Difference between revisions of "Mediawiki Release Notes"
Jump to navigation
Jump to search
| Line 5: | Line 5: | ||
https://www.mediawiki.org/wiki/Release_notes | https://www.mediawiki.org/wiki/Release_notes | ||
* [https://www.mediawiki.org/wiki/Release_notes/1.31 MediaWiki 1.31 LTS] 2018-04-17 | * [https://www.mediawiki.org/wiki/Release_notes/1.31 MediaWiki 1.31 LTS] 2018-04-17 | ||
| + | *** SECURITY: Do not allow user scripts on Special:PasswordReset. | ||
** [https://phabricator.wikimedia.org/source/mediawiki/browse/REL1_31/RELEASE-NOTES-1.31 1.31.6] | ** [https://phabricator.wikimedia.org/source/mediawiki/browse/REL1_31/RELEASE-NOTES-1.31 1.31.6] | ||
** [https://phabricator.wikimedia.org/source/mediawiki/browse/REL1_31/RELEASE-NOTES-1.31 1.31.5] maintenance release | ** [https://phabricator.wikimedia.org/source/mediawiki/browse/REL1_31/RELEASE-NOTES-1.31 1.31.5] maintenance release | ||
** [https://phabricator.wikimedia.org/source/mediawiki/browse/REL1_31/RELEASE-NOTES-1.31 1.31.4] security and maintenance | ** [https://phabricator.wikimedia.org/source/mediawiki/browse/REL1_31/RELEASE-NOTES-1.31 1.31.4] security and maintenance | ||
| − | ** SECURITY: Add permission check for suppressed account to Special:Redirect. | + | *** SECURITY: Add permission check for suppressed account to Special:Redirect. |
** [https://phabricator.wikimedia.org/source/mediawiki/browse/REL1_31/RELEASE-NOTES-1.31 1.31.3] maintenance | ** [https://phabricator.wikimedia.org/source/mediawiki/browse/REL1_31/RELEASE-NOTES-1.31 1.31.3] maintenance | ||
** [https://phabricator.wikimedia.org/source/mediawiki/browse/REL1_31/RELEASE-NOTES-1.31 1.31.2] security and maintenance | ** [https://phabricator.wikimedia.org/source/mediawiki/browse/REL1_31/RELEASE-NOTES-1.31 1.31.2] security and maintenance | ||
| + | *** SECURITY: User JS may no longer be loaded with mime type text/javascript if there is no account associated with the username | ||
| + | *** SECURITY: Fix an issue that prevents Extension:OAuth working when $wgBlockDisablesLogin is true. | ||
| + | *** SECURITY: action=logout now requires to be posted and have a csrf token. | ||
| + | *** (T197279) SECURITY: Fix reauth in Special:ChangeEmail. | ||
| + | *** (T208881) SECURITY: blacklist CSS var(). | ||
| + | *** (T209794) SECURITY: rate-limit and prevent blocked users from changing email. | ||
| + | *** (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block. | ||
| + | *** (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query. | ||
| + | *** (T222036, T222038) SECURITY: Add permission check for user is permitted to | ||
| + | view the log type. | ||
| + | * (T221739) SECURITY: resources: Patch jQuery 3.2.1 for CVE-2019-11358. | ||
** [https://phabricator.wikimedia.org/source/mediawiki/browse/REL1_31/RELEASE-NOTES-1.31 1.31.1] security and maintenance | ** [https://phabricator.wikimedia.org/source/mediawiki/browse/REL1_31/RELEASE-NOTES-1.31 1.31.1] security and maintenance | ||
| + | *** (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides | ||
| + | 'newbie'. | ||
| + | *** (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's | ||
| + | account lock. | ||
| + | *** (T199029, CVE-2018-13258) SECURITY: Tarball was missing .htaccess files. | ||
* MediaWiki 1.27 LTS 2016-05-31 | * MediaWiki 1.27 LTS 2016-05-31 | ||
* MediaWiki 1.23 LTS 2014-04-14 | * MediaWiki 1.23 LTS 2014-04-14 | ||
Revision as of 08:17, 18 December 2019
https://www.mediawiki.org/wiki/Release_notes
Mediawiki LTS
https://www.mediawiki.org/wiki/Release_notes
- MediaWiki 1.31 LTS 2018-04-17
- SECURITY: Do not allow user scripts on Special:PasswordReset.
- 1.31.6
- 1.31.5 maintenance release
- 1.31.4 security and maintenance
- SECURITY: Add permission check for suppressed account to Special:Redirect.
- 1.31.3 maintenance
- 1.31.2 security and maintenance
- SECURITY: User JS may no longer be loaded with mime type text/javascript if there is no account associated with the username
- SECURITY: Fix an issue that prevents Extension:OAuth working when $wgBlockDisablesLogin is true.
- SECURITY: action=logout now requires to be posted and have a csrf token.
- (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
- (T208881) SECURITY: blacklist CSS var().
- (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
- (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
- (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
- (T222036, T222038) SECURITY: Add permission check for user is permitted to
view the log type.
- (T221739) SECURITY: resources: Patch jQuery 3.2.1 for CVE-2019-11358.
- 1.31.1 security and maintenance
- (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
- 1.31.1 security and maintenance
'newbie'.
- (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's
account lock.
- (T199029, CVE-2018-13258) SECURITY: Tarball was missing .htaccess files.
- MediaWiki 1.27 LTS 2016-05-31
- MediaWiki 1.23 LTS 2014-04-14
- MediaWiki 1.19 LTS 2012-02-09
Advertising:
