diff options
author | csteipp <csteipp@wikimedia.org> | 2015-03-31 06:21:03 -0700 |
---|---|---|
committer | Chris Steipp <csteipp@wikimedia.org> | 2015-03-31 21:35:15 +0000 |
commit | 24744d9de6d71c5b96d880141d39f001ef485db9 (patch) | |
tree | da7ec43fe985aa7cd681a09e300ddee1c8230292 | |
parent | 9a2b649587f14c3c067ea00ba89dff07fd2c68ed (diff) |
Updated release notes and version number for MediaWiki 1.19.241.19.24
Change-Id: Ibd34c5b48222088dc7cec2abb0bf38d6cc442182
-rw-r--r-- | RELEASE-NOTES-1.19 | 14 | ||||
-rw-r--r-- | includes/DefaultSettings.php | 2 |
2 files changed, 15 insertions, 1 deletions
diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19 index 8306b57c5dad..3e22c86a367e 100644 --- a/RELEASE-NOTES-1.19 +++ b/RELEASE-NOTES-1.19 @@ -3,6 +3,20 @@ Security reminder: MediaWiki does not require PHP's register_globals setting since version 1.2.0. If you have it on, turn it '''off''' if you can. +== MediaWiki 1.19.24 == + +This is a security and maintenance release of the MediaWiki 1.19 branch. + +== Changes since 1.19.23 == + +* (T85848, T71210) SECURITY: Don't parse XMP blocks that contain XML entities, + to prevent various DoS attacks. +* (T88310) SECURITY: Always expand xml entities when checking SVG's. +* (T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS. +* (T85855) SECURITY: Don't execute another user's CSS or JS on preview. +* (T85349, T85850, T86711) SECURITY: Multiple issues fixed in SVG filtering to + prevent XSS and protect viewer's privacy. + == MediaWiki 1.19.23 == This is a security and maintenance release of the MediaWiki 1.19 branch. diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index ff8301e76735..3aa86a3ecc34 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -33,7 +33,7 @@ $wgConf = new SiteConfiguration; /** @endcond */ /** MediaWiki version number */ -$wgVersion = '1.19.23'; +$wgVersion = '1.19.24'; /** Name of the site. It must be changed in LocalSettings.php */ $wgSitename = 'MediaWiki'; |