Your IP : 3.149.255.189
== MediaWiki 1.39.12 ==
This is a security and maintenance release of the MediaWiki 1.39 branch.
=== Changes since 1.39.11 ===
* Localisation updates.
* (T380755) session: Do not set session.use_trans_sid.
* (T382987) $wgDnsBlacklistUrls now defaults to an empty array. See the comment
in the "Configuration changes for system administrators" section.
* (T382484) dumps: Use proc_close() to close proc_open() subprocess.
* (T315202) Account for null values in Exif data.
* (T384879) FormatMetadata: Prevent running preg_match() on null.
* (T384995) specialpage: Improve handling of invalid lang codes on login/signup.
* (T385169) MultiUsernameFilter: Don't try to split ids if they're not a string.
* (T319219) Fix Site::getPath() + MediaWikiSite::getFileUrl() confusion.
* (T385332) feeds: Fix str_replace() deprecation warnings on PHP 8.
* (T379125) exception: Suppress dependency loop exception.
* (T381033) RateLimiter: Fix peek mode.
* (T387130, CVE-2025-32699) SECURITY: Update wikimedia/parsoid to 0.16.5.
* (T385519) Sanitizer::normalizeWhitespace warn on preg_replace error.
* (T387638) RevDelList: Ensure setVisibility always includes itemStatuses in
value if applicable.
* (T388296) ImportImages: Exit with non-zero code if import fails.
* Request: Improve log message when headers already sent.
* (T388066) Avoid trying to load the session user in MW_NO_SESSION endpoints.
* (T388171) HttpError: Cast Message to string.
* (T388255) ApiLogin: Don't break BotPasswords if password or user is blank,
just error.
* (T388728, T385519) Sanitizer::normalizeSectionNameWhitespace: Apply same
anti-null fix as 270499b.
* (T387690) upload: Suppress warnings from iconv().
* (T388733) Sanitizer::normalizeWhitespace: simplify redundant preg_replace.
* (T304474, CVE-2025-32696) SECURITY: Apply proper restrictions on file revert
action.
* (T388924) MagicWord::replace*: Make sure we don't pass null into preg_match/
preg_replace.
* (T390063, T277675) ResourceLoader: update wikimedia/minify to 2.9.0.
* (T368921) ResourceLoader: Set "math=always" before Less.php 5.0 upgrade.
* (T384851) FileBackend: PHP Deprecated: strrpos(): Passing null to parameter #1
($haystack).
* In .htaccess deny files, use "Satisfy All".
* (T389028) block: Fix DBS::acquireTarget() race using GET_LOCK().
* permissions: Check cascade protection only if page can exists.
* (T385958, CVE-2025-32698) SECURITY: LogPager.php: Restriction enforcer
functions do not correctly enforce suppression restrictions,
* (T387130, CVE-2025-32699) SECURITY: Potential javascript injection attack
enabled by Unicode normalization in Action API.
* (T358689, CVE-2025-3469) SECURITY: i18n XSS vulnerability in
HTMLMultiSelectField when sections are used.
== MediaWiki 1.39.11 ==
This is a maintenance release of the MediaWiki 1.39 branch.
=== Changes since 1.39.10 ===
* Localisation updates.
* (T377450) [DatabaseUpdater] Don't interact with updatelog on virtual domains.
* (T377916) specials: Avoid passing null to str_replace().
* (T378006, T372500) AutoLoader: Use require_once rather than require.
* (T378304) GlobalIdGenerator: Update str_getcsv() call for PHP 8.4.
* Upgrade php-session-serializer from 2.0.1 to 3.0.0.
* Upgrade xmp-reader from 0.8.6 to 0.9.2.
* (T372569) installer: Consistently use double quotes when outputting settings.
* (T362829) Correct range error in regexp of formatmetadata.
* (T381068) ButtonAuthenticationRequest: Add AllowDynamicProperties directive.
== MediaWiki 1.39.10 ==
This is a maintenance release of the MediaWiki 1.39 branch.
== MediaWiki 1.39.8 ==
This is a maintenance release of the MediaWiki 1.39 branch.
=== Changes since 1.39.7 ===
* Localisation updates.
* tests: Skip failing tests on php8.2 (and make pass).
* (T326480) ApiResult: Make array ordering consistent across PHP versions.
* (T352789, T287972) build: Raise TestingAccessWrapper from 2.0.0 to 3.0.0.
* (T326478) tests: Create new classes to hold dynamic properties in auth tests.
* (T326478) tests: Avoid dynamic properties in AuthenticationProvider Test.
* (T326466) Introduce and use DynamicPropertyTestHelper.
* tests: Skip failing tests on php8.3 (and make pass).
* (T352910) tests: Use TestingAccessWrapper::newFromClass in session tests.
* (T326478) tests: Avoid dynamic properties in auth tests.
* (T326479, T361985) StatusValue: Allow passing arbitrary data to augment
result.
* tests: Remove dead code from WikiPageDbTest::assertPreparedEditNotEquals.
* (T326478) tests: Avoid dynamic properties in SessionManagerTest.
* (T361990) Upgrading wikimedia/parsoid (v0.16.3 => v0.16.4).
* (T357760) Use i18n strings for truncated subpage message in SpecialMovePage.
* ArticleTest: Skip testGetOrSetOnNewProperty() if PHP >= 8.2.
* (T361982) Update wikimedia/less.php from 3.1.0 to 3.2.1.
* debug: Update PsySH 0.11.1 -> 0.12.3.
* (T361991) Fix slash-delimited regex from CLI on maintenence/grep.php.
