From 9498a3d2852ace0f4ee23598f542dbce3fd2ec28 Mon Sep 17 00:00:00 2001 From: Pierre Schmitz Date: Sun, 2 Sep 2012 15:19:34 +0200 Subject: Update to MediaWiki 1.19.2 --- RELEASE-NOTES-1.19 | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) (limited to 'RELEASE-NOTES-1.19') diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19 index aae12234..b734fa8b 100644 --- a/RELEASE-NOTES-1.19 +++ b/RELEASE-NOTES-1.19 @@ -3,6 +3,19 @@ Security reminder: MediaWiki does not require PHP's register_globals setting since version 1.2.0. If you have it on, turn it '''off''' if you can. +== MediaWiki 1.19.2 == +2012-08-30 + +This is a security release of the MediaWiki 1.19 branch + +=== Changes since 1.19.1 === +* (bug 39700) File: link to non-existing file can inject html +* (bug 35839) Hidden block text leaking to admins +* (bug 39184) LDAP password leakage +* (bug 39180) Disallow framing of api results +* (bug 37587) Enforce language codes to be html safe +* (bug 38333) Check global blocks on account creation + == MediaWiki 1.19 == MediaWiki 1.19 is a large release that contains many new features and bug @@ -13,6 +26,9 @@ this version. Our thanks go to everyone who helped to improve MediaWiki by testing the beta release and submitting bug reports. +=== Changes since 1.19.1 === +* (bug 38406) Properly quote table names in DatabaseBase::tableName() + === Changes since 1.19.0 === * (bug 36568) Fixed "Illegal string offset 'LIMIT'" warnings in updater * (bug 36938) Correctly escape uselang attribute to prevent xss @@ -35,14 +51,14 @@ release and submitting bug reports. "movepage-moved" * (bug 34841) Edit links are no longer displayed when display old page versions * (bug 34889) User name should be normalized on Special:Contributions -* (bug 35051) If heading has a trailing space after == then its name is not +* (bug 35051) If heading has a trailing space after == then its name is not preloaded into edit summary on section edit * (bug 31417) New ID mw-content-text around the actual page text, without categories, contentSub, ... The same div often also contains the class mw-content-ltr/rtl. * (bug 35303) Proxy and DNS blacklist blocking works again -* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in +* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in core parser functions which operate on strings, such as padleft. -* (bug 18295) Don't expose strip markers when a tag appears inside a link +* (bug 18295) Don't expose strip markers when a tag appears inside a link inside a heading. * (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token parameter present. @@ -143,7 +159,7 @@ release and submitting bug reports. * Extensions can use the 'Language::getMessagesFileName' hook to define new languages using messages files outside of core. * (bug 32512) Add 'Associated namespace' checkbox to Special:Contributions. -* Added $wgSend404Code, true by default, which can be set to false to send a +* Added $wgSend404Code, true by default, which can be set to false to send a 200 status code instead of 404 for nonexistent articles. * (bug 33447) Link to the broken image tracking category from Special:Wantedfiles. * (bug 27724) Add timestamp to job queue. @@ -256,7 +272,7 @@ release and submitting bug reports. cssText after DOM insertion. * (bug 30711) When adding a new section to a page with section=new, the text is now always added to the current version of the page. -* (bug 31719) Fix uploads of SVGs exported by Adobe Illustrator by expanding +* (bug 31719) Fix uploads of SVGs exported by Adobe Illustrator by expanding XML entities correctly. * (bug 30914) Embeddable ResourceLoader modules (user.options, user.tokens) should be loaded in for proper dependency resolution. @@ -302,7 +318,7 @@ release and submitting bug reports. on Windows * (bug 25095) Special:Categories should also include the first relevant item when "from" is filled. -* (bug 34972) An error occurred while changing your watchlist settings for +* (bug 34972) An error occurred while changing your watchlist settings for [[Special:WhatLinksHere/Example]] === API changes in 1.19 === -- cgit v1.2.2