diff options
| author | mglaser <glaser@hallowelt.biz> | 2014-02-28 00:25:14 +0100 |
|---|---|---|
| committer | mglaser <glaser@hallowelt.biz> | 2014-02-28 00:31:10 +0100 |
| commit | 2d1d7af0f7eeededb9f4e9c27b5a30445880ece0 (patch) | |
| tree | c2e940b2153b3bd477fbcb1e2669d040f6e2f116 | |
| parent | b37342c1d808d703a18183edb7ad11f8eb5cc6fc (diff) | |
Updated release notes1.22.3
Release notes are now readable without the context of the according bugs
Change-Id: I21dc8c11de264cb461d78f5c09932290df1f5d80
| -rw-r--r-- | RELEASE-NOTES-1.22 | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22 index 293839e46ed6..9862e5eb0e4c 100644 --- a/RELEASE-NOTES-1.22 +++ b/RELEASE-NOTES-1.22 @@ -8,27 +8,27 @@ have it on, turn it '''off''' if you can. This is a security and bugfix release of the MediaWiki 1.22 branch. === Changes since 1.22.2 === -* (bug 60771) SECURITY: Disallow uploading non-whitelisted namespaces. Also - disallow iframe elements. User will get an error including the namespace name - if they use a non- whitelisted namespace. -* (bug 61346) SECURITY: Make token comparison constant time. It seems like our - token comparison would be vulnerable to timing attacks. This will take +* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted + namespaces. Also disallow iframe elements. User will get an error + including the namespace name if they use a non- whitelisted namespace. +* (bug 61346) SECURITY: Make token comparison use constant time. It seems like + our token comparison would be vulnerable to timing attacks. This will take constant time. * (bug 61362) SECURITY: API: Don't find links in the middle of api.php links. * (bug 53710) Add sequence support for upsert in DatabaseOracle in the same way as in selectInsert -* (bug 60231, 58719) Various fixes to job running code in Wiki.php: Make it +* (bug 60231, 58719) Various fixes to job running code in Wiki.php: Make it async on Windows. Fixed possible "invalid filename" errors on Windows. Redirect output to dev/null to avoid hanging PHP. -* (bug 60083) Correct sequence name for fresh Postgres installation. Spotted - by gebhkla -* (bug 60531) Avoid variable naming conflicts in +* (bug 60083) Correct sequence name for fresh Postgres installation. Spotted + by gebhkla +* (bug 60531) Avoid variable naming conflicts in DatabasePostgres::selectSQLText. Spotted by gebhkla -* (bug 60094) Fix rebuildall.php fatal error with PostgreSQL. The fix for - 47055 introduced a fatal error when running rebuildall.php. This is a - workaround suggested by gebhkla on Bugzilla. It just checks to make sure +* (bug 60094) Fix rebuildall.php fatal error with PostgreSQL. The fix for + 47055 introduced a fatal error when running rebuildall.php. This is a + workaround suggested by gebhkla on Bugzilla. It just checks to make sure $options is actually an array before calling array_search on it. -* (bug 43817c12) Add error handling if descriptionmsg isn't defined for +* (bug 43817c12) Add error handling if descriptionmsg isn't defined for extension. * (bug 60543) Special:PrefixIndex omits stripprefix=1 for "Next page" link. |