61 行
3.1 KiB
JSON
61 行
3.1 KiB
JSON
{
|
|
"canonical_id": "mediawiki--4bb7b4f173",
|
|
"system_id": "mediawiki",
|
|
"display_name": "MediaWiki",
|
|
"category": "cms",
|
|
"advisory_mode": "core",
|
|
"title": "[MediaWiki-announce] Security pre-release announcement: 1.39.16 / 1.43.6 / 1.44.3 / 1.45.1",
|
|
"summary": "Hi all,\n\nThis week, either on Tuesday or Wednesday, we will be issuing a security\nand maintenance release to all supported branches of MediaWiki.\n\nThe new releases will be:\n\n- 1.39.16\n- 1.43.6\n- 1.44.3\n- 1.45.1\n\nThis will also resolve security issues in bundled extensions, along with\nbug fixes included for maintenance reasons.\n\nThese security issues also affect many unsupported versions of MediaWiki.\n\nWe will make the fixes available in the respective release branches and\nmaster in git. Tarballs will be available for the above mentioned point\nreleases as well.\n\nA summary of some of the security fixes that have gone into non-bundled\nMediaWiki extensions will also follow later.\n\nAs a reminder, MediaWiki 1.35 became end of life (EOL) in December 2023,\nMediaWiki 1.40 became EOL in June 2024, MediaWiki 1.41 became EOL in\nDecember 2024 and MediaWiki 1.42 became EOL in June 2025.\n\nMediaWiki 1.39 (the old LTS before 1.43) becomes EOL at the end of the\nmonth - December 2025. It is strongly recommended to upgrade to 1.43 (the\nnext LTS after 1.39), which will be supported until December 2027.\n\nA formal EOL email for MediaWiki 1.39 will come later this month. This is\nbecause as per our support policy, it is to be supported until the end of\nthe month, but we are not expecting any further changes to be made to the\nbranch.\n\nMore information on these timelines can be viewed on the Version lifecycle\npage at [1].\n\n[1] https://www.mediawiki.org/wiki/Version_lifecycle",
|
|
"published_at": "Mon, 08 Dec 2025 23:43:45 +0000",
|
|
"updated_at": "Mon, 08 Dec 2025 23:43:45 +0000",
|
|
"severity": "unknown",
|
|
"cvss_score": null,
|
|
"exploit_status": "unknown",
|
|
"source_confidence": "official",
|
|
"official_source_url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/IKP5247UU7EZZEM2U4R5AHNULP2YFKDF/",
|
|
"secondary_source_urls": [],
|
|
"aliases": [],
|
|
"cve_ids": [],
|
|
"ghsa_ids": [],
|
|
"osv_ids": [],
|
|
"affected_versions": [],
|
|
"fixed_versions": [],
|
|
"package_name": null,
|
|
"render_markdown": false,
|
|
"case_path": null,
|
|
"secure_code_topics": [
|
|
"xss-output-encoding",
|
|
"authz-server-side-recheck",
|
|
"file-upload-validation",
|
|
"plugin-extension-trust-policy"
|
|
],
|
|
"status": "triage",
|
|
"triage_reasons": [
|
|
"missing affected/fixed version details"
|
|
],
|
|
"verification_status": "triage-manual",
|
|
"verification_mode": "synthetic",
|
|
"last_verified_at": null,
|
|
"last_run_id": null,
|
|
"evidence_bundle": null,
|
|
"historical_status": null,
|
|
"latest_status": null,
|
|
"browser_evidence": {
|
|
"required": false,
|
|
"present": false,
|
|
"refs": []
|
|
},
|
|
"repro_profile_id": "xss-generic",
|
|
"artifact_mode": "synthetic",
|
|
"blocked_reason": null,
|
|
"metadata": {
|
|
"source_names": [
|
|
"MediaWiki Announce RSS"
|
|
],
|
|
"source_kinds": [
|
|
"rss-feed"
|
|
],
|
|
"candidate_count": 1
|
|
}
|
|
}
|