hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动
文件
e82b7d8cf60bdf02a33db064bd1e04e2093e200d
websafe-kb/08-threat-intel/registry/advisories/mediawiki--77f2193adf.json

145 行
12 KiB
JSON
原始文件 Blame 文件历史

{
"canonical_id": "mediawiki--77f2193adf",
"system_id": "mediawiki",
"display_name": "MediaWiki",
"category": "cms",
"advisory_mode": "core",
"title": "[MediaWiki-announce] Announcing MediaWiki 1.44.0",
"summary": "I am happy to announce the availability of the general release of MediaWiki\n1.44!\n\nTarballs have already been uploaded, and the git tag has been pushed.\n\nThanks to everyone who helped out with this release, especially thanks to\nthose who tested out the release candidate and provided feedback, as well\nas the developers who worked on fixes for the 1.44 final release. To see\nwhat's changed in 1.44, see the release notes file.[0] If you encounter any\nissues, please file a task.[1] You can see open tasks for the branch on\nPhabricator.[2]\n\nMediaWiki 1.44 is the first release of MediaWiki to formally drop PHP 7.4\nand PHP 8.0 support; you should use PHP 8.1, 8.2, or 8.3. We also now have\ndropped support for Composer 1.x, and require Composer 2.x for those\nsystems using it.\n\nMediaWiki 1.44 is due to be supported until the end of June 2026.\n\nIt is noted that MediaWiki 1.42 is end-of-life as of June 30th 2025. A\nformal announcement was made this week, and will co-incide with the next\nsecurity and maintenance release which was also scheduled for June 2025.\n\n=== Changes since MediaWiki 1.44.0-rc.0 ===\n* Localisation updates.\n* (T379445) debug: Migrate E_USER_ERROR to throw Error in DeprecationHelper.\n* (T379445) Setup: Switch vendor error from echo+E_USER_ERROR to echo+exit.\n* Setup: Update error message for composer dependencies check.\n* (T381341, T379445) widget: Remove outdated try/catch wrapper from\n SpinnerWidget.\n* (T379445) phpunit: Remove unused trigger_error from TestLogger.\n* (T396766) ApiQueryRevisionsBase: Cast ctype_digit() param to string.\n* (T356451) logger: Add void as return type on setLogger.\n* (T328921, T359868) Drop PHP 7.4/8.0 support from master\n (forward-port from MW 1.42).\n* Drop a few phan PhanImpossibleTypeComparison suppressions now we've\ndropped\n PHP 7.4.\n* Clean up resource type and phan suppression in postgres code.\n* structure tests: allow PHP 8.1 syntax and autoload enums.\n* (T379508, T381291) composer.json: Updated nikic/php-parser from\n ^5.3.1 to ^5.5.0.\n* (T351055) SpecialBrokenRedirects: Batch and preload destination title\ninfo.\n* Pass fname to LinkBatch->setCaller in more places.\n* SpecialBrokenRedirects: Dedupe logic via private getRedirectTarget helper.\n* (T351055) SpecialBrokenRedirects: Load redirect data in batch from\ndatabase\n* (T388406) RefreshLinksJob: Check hasText before comparing HTML.\n* (T397521) Api: Fix permission checks in action=compare.\n* (T397472) [REST Sandbox] Remove SwaggerUI from MediaWiki Releases.\n* (T397883, T397643) htmlform: fix min/max validations on empty input in\n int/float fields\n* specials: SpecialTalkPage: Use config from request context.\n* (T387408) exception: Skip use of HookRunner when not autoloaded.\n* (T391343, CVE-2025-6589) SECURITY: BlockList: Hide rows containing\nsuppressed\n users.\n* (T392746, CVE-2025-6590) SECURITY: Escape usernames in HTMLUserTextField\n validation errors.\n* (T392276, CVE-2025-6591) SECURITY: API: Escape i18n messages in\n action=feedcontributions.