jenkins-bot has submitted this change and it was merged. Change subject: Release notes for all the previous security patches ......................................................................
Release notes for all the previous security patches Change-Id: Ie93338b7d41a90f3ffdfa1b41891994935c965c7 --- M RELEASE-NOTES-1.28 1 file changed, 12 insertions(+), 0 deletions(-) Approvals: Chad: Looks good to me, approved jenkins-bot: Verified diff --git a/RELEASE-NOTES-1.28 b/RELEASE-NOTES-1.28 index 5d88fbf..865e300 100644 --- a/RELEASE-NOTES-1.28 +++ b/RELEASE-NOTES-1.28 @@ -52,6 +52,16 @@ ==== Removed and replaced external libraries ==== === Bug fixes in 1.28 === +* (T137264) SECURITY: XSS in unclosed internal links +* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks +* (T133147) SECURITY: Require login to preview user CSS pages +* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is + the top file +* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in + permissions +* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true +* (T139670) Move 'UserGetRights' call before application of + Session::getAllowedUserRights() === Action API changes in 1.28 === * Added 'maxarticlesize' property to action=query&meta=siteinfo which contains @@ -72,6 +82,8 @@ === Action API internal changes in 1.28 === * Added a new hook, 'ApiMakeParserOptions', to allow extensions to better interact with ApiParse and ApiExpandTemplates. +* (T139565) SECURITY: API: Generate head items in the context of the given title +* (T115333) SECURITY: Check read permission when loading page content in ApiParse === Languages updated in 1.28 === -- To view, visit https://gerrit.wikimedia.org/r/306094 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ie93338b7d41a90f3ffdfa1b41891994935c965c7 Gerrit-PatchSet: 2 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Chad <ch...@wikimedia.org> Gerrit-Reviewer: Chad <ch...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits