diff options
author | mglaser <glaser@hallowelt.biz> | 2014-12-17 19:02:04 +0100 |
---|---|---|
committer | mglaser <glaser@hallowelt.biz> | 2014-12-17 20:26:48 +0100 |
commit | 55bf66da3e4baecf7d197f75f7cac3b8d55aa255 (patch) | |
tree | a8963db0d3b5a70bcf286fdc8235267c46e6c0c2 | |
parent | fdd3f464ef9aa7f3276a2a8dddc85e3769cfda83 (diff) |
Updated release notes and version number to MediaWiki 1.19.231.19.23
This is MediaWiki 1.19.23 security and maintenance release.
Change-Id: I2a35e20a0cae512e39fa2c9412bcf5890f62bccb
-rw-r--r-- | RELEASE-NOTES-1.19 | 8 | ||||
-rw-r--r-- | includes/DefaultSettings.php | 2 |
2 files changed, 9 insertions, 1 deletions
diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19 index 0a1ca898ceb9..8306b57c5dad 100644 --- a/RELEASE-NOTES-1.19 +++ b/RELEASE-NOTES-1.19 @@ -3,8 +3,16 @@ Security reminder: MediaWiki does not require PHP's register_globals setting since version 1.2.0. If you have it on, turn it '''off''' if you can. +== MediaWiki 1.19.23 == + +This is a security and maintenance release of the MediaWiki 1.19 branch. + === Changes since 1.19.22 === +* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which + could lead to xss. Permission to edit MediaWiki namespace is required to + exploit this. +* (bug T74222) The original patch for T74222 was reverted as unnecessary. * Add missing $ in front of variable in OutputPage.php == MediaWiki 1.19.22 == diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 10332243ba84..ff8301e76735 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -33,7 +33,7 @@ $wgConf = new SiteConfiguration; /** @endcond */ /** MediaWiki version number */ -$wgVersion = '1.19.22'; +$wgVersion = '1.19.23'; /** Name of the site. It must be changed in LocalSettings.php */ $wgSitename = 'MediaWiki'; |