Security fix for SMW: please update


June 16 2008. MediaWiki's new security scanner has detected a vulnerability in SMW. In the worst case, an attacker might be able to trick a server into executing foreign PHP scripts. This is possible only if the "register_globals" PHP option on a server is activated. To close all potential security wholes, we recommend to update SMW as described below.

Servers running the recent development version of SMW

Just update to the latest code from SVN.

Servers running SMW 1.1.1

We have created a backport SMW 1.1.2 that has all security fixes. It is available in two places:

  • File release: get semediawiki-1.1.2 from Sourceforge [1]
  • SVN: check out the 1.1.2 release from the SVN tag directory [2]

In either case, no special update procedure is needed – just replace the old SMW directory with the new files.

Servers running older version of SMW

Get SMW 1.1.2 as described above, and follow the update instructions given in INSTALL.