+* Hardcoded NLS_NUMERIC_CHARACTERS for Oracle DB to prevent type conversion errors.
+* Fixed recentchanges FK violation on page delete and cache purge error in updater
+ for Oracle DB.
+* (bug 32276) Skins were generating output using the internal page title which
+ would allow anonymous users to determine wheter a page exists, potentially
+ leaking private data. In fact, the curid and oldid request parameters would
+ allow page titles to be enumerated even when they are not guessable.
+* (bug 32616) action=ajax requests were dispatched to the relevant internal
+ functions without any read permission checks being done. This could lead to
+ data leakage on private wikis.