Hello, We would like to announce the following security and maintenance updates to the Wikibase 1.35 container image, which include fixes to severe security issues in MediaWiki and instructions for disabling features in ElasticSearch to mitigate the recently discovered log4shell vulnerability <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228>.
Here are links to important documentation related to the release, which include instructions for updating MediaWiki to 1.35.5 and a security fix for Wikibase: - MediaWiki release notes <https://github.com/wikimedia/mediawiki/blob/REL1_35/RELEASE-NOTES-1.35> - Wikibase release notes <https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/Wikibase/+/refs/heads/REL1_35/RELEASE-NOTES-1.35> - Upgrade instructions <https://github.com/wmde/wikibase-release-pipeline/blob/main/docs/topics/upgrading.md> If updating your Wikibase installation is not an option, please refer to these instructions on disabling the vulnerable code in MediaWiki in the recent security release announcement. <https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/> If you have any questions please feel free to ask on this mailing list or leave a comment at Talk:Wikibase/FAQ <https://www.mediawiki.org/wiki/Talk:Wikibase/FAQ>. Cheers, -- Mohammed Sadat *Community Communications Manager for Wikidata/Wikibase* Wikimedia Deutschland e. V. | Tempelhofer Ufer 23-24 | 10963 Berlin Phone: +49 (0)30 219 158 26-0 https://wikimedia.de Keep up to date! Current news and exciting stories about Wikimedia, Wikipedia and Free Knowledge in our newsletter (in German): Subscribe now <https://www.wikimedia.de/newsletter/>. Imagine a world in which every single human being can freely share in the sum of all knowledge. Help us to achieve our vision! https://spenden.wikimedia.de Wikimedia Deutschland – Gesellschaft zur Förderung Freien Wissens e. V. Eingetragen im Vereinsregister des Amtsgerichts Berlin-Charlottenburg unter der Nummer 23855 B. Als gemeinnützig anerkannt durch das Finanzamt für Körperschaften I Berlin, Steuernummer 27/029/42207.
_______________________________________________ Wikidata-tech mailing list -- [email protected] To unsubscribe send an email to [email protected]
