MediaWiki 1.16.1 fixes clickjacking issue
MediaWiki released version 1.16.1 which is a security and maintenance release.
The fix involves denying framing on all pages except normal page views and a few selected special pages. To be protected, all users need to use a browser which supports X-Frame-Options.
Other changes in MediaWiki 1.16.1:
- Allow extensions to access SpecialUpload variables again
- list=allusers was out by 1 (shows total users – 1)
- Fixed API error when using rvprop=tags
- For wikis using French as a content language, Special:TÃ©lÃ©chargement works again as an alias for Special:Upload.
- Correctly load JS fixes for IE6 (fixing a regression in 1.16.0)
- Fixed paraminfo errors in certain API modules.
- The installer now has improved handling for situations where safe_mode is active or exec() and similar functions are disabled.
- Specifying –server in now works for all maintenance scripts.
- $wgLicenseTerms register globals.