Hi all, we've release mwlib 0.13.5 last week.
ultranurd (https://github.com/UltraNurd) found a bug in prior versions which might allow an attacker to DOS attack a mwlib installation by forcing it to parse a specially crafted #iferror magic function. If you're wiki allows edits and you're running mwlib, you should upgrade to mwlib 0.13.5 as soon as possible. Details can be found here: https://github.com/pediapress/mwlib/pull/10 If you don't feel like upgrading mwlib, you may also just apply the following fix: https://github.com/pediapress/mwlib/commit/aa987c281c10e29f26aa0faa21c04f3bb1167fde -- Cheers Ralf -- You received this message because you are subscribed to the Google Groups "mwlib" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/mwlib?hl=en.
