diff options
| author | Reedy <reedy@wikimedia.org> | 2020-12-17 18:00:47 +0000 |
|---|---|---|
| committer | Reedy <reedy@wikimedia.org> | 2020-12-17 23:44:33 +0000 |
| commit | 3e26b5ff1468f98cf306575d125b29a6645bf2ea (patch) | |
| tree | 23e5a4e639bdcdbc64bc57c96dfb6cfdd1ee4ece | |
| parent | aca0e52f5ce9312a4af4f411c756497902483a48 (diff) | |
Prep 1.35.11.35.1
Change-Id: I2b0d1887060bf5ecf3e96b3baa4298b05a44f791
| -rw-r--r-- | RELEASE-NOTES-1.35 | 14 | ||||
| -rw-r--r-- | includes/Defines.php | 2 |
2 files changed, 12 insertions, 4 deletions
diff --git a/RELEASE-NOTES-1.35 b/RELEASE-NOTES-1.35 index b2c7d596dcce..08dfb8a96dac 100644 --- a/RELEASE-NOTES-1.35 +++ b/RELEASE-NOTES-1.35 @@ -11,7 +11,7 @@ PHP 8.0 workboard: https://phabricator.wikimedia.org/tag/php_8.0_support/ == MediaWiki 1.35.1 == -THIS IS NOT A RELEASE YET +This is a maintenance release of the MediaWiki 1.35 branch. While normally running update.php isn't required for point releases, it is recommended to run it for 1.35.1 so that sites.site_language is @@ -85,13 +85,21 @@ To enable it, set $wgWatchlistExpiry = true; in your LocalSettings.php. * Skip undo related phpunit tests when diff3 is missing. * (T269964) rdbms: Remove outer parentheses in insert query for Postgres. * (T263911) In MWExceptionHandler::report(), catch all throwables. -* (T268894) Use Html::element in ChangeListSpecialPage for sanity. +* (T268894, CVE-2020-35474) SECURITY: Use Html::element in + ChangeListSpecialPage for sanity. * (T268917) Use Xml::element in SpecialUserrights for sanity. -* (T268938) Pass escaped html to LogFormatter::makePageLink for sanity. +* (T268938, CVE-2020-35478, CVE-2020-35479) SECURITY: Pass escaped html + to LogFormatter::makePageLink for sanity. * (T268938) Fixed mixed escaping in Language::translateBlockExpiry. * (T263911) UserOptionsManager: don't differentiate anons caches. * (T261260) HeaderCallback: pre-cache request ID. * Parsoid updated to v0.12.1. +* (T205908, CVE-2020-35477) SECURITY: Unable to change visibility of log + entries when MediaWiki:Mainpage uses Special:MyLanguage. +* (T120883, CVE-2020-35480) SECURITY: Divergent behavior for contributions + and user pages of hidden users and missing users. +* (T270145) Fix condition that can lead to using APCOND_BLOCKED in + $wgAutopromote to cause an OOM in PHP. == MediaWiki 1.35.0 == diff --git a/includes/Defines.php b/includes/Defines.php index 3790909331a6..ed7f85c9f479 100644 --- a/includes/Defines.php +++ b/includes/Defines.php @@ -36,7 +36,7 @@ use Wikimedia\Rdbms\IDatabase; * * @since 1.35 */ -define( 'MW_VERSION', '1.35.0' ); +define( 'MW_VERSION', '1.35.1' ); # Obsolete aliases |