WMF vulnerability

author Tim Starling <tstarling@users.mediawiki.org>

Thu, 5 Jan 2006 23:32:17 +0000 (23:32 +0000)

committer Tim Starling <tstarling@users.mediawiki.org>

Thu, 5 Jan 2006 23:32:17 +0000 (23:32 +0000)
author Tim Starling <tstarling@users.mediawiki.org>
Thu, 5 Jan 2006 23:32:17 +0000 (23:32 +0000)
committer Tim Starling <tstarling@users.mediawiki.org>
Thu, 5 Jan 2006 23:32:17 +0000 (23:32 +0000)
diff --git a/RELEASE-NOTES b/RELEASE-NOTES

index 46c0f89..f6b1dfa 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -406,6 +406,11 @@ fully support the editing toolbar, but was found to be too confusing.
  * (bug 4453) fix for __TOC__ dollar-number breakage
  * Maintenance script to delete unused user accounts
  * (bug 4334) Add "watch" links to Special:Unwatchedpages
+* Added detection for WMF files (application/x-msmetafile), added this 
+  MIME type to the default blacklist. Prevented inline display of images
+  which are not of known image types. This is in response to
+  http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
+
  
  === Caveats ===
author	Tim Starling <tstarling@users.mediawiki.org>
	Thu, 5 Jan 2006 23:32:17 +0000 (23:32 +0000)
committer	Tim Starling <tstarling@users.mediawiki.org>
	Thu, 5 Jan 2006 23:32:17 +0000 (23:32 +0000)