summaryrefslogtreecommitdiff
path: root/RELEASE-NOTES
diff options
context:
space:
mode:
authorPierre Schmitz <pierre@archlinux.de>2010-05-28 10:07:33 +0200
committerPierre Schmitz <pierre@archlinux.de>2010-05-28 10:07:33 +0200
commitfda2159499c0461c3f8734792b9f2756db502eae (patch)
treea87dcd624c079c5417c30ef003bfdb2a29ee5079 /RELEASE-NOTES
parent7fc713210ca3b62b73f65797d6636dfaf489b0e1 (diff)
update to 1.15.4
Diffstat (limited to 'RELEASE-NOTES')
-rw-r--r--RELEASE-NOTES12
1 files changed, 10 insertions, 2 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 553c1fdb..8a7cfc8b 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -3,9 +3,9 @@
Security reminder: MediaWiki does not require PHP's register_globals
setting since version 1.2.0. If you have it on, turn it *off* if you can.
-== MediaWiki 1.15.3 ==
+== MediaWiki 1.15.4 ==
-April 7, 2010
+2010-05-28
This is a security and maintenance release.
@@ -20,6 +20,14 @@ will be made on the development trunk and appear in the next quarterly release.
Those wishing to use the latest code instead of a branch release can obtain
it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
+== Changes since 1.15.3 ==
+
+* (bug 23534) Fixed SQL query error in API list=allusers.
+* (bug 23371) Fixed CSRF vulnerability in "e-mail me my password", "create
+ account" and "create by e-mail" features of [[Special:Userlogin]]
+* (bug 23687) Fixed XSS vulnerability affecting IE clients only, due to a CSS
+ validation issue.
+
=== Changes since 1.15.2 ===
* (bug 22828) Fixed deletion on SQLite.