[SECURITY] Password Reset Updates

[lhc/web/wiklou.git] / RELEASE-NOTES-1.34

diff --git a/RELEASE-NOTES-1.34 b/RELEASE-NOTES-1.34
index 7ec6717..d035653 100644 (file)
--- a/RELEASE-NOTES-1.34
+++ b/RELEASE-NOTES-1.34
@@ -1,9 +1,16 @@
 = MediaWiki 1.34 =
 
-== MediaWiki 1.34.1 ==
+== MediaWiki 1.34.2 ==
 
 THIS IS NOT A RELEASE YET
 
+=== Changes since MediaWiki 1.34.1 ===
+* The MultiHttpClient code will fallover to non-curl if curl_multi* is blocked.
+
+== MediaWiki 1.34.1 ==
+
+This is a security and maintenance release of the MediaWiki 1.34 branch.
+
 === Changes since MediaWiki 1.34.0 ===
 * (T211450) User: better error message when getActorId fails.
 * (T241340) Don't redefine MW_ENTRY_POINT in thumb.php if already defined.
@@ -16,6 +23,13 @@ THIS IS NOT A RELEASE YET
 * Update comment about PHP versions supported by The PHP Group.
 * (T247215) Fix output of RecountCategories::doWork().
 * Add check for page existence to view.php maintenance script.
+* (T245149) Fix fetching login token from action=query&meta=tokens on private
+  wikis.
+* (T236509) SECURITY: Fix HTML escaping in UserGroupMembership::getLink().
+* (T232932) SECURITY: User content can redirect the logout button to different
+  URL.
+* (T246602) SECURITY: jquery.makeCollapsible allows applying event handler to
+  any CSS selector.
 
 == MediaWiki 1.34.0 ==