The remote FreeBSD host is missing one or more security-related updates.
MediaWiki reports : Internal review discovered that Special:DeletedContributions did not properly protect the IP of autoblocked users. This fix makes the functionality of Special:DeletedContributions consistent with Special:Contributions and Special:BlockList. Internal review discovered that watchlist anti-csrf tokens were not being compared in constant time, which could allow various timing attacks. This could allow an attacker to modify a user's watchlist via csrf John Menerick reported that MediaWiki's thumb.php failed to sanitize various error messages, resulting in xss.