From 8b874ff6c6ed5f209dfd0c825c5b310ef1ecca2f Mon Sep 17 00:00:00 2001
From: Reedy <reedy@wikimedia.org>
Date: Wed, 15 Dec 2021 12:37:44 +0000
Subject: Prep 1.35.5

Change-Id: I18284aeb7bc0c6b81f357747c1e6ebf573d2dbee
---
 RELEASE-NOTES-1.35   | 11 +++++++++--
 includes/Defines.php |  2 +-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/RELEASE-NOTES-1.35 b/RELEASE-NOTES-1.35
index a402e0076e9d..48234c0b9e17 100644
--- a/RELEASE-NOTES-1.35
+++ b/RELEASE-NOTES-1.35
@@ -11,7 +11,7 @@ PHP 8.0 workboard: https://phabricator.wikimedia.org/tag/php_8.0_support/
 
 == MediaWiki 1.35.5 ==
 
-THIS IS NOT A RELEASE YET
+This is a security and maintenance release of the MediaWiki 1.35 branch.
 
 === Changes since MediaWiki 1.35.4 ===
 * (T290697) Add symfony/polyfill-php80.
@@ -24,7 +24,8 @@ THIS IS NOT A RELEASE YET
 * HistoryBlobStub: add getLocation() to get $mOldId.
 * Fix checkStorage.php.
 * checkStorage: pass no parameters to WikiRevision::getContent().
-* (T292763) Do not cache private wiki completion results.
+* (T292763, CVE-2021-44854) SECURITY: Do not cache private wiki completion
+  results.
 * (T294316) Revert "Mark ApiClientLogin/ApiLogin as requiring write mode".
 * (T250068) resources: Upgrade jQuery from 3.4.1 to 3.6.0.
 * (T250068) resources: Upgrade jquery-migrate from 3.1.0 (patched) to 3.3.2
@@ -40,6 +41,12 @@ THIS IS NOT A RELEASE YET
 * (T296112) Allow inserting new sections named '0'.
 * nukeNS: don't run purgeRedundantText() after every change.
 * (T225888) RollbackAction: fix missing pagetitle.
+* (T297322, CVE-2021-44858, CVE-2021-44857) SECURITY: Fix permissions checks in
+  undo actions.
+* (T297574, CVE-2021-45038) SECURITY: Fix permissions check in action=rollback.
+* (T34716, T297416) SECURITY: Require 'read' right for most actions.
+* (T271037, CVE-2021-44856) SECURITY: Fix use of EditFilterMergedContent hook
+  when changing content model.
 
 == MediaWiki 1.35.4 ==
 
diff --git a/includes/Defines.php b/includes/Defines.php
index 4a1307f7855f..5fd17e975b86 100644
--- a/includes/Defines.php
+++ b/includes/Defines.php
@@ -37,7 +37,7 @@ use Wikimedia\Rdbms\IDatabase;
  *
  * @since 1.35
  */
-define( 'MW_VERSION', '1.35.4' );
+define( 'MW_VERSION', '1.35.5' );
 
 # Obsolete aliases
 
-- 
cgit v1.2.3