r63437 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r63436‎ \| r63437 \| r63438 >
Date:	22:52, 8 March 2010
Author:	demon
Status:	ok
Tags:
Comment:	Merge r63436 RELEASE-NOTES to trunk HISTORY
Modified paths:	/trunk/phase3/HISTORY (modified) (history)

Diff [purge]

Index: trunk/phase3/HISTORY
—	—	@@ -1155,6 +1155,9 @@
1156	1156	* (bug 16343) Non-existing, but in use, category pages can be "go" match hits
1157	1157	* Fixed a CSS validation issue which allowed external images to be included
1158	1158	into wikis where that is disallowed by configuration.
	1159	+* Fixed a data leakage vulnerability for private wikis using img_auth.php or
	1160	+ similar image access authentication schemes. Check user permissions before
	1161	+ streaming out scaled images from thumb.php.
1159	1162
1160	1163	== API changes in 1.15 ==
1161	1164	* (bug 16858) Revamped list=deletedrevs to make listing deleted contributions

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r63436	* MFT r63431: Fix data leakage from thumb.php for wikis where access to image...	tstarling	22:49, 8 March 2010

Status & tagging log

06:09, 9 March 2010 MaxSem (talk | contribs) changed the status of r63437 [removed: new added: ok]