diff options
Diffstat (limited to 'RELEASE-NOTES')
| -rw-r--r-- | RELEASE-NOTES | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 993f4568..82eb053b 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -3,6 +3,34 @@ Security reminder: MediaWiki does not require PHP's register_globals setting since version 1.2.0. If you have it on, turn it *off* if you can. +== MediaWiki 1.8.3 == + +January 9, 2007 + +MediaWiki 1.8.3 fixes several issues in the Fall 2006 snapshot release: +* (bug 7831) Regression in AutoAuthenticate hook +* Run PHP install version checks on update.php so command-line updaters see + new version requirements +* Do a check for the PHP 5.0.x 64-bit bug, since this is much more disruptive + as of MW 1.8 than it used to be. Install or upgrade now aborts with a + warning and a request to upgrade. +* XSS fix in AJAX module + +An XSS injection vulnerability was located in the AJAX support module, +affecting MediaWiki 1.6.x and up when the optional setting $wgUseAjax +is enabled. + +There is no danger in the default configuration, with $wgUseAjax off. + +If you are using an extension based on the optional AJAX module, +either disable it or upgrade to a version containing the fix: + +* 1.9: fixed in 1.9.0rc2 +* 1.8: fixed in 1.8.3 +* 1.7: fixed in 1.7.2 +* 1.6: fixed in 1.6.9 + + == MediaWiki 1.8.2 == October 13, 2006 @@ -366,6 +394,10 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN MediaWiki 1.8 requires PHP 5 (5.1 recommended). PHP 4 is no longer supported. +PHP 5.0.x fails on 64-bit systems due to serious bugs with array processing: +http://bugs.php.net/bug.php?id=34879 +Upgrade affected systems to PHP 5.1 or higher. + MySQL 3.23.x is no longer supported; some older hosts may need to upgrade. At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases. |