dépôts
/
lhc
/
web
/
wiklou.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
96e547b
)
Merge r63436 RELEASE-NOTES to trunk HISTORY
author
Chad Horohoe
<demon@users.mediawiki.org>
Mon, 8 Mar 2010 22:52:23 +0000
(22:52 +0000)
committer
Chad Horohoe
<demon@users.mediawiki.org>
Mon, 8 Mar 2010 22:52:23 +0000
(22:52 +0000)
HISTORY
patch
|
blob
|
history
diff --git
a/HISTORY
b/HISTORY
index
1eca29a
..
132af88
100644
(file)
--- a/
HISTORY
+++ b/
HISTORY
@@
-1155,6
+1155,9
@@
changes to languages because of MediaZilla reports.
* (bug 16343) Non-existing, but in use, category pages can be "go" match hits
* Fixed a CSS validation issue which allowed external images to be included
into wikis where that is disallowed by configuration.
* (bug 16343) Non-existing, but in use, category pages can be "go" match hits
* Fixed a CSS validation issue which allowed external images to be included
into wikis where that is disallowed by configuration.
+* Fixed a data leakage vulnerability for private wikis using img_auth.php or
+ similar image access authentication schemes. Check user permissions before
+ streaming out scaled images from thumb.php.
== API changes in 1.15 ==
* (bug 16858) Revamped list=deletedrevs to make listing deleted contributions
== API changes in 1.15 ==
* (bug 16858) Revamped list=deletedrevs to make listing deleted contributions