1 files changed, 15 insertions, 3 deletions

diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19
index b734fa8b..b72816f7 100644
--- a/RELEASE-NOTES-1.19
+++ b/RELEASE-NOTES-1.19
@@ -3,18 +3,28 @@
 Security reminder: MediaWiki does not require PHP's register_globals
 setting since version 1.2.0. If you have it on, turn it '''off''' if you can.
 
+== MediaWiki 1.19.3 ==
+
+This is a security release of the MediaWiki 1.19 branch
+
+=== Changes since 1.19.2 ===
+* (bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391)
+* (bug 41400) Prevent linker regex from exceeding PCRE backtrack limit
+* Increase permitted runtime for testParserTest (only used for continuous
+  integration).
+* Updated messages translations from http://translatewiki.net/
+
 == MediaWiki 1.19.2 ==
-2012-08-30
 
 This is a security release of the MediaWiki 1.19 branch
 
 === Changes since 1.19.1 ===
 * (bug 39700) File: link to non-existing file can inject html
-* (bug 35839) Hidden block text leaking to admins
+* (bug 39823) Hidden block text leaking to admins
 * (bug 39184) LDAP password leakage
 * (bug 39180) Disallow framing of api results
 * (bug 37587) Enforce language codes to be html safe
-* (bug 38333) Check global blocks on account creation
+* (bug 39824) Check global blocks on account creation
 
 == MediaWiki 1.19 ==
 
@@ -28,6 +38,8 @@ release and submitting bug reports.
 
 === Changes since 1.19.1 ===
 * (bug 38406) Properly quote table names in DatabaseBase::tableName()
+* (bug 38249) Parser will throw an exception instead of outputting gibberish if
+  PCRE is compiled without support for unicode properties.
 
 === Changes since 1.19.0 ===
 * (bug 36568) Fixed "Illegal string offset 'LIMIT'" warnings in updater