Updates for release1.6.12origin/REL1_6

2 files changed, 20 insertions, 1 deletions

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 052fe9f2af83..37defa101434 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -2,6 +2,25 @@
 
 For upgrade instructions please see the UPGRADE file in this directory.
 
+== MediaWiki 1.6.12 ==
+
+February 7, 2009
+
+This is a security update to the Spring 2006 quarterly release.
+
+A number of cross-site scripting (XSS) security vulnerabilities were discovered 
+in the web-based installer (config/index.php). These vulnerabilities all 
+require a live installer -- once the installer has been used to install a wiki, 
+it is deactivated.
+
+Note that cross-site scripting vulnerabilities can be used to attack any website
+in the same cookie domain. So if you have an uninstalled copy of MediaWiki on
+the same site as an active web service, MediaWiki could be used to attack the
+active service.
+
+If you are hosting an old copy of MediaWiki that you have never installed, you 
+are advised to remove it from the web.
+
 == MediaWiki 1.6.11 ==
 
 December 15, 2008
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index d97fcc8acd51..07852123ab63 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -32,7 +32,7 @@ require_once( 'includes/SiteConfiguration.php' );
 $wgConf = new SiteConfiguration;
 
 /** MediaWiki version number */
-$wgVersion			= '1.6.11';
+$wgVersion			= '1.6.12';
 
 /** Name of the site. It must be changed in LocalSettings.php */
 $wgSitename         = 'MediaWiki';