\n* (T396230, CVE-2025-6593) SECURITY: fix IP leak to unverified email.\n* (T389009, CVE-2025-6597) SECURITY: Do not treat autocreation as login\n for reauthentication.\n* (T389010, CVE-2025-6926) SECURITY: Allow extensions to supress the reauth\n flag on login.\n* (T397595, CVE-2025-6927) SECURITY: Fix autoblocks visibility when\n bl_deleted=1.\n* (T397595, CVE-2025-6927) SECURITY: Fix leak of hidden usernames via\n autoblocks of those users.\n* (T395063, CVE-2025-6594) SECURITY: apisandbox: Fix reflected XSS when\n invalid 'format' is provided.\n* (T398269) Replace away symfony php polyfills for PHP8/8.1.\n* Rest: Move ModuleConfigurationException into correct folder.\n* Cache: Move MessageCache hook interfaces into correct folder.\n* (T394556) uppercaseTitlesForUnicodeTransition: Add missing return.\n* installer: Always check return of IDatabase::fieldInfo in postgres.\n* autoload: Expand Autoloader::CORE_NAMESPACES.\n\nRelease notes:\n[0]\nhttps://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/refs/heads/REL1_44/RELEASE-NOTES-1.44\n\nBug report form:\n[1]\nhttps://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.44-Release\n\nOpen Bugs:\n[2] https://phabricator.wikimedia.org/tag/mw-1.44-release/\n\n**********************************************************************\nDownload:\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.0.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.0.zip\n\nDownload without bundled extensions:\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-core-1.44.0.tar.gz\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-core-1.44.0.zip\n\nPatch to previous version (1.44.0-rc.0):\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.0.patch.gz\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.0.patch.zip\n\nGPG signatures for the above:\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-core-1.44.0.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-core-1.44.0.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.0.tar.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.0.zip.sig\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.0.patch.gz.sig\nhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.0.patch.zip.sig\n\nPublic keys:\nhttps://www.mediawiki.org/keys/keys.html",
"published_at": "Wed, 02 Jul 2025 21:30:40 +0000",
"updated_at": "Wed, 02 Jul 2025 21:30:40 +0000",
"severity": "unknown",
"cvss_score": null,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/C3ZZDKSFH2PW55GRH6Y4SXIM37GBXL32/",
"secondary_source_urls": [],
"aliases": [],
"cve_ids": [],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"xss-output-encoding",
"authz-server-side-recheck",
"file-upload-validation",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"entity_refs": [
{
"entity_id": "mediawiki",
"entity_type": "system",
"relation": "root-system",
"root_system_id": "mediawiki",
"official": true
}
],
"affected_components": [
{
"name": "MediaWiki",
"entity_id": "mediawiki",
"scope": "core",
"package_name": null,
"official": true
}
],
"affected_version_ranges": [],
"fixed_version_ranges": [],
"introduced_version": null,
"patched_version": null,
"version_evidence_sources": [
"https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/C3ZZDKSFH2PW55GRH6Y4SXIM37GBXL32/"
],
"advisory_scope": "core",
"version_confidence": "low",
"version_gap_reason": "official bulletin or aggregated source did not expose explicit affected/fixed versions",
