* A temporary feature flag, $wgDisableUserGroupExpiry, is provided to disable
new features that rely on the schema changes to the user_groups table. This
feature flag will likely be removed before 1.29 is released.
+* (T158474) "Unknown user" has been added to $wgReservedUsernames.
+* (T156983) $wgRateLimitsExcludedIPs now accepts CIDR ranges as well as single IPs.
=== New features in 1.29 ===
* (T5233) A cookie can now be set when a user is autoblocked, to track that user
=== External library changes in 1.29 ===
==== Upgraded external libraries ====
+* Added wikimedia/timestamp v1.0.0.
* Updated QUnit from v1.22.0 to v1.23.1.
* Updated cssjanus from v1.1.2 to 1.1.3.
* Updated psr/log from v1.0.0 to v1.0.2.
+* Update Moment.js from v2.8.4 to v2.15.0.
==== New external libraries ====
* (T157035) "new mw.Uri()" was ignoring options when using default URI.
=== Action API changes in 1.29 ===
-* Submitting sensitive authentication request parameters to action=clientlogin,
- action=createaccount, action=linkaccount, and action=changeauthenticationdata
- in the query string is now an error. They should be submitted in the POST
- body instead.
+* Submitting sensitive authentication request parameters to action=login,
+ action=clientlogin, action=createaccount, action=linkaccount, and
+ action=changeauthenticationdata in the query string is now an error. They
+ should be submitted in the POST body instead.
* The capture option for action=resetpassword has been removed
* action=clearhasmsg now requires a POST.
* (T47843) API errors and warnings may be requested in non-English languages