Difference between revisions of "Mediawiki Release Notes"
Jump to navigation
Jump to search
↑ https://www.mediawiki.org/wiki/MediaWiki_1.23
Line 19: | Line 19: | ||
*** SECURITY: User JS may no longer be loaded with mime type text/javascript if there is no account associated with the username | *** SECURITY: User JS may no longer be loaded with mime type text/javascript if there is no account associated with the username | ||
*** SECURITY: Fix an issue that prevents Extension:OAuth working when $wgBlockDisablesLogin is true. | *** SECURITY: Fix an issue that prevents Extension:OAuth working when $wgBlockDisablesLogin is true. | ||
− | *** SECURITY: action=logout now requires to be posted and have a | + | *** SECURITY: action=logout now requires to be posted and have a [[CSRF]] token. |
*** (T197279) SECURITY: Fix reauth in Special:ChangeEmail. | *** (T197279) SECURITY: Fix reauth in Special:ChangeEmail. | ||
*** (T208881) SECURITY: blacklist CSS var(). | *** (T208881) SECURITY: blacklist CSS var(). |
Revision as of 14:28, 29 December 2019
Mediawiki: https://www.mediawiki.org/wiki/Release_notes
Mediawiki LTS
https://www.mediawiki.org/wiki/Release_notes
- MediaWiki 1.31 LTS 2018-04-17
- SECURITY: Do not allow user scripts on Special:PasswordReset.
- 1.31.5 maintenance release
- 1.31.4 security and maintenance (Sep 30 2019)
- SECURITY: Add permission check for suppressed account to
Special:Redirect
.
- SECURITY: Add permission check for suppressed account to
- 1.31.4 security and maintenance (Sep 30 2019)
- 1.31.3 maintenance
- 1.31.2 security and maintenance (Jun 6 2019)
- SECURITY: User JS may no longer be loaded with mime type text/javascript if there is no account associated with the username
- SECURITY: Fix an issue that prevents Extension:OAuth working when $wgBlockDisablesLogin is true.
- SECURITY: action=logout now requires to be posted and have a CSRF token.
- (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
- (T208881) SECURITY: blacklist CSS var().
- (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
- (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
- (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
- (T222036, T222038) SECURITY: Add permission check for user is permitted to view the log type.
- (T221739) SECURITY: resources: Patch jQuery 3.2.1 for CVE-2019-11358.
- 1.31.2 security and maintenance (Jun 6 2019)
- MediaWiki 1.27 LTS 2016-05-31
- MediaWiki 1.23 LTS 2014-04-14[1]. Supported until May 2017.
- MediaWiki 1.19 LTS 2012-02-09
- MediaWiki 1.18
- MediaWiki 1.17
- MediaWiki 1.16 (2010-02-22)
See also
Advertising: