Your IP : 3.14.134.195
== MediaWiki 1.39.10 ==
This is a maintenance release of the MediaWiki 1.39 branch.
== MediaWiki 1.39.8 ==
This is a maintenance release of the MediaWiki 1.39 branch.
=== Changes since 1.39.7 ===
* Localisation updates.
* tests: Skip failing tests on php8.2 (and make pass).
* (T326480) ApiResult: Make array ordering consistent across PHP versions.
* (T352789, T287972) build: Raise TestingAccessWrapper from 2.0.0 to 3.0.0.
* (T326478) tests: Create new classes to hold dynamic properties in auth tests.
* (T326478) tests: Avoid dynamic properties in AuthenticationProvider Test.
* (T326466) Introduce and use DynamicPropertyTestHelper.
* tests: Skip failing tests on php8.3 (and make pass).
* (T352910) tests: Use TestingAccessWrapper::newFromClass in session tests.
* (T326478) tests: Avoid dynamic properties in auth tests.
* (T326479, T361985) StatusValue: Allow passing arbitrary data to augment
result.
* tests: Remove dead code from WikiPageDbTest::assertPreparedEditNotEquals.
* (T326478) tests: Avoid dynamic properties in SessionManagerTest.
* (T361990) Upgrading wikimedia/parsoid (v0.16.3 => v0.16.4).
* (T357760) Use i18n strings for truncated subpage message in SpecialMovePage.
* ArticleTest: Skip testGetOrSetOnNewProperty() if PHP >= 8.2.
* (T361982) Update wikimedia/less.php from 3.1.0 to 3.2.1.
* debug: Update PsySH 0.11.1 -> 0.12.3.
* (T361991) Fix slash-delimited regex from CLI on maintenence/grep.php.
* (T362078) Improve RestAPIAdditionalRouteFiles path expansion.
* (T352695) tests: Only set $dbSetup if setupTestDB() ends without throwing.
* (T302186) Add title cache for Title::newMainPage().
* objectcache: Fix flaky WANObjectCacheTest::testLockTSESlow case.
* (T362272) api: Replace null $httpCode by 0 in ApiBase::dieWithErrorOrDebug.
* (T150647, T216682) Make EncryptedPassword work with Argon2Password.
* (T327220) Special:ApiHelp: Move widths and floats in CSS to media query.
* (T364270) Fix long param names overlapping docs in API help pages.
* MaintenanceRunner.php: Add trailing newline to error message.
* wrapOldPasswords: Improve progress output and decrease batch size.
* (T361367) ApiFeedWatchlist: Fix handling of array parameters.
* (T132418) ResourceLoader: Add 1min grace via stale-while-revalidate
Cache-Control.
* (T366130) EncryptedPassword: Store default parameters as strings.
* Name the PagerTools array entries to allow hooks to unset them.
== MediaWiki 1.39.7 ==
This is a security and maintenance release of the MediaWiki 1.39 branch.
=== Changes since 1.39.6 ===
* Localisation updates.
* (T334992) Headings in the license pickers should not be selected.
* (T353929) ActiveUsersPager: Count actions only once.
* composer: Use @php instead of php.
* (T326065) Indent JsonContent using tabs.
* (T354541) authmanager: Improve AuthenticationRequest docs.
* (T355017) Add missing space in Special:RecentChangesLinked.
* (T355003) composer.json Add ext-bcmath and ext-gmp to suggests.
* PHPVersionCheck: Update text to match currently supported upstream PHP
versions (8.1+).
* (T354045) API: mark HTML output as non-cacheable.
* (T355530) filerepo: Fix img_major_mime for files with a non-standard
extensions.
* (T355530) MimeAnalyzer: Add @since to isValidMajorMimeType.
* (T317489, T319202) Mark some parserTests on talk pages Parsoid only on
REL1_39.
* (T350594) Update wikimedia/parsoid to 0.16.3.
* (T352554) ZhConverter: Fix language variant fallback chain.
* (T357668) Parser::getExternalLinkAttribs: Don't set rel attribute to null.
* LockManagerGroupIntegrationTest: Remove test depending on DBLockManager.
* (T357808) LinkRendererTest: Add missing import for LinkTarget.
* (T353305) ApiResetPassword: Allow both user and email parameters to be passed
for reset.
* (T358949) updateCollation: Explicitly cast $scale to int.
