c3fc1e2457
== MediaWiki 1.17.2 == 2012-01-11 This a maintenance and security release of the MediaWiki 1.17 branch. === Security changes === * (bug 33117) prop=revisions allows deleted text to be exposed through cache pollution. === Changes since 1.17.1 === * (bug 32709) Private Wiki users were always taken to Special:Badtitle on login. == MediaWiki 1.17.1 == 2011-11-24 This a maintenance and security release of the MediaWiki 1.17 branch. === Security changes === * (bug 32276) Skins were generating output using the internal page title which would allow anonymous users to determine wheter a page exists, potentially leaking private data. In fact, the curid and oldid request parameters would allow page titles to be enumerated even when they are not guessable. * (bug 32616) action=ajax requests were dispatched to the relevant internal functions without any read permission checks being done. This could lead to data leakage on private wikis. |
||
|---|---|---|
| .. | ||
| files | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| MESSAGE | ||
| options.mk | ||
| PLIST | ||