MediaWiki 1.16.3

[autoinstallsdev/mediawiki.git] / RELEASE-NOTES

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 71534ca4a200b24cef59625855ecf9072831f106..cf3f3a77efa59c985239f667e869f6e631aa6253 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,8 +1,8 @@
 = MediaWiki release notes =
 
 = MediaWiki release notes =
 

-== MediaWiki 1.16.2 ==
+== MediaWiki 1.16.3 ==

 
 

-2011-02-01
+2011-04-12

 
 This is a security and maintenance release of the MediaWiki 1.16 branch.
 
 
 This is a security and maintenance release of the MediaWiki 1.16 branch.
 


@@ -44,6 +44,17 @@ set $wgCacheDirectory to a writable path on the local filesystem. Make sure
 you have the DBA extension for PHP installed, this will improve performance 
 further.
 
 you have the DBA extension for PHP installed, this will improve performance 
 further.
 

+== Changes since 1.16.2 ==
+
+* (bug 28449) Fixed permissions checks in Special:Import which allowed users 
+  without the 'import' permission to import pages from the configured import 
+  sources.
+* (bug 28235) Fixed XSS affecting IE 6 and earlier clients only, due to those 
+  browsers looking for a file extension in the query string of the URL, and 
+  ignoring the Content-Type header if one is found.
+* (bug 28450) Fixed a CSS validation issue involving escaped comments, which
+  led to XSS for Internet Explorer clients and privacy loss for other clients.
+

 == Changes since 1.16.1 ==
 
 * (bug 26642) Fixed incorrect translated namespace due to a regression in the
 == Changes since 1.16.1 ==
 
 * (bug 26642) Fixed incorrect translated namespace due to a regression in the