On 13 Jun 2014, at 01:28, MZMcBride <z...@mzmcbride.com> wrote: > [..] companies put wikis on an intranet is that sysadmins don't > trust large PHP applications (with good reason). Plus, when you're running > a particularly old version of MediaWiki, many of the newer security > vulnerabilities are irrelevant as they rely on code paths that didn't > exist previously. For example, the XSS vulnerability in the info action > wouldn't affect a wiki running 1.15.3, nor would a vulnerability in > Special:Upload that was introduced in September 2009, assuming 1.15 was > branched in March 2009, as mediawiki.org's "Branch points" page states. > > That said, MediaWiki maintainers should absolutely try to keep up to date, > but it's annoying to do. One of my old wikis is running 1.12.0 still. :-) > Upgrading MediaWiki core and its extensions is tedious and it's not > totally unreasonable for people to want to stick with what works. >
And that's why we still have IE 6 and IE 7 :-) -- Krinkle _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
