Upstream has announced version 1.31.8 on June 24: https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-June/000252.html It fixes one security issue. Fedora has issued an advisory for this on July 5: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EEZIMLJMJS72SJXPYL736XMUAVCRQD2H/ Updated packages uploaded for Mageia 7 and Cauldron. Advisory: ======================== Updated mediawiki packages fix security vulnerability: In MediaWiki before 1.31.8, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled (CVE-2020-15005). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005 https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-June/000252.html ======================== Updated packages in core/updates_testing: ======================== mediawiki-1.31.8-1.mga7 mediawiki-mysql-1.31.8-1.mga7 mediawiki-pgsql-1.31.8-1.mga7 mediawiki-sqlite-1.31.8-1.mga7 from mediawiki-1.31.8-1.mga7.src.rpm
Testing procedure: https://wiki.mageia.org/en/QA_procedure:Mediawiki
Keywords: (none) => has_procedure
MGA7-64 Plasma on Lenovo B50 No installation issues. Ref bug 25986. Started httpd and mysqld and then followed wiki up to creating a new wiki and a new page in it (trick: there is no "New" button, just type a name in the search box, it will not find it, but then you can create it). Works OK.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 0.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => mageia
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0292.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED