diff options
author | Reedy <reedy@wikimedia.org> | 2023-06-29 22:12:36 +0100 |
---|---|---|
committer | Reedy <reedy@wikimedia.org> | 2023-06-30 16:26:09 +0100 |
commit | 059c8e1b9a315c36ae827f929ea9a077acbba2eb (patch) | |
tree | 292df6ded40d795cdf735fe8df7c24f72ff396a9 | |
parent | 71a37c61148f6492c7a32f3401c9cab8df1ee4b8 (diff) |
Prep 1.38.71.38.7
Change-Id: I9938fb6d8023c5be07e8d11c8ad94c0ac4797101
-rw-r--r-- | RELEASE-NOTES-1.38 | 6 | ||||
-rw-r--r-- | includes/Defines.php | 2 |
2 files changed, 6 insertions, 2 deletions
diff --git a/RELEASE-NOTES-1.38 b/RELEASE-NOTES-1.38 index bdfc5a3c061f..6a28a827c937 100644 --- a/RELEASE-NOTES-1.38 +++ b/RELEASE-NOTES-1.38 @@ -6,14 +6,18 @@ PHP 8.2 workboard: https://phabricator.wikimedia.org/tag/php_8.2_support/ == MediaWiki 1.38.7 == -THIS IS NOT A RELEASE YET +This is a security and maintenance release of the MediaWiki 1.38 branch. === Changes since MediaWiki 1.38.6 === * Localisation updates. * (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1. +* (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7 + (2.4.0 => 2.4.5). * (T322944) Add Authorization to default $wgAllowedCorsHeaders. * (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter. * (T330464) Work around argument corruption bug in XMLReader::open. +* (T313157) IndexPager: Also protect against $offset being 0. +* (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker. == MediaWiki 1.38.6 == diff --git a/includes/Defines.php b/includes/Defines.php index f03a0ae84b70..9e282bd5d217 100644 --- a/includes/Defines.php +++ b/includes/Defines.php @@ -33,7 +33,7 @@ use Wikimedia\Rdbms\IDatabase; * * @since 1.35 (also backported to 1.33.3 and 1.34.1) */ -define( 'MW_VERSION', '1.38.6' ); +define( 'MW_VERSION', '1.38.7' ); /** @{ * Obsolete IDatabase::makeList() constants |