Security concerns on using Mediawiki

https://bitnami.com/stack/mediawiki/installer

I refer to above tool that our developer wanted to use.  Can provide comments on
a) is there a site or source that regularly produce/track for new vulnerabilities for that software
b) are patches being produced regularly : is this considered an Opensource and release of patches is not contractually required?

If there's no regular patchings, what are the precautions we ought to take?  Eg: use it on an air-gap PC without Internet access?
sunhuxAsked:
Who is Participating?
 
masnrockCommented:
a) Check out the MediaWiki website. They have a bug tracker, as well as a mechanism for reporting discovered security issues. And I noticed that things do get published in CVE as far as their vulnerabilities go. Current version (1.30) doesn't seem to have any reported items yet. However, their documentation doesn't seem to list vulnerabilities (was looking at their release notes, but that could also be that security issues weren't identified in the last stable version).
b) Yes, it's open source, but they do update/patch the software. Last update was released on 12 December. The Wikimedia Foundation would have a vested interest in the software being maintained and stable, as it powers their sites (and they were the original developer)
0
 
Dmitri FarafontovLinux Systems AdminCommented:
Its a full LAMP stack for developers to use (https://bitnami.com/stack/mediawiki/README.txt). The policies of what is allowed on your network is up to you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.