diff options
author | mglaser <glaser@hallowelt.biz> | 2014-12-17 18:57:09 +0100 |
---|---|---|
committer | mglaser <glaser@hallowelt.biz> | 2014-12-17 20:00:40 +0100 |
commit | 3d6956afe6b897a237b7b7b48416ad4ba9fc7679 (patch) | |
tree | 25fe2de31410ed660eb191de4f412e177bc55bf0 | |
parent | 4712c3fe51bbdf311bee4211fc7cb21da69a7a3b (diff) |
Updated release notes and version number to MediaWiki 1.23.81.23.8
This is MediaWiki 1.23.8 security and maintenance release.
Change-Id: I9ce82c6d4351535444b63333fbbda576fdfac5db
-rw-r--r-- | RELEASE-NOTES-1.23 | 14 | ||||
-rw-r--r-- | includes/DefaultSettings.php | 2 |
2 files changed, 15 insertions, 1 deletions
diff --git a/RELEASE-NOTES-1.23 b/RELEASE-NOTES-1.23 index 190fc9562efb..7e4388eccba7 100644 --- a/RELEASE-NOTES-1.23 +++ b/RELEASE-NOTES-1.23 @@ -1,6 +1,20 @@ Security reminder: MediaWiki does not require PHP's register_globals. If you have it on, turn it '''off''' if you can. +== MediaWiki 1.23.8 == + +This is a security and maintenance release of the MediaWiki 1.23 branch. + +== Changes since 1.23.7 == + +* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which + could lead to xss. Permission to edit MediaWiki namespace is required to + exploit this. +* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in + $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as + part of its name. +* (bug T74222) The original patch for T74222 was reverted as unnecessary. + == MediaWiki 1.23.7 == This is a security and maintenance release of the MediaWiki 1.23 branch. diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 7e1cb435a0b1..65f75a6f6841 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -73,7 +73,7 @@ $wgConfigRegistry = array( * MediaWiki version number * @since 1.2 */ -$wgVersion = '1.23.7'; +$wgVersion = '1.23.8'; /** * Name of the site. It must be changed in LocalSettings.php |