dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SECURITY: Escape wikitext content model/format in message
[lhc/web/wiklou.git] / RELEASE-NOTES-1.29
diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29
index eece3de..2552b40 100644 (file)
--- a/RELEASE-NOTES-1.29
+++ b/RELEASE-NOTES-1.29
@@ -94,6 +94,7 @@ production.
   their values out of the logs.
 * (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a CSRF
   token.
+* (T156184) SECURITY: Escape content model/format url parameter in message.
 
 === Action API changes in 1.29 ===
 * Submitting sensitive authentication request parameters to action=login,
Wiklou, le Wiki du Wiklou