still redirect to the old name.
In some cases, the administrator menu will not redirect at all, and will display the old name instead. This issue has been addressed by changing the name of the administrator menu at Settings -> MediaWiki -> Admin menu.
This issue has been addressed by changing the name of the administrator menu at Settings -> MediaWiki -> Admin menu.
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. For example, if someone changes their email address by adding "noreply@example.com" to the end of their email address, the email address will be changed to "noreply@example.com" on any pages that use email address lookups. This issue has been addressed by adding '@' at the start of email addresses.
MediaWiki Upgrading Instructions
MediaWiki 1.38.3 is a bugfix release, which contains the following changes:
* [bug] Reduced memory consumption when loading large pages (MFSA 2018-06)
* [bug] MediaWiki now respects user's "Include sensitive data" settings (MFSA 2018-07)
* [bug] Fixed several issues with editing history for IP addresses that have been reassigned to other users (CVE-2022-41767)
* [bug] Fixed several issues with editing history for IP addresses that have been reassigned to other users (CVE-2022-41767)
Low severity vulnerability found through vulnerability assessment
An issue was discovered through vulnerability assessment in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3 that allows an attacker to play a .wav file of the page being edited when viewing it in read-only mode, which could allow for information disclosure or other attacks.
Timeline
Published on: 12/26/2022 06:15:00 UTC
Last modified on: 01/05/2023 04:49:00 UTC