diff options
author | Reedy <reedy@wikimedia.org> | 2022-03-28 15:20:52 +0100 |
---|---|---|
committer | Reedy <reedy@wikimedia.org> | 2022-03-31 23:00:19 +0100 |
commit | 0ab2de45d1de5e84eace4ab210b6b67b4fc4bf9d (patch) | |
tree | 70735249d879b00f655770dd2a1b5321107a0eea | |
parent | fd7f013bc57240ab6d1b7ea802f39285dc3a9d34 (diff) |
Prep 1.36.41.36.4
Change-Id: I5512d7da30045d11ad38a3801231aaff53b7564e
-rw-r--r-- | RELEASE-NOTES-1.36 | 10 | ||||
-rw-r--r-- | includes/Defines.php | 2 |
2 files changed, 8 insertions, 4 deletions
diff --git a/RELEASE-NOTES-1.36 b/RELEASE-NOTES-1.36 index 2b31d53d393e..f0a724445ad2 100644 --- a/RELEASE-NOTES-1.36 +++ b/RELEASE-NOTES-1.36 @@ -2,7 +2,7 @@ == MediaWiki 1.36.4 == -THIS IS NOT A RELEASE YET +This is a security and maintenance release of the MediaWiki 1.36 branch. === Changes since MediaWiki 1.36.3 === * (T298261) Fix support for Composer 2.2. @@ -10,8 +10,8 @@ THIS IS NOT A RELEASE YET * Update doctrine/dbal (3.0.0 => 3.1.5). * (T296898) Add entry point name to disabled Session exception if possible. * (T298564) MemcachedClient: Add support for IPv6. -* (T297543) SECURITY: properly escape output used within galleries and - Special:RevisionDelete. +* (T297543, CVE-2022-28202) SECURITY: properly escape output used within + galleries and Special:RevisionDelete. * (T268847) Suppress deprecation warnings from libxml_disable_entity_loader(). * (T283275) Fix PHP 8.0 failure of WikiExporterFactoryTest. * Fix the json schema and the extension processor for Parsoid extension modules. @@ -36,6 +36,10 @@ THIS IS NOT A RELEASE YET * (T303871) Fix @since of Title::getId(). * (T303560) Installer: Check correct PCRE_CONFIG_NEWLINE value. * wrapOldPasswords: add \n to two output calls. +* (T297571, CVE-2022-28201) Title::newMainPage() goes into an infinite recursion + loop if it points to a local interwiki. +* (T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with many file + uploads with actor as a condition can result in a DoS. == MediaWiki 1.36.3 == diff --git a/includes/Defines.php b/includes/Defines.php index 7a4cefbf3ecc..69e0de9f2df0 100644 --- a/includes/Defines.php +++ b/includes/Defines.php @@ -33,7 +33,7 @@ use Wikimedia\Rdbms\IDatabase; * * @since 1.35 */ -define( 'MW_VERSION', '1.36.3' ); +define( 'MW_VERSION', '1.36.4' ); /** @{ * Obsolete IDatabase::makeList() constants |