diff options
author | Reedy <reedy@wikimedia.org> | 2022-09-29 18:57:24 +0100 |
---|---|---|
committer | Reedy <reedy@wikimedia.org> | 2022-09-29 19:12:39 +0100 |
commit | 370d89fff96c8c378651d93cb0bb183d4ff76e3e (patch) | |
tree | 2a04efa89fba360196718c9d1d0b2f7c4411f1e6 | |
parent | 74bff75a1c76d1ce7ce728a594d38725dfcf1899 (diff) |
Prep 1.37.51.37.5
Change-Id: I59e35b59f59f8bb26d502bda7ed7b8e814ab481d
-rw-r--r-- | RELEASE-NOTES-1.37 | 8 | ||||
-rw-r--r-- | includes/Defines.php | 2 |
2 files changed, 8 insertions, 2 deletions
diff --git a/RELEASE-NOTES-1.37 b/RELEASE-NOTES-1.37 index b89f98f10a4c..9961d0c88fd9 100644 --- a/RELEASE-NOTES-1.37 +++ b/RELEASE-NOTES-1.37 @@ -2,7 +2,7 @@ == MediaWiki 1.37.5 == -THIS IS NOT A RELEASE YET +This is a security and maintenance release of the MediaWiki 1.37 branch. === Changes since MediaWiki 1.37.4 === * Localisation updates. @@ -78,6 +78,12 @@ THIS IS NOT A RELEASE YET * (T318079) SpecialEditTags: Set default value of wpTagsToRemove to empty array. * (T318460) SpecialChangeEmail: Set default for returntoquery. * (T318307) Update docs for HTMLFormField::validate() to permit all data types. +* (T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results + in an IP range check on Special:Contributions. +* (T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence + of hidden users. +* (T307278, CVE-2022-41766) SECURITY: On action=rollback the message + "alreadyrolled" can leak revision deleted user name. == MediaWiki 1.37.4 == diff --git a/includes/Defines.php b/includes/Defines.php index 43c634e0ce71..dada5d83fb75 100644 --- a/includes/Defines.php +++ b/includes/Defines.php @@ -33,7 +33,7 @@ use Wikimedia\Rdbms\IDatabase; * * @since 1.35 (also backported to 1.33.3 and 1.34.1) */ -define( 'MW_VERSION', '1.37.4' ); +define( 'MW_VERSION', '1.37.5' ); /** @{ * Obsolete IDatabase::makeList() constants |