* (T359055) api: Improve linking of language codes lists in top level i18n
messages.
* (T359294) Make sure MovePage::isValidFileMove matches UploadBase::getTitle.
* (T230245) Respect $maxConcurrency when queuing async FileOps.
* (T352554) Follow-up "ZhConverter: Fix language variant fallback chain".
* (T292237, T317451) build: Restore Doxygen output for MediaWiki release tags.
* (T324903) HistoryPager: Add #[AllowDynamicProperties].
* (T360850) Update Apache config syntax in .htaccess files.
* (T309714, T354274) mime: Add support for 'font/woff' and 'font/woff2' mime
type.
* (T309714) mime: Make test cases use data provider.
* (T331608) installer: Bear with schema drift caused by running old updater.
* docs: Remove use of $IP from mwdocgen.php.
* (T317451) build: Restore Doxygen output for MediaWiki release tags (take 3).
* docs: Set stable permalink on markdown files.
* (T357019) allow maintenance/deleteBatch.php to accept page ID.
* (T355538 CVE-2024-PENDING) XSS in edit summary parser.
* (T357760, CVE-2024-PENDING) Denial of service vector via GET request to
Special:MovePage on pages with thousands of subpages.
== MediaWiki 1.39.6 ==
This is a security and maintenance release of the MediaWiki 1.39 branch.
=== Changes since MediaWiki 1.39.5 ===
* Localisation updates.
* Updated symfony/polyfill-php80 from 1.26.0 to 1.28.0.
* Updated symfony/polyfill-php81 from 1.26.0 to 1.28.0.
* (T344912) mail: Encode period (ascii 46) if it appears in encoded email
header.
* Added symfony/polyfill-php82.
* Added symfony/polyfill-php83.
* Updated symfony/yaml from 5.4.10 to 5.4.23.
* (T329609) ApiQueryLanguageinfoTest: Do not pass a float to setFakeTime.
* Updated wikimedia/timestamp from 4.0.0 to 4.1.1.
* tests: Provide coverage for StatusValue::__toString.
* StatusValue: Improve logging/debug output with multibyte characters.
* (T347726, CVE-2023-PENDING) SECURITY: logging: Fix non-escaped messages
used in rights log.
* Updated wikimedia/parsoid from 0.16.1 to 0.16.2.
* (T229992) LocalisationCache: Preserve fallback source language info.
* (T275085) Fix logging Status objects to 'authevents' channel.
* (T341310) DEVELOPERS.md: mention git clone and WSL.
* (T351758) DEVELOPERS.md: reword WSL instructions to include best practices.
* (T349115) LocalisationCache: Fix a rare case in fallback source language.
* SwiftFileBackend: Fix "PHP Deprecated: strlen(): Passing null to parameter #1
($string) of type string is deprecated".
* maintenance: Add missing parenthesis to SQL in attachLatest.php.
* (T353472) maintenance: Fix join condition in DeduplicateArchiveRevId.
== MediaWiki 1.39.5 ==
This is a security and maintenance release of the MediaWiki 1.39 branch.
=== Changes since MediaWiki 1.39.4 ===
* Localisation updates.
* (T333050, CVE-2023-PENDING) SECURITY: Fix infinite loop for self-redirects
with variants conversion.
* docs: Fix a few typos in MainConfigSchema.
* (T309714) mime: Add support for 'font/sfnt' mime type.
* (T341434) WikiImporter: Improve error message output.
* (T317255) VueComponentParser: Use Zest's getElementsByTagName() rather than
PHP's.
* (T341737) ApiBase: Cast $id to string in filterIDs.
* (T286291, T296188) Merge zh and zh-tw namespace translations back to zh-hans,
zh-hant, zh-hk respectively.
* (T337875) WRStats: Round up SequenceSpec::hardExpiry to the nearest integer.
* (T237898) installer: Check MariaDB version in updater/installer.
* (T342632) ApiComparePages: Add help url.
* (T326182, T324903) EditPage: Add #[AllowDynamicProperties].
* (T342351) rdbms: Fix postgres db function call.
* (T343675) user: Use {@} to escape annotation when writting about annotation.
* (T343797) LanguageWa: Fix double timezone adjustment.
* (T326454) Update pear/mail to 1.5.1.
* (T343622) docs: Set the <comment> tag back to optional.
