summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorReedy <reedy@wikimedia.org>2021-12-15 12:37:44 +0000
committerReedy <reedy@wikimedia.org>2021-12-15 20:05:27 +0000
commit8b874ff6c6ed5f209dfd0c825c5b310ef1ecca2f (patch)
treee8c2a93f1bd3b9f2108a980af5eba48b643cf1e9
parent1052f6fdc77f8c5e979335dd88b95ef8762f1e41 (diff)
Prep 1.35.51.35.5
Change-Id: I18284aeb7bc0c6b81f357747c1e6ebf573d2dbee
-rw-r--r--RELEASE-NOTES-1.3511
-rw-r--r--includes/Defines.php2
2 files changed, 10 insertions, 3 deletions
diff --git a/RELEASE-NOTES-1.35 b/RELEASE-NOTES-1.35
index a402e0076e9d..48234c0b9e17 100644
--- a/RELEASE-NOTES-1.35
+++ b/RELEASE-NOTES-1.35
@@ -11,7 +11,7 @@ PHP 8.0 workboard: https://phabricator.wikimedia.org/tag/php_8.0_support/
== MediaWiki 1.35.5 ==
-THIS IS NOT A RELEASE YET
+This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.4 ===
* (T290697) Add symfony/polyfill-php80.
@@ -24,7 +24,8 @@ THIS IS NOT A RELEASE YET
* HistoryBlobStub: add getLocation() to get $mOldId.
* Fix checkStorage.php.
* checkStorage: pass no parameters to WikiRevision::getContent().
-* (T292763) Do not cache private wiki completion results.
+* (T292763, CVE-2021-44854) SECURITY: Do not cache private wiki completion
+ results.
* (T294316) Revert "Mark ApiClientLogin/ApiLogin as requiring write mode".
* (T250068) resources: Upgrade jQuery from 3.4.1 to 3.6.0.
* (T250068) resources: Upgrade jquery-migrate from 3.1.0 (patched) to 3.3.2
@@ -40,6 +41,12 @@ THIS IS NOT A RELEASE YET
* (T296112) Allow inserting new sections named '0'.
* nukeNS: don't run purgeRedundantText() after every change.
* (T225888) RollbackAction: fix missing pagetitle.
+* (T297322, CVE-2021-44858, CVE-2021-44857) SECURITY: Fix permissions checks in
+ undo actions.
+* (T297574, CVE-2021-45038) SECURITY: Fix permissions check in action=rollback.
+* (T34716, T297416) SECURITY: Require 'read' right for most actions.
+* (T271037, CVE-2021-44856) SECURITY: Fix use of EditFilterMergedContent hook
+ when changing content model.
== MediaWiki 1.35.4 ==
diff --git a/includes/Defines.php b/includes/Defines.php
index 4a1307f7855f..5fd17e975b86 100644
--- a/includes/Defines.php
+++ b/includes/Defines.php
@@ -37,7 +37,7 @@ use Wikimedia\Rdbms\IDatabase;
*
* @since 1.35
*/
-define( 'MW_VERSION', '1.35.4' );
+define( 'MW_VERSION', '1.35.5' );
# Obsolete aliases