diff options
author | root <root@luna.archlinux.org> | 2016-05-21 06:38:45 +0000 |
---|---|---|
committer | root <root@luna.archlinux.org> | 2016-05-21 06:38:45 +0000 |
commit | b88e92b7f0ce508c55de8c6ac5159ef544d480be (patch) | |
tree | 86b188507543d2670b7ada1caa8f1139d3d5abe9 /RELEASE-NOTES-1.26 | |
parent | a2bbd243c85ea0e425ee3e8c380aba9f254cee61 (diff) | |
parent | 7bf2eb8ba09b54cec804446ea39a3e658773fac9 (diff) |
Merge branch 'master' of https://git.archlinux.org/vhosts/wiki.archlinux.org
Diffstat (limited to 'RELEASE-NOTES-1.26')
-rw-r--r-- | RELEASE-NOTES-1.26 | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/RELEASE-NOTES-1.26 b/RELEASE-NOTES-1.26 index e617f00b..fd2e5e69 100644 --- a/RELEASE-NOTES-1.26 +++ b/RELEASE-NOTES-1.26 @@ -1,6 +1,34 @@ Security reminder: If you have PHP's register_globals option set, you must turn it off. MediaWiki will not work with it enabled. +== MediaWiki 1.26.3 == + +This is a maintenance release of the MediaWiki 1.26 branch. + +== Changes since 1.26.2 == +* (T116266) Fixed undefined property notices in DairikiDiff under HHVM. +* (T123166) Fix fatal error when importing pages to titles which cannot be + created, such as invalid titles or titles the user is not allowed to edit. +* (T122056) Old tokens are remaining valid within a new session +* (T127114) Login throttle can be tricked using non-canonicalized usernames +* (T123653) Cross-domain policy regexp is too narrow +* (T123071) Incorrectly identifying http link in a's href attributes, due to + m modifier in regex +* (T129506) MediaWiki:Gadget-popups.js isn't renderable +* (T125283) Users occasionally logged in as different users after + SessionManager deployment +* (T103239) Patrol allows click catching and patrolling of any page +* (T122807) [tracking] Check php crypto primatives +* (T98313) Graphs can leak tokens, leading to CSRF +* (T130947) Diff generation should use PoolCounter +* (T133507) Careless use of $wgExternalLinkTarget is insecure +* (T132874) API action=move is not rate limited +* (T110143) strip markers can be used to get around html attribute escaping in + (many?) parser tags +* (T116030) Increase pbkdf2 parameter strengths +* (T127420) Pbkdf2Password does not check if hash_pbkdf2() succeeded +* (T126685) Globally throttle password attempts + == MediaWiki 1.26.2 == This is a maintenance release of the MediaWiki 1.26 branch. |