| Index: branches/REL1_16/phase3/RELEASE-NOTES |
| — | — | @@ -81,6 +81,11 @@ |
| 82 | 82 | account" and "create by e-mail" features of [[Special:Userlogin]] |
| 83 | 83 | * (bug 23687) Fixed XSS vulnerability affecting IE clients only, due to a CSS |
| 84 | 84 | validation issue. |
| | 85 | +* Fixed a DoS vulnerability in ImageMagick image scaling. ImageMagick |
| | 86 | + expanded wildcard characters "?" and "*" in image filenames, potentially |
| | 87 | + causing large numbers of images to be scaled in response to a single request. |
| | 88 | + The fix for this involves breaking the scaling of such image filenames until |
| | 89 | + ImageMagick 6.6.1-5 or later is deployed, see bug 23361 for more details. |
| 85 | 90 | |
| 86 | 91 | === Changes since 1.16 beta 1 === |
| 87 | 92 | |