MediaWiki 1.19.22
27 November 2014
MediaWiki version 1.19.22 is now available (security release).
Upgrading to MediaWiki 1.19.22
MediaWiki 1.19.22 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply MediaWiki updates as new versions are released, or use Installatron's Clone feature to duplicate an existing MediaWiki install to test the 1.19.22 upgrade prior to applying it live. Get started managing your MediaWiki installations with Installatron
What's New in MediaWiki 1.19.22
- (bug 66776, bug 71478) SECURITY: User PleaseStand reported a way to inject code into API clients that used format=php to process pages that underwent flash policy mangling. This was fixed along with improving how the mangling was done for format=json, and allowing sites to disable the mangling using $wgMangleFlashPolicy.
- (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with DELETED_ACTION. NOTICE: this may be reverted in a future release pending a public RFC about the desired functionality. This issue was reported by user Bawolff.
- (bug 71621) Make allowing site-wide styles on restricted special pages a config option.
- $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that might be a flash policy directive configurable.