diff options
author | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-08-02 16:31:15 -0400 |
---|---|---|
committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-08-02 16:31:15 -0400 |
commit | 7099c40bcc035e3b96ddd3e976d1cdbcfbf09398 (patch) | |
tree | 2fbc86f9c4cba01c0a266b7fefdd38b1ec3b5c01 /RELEASE-NOTES-1.26 | |
parent | a5f917bbc55e295896b8084f6657eb8b6abaf8a8 (diff) | |
parent | b5e7f46db0fcb6f251206eaf36339ad3ad589f8b (diff) |
Merge branch 'archwiki' into lukeshu/masterproduction
Diffstat (limited to 'RELEASE-NOTES-1.26')
-rw-r--r-- | RELEASE-NOTES-1.26 | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/RELEASE-NOTES-1.26 b/RELEASE-NOTES-1.26 index e617f00b..fd2e5e69 100644 --- a/RELEASE-NOTES-1.26 +++ b/RELEASE-NOTES-1.26 @@ -1,6 +1,34 @@ Security reminder: If you have PHP's register_globals option set, you must turn it off. MediaWiki will not work with it enabled. +== MediaWiki 1.26.3 == + +This is a maintenance release of the MediaWiki 1.26 branch. + +== Changes since 1.26.2 == +* (T116266) Fixed undefined property notices in DairikiDiff under HHVM. +* (T123166) Fix fatal error when importing pages to titles which cannot be + created, such as invalid titles or titles the user is not allowed to edit. +* (T122056) Old tokens are remaining valid within a new session +* (T127114) Login throttle can be tricked using non-canonicalized usernames +* (T123653) Cross-domain policy regexp is too narrow +* (T123071) Incorrectly identifying http link in a's href attributes, due to + m modifier in regex +* (T129506) MediaWiki:Gadget-popups.js isn't renderable +* (T125283) Users occasionally logged in as different users after + SessionManager deployment +* (T103239) Patrol allows click catching and patrolling of any page +* (T122807) [tracking] Check php crypto primatives +* (T98313) Graphs can leak tokens, leading to CSRF +* (T130947) Diff generation should use PoolCounter +* (T133507) Careless use of $wgExternalLinkTarget is insecure +* (T132874) API action=move is not rate limited +* (T110143) strip markers can be used to get around html attribute escaping in + (many?) parser tags +* (T116030) Increase pbkdf2 parameter strengths +* (T127420) Pbkdf2Password does not check if hash_pbkdf2() succeeded +* (T126685) Globally throttle password attempts + == MediaWiki 1.26.2 == This is a maintenance release of the MediaWiki 1.26 branch. |