[Bug 2136943] [NEW] Remove mediawiki from resolute
Launchpad Bug Tracker
2136943 at bugs.launchpad.net
Sat Dec 20 23:51:09 UTC 2025
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Jeremy BĂcha (jbicha):
Please remove mediawiki from resolute release. Optionally, it could
maybe be kept in -proposed with a block-proposed tag. Or we could add it
to the sync blocklist.
mediawiki is a very popular web server project written in PHP. It is a
high profile target for security attacks. There are **49** CVE-2025-*
entries at
https://security-tracker.debian.org/tracker/source-package/mediawiki
The last time sometime prepared a security update for mediawiki for
Ubuntu was in 2010.
There is no Snap for mediawiki itself:
https://snapcraft.io/store?q=mediawiki
I believe our users would be better served by installing mediawiki themselves. It has been many years since I installed MediaWiki, but I believe it is fairly easy to install for someone who wants to manage a web server. Updating MediaWiki might be a bit more complex than updating WordPress:
https://www.mediawiki.org/wiki/Manual:Upgrading
Other References
================
wordpress is a similar situation. wordpress is even more attractive of a target, but I think the same reasoning applies to both projects LP: #1970440
** Affects: mediawiki (Ubuntu)
Importance: Undecided
Status: New
--
Remove mediawiki from resolute
https://bugs.launchpad.net/bugs/2136943
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is subscribed to the bug report.
More information about the ubuntu-archive
mailing list