Reset all tokens on login

[lhc/web/wiklou.git] / RELEASE-NOTES-1.28

diff --git a/RELEASE-NOTES-1.28 b/RELEASE-NOTES-1.28
index 1bb8c32..6348ac3 100644 (file)
--- a/RELEASE-NOTES-1.28
+++ b/RELEASE-NOTES-1.28
@@ -6,15 +6,20 @@ MediaWiki 1.28 is an alpha-quality branch and is not recommended for use in
 production.
 
 === Configuration changes in 1.28 ===
-
+* The load.php entry point now enforces the existing policy of not allowing
+  access to session data, which includes the session user and the session
+  user's language. If such access is attempted, an exception will be thrown.
+* The number of internal PBKDF2 iterations used to derive the session secret
+  is configurable via $wgSessionPbkdf2Iterations.
 
 === New features in 1.28 ===
-
+* User::isBot() method for checking if an account is a bot role account.
+* Added a new hook, 'UserIsBot', to aid in determining if a user is a bot.
 
 === External library changes in 1.28 ===
 
 ==== Upgraded external libraries ====
-
+* Updated es5-shim from v4.1.5 to v4.5.8
 
 ==== New external libraries ====
 
@@ -37,7 +42,7 @@ MediaWiki supports over 350 languages. Many localisations are updated
 regularly. Below only new and removed languages are listed, as well as
 changes to languages because of Phabricator reports.
 
-=== Other changes in 1.27 ===
+=== Other changes in 1.28 ===
 
 
 == Compatibility ==