summaryrefslogtreecommitdiff
path: root/RELEASE-NOTES
diff options
context:
space:
mode:
authorPierre Schmitz <pierre@archlinux.de>2008-01-24 10:06:59 +0100
committerPierre Schmitz <pierre@archlinux.de>2008-01-24 10:06:59 +0100
commit554e44d001b2048a31b4b9e488fcb5832fdba6ea (patch)
tree1f1b61c0dfd15e820f418dd329427c4c04ed31fa /RELEASE-NOTES
parent417cbeee53be17146ab8bbe0f67f90ea2ccee1d1 (diff)
Aktualisierung auf Mediawiki 1.11.1
Diffstat (limited to 'RELEASE-NOTES')
-rw-r--r--RELEASE-NOTES44
1 files changed, 44 insertions, 0 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 94fec251..5115778e 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -3,6 +3,45 @@
Security reminder: MediaWiki does not require PHP's register_globals
setting since version 1.2.0. If you have it on, turn it *off* if you can.
+== MediaWiki 1.11.1 ==
+
+January 23, 2008
+
+This is a security and bugfix release of the Fall 2007 snapshot release of
+MediaWiki. A potential XSS injection vector affecting api.php only for
+Microsoft Internet Explorer users has been closed.
+
+Changes in this release:
+
+* (bug 11450) Fix creation of objectcache table on upgrade
+* (bug 11462) Fix typo in LanguageGetSpecialPageAliases hook name
+* Fix regression in LinkBatch.php breaking PHP 5.0
+* Security fix for API on MSIE
+
+
+To work around the vulnerability without upgrading, you may disable the
+API if you don't need it:
+
+ $wgEnableAPI = false;
+
+Not vulnerable versions:
+* 1.12 or later
+* 1.11 >= 1.11.1
+* 1.10 >= 1.10.3
+* 1.9 >= 1.9.5
+* 1.8 any version (if $wgEnableAPI has been left off)
+
+Vulnerable versions:
+* 1.11 <= 1.11.0rc1
+* 1.10 <= 1.10.2
+* 1.9 <= 1.9.4
+* 1.8 any version (if $wgEnableAPI has been switched on)
+
+MediaWiki 1.7 and below are not affected as they do not include
+the API functionality, however the BotQuery extension is similarly
+vulnerable unless updated to the latest SVN version.
+
+
== MediaWiki 1.11.0 ==
September 10, 2007
@@ -532,6 +571,7 @@ Full API documentation is available at http://www.mediawiki.org/wiki/API
* (bug 10890) Timestamp support for categorymembers query
* (bug 10980) Add exclude redirects on backlinks
* IPv6 titles in User namespace are normalized (run cleanupTitles.php to fix any old stray pages)
+* Sysops now have the same limits on the number of items they can request in a query as bots.
== Maintenance script changes since 1.10 ==
@@ -643,6 +683,10 @@ updates.
If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
new database fields are filled with data.
+If upgrading from before 1.11, and you are using a wiki as a commons repository,
+make sure that it is updated as well. Otherwise, errors may arise due to
+database schema changes.
+
If you are upgrading from MediaWiki 1.4.x or earlier, some major database
changes are made, and there is a slightly higher chance that things could
break. Don't forget to always back up your database before upgrading!