summaryrefslogtreecommitdiff
path: root/RELEASE-NOTES
diff options
context:
space:
mode:
Diffstat (limited to 'RELEASE-NOTES')
-rw-r--r--RELEASE-NOTES32
1 files changed, 32 insertions, 0 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 993f4568..82eb053b 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -3,6 +3,34 @@
Security reminder: MediaWiki does not require PHP's register_globals
setting since version 1.2.0. If you have it on, turn it *off* if you can.
+== MediaWiki 1.8.3 ==
+
+January 9, 2007
+
+MediaWiki 1.8.3 fixes several issues in the Fall 2006 snapshot release:
+* (bug 7831) Regression in AutoAuthenticate hook
+* Run PHP install version checks on update.php so command-line updaters see
+ new version requirements
+* Do a check for the PHP 5.0.x 64-bit bug, since this is much more disruptive
+ as of MW 1.8 than it used to be. Install or upgrade now aborts with a
+ warning and a request to upgrade.
+* XSS fix in AJAX module
+
+An XSS injection vulnerability was located in the AJAX support module,
+affecting MediaWiki 1.6.x and up when the optional setting $wgUseAjax
+is enabled.
+
+There is no danger in the default configuration, with $wgUseAjax off.
+
+If you are using an extension based on the optional AJAX module,
+either disable it or upgrade to a version containing the fix:
+
+* 1.9: fixed in 1.9.0rc2
+* 1.8: fixed in 1.8.3
+* 1.7: fixed in 1.7.2
+* 1.6: fixed in 1.6.9
+
+
== MediaWiki 1.8.2 ==
October 13, 2006
@@ -366,6 +394,10 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
MediaWiki 1.8 requires PHP 5 (5.1 recommended). PHP 4 is no longer supported.
+PHP 5.0.x fails on 64-bit systems due to serious bugs with array processing:
+http://bugs.php.net/bug.php?id=34879
+Upgrade affected systems to PHP 5.1 or higher.
+
MySQL 3.23.x is no longer supported; some older hosts may need to upgrade.
At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases.