diff options
author | Reedy <reedy@wikimedia.org> | 2023-06-29 22:14:55 +0100 |
---|---|---|
committer | Reedy <reedy@wikimedia.org> | 2023-06-30 16:48:11 +0100 |
commit | c4075dfdbcb51df3c922aef582cf5b4091759595 (patch) | |
tree | 07689a2964b2440a6590b0a63e33f54c44f7b6cf | |
parent | 925a6354cc93ee31823dcba153acaccd85e5955a (diff) |
Prep 1.39.41.39.4
Change-Id: I7cedf10ccf5a46038a436162a4ed6adccb3783fa
-rw-r--r-- | RELEASE-NOTES-1.39 | 7 | ||||
-rw-r--r-- | includes/Defines.php | 2 |
2 files changed, 7 insertions, 2 deletions
diff --git a/RELEASE-NOTES-1.39 b/RELEASE-NOTES-1.39 index 8f0ea1c93cd5..36b03d5629d4 100644 --- a/RELEASE-NOTES-1.39 +++ b/RELEASE-NOTES-1.39 @@ -6,10 +6,13 @@ PHP 8.2 workboard: https://phabricator.wikimedia.org/tag/php_8.2_support/ == MediaWiki 1.39.4 == -THIS IS NOT A RELEASE YET +This is a security and maintenance release of the MediaWiki 1.39 branch. === Changes since MediaWiki 1.39.3 === * Localisation updates. +* (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1. +* (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7 + (2.4.0 => 2.4.5). * (T333776) {{ACTIVEUSERS}} wasn't being updated without updateSpecialPages.php. * (T258860) Prevent LogicCache exception from message cache during IO errors from memcache. @@ -29,6 +32,8 @@ THIS IS NOT A RELEASE YET Linker::makeBrokenImageLinkObj. * (T334659) Handle thumb errors when !$enableLegacyMediaDOM. * A manualthumb that doesn't exist should be considered a thumb error. +* (T313157) IndexPager: Also protect against $offset being 0. +* (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker. == MediaWiki 1.39.3 == diff --git a/includes/Defines.php b/includes/Defines.php index 79364f096557..7cf752a2061a 100644 --- a/includes/Defines.php +++ b/includes/Defines.php @@ -33,7 +33,7 @@ use Wikimedia\Rdbms\IDatabase; * * @since 1.35 (also backported to 1.33.3 and 1.34.1) */ -define( 'MW_VERSION', '1.39.3' ); +define( 'MW_VERSION', '1.39.4' ); /** @{ * Obsolete IDatabase::makeList() constants |