summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorReedy <reedy@wikimedia.org>2022-09-29 18:57:24 +0100
committerReedy <reedy@wikimedia.org>2022-09-29 19:12:39 +0100
commit370d89fff96c8c378651d93cb0bb183d4ff76e3e (patch)
tree2a04efa89fba360196718c9d1d0b2f7c4411f1e6
parent74bff75a1c76d1ce7ce728a594d38725dfcf1899 (diff)
Prep 1.37.51.37.5
Change-Id: I59e35b59f59f8bb26d502bda7ed7b8e814ab481d
Diffstat
-rw-r--r--RELEASE-NOTES-1.378
-rw-r--r--includes/Defines.php2
2 files changed, 8 insertions, 2 deletions
diff --git a/RELEASE-NOTES-1.37 b/RELEASE-NOTES-1.37
index b89f98f10a4c..9961d0c88fd9 100644
--- a/RELEASE-NOTES-1.37
+++ b/RELEASE-NOTES-1.37
@@ -2,7 +2,7 @@
== MediaWiki 1.37.5 ==
-THIS IS NOT A RELEASE YET
+This is a security and maintenance release of the MediaWiki 1.37 branch.
=== Changes since MediaWiki 1.37.4 ===
* Localisation updates.
@@ -78,6 +78,12 @@ THIS IS NOT A RELEASE YET
* (T318079) SpecialEditTags: Set default value of wpTagsToRemove to empty array.
* (T318460) SpecialChangeEmail: Set default for returntoquery.
* (T318307) Update docs for HTMLFormField::validate() to permit all data types.
+* (T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results
+ in an IP range check on Special:Contributions.
+* (T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence
+ of hidden users.
+* (T307278, CVE-2022-41766) SECURITY: On action=rollback the message
+ "alreadyrolled" can leak revision deleted user name.
== MediaWiki 1.37.4 ==
diff --git a/includes/Defines.php b/includes/Defines.php
index 43c634e0ce71..dada5d83fb75 100644
--- a/includes/Defines.php
+++ b/includes/Defines.php
@@ -33,7 +33,7 @@ use Wikimedia\Rdbms\IDatabase;
*
* @since 1.35 (also backported to 1.33.3 and 1.34.1)
*/
-define( 'MW_VERSION', '1.37.4' );
+define( 'MW_VERSION', '1.37.5' );
/** @{
* Obsolete IDatabase::makeList() constants
generated by cgit v1.2.3 (git 2.44.0) at 2024-05-02 00:54:29 +0000