their values out of the logs.
* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a CSRF
token.
+* (T156184) SECURITY: Escape content model/format url parameter in message.
=== Action API changes in 1.29 ===
* Submitting sensitive authentication request parameters to action=login,