Prepare 1.31.2

[lhc/web/wiklou.git] / RELEASE-NOTES-1.31

diff --git a/RELEASE-NOTES-1.31 b/RELEASE-NOTES-1.31
index 3e0efe4..40c1f1e 100644 (file)
--- a/RELEASE-NOTES-1.31
+++ b/RELEASE-NOTES-1.31
@@ -1,6 +1,6 @@
 == MediaWiki 1.31.2 ==
 
-THIS IS NOT A RELEASE YET
+This is a security and maintenance release of the MediaWiki 1.31 branch.
 
 Required PHP version has been increased from 7.0.0 to 7.0.13.
 
@@ -79,6 +79,18 @@ Required PHP version has been increased from 7.0.0 to 7.0.13.
   saveFileDependencies().
 * (T224374) Fix message parameters so that the message that says SQLite is out of date
   makes sense.
+* SpecialPage::checkLoginSecurityLevel() will now preserve POST data when
+  reauthenticating.
+* FormSpecialPage::execute() will now call checkLoginSecurityLevel() if
+  getLoginSecurityLevel() returns non-false.
+* (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
+* (T208881) SECURITY: blacklist CSS var().
+* (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
+* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
+* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
+* (T222036, T222038) SECURITY: Add permission check for user is permitted to
+  view the log type.
+* (T221739) SECURITY: resources: Patch jQuery 3.2.1 for CVE-2019-11358.
 
 == MediaWiki 1.31.1 ==