X-Git-Url: https://git.cyclocoop.org/%27.WWW_URL.%27admin/?a=blobdiff_plain;f=RELEASE-NOTES-1.32;h=2cd1222f408949c2ba5c1ad9014f93d0a04b041a;hb=682f3d92b22ac7c313d65194cae84197740946ad;hp=16b7ffa42f0dedd6ace5d85622719e6957dfbf3d;hpb=139bf5bc7b66c83bd5a27d4fc6806ddaebe3f188;p=lhc%2Fweb%2Fwiklou.git

diff --git a/RELEASE-NOTES-1.32 b/RELEASE-NOTES-1.32
index 16b7ffa42f..2cd1222f40 100644
--- a/RELEASE-NOTES-1.32
+++ b/RELEASE-NOTES-1.32
@@ -60,6 +60,10 @@ production.
 * $wgPopularPasswordFile — The location of the default popular passwords file
   has been moved to be in line with other non-PHP files used by libraries and
   classes.
+* $wgEnableImageWhitelist is now disabled by default, as it opens up a hole for
+  potential privacy leaks by administrators. You can check
+  "MediaWiki:External image whitelist" on your wiki to see whether the feature
+  was ever used, and whether it needs to be re-enabled.
 
 ==== Removed configuration ====
 * $wgEnableAPI and $wgEnableWriteAPI – These settings, deprecated in 1.31,
@@ -594,6 +598,7 @@ because of Phabricator reports.
   $wgTidyConfig instead.
 * All Tidy configurations other than Remex have been hard deprecated;
   future parsers will not emit compatible output for these configurations.
+  In particular, running MediaWiki with tidy disabled has been deprecated.
 * (T198214) OutputPage::addWikiText(), OutputPage::addWikiTextWithTitle(),
   and OutputPage::addWikiTextTitle() have been deprecated, since they
   can result in untidy output.  In addition OutputPage::addWikiTextTidy()