X-Git-Url: http://git.cyclocoop.org/%7B%7B%20url_for%28%27admin_vote_del%27%2C%20idvote=vote.voteid%29%20%7D%7D?a=blobdiff_plain;f=RELEASE-NOTES-1.29;h=b835eb54704e87ed7a1a063fd73c75578afdb5fb;hb=17e7bc02357e42a78cf5fdcbf9e550dda4631ac6;hp=2380e9f99cc8ea772961daeec558ed5e34dc1ede;hpb=97fb2ab408f4bba361b5cc87bb9a42bdcb9a370e;p=lhc%2Fweb%2Fwiklou.git

diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29
index 2380e9f99c..b835eb5470 100644
--- a/RELEASE-NOTES-1.29
+++ b/RELEASE-NOTES-1.29
@@ -35,6 +35,8 @@ production.
 * (T156983) $wgRateLimitsExcludedIPs now accepts CIDR ranges as well as single IPs.
 * $wgDummyLanguageCodes is deprecated. Additional language code mappings may be
   added to $wgExtraLanguageCodes instead.
+* (T161453) LocalisationCache will no longer use the temporary directory in it's
+  fallback chain when trying to work out where to write the cache.
 
 === New features in 1.29 ===
 * (T5233) A cookie can now be set when a user is autoblocked, to track that user
@@ -63,14 +65,18 @@ production.
 === External library changes in 1.29 ===
 
 ==== Upgraded external libraries ====
-* Added wikimedia/timestamp v1.0.0.
 * Updated QUnit from v1.22.0 to v1.23.1.
-* Updated cssjanus from v1.1.2 to 1.1.3.
+* Updated cssjanus from v1.1.2 to v1.2.0.
 * Updated psr/log from v1.0.0 to v1.0.2.
 * Update Moment.js from v2.8.4 to v2.15.0.
-* Updated oyejorge/less.php from v1.7.0.10 to v1.7.0.13.
+* Updated oyejorge/less.php from v1.7.0.10 to v1.7.0.14.
+* Updated monolog from v1.18.2 to 1.22.1.
+* Updated wikimedia/composer-merge-plugin from v1.3.1 to v1.4.0.
+* Updated OOjs from v1.1.10 to v2.0.0.
 
 ==== New external libraries ====
+* Added wikimedia/timestamp v1.0.0.
+* Added wikimedia/remex-html v1.0.1.
 
 ==== Removed and replaced external libraries ====
 
@@ -81,6 +87,22 @@ production.
   highlight prefix matches in the results.
 * (T157035) "new mw.Uri()" was ignoring options when using default URI.
 * Special:Allpages can no longer be filtered by redirect in miser mode.
+* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is installed.
+* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow redirect
+  to interwiki links.
+* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
+  $wgAdvancedSearchHighlighting is true.
+* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
+  their values out of the logs.
+* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a CSRF
+  token.
+* (T156184) SECURITY: Escape content model/format url parameter in message.
+* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
+  declaration.
+* (T161453) SECURITY: LocalisationCache will no longer use the temporary directory
+  in it's fallback chain when trying to work out where to write the cache.
+* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion
+  syntax's link parameter.
 
 === Action API changes in 1.29 ===
 * Submitting sensitive authentication request parameters to action=login,
@@ -141,6 +163,8 @@ production.
   various methods now take a module path rather than a module name.
 * ApiMessageTrait::getApiCode() now strips 'apierror-' and 'apiwarn-' prefixes
   from the message key, and maps some message keys for backwards compatibility.
+* API parameters may now be marked as "sensitive" to keep their values out of
+  the logs.
 
 === Languages updated in 1.29 ===
 
@@ -158,6 +182,7 @@ changes to languages because of Phabricator reports.
   The new or reinstated language fallbacks are (after cs ↔ sk in 1.28):
   ca ↔ oc; hsb ↔ dsb; io → eo; mdf → ru; pnt → el; roa-tara → it; rup → ro;
   sh → bs, sr-el, hr.
+* (T137376) New language support: Atikamekw (atj).
 * (T155957) Talk Namespaces for Javanese language (jv) have been updated.
 
 ==== No fallback for Ukrainian ====
@@ -267,6 +292,19 @@ changes to languages because of Phabricator reports.
 * WikiRevision::$fileIsTemp was deprecated.
 * WikiRevision::$importer was deprecated.
 * WikiRevision::$user was deprecated.
+* Article::getLastPurgeTimestamp(), WikiPage::getLastPurgeTimestamp(), and the
+  WikiPage::PURGE_* constants are deprecated, and the functions will always
+  return false. They were a hack for an issue that has since been fixed.
+* Hook 'EditPageBeforeEditChecks' is now deprecated. Instead use the new hook
+  'EditPageGetCheckboxesDefinition', or 'EditPage::showStandardInputs:options'
+  if you don't actually care about checkboxes and just want to add some HTML
+  to the page.
+* Selflinks are now rendered as href-less <a> tags with the class mw-selflink
+  rather than <strong> tags. The old class name, "selflink", was deprecated
+  and will be removed in a future release. (T160480)
+* (T156184) $wgRawHtml will no longer apply to internationalization messages.
+* Browser support for non-ES5 JavaScript browsers, including Android 2,
+  Opera <12.10, and Internet Explorer 9, was lowered from Grade A to Grade C.
 
 == Compatibility ==