Release Notes: Templates can now have default parameter values, and category memberships and other links are properly updated when templates are edited. Feed generation was upgraded to Atom 1.0; RSS and Atom feeds now colorize diffs for readability. SVG uploads can be passed through a rasterizer program for inline display. The login and page protection forms have been redesigned. New extension points are present to support enhanced anti-spam and other tools.
Release Notes: This is a security and maintenance release of the 1.21 branch. It fixes extension detection with 2 .'s. Support for the 'gettoken' parameter to action=block and action=unblock, deprecated since 1.20, has been removed. This release sanitizes ResourceLoader exception messages. It will purge upstream caches when deleting file assets. The unit test suite now runs the AutoLoader tests. The autoloading entry for the PageORMTableForTesting class has also been fixed, though it had no impact.
Release Notes: Several bugs have been fixed.
Release Notes: A cross-site scripting (XSS) vulnerability was fixed. Fatal errors with unusual file repository configurations, such as ForeignAPIRepo were fixed. The "change password" link on Special:Preferences was changed to have the correct returnto parameter.
Release Notes: XSS and CSRF vulnerabilities were fixed.
Release Notes: An XSS vulnerability has been fixed.