From 027fc6e70f7f9ce8422d4798fb02e67ff271ae4c Mon Sep 17 00:00:00 2001 From: Pierre Schmitz Date: Thu, 31 Jul 2014 06:43:27 +0200 Subject: Update to MediaWiki 1.22.9 --- RELEASE-NOTES-1.22 | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'RELEASE-NOTES-1.22') diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22 index be1d96a7..44067ff8 100644 --- a/RELEASE-NOTES-1.22 +++ b/RELEASE-NOTES-1.22 @@ -3,6 +3,20 @@ Security reminder: MediaWiki does not require PHP's register_globals. If you have it on, turn it '''off''' if you can. +== MediaWiki 1.22.9 == + +This is a security and maintenance release of the MediaWiki 1.22 branch. + +=== Changes since 1.22.8 === + +* (bug 68187) SECURITY: Prepend jsonp callback with comment. +* (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used + for loading a new page in Javascript,instead of relying on the URL in the link + that has been clicked. +* (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and + ParserOutput. +* (bug 59147) The img_metadata field was not being decoded from bytea into text. + == MediaWiki 1.22.8 == This is a security and maintenance release of the MediaWiki 1.22 branch. -- cgit v1.2.3-54-g00ecf