CVE-2020-35625

An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class defined within PHP or MediaWiki via a crafted HTML comment, related to a Smarty template. For example...

[SECURITY] Fedora 35 Update: golang-github-pquerna-ffjson-0-0.9.20200730gitaa0246c.fc35

Ffjson generates static MarshalJSON and UnmarshalJSON functions for structures in Go. The generated functions reduce the reliance upon runtime reflection to do serialization and are generally 2 to 3 times faster. In cases where ffjson doesn't understand a Type involved, it falls back to...