diff options
author | Brion Vibber <brion@users.mediawiki.org> | 2005-07-07 07:05:32 +0000 |
---|---|---|
committer | Brion Vibber <brion@users.mediawiki.org> | 2005-07-07 07:05:32 +0000 |
commit | 49214d6eb33305241206cfcf7c070461d9432608 (patch) | |
tree | 77dca1f1df27d57f7bf64da64d73a9bf1c1c1a32 | |
parent | 0ea2bcdbeaa453f00324c14f90b71f545e1d706c (diff) |
Bump to 1.5beta31.5.0beta3
Notes
http://mediawiki.org/wiki/Special:Code/MediaWiki/9987
-rw-r--r-- | RELEASE-NOTES | 24 | ||||
-rw-r--r-- | includes/DefaultSettings.php | 2 |
2 files changed, 25 insertions, 1 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 1b6ec2cf54dd..ae758e8c22a4 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -3,6 +3,28 @@ Security reminder: MediaWiki does not require PHP's register_globals setting since version 1.2.0. If you have it on, turn it *off* if you can. +== MediaWiki 1.5 beta 3 == + +July 7, 2005 + +MediaWiki 1.5 beta 3 is a preview release of the new 1.5 release +series, with a security update over beta 2. + +Incorrect escaping of a parameter in the page move template could +be used to inject JavaScript code by getting a victim to visit a +maliciously constructed URL. Users of vulnerable releases are +recommended to upgrade to this release. + +Vulnerable versions: +* 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3 +* 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6 +* 1.3 legacy series: not vulnerable + +This release also includes several bug fixes and localization updates. +See the changelog at the end of this file for a detailed list. + + + == MediaWiki 1.5 beta 2 == July 5, 2005 @@ -502,6 +524,7 @@ of MediaWiki:Newpagetext) to &action=edit, if page is new. * Make language variant selection work again for zh == Changes since 1.5beta2 == + * Escaped & correctly in Special:Contributions * (bug 2534) Hide edit sections with CSS to make right click to edit section work * (bug 2708) Avoid undefined notice on cookieless login attempt @@ -513,6 +536,7 @@ of MediaWiki:Newpagetext) to &action=edit, if page is new. * (bug 1560) Massive update for Kurdish (ku) language using Wikipédia * (bug 2709) Some messages were not read from database * (bug 2416) Don't allow search engine robots to index or follow nonexisting articles +* Fix escaping in page move template. === Caveats === diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index ead20d4e5926..c598379a1358 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -28,7 +28,7 @@ require_once( 'includes/SiteConfiguration.php' ); $wgConf = new SiteConfiguration; /** MediaWiki version number */ -$wgVersion = '1.5beta2'; +$wgVersion = '1.5beta3'; /** Name of the site. It must be changed in LocalSettings.php */ $wgSitename = 'MediaWiki'; |