diff options
author | mglaser <glaser@hallowelt.biz> | 2014-12-17 18:53:03 +0100 |
---|---|---|
committer | mglaser <glaser@hallowelt.biz> | 2014-12-17 19:58:23 +0100 |
commit | 4cec60080d888bb19a1cc57e149498898db7df6a (patch) | |
tree | 05f44525e1c2458b240a55e7c95f1f377392603e | |
parent | decb9a3198322e109795d24a055a8ca78ac31d1d (diff) |
Updated release notes and version number for MediaWiki 1.24.11.24.1
This is MediaWiki 1.24.1 security and maintenance release
Change-Id: I9bddfcb27c8774d8cafe0d16cddbf38bff678b3c
-rw-r--r-- | RELEASE-NOTES-1.24 | 13 | ||||
-rw-r--r-- | includes/DefaultSettings.php | 2 |
2 files changed, 12 insertions, 3 deletions
diff --git a/RELEASE-NOTES-1.24 b/RELEASE-NOTES-1.24 index 851759e82348..62e0c328d2f5 100644 --- a/RELEASE-NOTES-1.24 +++ b/RELEASE-NOTES-1.24 @@ -4,11 +4,20 @@ turn it off. MediaWiki will no longer work with it enabled. == MediaWiki 1.24.1 == -This is a (XXX security and ??) maintenance release of the MediaWiki 1.24 branch. +This is a security and maintenance release of the MediaWiki 1.24 branch. == Changes since 1.24.0 == -* (bug 72834) Make 1.24 branch directly installable under PostgreSQL. +* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which + could lead to xss. Permission to edit MediaWiki namespace is required to + exploit this. +* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in + $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as + part of its name. +* (bug T74222) The original patch for T74222 was reverted as unnecessary. +* Fixed a couple of entries in RELEASE-NOTES-1.24. +* (bug T76168) OutputPage: Add accessors for some protected properties. +* (bug T74834) Make 1.24 branch directly installable under PostgreSQL. == MediaWiki 1.24 == diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 126398d0c3cb..712689327310 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -75,7 +75,7 @@ $wgConfigRegistry = array( * Using single quotes is, therefore, important here. * @since 1.2 */ -$wgVersion = '1.24.0'; +$wgVersion = '1.24.1'; /** * Name of the site. It must be changed in LocalSettings.php |