* (T362078) Improve RestAPIAdditionalRouteFiles path expansion.
* (T352695) tests: Only set $dbSetup if setupTestDB() ends without throwing.
* (T302186) Add title cache for Title::newMainPage().
* objectcache: Fix flaky WANObjectCacheTest::testLockTSESlow case.
* (T362272) api: Replace null $httpCode by 0 in ApiBase::dieWithErrorOrDebug.
* (T150647, T216682) Make EncryptedPassword work with Argon2Password.
* (T327220) Special:ApiHelp: Move widths and floats in CSS to media query.
* (T364270) Fix long param names overlapping docs in API help pages.
* MaintenanceRunner.php: Add trailing newline to error message.
* wrapOldPasswords: Improve progress output and decrease batch size.
* (T361367) ApiFeedWatchlist: Fix handling of array parameters.
* (T132418) ResourceLoader: Add 1min grace via stale-while-revalidate
Cache-Control.
* (T366130) EncryptedPassword: Store default parameters as strings.
* Name the PagerTools array entries to allow hooks to unset them.
== MediaWiki 1.39.7 ==
This is a security and maintenance release of the MediaWiki 1.39 branch.
=== Changes since 1.39.6 ===
* Localisation updates.
* (T334992) Headings in the license pickers should not be selected.
* (T353929) ActiveUsersPager: Count actions only once.
* composer: Use @php instead of php.
* (T326065) Indent JsonContent using tabs.
* (T354541) authmanager: Improve AuthenticationRequest docs.
* (T355017) Add missing space in Special:RecentChangesLinked.
* (T355003) composer.json Add ext-bcmath and ext-gmp to suggests.
* PHPVersionCheck: Update text to match currently supported upstream PHP
versions (8.1+).
* (T354045) API: mark HTML output as non-cacheable.
* (T355530) filerepo: Fix img_major_mime for files with a non-standard
extensions.
* (T355530) MimeAnalyzer: Add @since to isValidMajorMimeType.
* (T317489, T319202) Mark some parserTests on talk pages Parsoid only on
REL1_39.
* (T350594) Update wikimedia/parsoid to 0.16.3.
* (T352554) ZhConverter: Fix language variant fallback chain.
* (T357668) Parser::getExternalLinkAttribs: Don't set rel attribute to null.
* LockManagerGroupIntegrationTest: Remove test depending on DBLockManager.
* (T357808) LinkRendererTest: Add missing import for LinkTarget.
* (T353305) ApiResetPassword: Allow both user and email parameters to be passed
for reset.
* (T358949) updateCollation: Explicitly cast $scale to int.
* (T359055) api: Improve linking of language codes lists in top level i18n
messages.
* (T359294) Make sure MovePage::isValidFileMove matches UploadBase::getTitle.
* (T230245) Respect $maxConcurrency when queuing async FileOps.
* (T352554) Follow-up "ZhConverter: Fix language variant fallback chain".
* (T292237, T317451) build: Restore Doxygen output for MediaWiki release tags.
* (T324903) HistoryPager: Add #[AllowDynamicProperties].
* (T360850) Update Apache config syntax in .htaccess files.
* (T309714, T354274) mime: Add support for 'font/woff' and 'font/woff2' mime
type.
* (T309714) mime: Make test cases use data provider.
* (T331608) installer: Bear with schema drift caused by running old updater.
* docs: Remove use of $IP from mwdocgen.php.
* (T317451) build: Restore Doxygen output for MediaWiki release tags (take 3).
* docs: Set stable permalink on markdown files.
* (T357019) allow maintenance/deleteBatch.php to accept page ID.
* (T355538 CVE-2024-PENDING) XSS in edit summary parser.
* (T357760, CVE-2024-PENDING) Denial of service vector via GET request to
Special:MovePage on pages with thousands of subpages.
== MediaWiki 1.39.6 ==
This is a security and maintenance release of the MediaWiki 1.39 branch.
=== Changes since MediaWiki 1.39.5 ===
* Localisation updates.
* Updated symfony/polyfill-php80 from 1.26.0 to 1.28.0.
* Updated symfony/polyfill-php81 from 1.26.0 to 1.28.0.
* (T344912) mail: Encode period (ascii 46) if it appears in encoded email
header.
* Added symfony/polyfill-php82.
* Added symfony/polyfill-php83.
* Updated symfony/yaml from 5.4.10 to 5.4.23.
* (T329609) ApiQueryLanguageinfoTest: Do not pass a float to setFakeTime.
* Updated wikimedia/timestamp from 4.0.0 to 4.1.1.
* tests: Provide coverage for StatusValue::__toString.
* StatusValue: Improve logging/debug output with multibyte characters.
* (T347726, CVE-2023-PENDING) SECURITY: logging: Fix non-escaped messages
used in rights log.
* Updated wikimedia/parsoid from 0.16.1 to 0.16.2.
* (T229992) LocalisationCache: Preserve fallback source language info.
* (T275085) Fix logging Status objects to 'authevents' channel.
* (T341310) DEVELOPERS.md: mention git clone and WSL.
* (T351758) DEVELOPERS.md: reword WSL instructions to include best practices.
* (T349115) LocalisationCache: Fix a rare case in fallback source language.
* SwiftFileBackend: Fix "PHP Deprecated: strlen(): Passing null to parameter #1
($string) of type string is deprecated".
* maintenance: Add missing parenthesis to SQL in attachLatest.php.
* (T353472) maintenance: Fix join condition in DeduplicateArchiveRevId.