Updated Release notes and version number for 1.19.121.19.12

This is MW1.19.12 security release

Change-Id: I62383c7ed17c5e7b43612db321bf733dba4dcfdd

2 files changed, 14 insertions, 1 deletions

diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19
index 6d3667080399..4340f6d78548 100644
--- a/RELEASE-NOTES-1.19
+++ b/RELEASE-NOTES-1.19
@@ -3,6 +3,19 @@
 Security reminder: MediaWiki does not require PHP's register_globals
 setting since version 1.2.0. If you have it on, turn it '''off''' if you can.
 
+== MediaWiki 1.19.12 ==
+
+This is a security release of the MediaWiki 1.19 branch.
+
+=== Changes since 1.19.11 ===
+
+* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
+  namespaces files. Also disallow iframe elements. User will get an error
+  including the namespace name if they use a non- whitelisted namespace.
+* (bug 61346) SECURITY: Make token comparison use constant time. It seems like
+  our token comparison would be vulnerable to timing attacks. This will take
+  constant time.
+
 == MediaWiki 1.19.11 ==
 
 This is a security release of the MediaWiki 1.19 branch.
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 6837d20fe01c..44b2c185257a 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -33,7 +33,7 @@ $wgConf = new SiteConfiguration;
 /** @endcond */
 
 /** MediaWiki version number */
-$wgVersion = '1.19.11';
+$wgVersion = '1.19.12';
 
 /** Name of the site. It must be changed in LocalSettings.php */
 $wgSitename = 'MediaWiki';