Index: branches/REL1_16/phase3/RELEASE-NOTES |
— | — | @@ -81,6 +81,11 @@ |
82 | 82 | account" and "create by e-mail" features of [[Special:Userlogin]] |
83 | 83 | * (bug 23687) Fixed XSS vulnerability affecting IE clients only, due to a CSS |
84 | 84 | validation issue. |
| 85 | +* Fixed a DoS vulnerability in ImageMagick image scaling. ImageMagick |
| 86 | + expanded wildcard characters "?" and "*" in image filenames, potentially |
| 87 | + causing large numbers of images to be scaled in response to a single request. |
| 88 | + The fix for this involves breaking the scaling of such image filenames until |
| 89 | + ImageMagick 6.6.1-5 or later is deployed, see bug 23361 for more details. |
85 | 90 | |
86 | 91 | === Changes since 1.16 beta 1 === |
87 | 92 | |