From fda2159499c0461c3f8734792b9f2756db502eae Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Fri, 28 May 2010 10:07:33 +0200
Subject: update to 1.15.4

---
 RELEASE-NOTES | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'RELEASE-NOTES')

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 553c1fdb..8a7cfc8b 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -3,9 +3,9 @@
 Security reminder: MediaWiki does not require PHP's register_globals
 setting since version 1.2.0. If you have it on, turn it *off* if you can.
 
-== MediaWiki 1.15.3 ==
+== MediaWiki 1.15.4 ==
 
-April 7, 2010
+2010-05-28
 
 This is a security and maintenance release.
 
@@ -20,6 +20,14 @@ will be made on the development trunk and appear in the next quarterly release.
 Those wishing to use the latest code instead of a branch release can obtain
 it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 
+== Changes since 1.15.3 ==
+
+* (bug 23534) Fixed SQL query error in API list=allusers.
+* (bug 23371) Fixed CSRF vulnerability in "e-mail me my password", "create 
+  account" and "create by e-mail" features of [[Special:Userlogin]]
+* (bug 23687) Fixed XSS vulnerability affecting IE clients only, due to a CSS 
+  validation issue.
+
 === Changes since 1.15.2 ===
 
 * (bug 22828) Fixed deletion on SQLite.
-- 
cgit v1.2.2