production.
=== Configuration changes in 1.28 ===
-
+* The load.php entry point now enforces the existing policy of not allowing
+ access to session data, which includes the session user and the session
+ user's language. If such access is attempted, an exception will be thrown.
+* The number of internal PBKDF2 iterations used to derive the session secret
+ is configurable via $wgSessionPbkdf2Iterations.
=== New features in 1.28 ===
-
+* User::isBot() method for checking if an account is a bot role account.
+* Added a new hook, 'UserIsBot', to aid in determining if a user is a bot.
=== External library changes in 1.28 ===
==== Upgraded external libraries ====
-
+* Updated es5-shim from v4.1.5 to v4.5.8
==== New external libraries ====
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Phabricator reports.
-=== Other changes in 1.27 ===
+=== Other changes in 1.28 ===
== Compatibility ==