* (T330528) Upgrade wikimedia/html-formatter from 3.0.1 to 4.0.3.
* (T337463) wdio-mediawiki: await saveScreenshot.
* (T274041) Include core PSR-4 classes in the generated classmap.
* (T208477) $wgPrivilegedGroups – Users belonging in some of the listed groups
will be audited more aggressively.
* doc: Improve description of "type" in extension.schema.v2.json.
* Added PrivilegedGroups attribute for extension.json / skin.json, which lets
you add any new user groups you define to wgPrivilegedGroups (see above).
* HTMLForm: Fix E_NOTICE when hide-if is used with setFormIdentifier.
* (T288624) MultiHttpClient: Unset $this->cmh after closing it.
* (T345039) Do not run SkinAfterBottomScripts hook twice unconditionally.
* (T265734) API Help: Note that parameters may be inherited from other context.
* API: Make continue parameter help description more specific.
* (T285545) i18n: Split apihelp for standard dir parameter.
* (T285545) i18n: Split apihelp for redirects/linkshere/transcludedin/fileusage
show.
* (T285545) i18n: Split apihelp for parameter list=deletedrevs&drprop=.
* (T285545) i18n: Split apihelp for parameter list=allpages&apprexpiry=.
* (T285545) i18n: Split apihelp for parameter action=opensearch&redirects=.
* (T285545) i18n: Split apihelp for parameter action=managetags&operation=.
* (T285545) api: Add message for list=watchlist&wlprop=expiry.
* (T334011) ApiComparePages: expose 'difftype' param if wikidiff2 is installed.
* (T342633) api: Add message for action=compare&prop=timestamp.
* API: revids=… does not necessarily return the queried revisions.
* (T326696) user: Truncate option value in UserOptionsManager.
* (T326696) ApiOptions: Give warning if the value is too long.
* API i18n: Add {{PLURAL:}} for byte count messages.
* (T235207) Get correct main page in API call examples.
* doc: Make extension.schema.v2.json a valid JSON schema.
* updateSpecialPages.php: Avoid implicit float conversion on modulo.
* (T347227) ImportReporter: Make callback functions public.
* (T346898) importDump: Unconditionally call $importer->setUsernamePrefix().
* doc: Improve description of type in extension.schema.v1.json.
* (T340217, CVE-2023-PENDING) SECURITY: Vector 2022: Numerous unescaped
messages leading to potential XSS.
* (T340220, CVE-2023-PENDING) SECURITY: Vector 2022: vector-intro-page
message is assumed to yield a valid title.
* (T340221, CVE-2023-PENDING) SECURITY: XSS via
'youhavenewmessagesmanyusers' and 'youhavenewmessages' messages.
* (T341529, CVE-2023-PENDING) SECURITY: diff-multi-sameuser
("X intermediate revisions by the same user not shown") ignores
username suppression.
* (T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted
XML file to Special:Upload (non-standard configuration).
== MediaWiki 1.39.4 ==
This is a security and maintenance release of the MediaWiki 1.39 branch.
=== Changes since MediaWiki 1.39.3 ===
* Localisation updates.
* (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1.
* (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7
(2.4.0 => 2.4.5).
* (T333776) {{ACTIVEUSERS}} wasn't being updated without updateSpecialPages.php.
* (T258860) Prevent LogicCache exception from message cache during IO errors
from memcache.
* (T336868) Improve idempotency of postgres index upgrades.
* (T322944) Add Authorization to default $wgAllowedCorsHeaders.
* (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter.
* A fake MessageLocalizer for use in unit tests.
* (T338114) Title: Add forward alias.
* composer: Add symfony/polyfill-php81 like symfony/polyfill-php80.
* (T330464) Work around argument corruption bug in XMLReader::open.
* Fix frame and frameless rdfa depending on file existing.
* Fixes for the phan upgrade, part 1.
* Fixes for the phan upgrade, part 2.
* (T298571) build: Update mediawiki/mediawiki-phan-config to 0.12.0.
* build: Updating mediawiki/mediawiki-phan-config to 0.12.1.
* (T329214) Pass whether current rev of file exists to
Linker::makeBrokenImageLinkObj.
* (T334659) Handle thumb errors when !$enableLegacyMediaDOM.
* A manualthumb that doesn't exist should be considered a thumb error.
* (T313157) IndexPager: Also protect against $offset being 0.
* (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.