summaryrefslogtreecommitdiff
path: root/RELEASE-NOTES-1.22
diff options
context:
space:
mode:
Diffstat (limited to 'RELEASE-NOTES-1.22')
-rw-r--r--RELEASE-NOTES-1.2236
1 files changed, 33 insertions, 3 deletions
diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22
index ed64aa4d..9862e5eb 100644
--- a/RELEASE-NOTES-1.22
+++ b/RELEASE-NOTES-1.22
@@ -3,15 +3,45 @@
Security reminder: MediaWiki does not require PHP's register_globals. If you
have it on, turn it '''off''' if you can.
+== MediaWiki 1.22.3 ==
+
+This is a security and bugfix release of the MediaWiki 1.22 branch.
+
+=== Changes since 1.22.2 ===
+* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
+ namespaces. Also disallow iframe elements. User will get an error
+ including the namespace name if they use a non- whitelisted namespace.
+* (bug 61346) SECURITY: Make token comparison use constant time. It seems like
+ our token comparison would be vulnerable to timing attacks. This will take
+ constant time.
+* (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
+* (bug 53710) Add sequence support for upsert in DatabaseOracle in the same way
+ as in selectInsert
+* (bug 60231, 58719) Various fixes to job running code in Wiki.php: Make it
+ async on Windows. Fixed possible "invalid filename" errors on Windows.
+ Redirect output to dev/null to avoid hanging PHP.
+* (bug 60083) Correct sequence name for fresh Postgres installation. Spotted
+ by gebhkla
+* (bug 60531) Avoid variable naming conflicts in
+ DatabasePostgres::selectSQLText. Spotted by gebhkla
+* (bug 60094) Fix rebuildall.php fatal error with PostgreSQL. The fix for
+ 47055 introduced a fatal error when running rebuildall.php. This is a
+ workaround suggested by gebhkla on Bugzilla. It just checks to make sure
+ $options is actually an array before calling array_search on it.
+* (bug 43817c12) Add error handling if descriptionmsg isn't defined for
+ extension.
+* (bug 60543) Special:PrefixIndex omits stripprefix=1 for "Next page" link.
+
== MediaWiki 1.22.2 ==
This is a security and bugfix release of the MediaWiki 1.22 branch.
=== Changes since 1.22.1 ===
-* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media formats
-* (bug 58253) Check for very old PCRE versions in installer and updater
-* (bug 60054) Make WikiPage::$mPreparedEdit public
+* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media
+ formats.
+* (bug 58253) Check for very old PCRE versions in installer and updater.
+* (bug 60054) Make WikiPage::$mPreparedEdit public.
== MediaWiki 1.22.1 ==
generated by cgit v1.2.2 (git 2.25.0) at 2024-04-20 05:06:45 +0000