diff options
author | csteipp <csteipp@wikimedia.org> | 2015-03-31 06:08:01 -0700 |
---|---|---|
committer | Chris Steipp <csteipp@wikimedia.org> | 2015-03-31 21:29:34 +0000 |
commit | 3168f88114df2e8b9e4c7affc645a025b9df5fc1 (patch) | |
tree | ef005157bbc78fd04fe294283ad1586f16098457 | |
parent | 3ed926d89e775b797451a2b67c6825e8a959363b (diff) |
Updated release notes and version number for MediaWiki 1.23.91.23.9
Change-Id: Iceda1e73060a5c05ca11a9cdab065e5b28ae53a7
-rw-r--r-- | RELEASE-NOTES-1.23 | 11 | ||||
-rw-r--r-- | includes/DefaultSettings.php | 2 |
2 files changed, 11 insertions, 2 deletions
diff --git a/RELEASE-NOTES-1.23 b/RELEASE-NOTES-1.23 index 1178c5b48b52..2eaa0a5489b6 100644 --- a/RELEASE-NOTES-1.23 +++ b/RELEASE-NOTES-1.23 @@ -3,10 +3,19 @@ have it on, turn it '''off''' if you can. == MediaWiki 1.23.9 == -This is a (security and?) maintenance release of the MediaWiki 1.23 branch. +This is a security and maintenance release of the MediaWiki 1.23 branch. == Changes since 1.23.8 == +* (T85848, T71210) SECURITY: Don't parse XMP blocks that contain XML entities, + to prevent various DoS attacks. +* (T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce + likelihood of DoS. +* (T88310) SECURITY: Always expand xml entities when checking SVG's. +* (T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS. +* (T85855) SECURITY: Don't execute another user's CSS or JS on preview. +* (T85349, T85850, T86711) SECURITY: Multiple issues fixed in SVG filtering to + prevent XSS and protect viewer's privacy. * (bug T70087) Fix Special:ActiveUsers page for installations using PostgreSQL. diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 65f75a6f6841..62ea811181b4 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -73,7 +73,7 @@ $wgConfigRegistry = array( * MediaWiki version number * @since 1.2 */ -$wgVersion = '1.23.8'; +$wgVersion = '1.23.9'; /** * Name of the site. It must be changed in LocalSettings.php |