From c39aeb62f7e8dfb6ba6467beb2d9d6f97fd84959 Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Mon, 5 Feb 2007 10:49:51 +0000
Subject: Aktualisierung auf MediaWiki 1.9.2

---
 RELEASE-NOTES | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'RELEASE-NOTES')

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 6c1a8626..77ae6c5f 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -3,6 +3,25 @@
 Security reminder: MediaWiki does not require PHP's register_globals
 setting since version 1.2.0. If you have it on, turn it *off* if you can.
 
+== MediaWiki 1.9.2 ==
+
+February 4, 2007
+
+This is a bug-fix update that fixes some installation and other minor
+issues with the 1.9.1 release as well as a security issue which was
+introduced in the 1.9 branch.
+
+JavaScript code which regenerated the "sortable tables" feature did
+not properly sanitize input, leading to an HTML injection vulnerability.
+
+* (bug 8774) Fix path for GNU FDL rights icon on new installs
+* (bug 8819) Fix full path disclosure with skins dependencies
+* (bug 4268) Fixed data-loss bug in compressOld batch text compression
+  affecting pages which had null edits (move, protect, etc) as second
+  edit in a batch group. Isolated and patched by Travis Derouin.
+* Security fix for sortable tables JavaScript
+
+
 == MediaWiki 1.9.1 ==
 
 January 24, 2007
-- 
cgit v1.2.2