X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=HISTORY;h=65e66f4cf1534ec743ab520ac5f6ae57119faa26;hb=c62ece653ad63e72f0eb025eaddb266cbdad2564;hp=1eca29add01a77ecb993e53083434ef2e9afe204;hpb=96e547b10aef0e3d32047cb536f6148b9dccd342;p=lhc%2Fweb%2Fwiklou.git

diff --git a/HISTORY b/HISTORY
index 1eca29add0..65e66f4cf1 100644
--- a/HISTORY
+++ b/HISTORY
@@ -744,6 +744,8 @@ comment from another wiki.
   the page set in the &returnto parameter.
 * (bug 19194) Search box in Modern skin doesn't focus with Safari/Chrome
 * (bug 17790) Users instantly logged off on HughesNet
+* (bug 21549) Make foreign key constraints DEFERRABLE INITIALLY DEFERRED 
+  when using Postgres as the database backend.
 
 == API changes in 1.16 ==
 
@@ -1155,6 +1157,9 @@ changes to languages because of MediaZilla reports.
 * (bug 16343) Non-existing, but in use, category pages can be "go" match hits
 * Fixed a CSS validation issue which allowed external images to be included
   into wikis where that is disallowed by configuration.
+* Fixed a data leakage vulnerability for private wikis using img_auth.php or
+  similar image access authentication schemes. Check user permissions before
+  streaming out scaled images from thumb.php.
 
 == API changes in 1.15 ==
 * (bug 16858) Revamped list=deletedrevs to make listing deleted contributions