update to 1.15.4

author: Pierre Schmitz <pierre@archlinux.de> 2010-05-28 10:07:33 +0200
committer: Pierre Schmitz <pierre@archlinux.de> 2010-05-28 10:07:33 +0200
commit: fda2159499c0461c3f8734792b9f2756db502eae (patch)
tree: a87dcd624c079c5417c30ef003bfdb2a29ee5079 /RELEASE-NOTES
parent: 7fc713210ca3b62b73f65797d6636dfaf489b0e1 (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 553c1fdb..8a7cfc8b 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -3,9 +3,9 @@
 Security reminder: MediaWiki does not require PHP's register_globals
 setting since version 1.2.0. If you have it on, turn it *off* if you can.
 
-== MediaWiki 1.15.3 ==
+== MediaWiki 1.15.4 ==
 
-April 7, 2010
+2010-05-28
 
 This is a security and maintenance release.
 
@@ -20,6 +20,14 @@ will be made on the development trunk and appear in the next quarterly release.
 Those wishing to use the latest code instead of a branch release can obtain
 it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 
+== Changes since 1.15.3 ==
+
+* (bug 23534) Fixed SQL query error in API list=allusers.
+* (bug 23371) Fixed CSRF vulnerability in "e-mail me my password", "create 
+  account" and "create by e-mail" features of [[Special:Userlogin]]
+* (bug 23687) Fixed XSS vulnerability affecting IE clients only, due to a CSS 
+  validation issue.
+
 === Changes since 1.15.2 ===
 
 * (bug 22828) Fixed deletion on SQLite.
author	Pierre Schmitz <pierre@archlinux.de>	2010-05-28 10:07:33 +0200
committer	Pierre Schmitz <pierre@archlinux.de>	2010-05-28 10:07:33 +0200
commit	fda2159499c0461c3f8734792b9f2756db502eae (patch)
tree	a87dcd624c079c5417c30ef003bfdb2a29ee5079 /RELEASE-NOTES
parent	7fc713210ca3b62b73f65797d6636dfaf489b0e1 (diff)