Security concerns on using Mediawiki

I refer to above tool that our developer wanted to use.  Can provide comments on
a) is there a site or source that regularly produce/track for new vulnerabilities for that software
b) are patches being produced regularly : is this considered an Opensource and release of patches is not contractually required?

If there's no regular patchings, what are the precautions we ought to take?  Eg: use it on an air-gap PC without Internet access?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dmitri FarafontovLinux Systems AdminCommented:
Its a full LAMP stack for developers to use ( The policies of what is allowed on your network is up to you.
a) Check out the MediaWiki website. They have a bug tracker, as well as a mechanism for reporting discovered security issues. And I noticed that things do get published in CVE as far as their vulnerabilities go. Current version (1.30) doesn't seem to have any reported items yet. However, their documentation doesn't seem to list vulnerabilities (was looking at their release notes, but that could also be that security issues weren't identified in the last stable version).
b) Yes, it's open source, but they do update/patch the software. Last update was released on 12 December. The Wikimedia Foundation would have a vested interest in the software being maintained and stable, as it powers their sites (and they were the original developer)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.