Security fix for SMW: please update

From semantic-mediawiki.org

June 16 2008. MediaWiki's new security scanner has detected a vulnerability in Semantic MediaWiki. In the worst case, an attacker might be able to trick a server into executing foreign PHP scripts. This is possible only if the "register_globals" PHP option on a server is activated. To close all potential security wholes, we recommend to update SMW as described below.

Servers running the recent development version of SMW[edit]

Just update to the latest code from Programmer's guide.

Servers running SMW 1.1.1[edit]

We have created a backport SMW 1.1.2 that has all security fixes. It is available in two places:

  • File release: get semediawiki-1.1.2 from Sourceforge [1]
  • SVN: check out the 1.1.2 release from the SVN tag directory [2]

In either case, no special update procedure is needed – just replace the old SMW directory with the new files.

Servers running older version of SMW[edit]

Get SMW 1.1.2 as described above, and follow the update instructions given in INSTALL.

Retrieved from "https://www.semantic-mediawiki.org/w/index.php?title=Security_fix_for_SMW:_please_update&oldid=11198"
  • "Attribution 3.0 Germany" (CC BY 3.0 DE)
  • Powered by MediaWiki
  • Powered by Semantic MediaWiki