[HIGH] API responses for unpatrolled or (not) autopatrolled recent changes require privileges but may be cached publicly

PKSA-fksz-ptgz-3jth CVE-2019-12474 GHSA-2qrr-c2gh-pr35

Affected package: mediawiki/core

Affected version: >=1.27.0,<1.27.6|>=1.30.0,<1.30.2|>=1.31.0,<1.31.2|>=1.32.0,<1.32.2

Reported by:
GitHub, FriendsOfPHP/security-advisories