X-Git-Url: https://scripts.mit.edu/gitweb/autoinstallsdev/mediawiki.git/blobdiff_plain/d274a1744ec81daf286c6175b0dbde867ca1b545..334fd746ae18c3f5643d4a7ca415a69f69a98017:/RELEASE-NOTES

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 71534ca4..cf3f3a77 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,8 +1,8 @@
 = MediaWiki release notes =
 
-== MediaWiki 1.16.2 ==
+== MediaWiki 1.16.3 ==
 
-2011-02-01
+2011-04-12
 
 This is a security and maintenance release of the MediaWiki 1.16 branch.
 
@@ -44,6 +44,17 @@ set $wgCacheDirectory to a writable path on the local filesystem. Make sure
 you have the DBA extension for PHP installed, this will improve performance 
 further.
 
+== Changes since 1.16.2 ==
+
+* (bug 28449) Fixed permissions checks in Special:Import which allowed users 
+  without the 'import' permission to import pages from the configured import 
+  sources.
+* (bug 28235) Fixed XSS affecting IE 6 and earlier clients only, due to those 
+  browsers looking for a file extension in the query string of the URL, and 
+  ignoring the Content-Type header if one is found.
+* (bug 28450) Fixed a CSS validation issue involving escaped comments, which
+  led to XSS for Internet Explorer clients and privacy loss for other clients.
+
 == Changes since 1.16.1 ==
 
 * (bug 26642) Fixed incorrect translated namespace due to a regression in the