Update to MediaWiki 1.22.9

author: Pierre Schmitz <pierre@archlinux.de> 2014-07-31 06:43:27 +0200
committer: Pierre Schmitz <pierre@archlinux.de> 2014-07-31 06:43:27 +0200
commit: 027fc6e70f7f9ce8422d4798fb02e67ff271ae4c (patch)
tree: 8163dff509e80309c82051a1095faab9396e280f /RELEASE-NOTES-1.22
parent: f80b2307028ed4d9231a0bd46496b241dcf4aa5c (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22
index be1d96a7..44067ff8 100644
--- a/RELEASE-NOTES-1.22
+++ b/RELEASE-NOTES-1.22
@@ -3,6 +3,20 @@
 Security reminder: MediaWiki does not require PHP's register_globals. If you
 have it on, turn it '''off''' if you can.
 
+== MediaWiki 1.22.9 ==
+
+This is a security and maintenance release of the MediaWiki 1.22 branch.
+
+=== Changes since 1.22.8 ===
+
+* (bug 68187) SECURITY: Prepend jsonp callback with comment.
+* (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used
+  for loading a new page in Javascript,instead of relying on the URL in the link
+  that has been clicked.
+* (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and
+  ParserOutput.
+* (bug 59147) The img_metadata field was not being decoded from bytea into text.
+
 == MediaWiki 1.22.8 ==
 
 This is a security and maintenance release of the MediaWiki 1.22 branch.
author	Pierre Schmitz <pierre@archlinux.de>	2014-07-31 06:43:27 +0200
committer	Pierre Schmitz <pierre@archlinux.de>	2014-07-31 06:43:27 +0200
commit	027fc6e70f7f9ce8422d4798fb02e67ff271ae4c (patch)
tree	8163dff509e80309c82051a1095faab9396e280f /RELEASE-NOTES-1.22
parent	f80b2307028ed4d9231a0bd46496b241dcf4aa5c (diff)