summaryrefslogtreecommitdiff
path: root/RELEASE-NOTES
diff options
context:
space:
mode:
authorPierre Schmitz <pierre@archlinux.de>2010-07-28 10:05:59 +0200
committerPierre Schmitz <pierre@archlinux.de>2010-07-28 10:05:59 +0200
commit00ab76a6b686e98a914afc1975812d2b1aaa7016 (patch)
tree0509bcf2b8a30056833a289e3717b55bdb189835 /RELEASE-NOTES
parenta5be612e4169e11b51647cbaa2abc976de00d671 (diff)
update to MediaWiki 1.15.5
Diffstat (limited to 'RELEASE-NOTES')
-rw-r--r--RELEASE-NOTES19
1 files changed, 17 insertions, 2 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 8a7cfc8b..4e5effb2 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -3,9 +3,9 @@
Security reminder: MediaWiki does not require PHP's register_globals
setting since version 1.2.0. If you have it on, turn it *off* if you can.
-== MediaWiki 1.15.4 ==
+== MediaWiki 1.15.5 ==
-2010-05-28
+2010-07-28
This is a security and maintenance release.
@@ -20,6 +20,21 @@ will be made on the development trunk and appear in the next quarterly release.
Those wishing to use the latest code instead of a branch release can obtain
it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
+== Changes since 1.15.4 ==
+
+* (bug 24565) Fixed Cache-Control headers sent from API modules, to protect
+ user privacy in the case where an attacker can access the wiki through the
+ same HTTP proxy as a logged-in user.
+* Fixed a minor cookie header parsing issue causing incorrect Cache-Control
+ headers to be sent.
+* Fixed an XSS vulnerability in profileinfo.php for installations with
+ $wgEnableProfileInfo = true (false by default)
+* For backwards compatibility with extensions from 1.14.x or before, restored
+ the original function ApiMain::requestWriteMode().
+* In API login "need token" responses, added the cookieprefix and sessionid
+ fields, as in MediaWiki 1.16.x. This is an improvement to the CSRF fix
+ introduced in 1.15.3.
+
== Changes since 1.15.3 ==
* (bug 23534) Fixed SQL query error in API list=allusers.