diff options
author | Reedy <reedy@wikimedia.org> | 2020-09-24 01:22:52 +0100 |
---|---|---|
committer | Reedy <reedy@wikimedia.org> | 2020-09-24 14:46:27 +0100 |
commit | 46400eb62dc39c3e2ea07e928393b79c884a6479 (patch) | |
tree | a2e597ac78c0e7b04871ac82dbfd9a49fd98d086 | |
parent | c988d7fd2f7ca78e9b62d23ed8530f240fe5db22 (diff) |
Prep 1.34.31.34.3
Change-Id: Ie6736e275aa4ab69893e4b0104134cf9530e105d
-rw-r--r-- | RELEASE-NOTES-1.34 | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/RELEASE-NOTES-1.34 b/RELEASE-NOTES-1.34 index 1b6f8c946a1c..af21efc0cb96 100644 --- a/RELEASE-NOTES-1.34 +++ b/RELEASE-NOTES-1.34 @@ -2,7 +2,7 @@ == MediaWiki 1.34.3 == -THIS IS NOT A RELEASE YET +This is a security and maintenance release of the MediaWiki 1.34 branch. === Changes since MediaWiki 1.34.2 === * In the web installer, use secure session cookies. @@ -38,7 +38,10 @@ THIS IS NOT A RELEASE YET * (T258390) Add CentralIdLookup::factoryNonLocal(). * (T246991) User: Fix pingLimiter() to use makeGlobalKey() for global rate limits. -* (T251661) User::pingLimiter: add user-global rate limit type. +* (T232568, CVE-2020-25813) SECURITY: Special:UserRights exposes the existence + of hidden users. +* (T251661, CVE-2020-25827) SECURITY: User::pingLimiter: add user-global rate + limit type. * (T246991) User: enforce pingLimiter() expiry time. * (T260232) don't include null page ids in query list for category dumps. * (T251506) Sanitizer: Truncate IDs to a reasonable length. @@ -46,8 +49,8 @@ THIS IS NOT A RELEASE YET * Explicitly wrap some XML calls in libxml_disable_entity_loader(). * (T263455 T247285) Set EnableJavaScriptTest to true in includes/DevelopmentSettings.php. -* (T232568) SpecialUserrights: If a viewer lacks `hideuser`, ignore hidden - users. +* (T232568, CVE-2020-25813) SECURITY: SpecialUserrights: If a viewer lacks + `hideuser`, ignore hidden users. * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on Special:Contributions. * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within |