X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=RELEASE-NOTES-1.31;h=b0da15a0df01ccca73969eddd3e3ee3848b44ec8;hp=3fd8dbcda1729a63fed4e59e8cd9a2f8bb4d0515;hb=52262ecf919e6aeb3565d816d6911368beed199f;hpb=845dee9fa4331341fa6ef20d0fd8ffa73c7eb62e

diff --git a/RELEASE-NOTES-1.31 b/RELEASE-NOTES-1.31
index 3fd8dbcda1..b0da15a0df 100644
--- a/RELEASE-NOTES-1.31
+++ b/RELEASE-NOTES-1.31
@@ -1,10 +1,13 @@
 == MediaWiki 1.31.1 ==
 
-THIS IS NOT A RELEASE YET!
-
 This is a security and maintenance release of the MediaWiki 1.31 branch.
 
 === Changes since MediaWiki 1.31.0 ===
+* (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
+  'newbie'.
+* (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's
+  account lock.
+* (T199029, CVE-2018-13258) SECURITY: Tarball was missing .htaccess files.
 * (T197229) Bundle Nuke extension, it was accidentally omitted.
 * (T193995) Fix undefined patchPath() method call in parser tests.
 * (T198687) Fix various selectFields methods to use the string 'NULL', not null.