diff options
| author | Chad Horohoe <chadh@wikimedia.org> | 2016-08-22 12:26:19 -0700 |
|---|---|---|
| committer | Chad <chadh@wikimedia.org> | 2016-08-23 03:21:22 +0000 |
| commit | 2e3e7395f1f290fff646510233bf6386fcf01a5d (patch) | |
| tree | 24fb59df1a9754a1aad29bbd78baea4badf41af5 | |
| parent | da08162b9e373b19ca5f1a1cbeac9a4abed5e692 (diff) | |
Change-Id: I4a88f286c296b6ba7a8157524bfdb893d1be2680
| -rw-r--r-- | RELEASE-NOTES-1.26 | 11 | ||||
| -rw-r--r-- | includes/DefaultSettings.php | 2 |
2 files changed, 12 insertions, 1 deletions
diff --git a/RELEASE-NOTES-1.26 b/RELEASE-NOTES-1.26 index 1f238af9f792..f5f2936e92b9 100644 --- a/RELEASE-NOTES-1.26 +++ b/RELEASE-NOTES-1.26 @@ -10,6 +10,17 @@ This is a maintenance release of the MediaWiki 1.26 branch. made by MediaWiki via a proxy. Relying on the http_proxy environment variable is no longer supported. * (T124163) Fixed fatal error in DifferenceEngine under HHVM. +* (T139565) SECURITY: API: Generate head items in the context of the given title +* (T137264) SECURITY: XSS in unclosed internal links +* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks +* (T133147) SECURITY: Require login to preview user CSS pages +* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is + the top file +* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in + permissions +* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true +* (T115333) SECURITY: Check read permission when loading page content in ApiParse +* Remove support for $wgWellFormedXml = false, all output is now well formed == MediaWiki 1.26.3 == diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 1a97daca47d7..7bbd112f8f7e 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -75,7 +75,7 @@ $wgConfigRegistry = array( * MediaWiki version number * @since 1.2 */ -$wgVersion = '1.26.3'; +$wgVersion = '1.26.4'; /** * Name of the site. It must be changed in LocalSettings.php |