"version_resolution_needed": true,
"workflow": {
"workflow_id": "mediawiki--77f2193adf--workflow",
"vuln_family": "xss",
"entry_surface": "web-ui-render-path",
"preconditions": [
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: \u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d",
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `core`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
],
"required_role": "editor-or-admin",
"affected_version_assertion": [
"\u9700\u8981\u4ece\u516c\u544a\u3001\u9501\u6587\u4ef6\u3001\u7248\u672c\u9875\u6216\u5173\u4e8e\u9875\u9762\u4eba\u5de5\u786e\u8ba4\u7248\u672c\u547d\u4e2d"
],
"trigger_vector": "\u5bf9 `xss` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
"request_or_ui_path": [
"/admin/editor",
"/preview",
"/rendered-content"
],
"input_shape": "\u53d7\u63a7 HTML/Markdown/\u5bcc\u6587\u672c\u8f93\u5165\uff0c\u89c2\u5bdf\u6e32\u67d3\u4e0a\u4e0b\u6587\u662f\u5426\u5931\u53bb\u7f16\u7801\u6216\u51c0\u5316\u3002",
"expected_unsafe_behavior": "\u8f93\u5165\u5728\u76ee\u6807\u4e0a\u4e0b\u6587\u6267\u884c\u6216\u88ab\u6d4f\u89c8\u5668\u89e3\u91ca\u4e3a\u4e3b\u52a8\u5185\u5bb9\u3002",
"server_evidence_points": [
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
],
"browser_evidence_points": [
"\u57fa\u7ebf\u622a\u56fe\u4e0e\u653b\u51fb\u540e\u622a\u56fe\u7684 DOM/\u89c6\u89c9\u5dee\u5f02",
"console\u3001network \u4e0e response metadata \u4e2d\u7684\u5f02\u5e38\u4fe1\u53f7"
],
"db_or_fs_evidence_points": [
"\u6570\u636e\u5e93\u4e2d\u65b0\u589e/\u8d8a\u6743\u8bfb\u53d6\u7684\u6d4b\u8bd5\u6570\u636e",
"\u6587\u4ef6\u7cfb\u7edf\u4e2d\u65b0\u589e\u4e0a\u4f20\u6837\u672c\u3001\u7f13\u5b58\u6761\u76ee\u6216\u8d8a\u6743\u8bfb\u53d6\u75d5\u8ff9"
],
"detection_signals": [
"WAF / reverse proxy \u5f02\u5e38\u65e5\u5fd7\u3001\u8bbf\u95ee\u65e5\u5fd7\u548c\u544a\u8b66",
"\u5e94\u7528\u5ba1\u8ba1\u65e5\u5fd7\u4e2d\u7684\u6743\u9650\u9519\u8bef\u3001\u91cd\u5b9a\u5411\u5f02\u5e38\u3001\u6a21\u677f\u6e32\u67d3\u6216\u4e0a\u4f20\u843d\u76d8\u4e8b\u4ef6"
],
"mitigation_summary": "\u4f18\u5148\u5347\u7ea7\u5230\u4fee\u590d\u7248\u672c\uff0c\u5e76\u540c\u65f6\u6536\u7d27\u8f93\u5165\u6821\u9a8c\u3001\u670d\u52a1\u7aef\u9274\u6743\u3001\u4ee3\u7406\u4fe1\u4efb\u8fb9\u754c\u3001\u6269\u5c55\u5b89\u88c5\u4fe1\u4efb\u548c\u5ba1\u8ba1\u65e5\u5fd7\u3002",
"patch_validation_steps": [
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `\u53d7\u5f71\u54cd\u7248\u672c\u533a\u95f4` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `\u4fee\u590d\u7248\u672c`\u3002",
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
"\u8865\u5145 `xss` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
],
"lab_safety_notes": [
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
"\u7981\u6b62\u9020\u6210\u6301\u4e45\u7834\u574f\u3001\u8d8a\u6743\u4e0b\u8f7d\u771f\u5b9e\u6570\u636e\u6216\u4e0d\u53ef\u56de\u6eda side effect\u3002",
"\u5982\u9700\u6d4f\u89c8\u5668\u8bc1\u636e\uff0c\u4fdd\u7559 baseline / proof \u4e24\u4efd\u5feb\u7167\u4ee5\u53ca console / network \u8bb0\u5f55\u3002"
],
"review_state": "needs-version-gap-review"
},
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "synthetic",
"blocked_reason": null,
"metadata": {
"source_names": [
"MediaWiki Announce RSS"
],
"source_kinds": [
"rss-feed"
],
"candidate_count": 1,
"entity_ref_count": 1,
"advisory_scope": "core",
"version_confidence": "low",
"workflow_id": "mediawiki--77f2193adf--workflow"
}
}
在新工单中引用 查看 Git Blame 复制永久链接