Mediawiki reports: Security fixes: T122056: Old tokens are remaining valid within a new session T127114: Login throttle can be tricked using non-canonicalized usernames T123653: Cross-domain policy regexp is too narrow T123071: Incorrectly identifying http link in a's href attributes, due to m modifier in regex T129506: MediaWiki:Gadget-popups.js isn't renderable T125283: Users occasionally logged in as different users after SessionManager deployment T103239: Patrol allows click catching and patrolling of any page T122807: [tracking] Check php crypto primatives T98313: Graphs can leak tokens, leading to CSRF T130947: Diff generation should use PoolCounter T133507: Careless use of $wgExternalLinkTarget is insecure T132874: API action=move is not rate limited
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center