*** This bug is a security vulnerability *** Public security bug reported:
Please remove mediawiki from resolute release. Optionally, it could maybe be kept in -proposed with a block-proposed tag. Or we could add it to the sync blocklist. mediawiki is a very popular web server project written in PHP. It is a high profile target for security attacks. There are **49** CVE-2025-* entries at https://security-tracker.debian.org/tracker/source-package/mediawiki The last time sometime prepared a security update for mediawiki for Ubuntu was in 2010. There is no Snap for mediawiki itself: https://snapcraft.io/store?q=mediawiki I believe our users would be better served by installing mediawiki themselves. It has been many years since I installed MediaWiki, but I believe it is fairly easy to install for someone who wants to manage a web server. Updating MediaWiki might be a bit more complex than updating WordPress: https://www.mediawiki.org/wiki/Manual:Upgrading Other References ================ wordpress is a similar situation. wordpress is even more attractive of a target, but I think the same reasoning applies to both projects LP: #1970440 ** Affects: mediawiki (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2136943 Title: Remove mediawiki from resolute To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mediawiki/+bug/2136943/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
