Updated release notes and version number for MediaWiki 1.19.241.19.24

Change-Id: Ibd34c5b48222088dc7cec2abb0bf38d6cc442182

2 files changed, 15 insertions, 1 deletions

diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19
index 8306b57c5dad..3e22c86a367e 100644
--- a/RELEASE-NOTES-1.19
+++ b/RELEASE-NOTES-1.19
@@ -3,6 +3,20 @@
 Security reminder: MediaWiki does not require PHP's register_globals
 setting since version 1.2.0. If you have it on, turn it '''off''' if you can.
 
+== MediaWiki 1.19.24 ==
+
+This is a security and maintenance release of the MediaWiki 1.19 branch.
+
+== Changes since 1.19.23 ==
+
+* (T85848, T71210) SECURITY: Don't parse XMP blocks that contain XML entities,
+  to prevent various DoS attacks.
+* (T88310) SECURITY: Always expand xml entities when checking SVG's.
+* (T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS.
+* (T85855) SECURITY: Don't execute another user's CSS or JS on preview.
+* (T85349, T85850, T86711) SECURITY: Multiple issues fixed in SVG filtering to
+  prevent XSS and protect viewer's privacy.
+
 == MediaWiki 1.19.23 ==
 
 This is a security and maintenance release of the MediaWiki 1.19 branch.
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index ff8301e76735..3aa86a3ecc34 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -33,7 +33,7 @@ $wgConf = new SiteConfiguration;
 /** @endcond */
 
 /** MediaWiki version number */
-$wgVersion = '1.19.23';
+$wgVersion = '1.19.24';
 
 /** Name of the site. It must be changed in LocalSettings.php */
 $wgSitename = 'MediaWiki';