[Moin-user] Security Issues, Upgrade hints
Thomas Waldmann
tw-public at gmx.de
Sun Feb 14 19:22:44 EST 2010
As you can read in Reimar's announcement of moin 1.8.7 release, it fixes
quite some security issues recently discovered.
A similar security fix release 1.9.2 will be made available soon, we are
just finishing translation and testing.
As seen on http://moinmo.in/SecurityFixes, these security issues are not
limited to recent moin releases, some are quite old and affect moin
1.5.x, 1.6.x, 1.7.x, 1.8.x (x<7), moin 1.9.x (x<2).
I did not research whether even older moins are also affected, as those
are out of any support anyway and likely affected by all sorts of
issues, not just the current ones.
So, if you run a moin wiki in any sort of potentially hostile
environment (like public internet, but could also include intranets if
not everybody there is a nice guy), you should upgrade urgently.
See http://moinmo.in/MoinMoinDownload for the new 1.8.7 release and
hints about upgrading.
If you need help with upgrading please see http://moinmo.in/Support - if
you'ld like free upgrade help, please read the docs / HowTos first. If
you have trouble with own plugins, we might be able to help you, just
ask.
BTW, upgrading 1.6.x/1.7.x/1.8.x to 1.8.7 is rather easy.
A bit more work is involved if you are still on moin < 1.6, but it is
also doable.
If your server is capable of wsgi, use it! E.g. apache2 and mod_wsgi.
Then your upgrade to moin 1.9.x later will be easier.
If you find some moin wiki on the internet, that does not use the fixed
versions, please notify the admin of it.
More information about the Moin-user
mailing list