1.23.15: Release notes and bump version number1.23.15

Change-Id: I1135455897919db0894d859692679e072a6b1aa4

2 files changed, 12 insertions, 1 deletions

diff --git a/RELEASE-NOTES-1.23 b/RELEASE-NOTES-1.23
index fea66d31c1f6..031249d30a58 100644
--- a/RELEASE-NOTES-1.23
+++ b/RELEASE-NOTES-1.23
@@ -9,6 +9,17 @@ This is a maintenance release of the MediaWiki 1.23 branch.
 * BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
   made by MediaWiki via a proxy. Relying on the http_proxy environment
   variable is no longer supported.
+* (T139565) SECURITY: API: Generate head items in the context of the given title
+* (T137264) SECURITY: XSS in unclosed internal links
+* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
+* (T133147) SECURITY: Require login to preview user CSS pages
+* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
+  the top file
+* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
+  permissions
+* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
+* (T115333) SECURITY: Check read permission when loading page content in ApiParse
+* Remove support for $wgWellFormedXml = false, all output is now well formed
 
 == MediaWiki 1.23.13 ==
 
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index b2d653a4c486..0179603f0a33 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -73,7 +73,7 @@ $wgConfigRegistry = array(
  * MediaWiki version number
  * @since 1.2
  */
-$wgVersion = '1.23.14';
+$wgVersion = '1.23.15';
 
 /**
  * Name of the site. It must be changed in LocalSettings.php