Upstream has announced version 1.35.8 on September 29:
It fixes several security issues.
Updated packages uploaded for Mageia 8 and Cauldron.
Updated mediawiki packages fix security vulnerabilities:
HTMLUserTextField exposes existence of hidden users (CVE-2022-41765).
reassignEdits doesn't update results in an IP range check on
Updated packages in core/updates_testing:
Debian has issued an advisory for this on October 4:
Followed the umpteenth time the wiki, but when pointing to http://localhost/mediawiki/, I get Error 404. And yes both httpd and mysqld are running because I used phpMyadmin to set up database and user.
This laptop did not have mediawiki before.
I just noticed that the /etc/mediawiki folder is empty.
From release and updates repos, installed mediawiki and php-mysqli selecting
apache, mysql, and required dependencies.
Edited /etc/php.d/05_date.ini and added a line with "date.timezone =America/Toronto"
"systemctl start mysqld.service"
"mysql_secure_installation", set the root password etc
"systemctl start httpd.service"
As regular user "firefox http://localhost/mediawiki"
Clicked on the "set up the wiki" link to http://localhost/mediawiki/mw-config/index.php
Selected mariadb as the db type and provided the root mysql password and chose to use the
same account for installation.
Was reminded of the annoying requirement to use at least 10 characters for the wiki password, so have a different password for logging in to mediawiki.
Downloaded the LocalSettings.php and copied it to /etc/mediawiki
"systemctl restart httpd.service" to pick up the new LocalSettings.php file.
Went to http://localhost/mediawiki/index.php/QaTestB4Update
Logged in, entered some text and a summary, created the page.
Installed the update using qarepo
"systemctl restart httpd.service"
Restarted firefox going back to http://localhost/mediawiki/index.php/QaTestB4Update
Went to http://localhost/mediawiki/index.php/QaTestAfterUpdate and created a new page.
Validating the update.
Herman, please try the above and update any missing or wrong parts in the wiki.
An update for this issue has been pushed to the Mageia Updates repository.