[MediaWiki-commits] [Gerrit] Updated release notes and version number to MediaWiki 1.19.23 - change (mediawiki/core)

Wed, 17 Dec 2014 11:27:49 -0800 

Mglaser has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/180556

Change subject: Updated release notes and version number to MediaWiki 1.19.23
......................................................................

Updated release notes and version number to MediaWiki 1.19.23

This is MediaWiki 1.19.23 security and maintenance release.

Change-Id: I2a35e20a0cae512e39fa2c9412bcf5890f62bccb
---
M RELEASE-NOTES-1.19
M includes/DefaultSettings.php
2 files changed, 9 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/56/180556/1

diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19
index 0a1ca89..8306b57 100644
--- a/RELEASE-NOTES-1.19
+++ b/RELEASE-NOTES-1.19
@@ -3,8 +3,16 @@
 Security reminder: MediaWiki does not require PHP's register_globals
 setting since version 1.2.0. If you have it on, turn it '''off''' if you can.
 
+== MediaWiki 1.19.23 ==
+
+This is a security and maintenance release of the MediaWiki 1.19 branch.
+
 === Changes since 1.19.22 ===
 
+* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
+  could lead to xss. Permission to edit MediaWiki namespace is required to
+  exploit this.
+* (bug T74222) The original patch for T74222 was reverted as unnecessary.
 * Add missing $ in front of variable in OutputPage.php
 
 == MediaWiki 1.19.22 ==
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 1033224..ff8301e 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -33,7 +33,7 @@
 /** @endcond */
 
 /** MediaWiki version number */
-$wgVersion = '1.19.22';
+$wgVersion = '1.19.23';
 
 /** Name of the site. It must be changed in LocalSettings.php */
 $wgSitename = 'MediaWiki';

-- 
To view, visit https://gerrit.wikimedia.org/r/180556
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I2a35e20a0cae512e39fa2c9412bcf5890f62bccb
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_19
Gerrit-Owner: Mglaser <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to