Updated release notes and version number for MediaWiki 1.24.11.24.1

This is MediaWiki 1.24.1 security and maintenance release

Change-Id: I9bddfcb27c8774d8cafe0d16cddbf38bff678b3c

2 files changed, 12 insertions, 3 deletions

diff --git a/RELEASE-NOTES-1.24 b/RELEASE-NOTES-1.24
index 851759e82348..62e0c328d2f5 100644
--- a/RELEASE-NOTES-1.24
+++ b/RELEASE-NOTES-1.24
@@ -4,11 +4,20 @@ turn it off. MediaWiki will no longer work with it enabled.
 
 == MediaWiki 1.24.1 ==
 
-This is a (XXX security and ??) maintenance release of the MediaWiki 1.24 branch.
+This is a security and maintenance release of the MediaWiki 1.24 branch.
 
 == Changes since 1.24.0 ==
 
-* (bug 72834) Make 1.24 branch directly installable under PostgreSQL.
+* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
+  could lead to xss. Permission to edit MediaWiki namespace is required to
+  exploit this.
+* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in
+  $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as
+  part of its name.
+* (bug T74222) The original patch for T74222 was reverted as unnecessary.
+* Fixed a couple of entries in RELEASE-NOTES-1.24.
+* (bug T76168) OutputPage: Add accessors for some protected properties.
+* (bug T74834) Make 1.24 branch directly installable under PostgreSQL.
 
 == MediaWiki 1.24 ==
 
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 126398d0c3cb..712689327310 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -75,7 +75,7 @@ $wgConfigRegistry = array(
  * Using single quotes is, therefore, important here.
  * @since 1.2
  */
-$wgVersion = '1.24.0';
+$wgVersion = '1.24.1';
 
 /**
  * Name of the site. It must be changed in LocalSettings.php