diff options
author | Reedy <reedy@wikimedia.org> | 2023-06-29 22:08:37 +0100 |
---|---|---|
committer | Reedy <reedy@wikimedia.org> | 2023-06-30 16:35:20 +0100 |
commit | b8d14e9d292f1199b959b9ce26d99f72bf935406 (patch) | |
tree | c81701b646acf090bc5fa5eaa9f0de87e83a1357 | |
parent | b7e11843fbc5929b95ac42295596579c408f61d5 (diff) |
Prep 1.35.111.35.11
Change-Id: I8b8b48178100490e4d6d53757358510b54b4f1e6
-rw-r--r-- | RELEASE-NOTES-1.35 | 6 | ||||
-rw-r--r-- | includes/Defines.php | 2 |
2 files changed, 6 insertions, 2 deletions
diff --git a/RELEASE-NOTES-1.35 b/RELEASE-NOTES-1.35 index 853a1134f01b..1bbeddea1e22 100644 --- a/RELEASE-NOTES-1.35 +++ b/RELEASE-NOTES-1.35 @@ -13,17 +13,21 @@ PHP 8.2 workboard: https://phabricator.wikimedia.org/tag/php_8.2_support/ == MediaWiki 1.35.11 == -THIS IS NOT A RELEASE YET +This is a security and maintenance release of the MediaWiki 1.35 branch. === Changes since MediaWiki 1.35.10 === * Localisation updates. * (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1. +* (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7 + (1.9.0 => 1.9.1). * (T269636) Add Access-Control-Max-Age to $wgAllowedCorsHeaders. * (T322944) Add Authorization to default $wgAllowedCorsHeaders. * (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter. * (T297917) objectcache: avoid use of ctype_digit() in WANObjectCache::adaptiveTTL(). * (T330464) Work around argument corruption bug in XMLReader::open. +* (T313157) IndexPager: Also protect against $offset being 0. +* (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker. == MediaWiki 1.35.10 == diff --git a/includes/Defines.php b/includes/Defines.php index 022dc9645c8b..079c1f3092b2 100644 --- a/includes/Defines.php +++ b/includes/Defines.php @@ -37,7 +37,7 @@ use Wikimedia\Rdbms\IDatabase; * * @since 1.35 */ -define( 'MW_VERSION', '1.35.10' ); +define( 'MW_VERSION', '1.35.11' ); # Obsolete aliases |