2009/9/15 Chad <innocentkil...@gmail.com>: > On Tue, Sep 15, 2009 at 1:38 PM, Gregory Kohs <thekoh...@gmail.com> wrote: >> I was sort of surprised to learn today that Mediawiki software has had 37 >> security holes identified: >> >> http://akahele.org/2009/09/false-sense-of-security/ >> >> Are most of these patched now, or are they still open? If still open, is >> the Foundation making site & user security more of a priority in 2010? >> >> -- >> Gregory Kohs >> _______________________________________________ >> foundation-l mailing list >> foundatio...@lists.wikimedia.org >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l >> > > I'm pretty sure a lot of this has been fixed (I vaguely remember Tim doing > some cleanup to the installer for XSS issues), but I can't say for sure. > Forwarding to wikitech-l, this is more of a tech issue than Foundation > one. > This has been addressed on foundation-l already, but I'll make it extra clear here: all these vulnerabilities reported by these database are only in there because we discovered, fixed and reported them first. The affected versions of MediaWiki range from old to stone-age.
Roan Kattouw (Catrope) _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
