Bump to 1.5beta31.5.0beta3

author: Brion Vibber <brion@users.mediawiki.org> 2005-07-07 07:05:32 +0000
committer: Brion Vibber <brion@users.mediawiki.org> 2005-07-07 07:05:32 +0000
commit: 49214d6eb33305241206cfcf7c070461d9432608 (patch)
tree: 77dca1f1df27d57f7bf64da64d73a9bf1c1c1a32
parent: 0ea2bcdbeaa453f00324c14f90b71f545e1d706c (diff)
2 files changed, 25 insertions, 1 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 1b6ec2cf54dd..ae758e8c22a4 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -3,6 +3,28 @@
 Security reminder: MediaWiki does not require PHP's register_globals
 setting since version 1.2.0. If you have it on, turn it *off* if you can.
 
+== MediaWiki 1.5 beta 3 ==
+
+July 7, 2005
+
+MediaWiki 1.5 beta 3 is a preview release of the new 1.5 release
+series, with a security update over beta 2.
+
+Incorrect escaping of a parameter in the page move template could
+be used to inject JavaScript code by getting a victim to visit a
+maliciously constructed URL. Users of vulnerable releases are
+recommended to upgrade to this release.
+
+Vulnerable versions:
+* 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3
+* 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6
+* 1.3 legacy series: not vulnerable
+
+This release also includes several bug fixes and localization updates.
+See the changelog at the end of this file for a detailed list.
+
+
+
 == MediaWiki 1.5 beta 2 ==
 
 July 5, 2005
@@ -502,6 +524,7 @@ of MediaWiki:Newpagetext) to &action=edit, if page is new.
 * Make language variant selection work again for zh
 
 == Changes since 1.5beta2 ==
+
 * Escaped & correctly in Special:Contributions
 * (bug 2534) Hide edit sections with CSS to make right click to edit section work 
 * (bug 2708) Avoid undefined notice on cookieless login attempt
@@ -513,6 +536,7 @@ of MediaWiki:Newpagetext) to &action=edit, if page is new.
 * (bug 1560) Massive update for Kurdish (ku) language using Wikipédia
 * (bug 2709) Some messages were not read from database
 * (bug 2416) Don't allow search engine robots to index or follow nonexisting articles
+* Fix escaping in page move template.
 
 
 === Caveats ===
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index ead20d4e5926..c598379a1358 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -28,7 +28,7 @@ require_once( 'includes/SiteConfiguration.php' );
 $wgConf = new SiteConfiguration;
 
 /** MediaWiki version number */
-$wgVersion			= '1.5beta2';
+$wgVersion			= '1.5beta3';
 
 /** Name of the site. It must be changed in LocalSettings.php */
 $wgSitename         = 'MediaWiki';
author	Brion Vibber <brion@users.mediawiki.org>	2005-07-07 07:05:32 +0000
committer	Brion Vibber <brion@users.mediawiki.org>	2005-07-07 07:05:32 +0000
commit	49214d6eb33305241206cfcf7c070461d9432608 (patch)
tree	77dca1f1df27d57f7bf64da64d73a9bf1c1c1a32
parent	0ea2bcdbeaa453f00324c14f90b71f545e1d706c (diff)