diff options
author | Reedy <reedy@wikimedia.org> | 2020-12-17 17:53:17 +0000 |
---|---|---|
committer | Reedy <reedy@wikimedia.org> | 2020-12-17 23:30:55 +0000 |
commit | 4215fcd754a3eeb3c9c4fbe5c41c9a6a4833de48 (patch) | |
tree | b1d327b03ec1265b3e14442f23538f5ffbe6e3d5 | |
parent | 00acdf05eee319a1640cf161abfcea0182f18607 (diff) |
Prep 1.31.111.31.11
Change-Id: I946a430d518154c8b5451b9c81627aa15a938c4b
-rw-r--r-- | RELEASE-NOTES-1.31 | 10 | ||||
-rw-r--r-- | includes/Defines.php | 2 |
2 files changed, 9 insertions, 3 deletions
diff --git a/RELEASE-NOTES-1.31 b/RELEASE-NOTES-1.31 index d22afb83faf3..57c589498d82 100644 --- a/RELEASE-NOTES-1.31 +++ b/RELEASE-NOTES-1.31 @@ -1,6 +1,6 @@ == MediaWiki 1.31.11 == -THIS IS NOT A RELEASE YET +This is a security and maintenance release of the MediaWiki 1.31 branch. === Changes since MediaWiki 1.31.10 === * Fix undefined $wgRedirectOnLogin. @@ -15,7 +15,13 @@ THIS IS NOT A RELEASE YET would be truncated by the database. * (T264536, T233012) SectionProfiler: Do not attempt to use null values as arrays. * (T269178) MemcachedClient: Cast Resource to integer. -* (T268917) Use Xml::element in SpecialUserrights for sanity. +* (T268917, CVE-2020-35475) SECURITY: Use Xml::element in SpecialUserrights for + sanity. +* (T268938, CVE-2020-35479) SECURITY: BlockLogFormatter can output raw html. +* (T205908, CVE-2020-35477) SECURITY: Unable to change visibility of log entries + when MediaWiki:Mainpage uses Special:MyLanguage. +* (T120883, CVE-2020-35480) SECURITY: Divergent behavior for contributions and + user pages of hidden users and missing users. == MediaWiki 1.31.10 == diff --git a/includes/Defines.php b/includes/Defines.php index a76e22c4b571..fa1087bca33e 100644 --- a/includes/Defines.php +++ b/includes/Defines.php @@ -37,7 +37,7 @@ use Wikimedia\Rdbms\IDatabase; * * @since 1.31.7 */ -define( 'MW_VERSION', '1.31.10' ); +define( 'MW_VERSION', '1.31.11' ); # Obsolete aliases /** |