X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=RELEASE-NOTES;h=2e8664a680e10ac3d265a13135a21c3eea28cb6d;hb=fb629ac356cf6e0f8af8854be30191929817f15b;hp=923c14ba1709abbcaf791a4412b00a251faec6cc;hpb=13eb618dd9f5cee7963f0119057d7173c1488f1d;p=lhc%2Fweb%2Fwiklou.git

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 923c14ba17..2e8664a680 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -4,6 +4,24 @@ Security reminder: MediaWiki does not require PHP's register_globals
 setting since version 1.2.0. If you have it on, turn it *off* if you can.
 
 
+== MediaWiki 1.5 alpha 2 ==
+
+June 3, 2005
+
+MediaWiki 1.5 alpha 2 includes a lot of bug fixes, feature merges,
+and a security update.
+
+Incorrect handling of page template inclusions made it possible to
+inject JavaScript code into HTML attributes, which could lead to
+cross-site scripting attacks on a publicly editable wiki.
+
+Vulnerable releases and fix:
+* 1.5 prerelease: fixed in 1.5alpha2
+* 1.4 stable series: fixed in 1.4.5
+* 1.3 legacy series: fixed in 1.3.13
+* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended
+
+
 == MediaWiki 1.5 alpha 1 ==
 
 May 3, 2005
@@ -136,7 +154,6 @@ Various bugfixes, small features, and a few experimental things:
 * support for external editors for files and wiki pages:
   http://meta.wikimedia.org/wiki/Help:External_editors
 * Schema reworking: http://meta.wikimedia.org/wiki/Proposed_Database_Schema_Changes/October_2004
-* New WikiSyntax: -- turns into — or – depending on context
 * (bug 15) Allow editors to view diff of their change before actually submitting an edit
 * (bug 190) Hide your own edits on the watchlist
 * (bug 510): Special:Randompage now works for other namespaces than NS_MAIN.
@@ -240,7 +257,84 @@ Various bugfixes, small features, and a few experimental things:
 * Removed -f parameter from mail() usage, likely to cause failures and bounces.
 * (bug 2130) Fixed interwiki links with fragments
 * (bug 684) Accept an attribute parameter array on parser hook tags
-
+* (bug 814) Integrate AuthPlugin changes to support Ryan Lane's external
+  LDAP authentication plugin
+* (bug 2034) Armor HTML attributes against template inclusion and links munging
+
+=== Changes since 1.5alpha2 ===
+
+* (bug 2319) Fix parse hook tag matching
+* (bug 2329) Fix title formatting in several special pages
+* (bug 2223) Add unique index on user_name field to prevent duplicate accounts
+* (bug 1976) fix shared user database with a table prefix set
+* (bug 2334) Accept null for attribs in wfElement without PHP warning
+* (bug 2309) Allow templates and template parameters in HTML attribute zone,
+  with proper validation checks. (regression from fix for 2304)
+* Disallow close tags and enforce empty tags for <hr> and <br>
+* Changed user_groups format quite a bit.
+* (bug 2368) Avoid fatally breaking PHP 4.1.2 in a debug line
+* (bug 2367) Insert correct redirect link record on page move
+* (bug 2372) Fix rendering of empty-title inline interwiki links
+* (bug 2384) Fix typo in regex for IP address checking
+* (bug 650) Prominently link MySQL 4.1 help page in installer if a possible
+  version conflict is detected
+* (bug 2394) Undo incompatible breakage to {{msg:}} compatiblity includes
+* (bug 1322) Use a shorter cl_sortkey field to avoid breaking on MySQL 4.1
+  when the default charset is set to utf8
+* (bug 2400) don't send confirmation mail on account creation if 
+  $wgEmailAuthentication is false.
+* (bug 2172) Fix problem with nowiki beeing replaced by marker strings
+  when a template with a gallery was used.
+* Guard Special:Userrights against form submission forgery
+* (bug 2408) page_is_new was inverted (whoops!)
+* Added wfMsgHtml() function for escaping messages and leaving params intact
+* Fix ordering of Special:Listusers; fix groups list so it shows all groups
+  when searching for a specific group and can't be split across pages
+* (bug 1702) Display a handy upload link instead of a useless blank link
+  for [[media:]] links to nonexistent files.
+* (bug 873) Fix usage of createaccount permission; replaces $wgWhitelistAccount
+* (bug 1805) Initialise $wgContLang before $wgUser
+* (bug 2277) Added Friulian language file
+* (bug 2457) The "Special page" href now links to the current special page
+  rather than to "".
+* (bug 1120) Updated the Czech translation
+* A new magic word, {{SCRIPTPATH}}, returns $wgScriptPath
+* A new magic word, {{SERVERNAME}}, returns $wgServerName
+* Special:Imagelist displays titles with " " instead of "_"
+* Less gratuitous munging of content sample in delete summary
+* badaccess/badaccesstext to supercede sysop*, developer* messages
+* Changed $wgGroupPermissions to more cut-n-paste-friendly format
+* 'developer' group deprecated by default
+* Special:Upload now uses 'upload' permission instead of hardcoding login check
+* Add 'importupload' permission to disable direct uploads to Special:Import
+* (bug 2459) Correct escaping in Special:Log prev/next links
+* (bug 2462 etc) Taking out the experimental dash conversion; it broke too many
+  things for the current parser to handle cleanly
+* (bug 2467) Added a Turkish language file
+* Fixed a bug in Special:Contributions that caused the namespace selection to
+  be forgotten between submits
+* Special:Watchlist/edit now has namespace subheadings
+* (bug 1714) the "Save page" button now has right margin to seperate it from
+  "Show preview" and "Show changes"
+* Special:Statistics now supports action=raw, useful for bots designed to
+  harwest e.g. article counts from multiple wikis.
+* The copyright confirmation box at Special:Upload is now turned off by default
+  and can be turned back on by setting $wgCopyrightAffirmation to a true value.
+* Restored prior text for password reminder button and e-mail, replacing
+  the factually inaccurate text that was there.
+* (bug 2178) Fix temp dir check again
+* (bug 2488) Format 'deletedtext' message as wikitext
+* (bug 750) Keep line endings consistent in LocalSettings.php
+* (bug 1577) Add 'printable version' tab in MonoBook for people who don't
+  realize you can just hit print to get a nicely formatted printable page.
+* Trim whitespace from option values to weather line-ending corruption problems
+* Fixed a typo in the Romanian language file (NS_MESIA => NS_MEDIA)
+* (bug 2504) Updated the Finnish translation
+* (bug 2506) Updated the Nynorsk translation
+* (bug 996) Replace $wgWhitelistEdit with 'edit' permission; fixup UPGRADE
+  documentation about edit and read whitelists.
+* (bug 2515) Fix incremental link table update
+* Removed some wikipedia-specifica from LanguageXx.php's
 
 === Caveats ===