'html5-legacy' value for $wgFragmentMode is no longer accepted.
* The experimental Html5Internal and Html5Depurate tidy drivers were removed.
RemexHtml, which is the default, should be used instead.
+* (T135963) You can now define a Content Security Policy for your wiki. This
+ adds a defense-in-depth feature to stop an attacker who has found a bug in
+ the parser allowing them to insert malicious attributes. Disabled by default,
+ you can configure this via $wgCSPHeader and $wgCSPReportOnlyHeader.
=== New features in 1.32 ===
* (T112474) Generalized the ResourceLoader mechanism for overriding modules
of queueing style modules as well.
* OutputPage::addModuleScripts() and ParserOutput::addModuleScripts are
deprecated. Use addModules() instead.
+* Overriding SearchEngine::{searchText,searchTitle,searchArchiveTitle}
+ in extending classes is deprecated. Extend related doSearch* methods
+ instead.
=== Other changes in 1.32 ===
* …