Chad has uploaded a new change for review. https://gerrit.wikimedia.org/r/259944
Change subject: 1.26.1: Bump version and add release notes ...................................................................... 1.26.1: Bump version and add release notes Change-Id: I11a677017d5791d389ffe88faf4224570036a86b --- M RELEASE-NOTES-1.26 M includes/DefaultSettings.php 2 files changed, 18 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/44/259944/1 diff --git a/RELEASE-NOTES-1.26 b/RELEASE-NOTES-1.26 index 91791c0..379c41b 100644 --- a/RELEASE-NOTES-1.26 +++ b/RELEASE-NOTES-1.26 @@ -3,9 +3,24 @@ == MediaWiki 1.26.1 == -THIS IS NOT YET A RELEASE! +This is a maintenance release of the MediaWiki 1.26 branch. -=== Changes since 1.26 === +=== Changes since 1.26.0 === +* (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths + that do not begin with a slash. This enabled trivial XSS attacks. + Configuration values such as "http://my.wiki.com/wiki/$1"; are fine, as are + "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an + error. +* (T119309) SECURITY: Use hash_compare() for edit token comparison +* (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting + with '@' as file uploads +* (T115522) SECURITY: Passwords generated by User::randomPassword() can no + longer be shorter than $wgMinimalPasswordLength +* (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could + result in improper blocks being issued +* (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions + and related pages no longer use HTTP redirects and are now redirected by + MediaWiki * Fixed ConfigException in ExpandTemplates due to AlwaysUseTidy. * Fixed stray literal \n in Special:Search. * Fix issue that breaks HHVM Repo Authorative mode. diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 4b0870a..919d05b 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -75,7 +75,7 @@ * MediaWiki version number * @since 1.2 */ -$wgVersion = '1.26.0'; +$wgVersion = '1.26.1'; /** * Name of the site. It must be changed in LocalSettings.php -- To view, visit https://gerrit.wikimedia.org/r/259944 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I11a677017d5791d389ffe88faf4224570036a86b Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_26 Gerrit-Owner: Chad <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
