X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=HISTORY;h=72ff437a88cc91c73e58783c0eb466829deaff18;hb=7fbd971f2d8e803d689c7635d1564a5532d46618;hp=0ea36df70383426155032e0fdf2861e4507f5ffa;hpb=9baa254079bd1e7b921482483817d165dbdd63cd;p=lhc%2Fweb%2Fwiklou.git diff --git a/HISTORY b/HISTORY index 0ea36df703..72ff437a88 100644 --- a/HISTORY +++ b/HISTORY @@ -9294,6 +9294,141 @@ Other significant changes to MediaWiki's language support: == MediaWiki 1.16 == +== MediaWiki 1.16.5 == +=== Changes since 1.16.4 === + +* (bug 28534) Fixed XSS vulnerability for IE 6 clients. This is the third + attempt at fixing bug 28235. +* (bug 28639) Fixed potential privilege escalation when $wgBlockDisablesLogin + is enabled. + +== MediaWiki 1.16.4 == +=== Changes since 1.16.3 === + +* (bug 28507) The change we made in 1.16.3 to fix bug 28235 (XSS for IE 6 + clients) was not actually sufficient to fix that bug. This release contains + a second attempt, hopefully we have fixed it this time. + +== MediaWiki 1.16.3 == +=== Changes since 1.16.2 === + +* (bug 28449) Fixed permissions checks in Special:Import which allowed users + without the 'import' permission to import pages from the configured import + sources. +* (bug 28235) Fixed XSS affecting IE 6 and earlier clients only, due to those + browsers looking for a file extension in the query string of the URL, and + ignoring the Content-Type header if one is found. +* (bug 28450) Fixed a CSS validation issue involving escaped comments, which + led to XSS for Internet Explorer clients and privacy loss for other clients. + +== MediaWiki 1.16.2 == +=== Changes since 1.16.1 === + +* (bug 26642) Fixed incorrect translated namespace due to a regression in the + language converter. +* The interface translations were updated. +* (bug 27093, CVE-2011-0047): Fixed CSS injection vulnerability. +* (bug 27094) Fixed server-side arbitrary script inclusion vulnerability. + Affects Windows servers only. A malicious file with extension ".php" must + exist on the server for the exploit to be effective. + +== MediaWiki 1.16.1 == +=== Changes since 1.16.0 === + +* (bug 24981) Allow extensions to access SpecialUpload variables again +* (bug 24724) list=allusers was out by 1 (shows total users - 1) +* (bug 24166) Fixed API error when using rvprop=tags +* For wikis using French as a content language, Special:Téléchargement works + again as an alias for Special:Upload. +* (bug 25167) Correctly load JS fixes for IE6 (fixing a regression in 1.16.0) +* (bug 25248) Fixed paraminfo errors in certain API modules. +* The installer now has improved handling for situations where safe_mode is + active or exec() and similar functions are disabled. +* (bug 19593) Specifying --server in now works for all maintenance scripts. +* Fixed $wgLicenseTerms register globals. +* (bug 26561) Fixed clickjacking vulnerabilities by introducing support for + X-Frame-Options. The header value can be configured using $wgBreakFrames and + $wgEditPageFrameOptions. + +== MediaWiki 1.16.0 == +=== Changes since 1.16 beta 3 === + +* (bug 23769) Disabled HTML 5 client-side form validation. Was introduced in + 1.16 beta 1, but is currently poorly supported by browsers. +* (bug 23175) Re-added window.ta variable for backwards compatibility. +* (bug 23264) Fixed breakage of various command line scripts due to extra line + endings being inserted by Maintenance::output(). +* Fixed HTTP client functionality with safe_mode=On. +* Fixed parser tests broken in 1.16 beta 3. +* For Oracle DB backend: fixed parser tests and table prefix feature. +* (bug 23767) Fixed PHP warning when REQUEST_URI is blank (IIS issue). +* Fixed plural function for Northern Sami (se) +* (bug 23597) Fixed conflicts between ID attributes in the Vector skin and + parser-generated heading IDs. Renamed head, panel, head-base and page-base. +* Disabled $wgHitcounterUpdateFreq>1 feature on SQLite, does not work yet. +* (bug 23465) Don't ignore the predefined destination filename on + Special:Upload after following a red link to a file. +* In SQLite full-text search feature: fixed "move page" feature, was non- + functional. +* (bug 24565) Fixed Cache-Control headers sent from API modules, to protect + user privacy in the case where an attacker can access the wiki through the + same HTTP proxy as a logged-in user. +* Fixed an XSS vulnerability in profileinfo.php for installations with + $wgEnableProfileInfo = true (false by default) +* Fixed a case where an X-Vary-Options header was sent despite $wgUseXVO being + false. Fixed a minor header parsing issue when $wgUseXVO = true. +* Fixed a register_globals arbitrary inclusion vulnerability in + MediaWikiParserTest.php, introduced in 1.16 beta 1. + +=== Changes since 1.16 beta 2 === + +* Fixed bugs in the [[Special:Userlogin]] and [[Special:Emailuser]] handling of + invalid usernames. +* Fixed sorting in [[Special:Allmessages]] +* (bug 23113) Fixed title in the show/hide links on diff pages +* (bug 23117) Fixed API rollback, was returning "badtoken" for valid requests +* (bug 23127) Re-added missing $1 parameter to the uploadtext message +* Fixed a bug in the Vector skin where personal tools display behind the logo +* (bug 23139) Fixed a bug in edit conflict resolution, where both textboxes + showed the same text. +* (bug 23115, bug 23124) Fixed various problems with
tags +* (bug 17832) Fixed action=delete returning 'unknownerror' instead of + 'permissiondenied' when the user is blocked +* Fixed performance regression when accessing deleted (archived) files +* (bug 19693) Fixed cross-site scripting vulnerability in Special:Block + +== MediaWiki 1.14.0 == +=== Changes since 1.14.0rc1 === + +* Fixed the performance of the backlinks API module +* (bug 17420) Send the correct content type from action=raw when the HTML file + cache is enabled. +* (bug 17437) Fixed incorrect link to web-based installer +* (bug 17527) Fixed missing MySQL-specific options in installer + === Configuration changes in 1.14 === * $wgExemptFromUserRobotsControl is an array of namespaces to be exempt from