(bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which could lead to xss. Permission to edit MediaWiki namespace is required to exploit this.
(bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as part of its name.
(bug T74222) The original patch for T74222 was reverted as unnecessary.
Fixed a couple of entries in RELEASE-NOTES-1.24.
(bug T76168) OutputPage: Add accessors for some protected properties.
(bug T74834) Make 1.24 branch directly installable under PostgreSQL.
This update has been submitted for testing by mooninite.
Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/22150/steps/runtask/logs/stdio (results are informative only)
Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/22150/steps/runtask/logs/stdio (results are informative only)
This update is currently being pushed to the Fedora 21 testing updates repository.
This update has been pushed to testing
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by mooninite.
Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/23867/steps/runtask/logs/stdio (results are informative only)
This update is currently being pushed to the Fedora 21 stable updates repository.
This update has been pushed to stable