D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
proc
/
self
/
root
/
proc
/
thread-self
/
root
/
var
/
softaculous
/
mw19
/
Filename :
changelog.txt
back
Copy
== MediaWiki 1.39.10 == This is a maintenance release of the MediaWiki 1.39 branch. == MediaWiki 1.39.8 == This is a maintenance release of the MediaWiki 1.39 branch. === Changes since 1.39.7 === * Localisation updates. * tests: Skip failing tests on php8.2 (and make pass). * (T326480) ApiResult: Make array ordering consistent across PHP versions. * (T352789, T287972) build: Raise TestingAccessWrapper from 2.0.0 to 3.0.0. * (T326478) tests: Create new classes to hold dynamic properties in auth tests. * (T326478) tests: Avoid dynamic properties in AuthenticationProvider Test. * (T326466) Introduce and use DynamicPropertyTestHelper. * tests: Skip failing tests on php8.3 (and make pass). * (T352910) tests: Use TestingAccessWrapper::newFromClass in session tests. * (T326478) tests: Avoid dynamic properties in auth tests. * (T326479, T361985) StatusValue: Allow passing arbitrary data to augment result. * tests: Remove dead code from WikiPageDbTest::assertPreparedEditNotEquals. * (T326478) tests: Avoid dynamic properties in SessionManagerTest. * (T361990) Upgrading wikimedia/parsoid (v0.16.3 => v0.16.4). * (T357760) Use i18n strings for truncated subpage message in SpecialMovePage. * ArticleTest: Skip testGetOrSetOnNewProperty() if PHP >= 8.2. * (T361982) Update wikimedia/less.php from 3.1.0 to 3.2.1. * debug: Update PsySH 0.11.1 -> 0.12.3. * (T361991) Fix slash-delimited regex from CLI on maintenence/grep.php. * (T362078) Improve RestAPIAdditionalRouteFiles path expansion. * (T352695) tests: Only set $dbSetup if setupTestDB() ends without throwing. * (T302186) Add title cache for Title::newMainPage(). * objectcache: Fix flaky WANObjectCacheTest::testLockTSESlow case. * (T362272) api: Replace null $httpCode by 0 in ApiBase::dieWithErrorOrDebug. * (T150647, T216682) Make EncryptedPassword work with Argon2Password. * (T327220) Special:ApiHelp: Move widths and floats in CSS to media query. * (T364270) Fix long param names overlapping docs in API help pages. * MaintenanceRunner.php: Add trailing newline to error message. * wrapOldPasswords: Improve progress output and decrease batch size. * (T361367) ApiFeedWatchlist: Fix handling of array parameters. * (T132418) ResourceLoader: Add 1min grace via stale-while-revalidate Cache-Control. * (T366130) EncryptedPassword: Store default parameters as strings. * Name the PagerTools array entries to allow hooks to unset them. == MediaWiki 1.39.7 == This is a security and maintenance release of the MediaWiki 1.39 branch. === Changes since 1.39.6 === * Localisation updates. * (T334992) Headings in the license pickers should not be selected. * (T353929) ActiveUsersPager: Count actions only once. * composer: Use @php instead of php. * (T326065) Indent JsonContent using tabs. * (T354541) authmanager: Improve AuthenticationRequest docs. * (T355017) Add missing space in Special:RecentChangesLinked. * (T355003) composer.json Add ext-bcmath and ext-gmp to suggests. * PHPVersionCheck: Update text to match currently supported upstream PHP versions (8.1+). * (T354045) API: mark HTML output as non-cacheable. * (T355530) filerepo: Fix img_major_mime for files with a non-standard extensions. * (T355530) MimeAnalyzer: Add @since to isValidMajorMimeType. * (T317489, T319202) Mark some parserTests on talk pages Parsoid only on REL1_39. * (T350594) Update wikimedia/parsoid to 0.16.3. * (T352554) ZhConverter: Fix language variant fallback chain. * (T357668) Parser::getExternalLinkAttribs: Don't set rel attribute to null. * LockManagerGroupIntegrationTest: Remove test depending on DBLockManager. * (T357808) LinkRendererTest: Add missing import for LinkTarget. * (T353305) ApiResetPassword: Allow both user and email parameters to be passed for reset. * (T358949) updateCollation: Explicitly cast $scale to int. * (T359055) api: Improve