Release notes for r85858.1.16.3

author: Tim Starling <tstarling@users.mediawiki.org> 2011-04-12 03:07:21 +0000
committer: Tim Starling <tstarling@users.mediawiki.org> 2011-04-12 03:07:21 +0000
commit: 674ff5526e52295fe8973d659184f4d4726fbaba (patch)
tree: eaf25829cbd998bd65b3848c7f01759b5b20c4c2
parent: 52fca561d0be9c09f26152b8a98eb6c2b0e54a0e (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index ef1ac7bb7825..cf3f3a77efa5 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -45,12 +45,15 @@ you have the DBA extension for PHP installed, this will improve performance
 further.
 
 == Changes since 1.16.2 ==
+
 * (bug 28449) Fixed permissions checks in Special:Import which allowed users 
   without the 'import' permission to import pages from the configured import 
   sources.
 * (bug 28235) Fixed XSS affecting IE 6 and earlier clients only, due to those 
   browsers looking for a file extension in the query string of the URL, and 
   ignoring the Content-Type header if one is found.
+* (bug 28450) Fixed a CSS validation issue involving escaped comments, which
+  led to XSS for Internet Explorer clients and privacy loss for other clients.
 
 == Changes since 1.16.1 ==
author	Tim Starling <tstarling@users.mediawiki.org>	2011-04-12 03:07:21 +0000
committer	Tim Starling <tstarling@users.mediawiki.org>	2011-04-12 03:07:21 +0000
commit	674ff5526e52295fe8973d659184f4d4726fbaba (patch)
tree	eaf25829cbd998bd65b3848c7f01759b5b20c4c2
parent	52fca561d0be9c09f26152b8a98eb6c2b0e54a0e (diff)