[MediaWiki-commits] [Gerrit] mediawiki/core[master]: Release notes for all the previous security patches

Mon, 22 Aug 2016 21:49:21 -0700 

jenkins-bot has submitted this change and it was merged.

Change subject: Release notes for all the previous security patches
......................................................................


Release notes for all the previous security patches

Change-Id: Ie93338b7d41a90f3ffdfa1b41891994935c965c7
---
M RELEASE-NOTES-1.28
1 file changed, 12 insertions(+), 0 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.28 b/RELEASE-NOTES-1.28
index 5d88fbf..865e300 100644
--- a/RELEASE-NOTES-1.28
+++ b/RELEASE-NOTES-1.28
@@ -52,6 +52,16 @@
 ==== Removed and replaced external libraries ====
 
 === Bug fixes in 1.28 ===
+* (T137264) SECURITY: XSS in unclosed internal links
+* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
+* (T133147) SECURITY: Require login to preview user CSS pages
+* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
+  the top file
+* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
+  permissions
+* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is 
true
+* (T139670) Move 'UserGetRights' call before application of
+  Session::getAllowedUserRights()
 
 === Action API changes in 1.28 ===
 * Added 'maxarticlesize' property to action=query&meta=siteinfo which contains
@@ -72,6 +82,8 @@
 === Action API internal changes in 1.28 ===
 * Added a new hook, 'ApiMakeParserOptions', to allow extensions to better
   interact with ApiParse and ApiExpandTemplates.
+* (T139565) SECURITY: API: Generate head items in the context of the given 
title
+* (T115333) SECURITY: Check read permission when loading page content in 
ApiParse
 
 === Languages updated in 1.28 ===
 

-- 
To view, visit https://gerrit.wikimedia.org/r/306094
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ie93338b7d41a90f3ffdfa1b41891994935c965c7
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Chad <ch...@wikimedia.org>
Gerrit-Reviewer: Chad <ch...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to