diff options
author | Tim Starling <tstarling@users.mediawiki.org> | 2009-02-07 02:54:07 +0000 |
---|---|---|
committer | Tim Starling <tstarling@users.mediawiki.org> | 2009-02-07 02:54:07 +0000 |
commit | b3d6c99aae23c8855884cadf86fe9210b9a5d8fd (patch) | |
tree | 8d793533ce1ede8b2d7ae74e4a552630e2291a77 | |
parent | 530d2430c2a7cb62c30f3f5ccc615c9754c48487 (diff) |
Updates for release1.6.12origin/REL1_6
Notes
http://mediawiki.org/wiki/Special:Code/MediaWiki/46957
-rw-r--r-- | RELEASE-NOTES | 19 | ||||
-rw-r--r-- | includes/DefaultSettings.php | 2 |
2 files changed, 20 insertions, 1 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 052fe9f2af83..37defa101434 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -2,6 +2,25 @@ For upgrade instructions please see the UPGRADE file in this directory. +== MediaWiki 1.6.12 == + +February 7, 2009 + +This is a security update to the Spring 2006 quarterly release. + +A number of cross-site scripting (XSS) security vulnerabilities were discovered +in the web-based installer (config/index.php). These vulnerabilities all +require a live installer -- once the installer has been used to install a wiki, +it is deactivated. + +Note that cross-site scripting vulnerabilities can be used to attack any website +in the same cookie domain. So if you have an uninstalled copy of MediaWiki on +the same site as an active web service, MediaWiki could be used to attack the +active service. + +If you are hosting an old copy of MediaWiki that you have never installed, you +are advised to remove it from the web. + == MediaWiki 1.6.11 == December 15, 2008 diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index d97fcc8acd51..07852123ab63 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -32,7 +32,7 @@ require_once( 'includes/SiteConfiguration.php' ); $wgConf = new SiteConfiguration; /** MediaWiki version number */ -$wgVersion = '1.6.11'; +$wgVersion = '1.6.12'; /** Name of the site. It must be changed in LocalSettings.php */ $wgSitename = 'MediaWiki'; |