diff options
author | Reedy <reedy@wikimedia.org> | 2021-12-15 16:03:02 +0000 |
---|---|---|
committer | Reedy <reedy@wikimedia.org> | 2021-12-15 20:35:26 +0000 |
commit | b24aa9d8f87e8762c8dedc2f30f85383b77d4725 (patch) | |
tree | bd3e7b736897fd678692066393e9ea7b30203899 | |
parent | ffb0f19a31f139c29e705dbc15a36e69994a6058 (diff) |
Prep 1.36.31.36.3
Change-Id: Ie74f47963f2b31b9216874e37bf2a3813e09fd6d
-rw-r--r-- | RELEASE-NOTES-1.36 | 11 | ||||
-rw-r--r-- | includes/Defines.php | 2 |
2 files changed, 10 insertions, 3 deletions
diff --git a/RELEASE-NOTES-1.36 b/RELEASE-NOTES-1.36 index ed0710e514cb..f7b295b434fb 100644 --- a/RELEASE-NOTES-1.36 +++ b/RELEASE-NOTES-1.36 @@ -2,7 +2,7 @@ == MediaWiki 1.36.3 == -THIS IS NOT A RELEASE YET +This is a security and maintenance release of the MediaWiki 1.36 branch. === Changes since MediaWiki 1.36.2 === * (T280363) mediawiki.page.ready: Introduce wikipage.indicators hook. @@ -18,7 +18,8 @@ THIS IS NOT A RELEASE YET * HistoryBlobStub: add getLocation() to get $mOldId. * Fix checkStorage.php. * checkStorage: pass no parameters to WikiRevision::getContent(). -* (T292763) Do not cache private wiki completion results. +* (T292763, CVE-2021-44854) SECURITY: Do not cache private wiki completion + results. * (T294316) Revert "Mark ApiClientLogin/ApiLogin as requiring write mode". * (T294796) JobQueueRedis: Replace deprecated zSize with zCard. * (T278037) NoLocalSettings: Pass an EmptyBagOStuff to TemplateParser. @@ -35,6 +36,12 @@ THIS IS NOT A RELEASE YET * (T286779, T297031) installer: Fix Postgres mistakes in using changeField method. * (T225888) RollbackAction: fix missing pagetitle. +* (T297322, CVE-2021-44858, CVE-2021-44857) SECURITY: Fix permissions checks in + undo actions. +* (T297574, CVE-2021-45038) SECURITY: Fix permissions check in action=rollback. +* (T34716, T297416) SECURITY: Require 'read' right for most actions. +* (T271037, CVE-2021-44856) SECURITY: Fix use of EditFilterMergedContent hook + when changing content model. == MediaWiki 1.36.2 == diff --git a/includes/Defines.php b/includes/Defines.php index d272701ee3c0..7a4cefbf3ecc 100644 --- a/includes/Defines.php +++ b/includes/Defines.php @@ -33,7 +33,7 @@ use Wikimedia\Rdbms\IDatabase; * * @since 1.35 */ -define( 'MW_VERSION', '1.36.2' ); +define( 'MW_VERSION', '1.36.3' ); /** @{ * Obsolete IDatabase::makeList() constants |