diff options
author | mglaser <glaser@hallowelt.biz> | 2014-02-27 23:34:14 +0100 |
---|---|---|
committer | mglaser <glaser@hallowelt.biz> | 2014-02-27 23:53:12 +0100 |
commit | 996143fbf1ded062eb543f303487e77ac894675f (patch) | |
tree | ea361632d5ffc75b868cc46bce27d11ed7842535 | |
parent | 32f1299d3658c4021b43c1733c677533ff62d0ed (diff) |
Updated Release notes and version number for 1.19.121.19.12
This is MW1.19.12 security release
Change-Id: I62383c7ed17c5e7b43612db321bf733dba4dcfdd
-rw-r--r-- | RELEASE-NOTES-1.19 | 13 | ||||
-rw-r--r-- | includes/DefaultSettings.php | 2 |
2 files changed, 14 insertions, 1 deletions
diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19 index 6d3667080399..4340f6d78548 100644 --- a/RELEASE-NOTES-1.19 +++ b/RELEASE-NOTES-1.19 @@ -3,6 +3,19 @@ Security reminder: MediaWiki does not require PHP's register_globals setting since version 1.2.0. If you have it on, turn it '''off''' if you can. +== MediaWiki 1.19.12 == + +This is a security release of the MediaWiki 1.19 branch. + +=== Changes since 1.19.11 === + +* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted + namespaces files. Also disallow iframe elements. User will get an error + including the namespace name if they use a non- whitelisted namespace. +* (bug 61346) SECURITY: Make token comparison use constant time. It seems like + our token comparison would be vulnerable to timing attacks. This will take + constant time. + == MediaWiki 1.19.11 == This is a security release of the MediaWiki 1.19 branch. diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 6837d20fe01c..44b2c185257a 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -33,7 +33,7 @@ $wgConf = new SiteConfiguration; /** @endcond */ /** MediaWiki version number */ -$wgVersion = '1.19.11'; +$wgVersion = '1.19.12'; /** Name of the site. It must be changed in LocalSettings.php */ $wgSitename = 'MediaWiki'; |