linking of language codes lists in top level i18n messages. * (T359294) Make sure MovePage::isValidFileMove matches UploadBase::getTitle. * (T230245) Respect $maxConcurrency when queuing async FileOps. * (T352554) Follow-up "ZhConverter: Fix language variant fallback chain". * (T292237, T317451) build: Restore Doxygen output for MediaWiki release tags. * (T324903) HistoryPager: Add #[AllowDynamicProperties]. * (T360850) Update Apache config syntax in .htaccess files. * (T309714, T354274) mime: Add support for 'font/woff' and 'font/woff2' mime type. * (T309714) mime: Make test cases use data provider. * (T331608) installer: Bear with schema drift caused by running old updater. * docs: Remove use of $IP from mwdocgen.php. * (T317451) build: Restore Doxygen output for MediaWiki release tags (take 3). * docs: Set stable permalink on markdown files. * (T357019) allow maintenance/deleteBatch.php to accept page ID. * (T355538 CVE-2024-PENDING) XSS in edit summary parser. * (T357760, CVE-2024-PENDING) Denial of service vector via GET request to Special:MovePage on pages with thousands of subpages. == MediaWiki 1.39.6 == This is a security and maintenance release of the MediaWiki 1.39 branch. === Changes since MediaWiki 1.39.5 === * Localisation updates. * Updated symfony/polyfill-php80 from 1.26.0 to 1.28.0. * Updated symfony/polyfill-php81 from 1.26.0 to 1.28.0. * (T344912) mail: Encode period (ascii 46) if it appears in encoded email header. * Added symfony/polyfill-php82. * Added symfony/polyfill-php83. * Updated symfony/yaml from 5.4.10 to 5.4.23. * (T329609) ApiQueryLanguageinfoTest: Do not pass a float to setFakeTime. * Updated wikimedia/timestamp from 4.0.0 to 4.1.1. * tests: Provide coverage for StatusValue::__toString. * StatusValue: Improve logging/debug output with multibyte characters. * (T347726, CVE-2023-PENDING) SECURITY: logging: Fix non-escaped messages used in rights log. * Updated wikimedia/parsoid from 0.16.1 to 0.16.2. * (T229992) LocalisationCache: Preserve fallback source language info. * (T275085) Fix logging Status objects to 'authevents' channel. * (T341310) DEVELOPERS.md: mention git clone and WSL. * (T351758) DEVELOPERS.md: reword WSL instructions to include best practices. * (T349115) LocalisationCache: Fix a rare case in fallback source language. * SwiftFileBackend: Fix "PHP Deprecated: strlen(): Passing null to parameter #1 ($string) of type string is deprecated". * maintenance: Add missing parenthesis to SQL in attachLatest.php. * (T353472) maintenance: Fix join condition in DeduplicateArchiveRevId. == MediaWiki 1.39.5 == This is a security and maintenance release of the MediaWiki 1.39 branch. === Changes since MediaWiki 1.39.4 === * Localisation updates. * (T333050, CVE-2023-PENDING) SECURITY: Fix infinite loop for self-redirects with variants conversion. * docs: Fix a few typos in MainConfigSchema. * (T309714) mime: Add support for 'font/sfnt' mime type. * (T341434) WikiImporter: Improve error message output. * (T317255) VueComponentParser: Use Zest's getElementsByTagName() rather than PHP's. * (T341737) ApiBase: Cast $id to string in filterIDs. * (T286291, T296188) Merge zh and zh-tw namespace translations back to zh-hans, zh-hant, zh-hk respectively. * (T337875) WRStats: Round up SequenceSpec::hardExpiry to the nearest integer. * (T237898) installer: Check MariaDB version in updater/installer. * (T342632) ApiComparePages: Add help url. * (T326182, T324903) EditPage: Add #[AllowDynamicProperties]. * (T342351) rdbms: Fix postgres db function call. * (T343675) user: Use {@} to escape annotation when writting about annotation. * (T343797) LanguageWa: Fix double timezone adjustment. * (T326454) Update pear/mail to 1.5.1. * (T343622) docs: Set the <comment> tag back to optional. * (T330528) Upgrade wikimedia/html-formatter from 3.0.1 to 4.0.3. * (T337463) wdio-mediawiki: await saveScreenshot. * (T274041) Include core PSR-4 classes in the generated classmap. * (T208477) $wgPrivilegedGroups – Users belonging in some of the listed groups will be audited more aggressively. * doc: Improve description of "type" in extension.schema.v2.json. * Added PrivilegedGroups attribute for extension.json / skin.json, which lets you add any new user groups you define to wgPrivilegedGroups (see above). * HTMLForm: Fix E_NOTICE when hide-if is used with setFormIdentifier. * (T288624) MultiHttpClient: Unset $this->cmh after closing it. * (T345039) Do not run SkinAfterBottomScripts hook twice unconditionally. * (T265734) API Help: Note that parameters may be inherited from other context. * API: Make continue parameter help description more specific. * (T285545) i18n: Split apihelp for standard dir parameter. * (T285545) i18n: Split apihelp for redirects/linkshere/transcludedin/fileusage show. * (T285545) i18n: Split apihelp for parameter list=deletedrevs&drprop=. * (T285545) i18n: Split apihelp for parameter list=allpages&apprexpiry=. * (T285545) i18n: Split apihelp for parameter action=opensearch&redirects=. * (T285545) i18n: Split apihelp for parameter action=managetags&operation=. * (T285545) api: Add message for list=watchlist&wlprop=expiry. * (T334011) ApiComparePages: expose 'difftype' param if wikidiff2 is installed. * (T342633) api: Add message for action=compare&prop=timestamp. * API: revids=… does not necessarily return the queried revisions. * (T326696) user: Truncate option value in UserOptionsManager. * (T326696) ApiOptions: Give warning if the value is too long. * API i18n: Add {{PLURAL:}} for byte count messages. * (T235207) Get correct main page in API call examples. * doc: Make extension.schema.v2.json a valid JSON schema. * updateSpecialPages.php: Avoid implicit float conversion on modulo. * (T347227) ImportReporter: Make callback functions public. * (T346898) importDump: Unconditionally call $importer->setUsernamePrefix(). * doc: Improve description of type in extension.schema.v1.json. * (T340217, CVE-2023-PENDING) SECURITY: Vector 2022: Numerous unescaped messages leading to potential XSS. * (T340220, CVE-2023-PENDING) SECURITY: Vector 2022: vector-intro-page message is assumed to yield a valid title. * (T340221, CVE-2023-PENDING) SECURITY: XSS via 'youhavenewmessagesmanyusers' and 'youhavenewmessages' messages. * (T341529, CVE-2023-PENDING) SECURITY: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression. * (T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted XML file to Special:Upload (non-standard configuration). == MediaWiki 1.39.4 == This is a security and maintenance release of the MediaWiki 1.39 branch. === Changes since MediaWiki 1.39.3 === * Localisation updates. * (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1. * (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7 (2.4.0 => 2.4.5). * (T333776) {{ACTIVEUSERS}} wasn't being updated without updateSpecialPages.php. * (T258860) Prevent LogicCache exception from message cache during IO errors from memcache. * (T336868) Improve idempotency of postgres index upgrades. * (T322944) Add Authorization to default $wgAllowedCorsHeaders. * (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter. * A fake MessageLocalizer for use in unit tests. * (T338114) Title: Add forward alias. * composer: Add symfony/polyfill-php81 like symfony/polyfill-php80. * (T330464) Work around argument corruption bug in XMLReader::open. * Fix frame and frameless rdfa depending on file existing. * Fixes for the phan upgrade, part 1. * Fixes for the phan upgrade, part 2. * (T298571) build: Update mediawiki/mediawiki-phan-config to 0.12.0. * build: Updating mediawiki/mediawiki-phan-config to 0.12.1. * (T329214) Pass whether current rev of file exists to Linker::makeBrokenImageLinkObj. * (T334659) Handle thumb errors when !$enableLegacyMediaDOM. * A manualthumb that doesn't exist should be considered a thumb error. * (T313157) IndexPager: Also protect against $offset being 0. * (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.