From: Chad Horohoe <demon@users.mediawiki.org>
Date: Mon, 8 Mar 2010 22:52:23 +0000 (+0000)
Subject: Merge r63436 RELEASE-NOTES to trunk HISTORY
X-Git-Tag: 1.31.0-rc.0~37505
X-Git-Url: http://git.cyclocoop.org/ecrire?a=commitdiff_plain;h=394be2a788255ad8da2f588796878d9caa420da4;p=lhc%2Fweb%2Fwiklou.git

Merge r63436 RELEASE-NOTES to trunk HISTORY
---

diff --git a/HISTORY b/HISTORY
index 1eca29add0..132af88ac2 100644
--- a/HISTORY
+++ b/HISTORY
@@ -1155,6 +1155,9 @@ changes to languages because of MediaZilla reports.
 * (bug 16343) Non-existing, but in use, category pages can be "go" match hits
 * Fixed a CSS validation issue which allowed external images to be included
   into wikis where that is disallowed by configuration.
+* Fixed a data leakage vulnerability for private wikis using img_auth.php or
+  similar image access authentication schemes. Check user permissions before
+  streaming out scaled images from thumb.php.
 
 == API changes in 1.15 ==
 * (bug 16858) Revamped list=deletedrevs to make listing deleted contributions