That was a mistake this release. We'll continue those going forward.
On Feb 27, 2014 7:56 PM, Matthew Walker mwal...@wikimedia.org wrote:
I note that there are security fixes in these release's -- did I miss
Chris' email about these patches or are we moving away from the model where
we send
Hello everyone,
I would like to announce the release of MediaWiki 1.22.3, 1.21.6 and 1.19.12.
These releases fix a number of security related bugs that could affect users
of MediaWiki. In addition, MediaWiki 1.22.3 is a maintenance release. It fixes
several bugs. You can consult the
* (bug 61346) SECURITY: Make token comparison use constant time. It seems
like
our token comparison would be vulnerable to timing attacks. This will
take
constant time.
Not to be a grammar nazi, but that should presumably be something
along the lines of Using constant time comparison
I note that there are security fixes in these release's -- did I miss
Chris' email about these patches or are we moving away from the model where
we send out an email to the list a couple of days before release?
~Matt Walker
Wikimedia Foundation
Fundraising Technology Team
On Thu, Feb 27, 2014