diff options
author | mglaser <glaser@hallowelt.biz> | 2014-11-26 23:06:47 +0100 |
---|---|---|
committer | mglaser <glaser@hallowelt.biz> | 2014-11-27 02:36:48 +0100 |
commit | ebb163995a27caca9c9b146f94a6c8058fe727b6 (patch) | |
tree | 8cbf41133a238297e99a4bce729f007c857b9816 | |
parent | 05665ae2b5f94cb19751aa7e46cfb6a246daaade (diff) |
Updated release notes and version number for MediaWiki 1.24.01.24.0
This is MediaWiki 1.24.0 stable release.
Change-Id: Ia0f9d25182207f5fa090f31d54c37a3a8c640631
-rw-r--r-- | RELEASE-NOTES-1.24 | 32 | ||||
-rw-r--r-- | includes/DefaultSettings.php | 2 |
2 files changed, 30 insertions, 4 deletions
diff --git a/RELEASE-NOTES-1.24 b/RELEASE-NOTES-1.24 index 8e8e6e68d880..c5823fc3b252 100644 --- a/RELEASE-NOTES-1.24 +++ b/RELEASE-NOTES-1.24 @@ -3,10 +3,13 @@ turn it off. MediaWiki will no longer work with it enabled. == MediaWiki 1.24 == -THIS IS A RELEASE CANDIDATE +MediaWiki 1.24.0 is the stable branch and is recommended for use in production. -MediaWiki 1.24 is being prepared for release. Please file bugs for -any problems found. +MediaWiki 1.24 is a large release that contains many new features and bug +fixes. This is the full list of changes in this version. + +Our thanks go to everyone who helped to improve MediaWiki by testing the beta +release and submitting bug reports. === Configuration changes in 1.24 === * Setting $wgAllowSiteCSSOnRestrictedPages to true is necessary if you want to @@ -243,6 +246,29 @@ any problems found. characters decoded in the query string. * (bug 67368) LESS mixins like .background-image() correctly flip image references for RTL stylesheets now. +* (bugs 66776, 71478) SECURITY: User PleaseStand reported a way to inject code + into API clients that used format=php to process pages that underwent flash + policy mangling. This was fixed along with improving how the mangling was done + for format=json, and allowing sites to disable the mangling using + $wgMangleFlashPolicy. +* (bug 70901) SECURITY: User Jackmcbarn reported that the ability to update + the content model for a page could allow an unprivileged attacker to edit + another user's common.js under certain circumstances. The user right + "editcontentmodel" was added, and is needed to change a revision's content + model. +* (bug 71111) SECURITY: User PleaseStand reported that on wikis that allow raw + HTML, it is not safe to preview wikitext coming from an untrusted source such + as a cross-site request. Thus add an edit token to the form, and when raw HTML + is allowed, ensure the token is provided before showing the preview. This + check is not performed on wikis that both allow raw HTML and anonymous + editing, since there are easier ways to exploit that scenario. +* (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with + DELETED_ACTION. NOTICE: this may be reverted in a future release pending a + public RFC about the desired functionality. This issue was reported by user + Bawolff. +* (bug 71621) Make allowing site-wide styles on restricted special pages a + config option. +* (bug 42723) Added updated version history from 1.19.2 to 1.22.13 === Action API changes in 1.24 === * action=parse API now supports prop=modules, which provides the list of diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index b524533b54c1..126398d0c3cb 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -75,7 +75,7 @@ $wgConfigRegistry = array( * Using single quotes is, therefore, important here. * @since 1.2 */ -$wgVersion = '1.24.0-rc.3'; +$wgVersion = '1.24.0'; /** * Name of the site. It must be changed in LocalSettings.php |