Security fix for SMW: please update


June 16 2008. MediaWiki's new security scanner has detected a vulnerability in Semantic MediaWiki. In the worst case, an attacker might be able to trick a server into executing foreign PHP scripts. This is possible only if the "register_globals" PHP option on a server is activated. To close all potential security wholes, we recommend to update SMW as described below.

Servers running the recent development version of SMW[edit]

Just update to the latest code from Programmer's guide.

Servers running SMW 1.1.1[edit]

We have created a backport SMW 1.1.2 that has all security fixes. It is available in two places:

  • File release: get semediawiki-1.1.2 from Sourceforge [1]
  • SVN: check out the 1.1.2 release from the SVN tag directory [2]

In either case, no special update procedure is needed – just replace the old SMW directory with the new files.

Servers running older version of SMW[edit]

Get SMW 1.1.2 as described above, and follow the update instructions given in INSTALL.