Difference between revisions of "Mediawiki Release Notes"

From wikieduonline
Jump to navigation Jump to search
Line 20: Line 20:
 
*** (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
 
*** (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
 
*** (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
 
*** (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
*** (T222036, T222038) SECURITY: Add permission check for user is permitted to
+
*** (T222036, T222038) SECURITY: Add permission check for user is permitted to view the log type.
  view the log type.
 
 
* (T221739) SECURITY: resources: Patch jQuery 3.2.1 for CVE-2019-11358.
 
* (T221739) SECURITY: resources: Patch jQuery 3.2.1 for CVE-2019-11358.
 
** [https://phabricator.wikimedia.org/source/mediawiki/browse/REL1_31/RELEASE-NOTES-1.31 1.31.1] security and maintenance
 
** [https://phabricator.wikimedia.org/source/mediawiki/browse/REL1_31/RELEASE-NOTES-1.31 1.31.1] security and maintenance
***  (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
+
***  (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' override 'newbie'.
  'newbie'.
+
*** (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's account lock.
*** (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's
 
  account lock.
 
 
*** (T199029, CVE-2018-13258) SECURITY: Tarball was missing .htaccess files.
 
*** (T199029, CVE-2018-13258) SECURITY: Tarball was missing .htaccess files.
 
* MediaWiki 1.27 LTS 2016-05-31
 
* MediaWiki 1.27 LTS 2016-05-31

Revision as of 08:17, 18 December 2019

https://www.mediawiki.org/wiki/Release_notes


Mediawiki LTS

https://www.mediawiki.org/wiki/Release_notes

  • MediaWiki 1.31 LTS 2018-04-17
      • SECURITY: Do not allow user scripts on Special:PasswordReset.
    • 1.31.6
    • 1.31.5 maintenance release
    • 1.31.4 security and maintenance
      • SECURITY: Add permission check for suppressed account to Special:Redirect.
    • 1.31.3 maintenance
    • 1.31.2 security and maintenance
      • SECURITY: User JS may no longer be loaded with mime type text/javascript if there is no account associated with the username
      • SECURITY: Fix an issue that prevents Extension:OAuth working when $wgBlockDisablesLogin is true.
      • SECURITY: action=logout now requires to be posted and have a csrf token.
      • (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
      • (T208881) SECURITY: blacklist CSS var().
      • (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
      • (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
      • (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
      • (T222036, T222038) SECURITY: Add permission check for user is permitted to view the log type.
  • (T221739) SECURITY: resources: Patch jQuery 3.2.1 for CVE-2019-11358.
    • 1.31.1 security and maintenance
      • (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' override 'newbie'.
      • (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's account lock.
      • (T199029, CVE-2018-13258) SECURITY: Tarball was missing .htaccess files.
  • MediaWiki 1.27 LTS 2016-05-31
  • MediaWiki 1.23 LTS 2014-04-14
  • MediaWiki 1.19 LTS 2012-02-09

Advertising: