diff options
author | mglaser <glaser@hallowelt.biz> | 2014-02-28 00:09:32 +0100 |
---|---|---|
committer | mglaser <glaser@hallowelt.biz> | 2014-02-28 00:13:41 +0100 |
commit | d18c8e32ecdaaf77dd10db096d76b0ea2a5ea23a (patch) | |
tree | b680d90f31bdbb0b46c1af3cabab7348579f5e4c | |
parent | 7d6f2852ac25bc58b541407bd693acacd028c3c5 (diff) |
Updated Release notes1.21.6
Release notes are now readable without the context of the bug. Also
removed whitespace
Change-Id: I699a10effd7a5b1fad25b70b2b69ffc2bae133f6
-rw-r--r-- | RELEASE-NOTES-1.21 | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/RELEASE-NOTES-1.21 b/RELEASE-NOTES-1.21 index 08b30ef5579d..3bf87fcaa0af 100644 --- a/RELEASE-NOTES-1.21 +++ b/RELEASE-NOTES-1.21 @@ -9,11 +9,11 @@ This is a security release of the MediaWiki 1.21 branch. === Changes since 1.21.5 === -* (bug 60771) SECURITY: Disallow uploading non-whitelisted namespaces. Also - disallow iframe elements. User will get an error including the namespace name - if they use a non- whitelisted namespace. -* (bug 61346) SECURITY: Make token comparison constant time. It seems like our - token comparison would be vulnerable to timing attacks. This will take +* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted + namespaces. Also disallow iframe elements. User will get an error + including the namespace name if they use a non- whitelisted namespace. +* (bug 61346) SECURITY: Make token comparison use constant time. It seems like + our token comparison would be vulnerable to timing attacks. This will take constant time. * (bug 61362) SECURITY: API: Don't find links in the middle of api.php links. |