(bug T121892) Various special pages resulted in fatal errors.
Changes since 1.26.0
(bug T117899) SECURITY: $wgArticlePath can no longer be set to relative paths that do not begin with a slash. This enabled trivial XSS attacks. Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an error
(bug T119309) SECURITY: Use hash_compare() for edit token comparison
(bug T118032) SECURITY: Don't allow cURL to interpret POST parameters starting with '@' as file uploads
(bug T115522) SECURITY: Passwords generated by User::randomPassword() can no longer be shorter than $wgMinimalPasswordLength
(bug T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could result in improper blocks being issued
(bug T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions and related pages no longer use HTTP redirects and are now redirected by MediaWiki
Fixed ConfigException in ExpandTemplates due to AlwaysUseTidy.
Fixed stray literal \n in Special:Search.
Fix issue that breaks HHVM Repo Authorative mode.
(bug T120267) Work around APCu memory corruption bug
This update has been submitted for testing by mooninite.
This update has been pushed to testing.
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by mooninite.
This update has been pushed to stable.