Updated release notes and version number to MediaWiki 1.19.231.19.23

This is MediaWiki 1.19.23 security and maintenance release.

Change-Id: I2a35e20a0cae512e39fa2c9412bcf5890f62bccb

2 files changed, 9 insertions, 1 deletions

diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19
index 0a1ca898ceb9..8306b57c5dad 100644
--- a/RELEASE-NOTES-1.19
+++ b/RELEASE-NOTES-1.19
@@ -3,8 +3,16 @@
 Security reminder: MediaWiki does not require PHP's register_globals
 setting since version 1.2.0. If you have it on, turn it '''off''' if you can.
 
+== MediaWiki 1.19.23 ==
+
+This is a security and maintenance release of the MediaWiki 1.19 branch.
+
 === Changes since 1.19.22 ===
 
+* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
+  could lead to xss. Permission to edit MediaWiki namespace is required to
+  exploit this.
+* (bug T74222) The original patch for T74222 was reverted as unnecessary.
 * Add missing $ in front of variable in OutputPage.php
 
 == MediaWiki 1.19.22 ==
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 10332243ba84..ff8301e76735 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -33,7 +33,7 @@ $wgConf = new SiteConfiguration;
 /** @endcond */
 
 /** MediaWiki version number */
-$wgVersion = '1.19.22';
+$wgVersion = '1.19.23';
 
 /** Name of the site. It must be changed in LocalSettings.php */
 $wgSitename = 'MediaWiki';