dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SECURITY: XSS in search if $wgAdvancedSearchHighlighting = true;
[lhc/web/wiklou.git] / RELEASE-NOTES-1.29
diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29
index 3d3f9ca..a2dbcd5 100644 (file)
--- a/RELEASE-NOTES-1.29
+++ b/RELEASE-NOTES-1.29
@@ -86,6 +86,10 @@ production.
 * (T157035) "new mw.Uri()" was ignoring options when using default URI.
 * Special:Allpages can no longer be filtered by redirect in miser mode.
 * (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is installed.
+* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow redirect
+  to interwiki links.
+* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
+  $wgAdvancedSearchHighlighting is true.
 
 === Action API changes in 1.29 ===
 * Submitting sensitive authentication request parameters to action=login,
Wiklou, le Wiki du Wiklou