|
Server : Apache System : Linux ecngx264.inmotionhosting.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64 User : lonias5 ( 3576) PHP Version : 7.3.33 Disable Function : NONE Directory : /var/softaculous/mw35/ |
Upload File : |
== MediaWiki 1.35.3 == This is a security and maintenance release of the MediaWiki 1.35 branch. === Changes since MediaWiki 1.35.2 === * (T259685) SQLite compatibility with ZeroConf VisualEditor was fixed in 1.35.2. * (T196906, T242751) Fix the test MonologSpiTest::testDefaultChannel. * (T279964) Parser: Trim trailing whitespace as the last step in pre-save transform. * (T278026) rdbms: Add DB_PRIMARY to replace DB_MASTER. * (T252853) Update updateSearchIndex.php to 2006+ standards. * (T276945) Define a batch size in maintenance/manageJobs.php. * (T276945) Implement JobQueueDB::getAllAbandonedJobs. * (T269676) authevents: strval() variables passed to status when logging. * (T280944) $wgIncludejQueryMigrate - This setting allows the jQuery Migrate plugin to be disabled. It has been enabled by default since MediaWiki 1.27. * (T281584) apihelp-query+iwlinks-param-prop: s/interlanguage/interwiki/. * (T281635) Delete maintenance/cleanupAncientTables.php. * (T282133) RedisConnectionPool: Suppress phan issue. * (T281549) WebInstaller: Don't show the announce-l subscribe checkbox temporarily. * (T278266) Fix annoying E_NOTICE about undefined 'alt' index in Skin#makeFooterIcon. * (T264214) UserRightsProxy::addGroup has to be allowed to update the old group as well, which is used for granting interwiki rights. * (T269776, T278266) getFooterIcons should not return empty arrays. * (T274966) Skip AvroFormatterTest::testSchemaNotAvailable on PHP 8.0. * phpunit: fail on warnings. * (T283247) Freenode -> Libera per wikimedia moving from freenode to libera. * (T243124) Make phpunit:unit accept extension*.json to populate the classes. * (T142663) Add extension.json merge strategy "provide_default". * (T283540) HookContainer: Fix normalization of callback for static handler. * (T283464) Fix array order for array_replace_recursive merge strategy. * (T247223) Optimise MessageCache::isMainCacheable() for the single-message case. * (T278579) Don't send headers on ob_end_clean(). * (T280226, CVE-2021-35197) SECURITY: Prevent blocked users from purging pages. == MediaWiki 1.35.2 == This is a security and maintenance release of the MediaWiki 1.35 branch. MediaWiki 1.35.2 supports Composer 2.0. It is reccommended to make sure your libraries are up to date on Composer 1.x, before running Composer 2.x. While normally running update.php isn't required for point releases, it is recommended to run it for 1.35.2 so that iwlinks.iwl_prefix is updated to take 32 characters. === Changes since MediaWiki 1.35.1 === * (T270450) The confusingly-named User->isLoggedIn() method has been deprecated in favour of the method it wraps, User->isRegistered(). * Upgrade pimple/pimple from 3.3.0 to 3.3.1 for PHP 8.0 support. * Upgrade seld/jsonlint from 1.7.1 to 1.8.3 for PHP 8.0 support. * Upgrade doctrine/dbal from 2.10.4 to 3.0.0 for PHP 8.0 support. * (T270734) Fix display of Special:Preferences URL in password reset email. * (T252774, T271441) resourceloader: Give SkinModule 'features' option an extensible default. * (T271441) Unknown features shouldn't break style output. * (T264986) Make use of CURLMOPT_MAX_HOST_CONNECTIONS conditional on having curl >= 7.30.0. * DefaultSettings.php: Update $wgPingback documentation. * Fix docs for LanguageConverter::translate. * (T272250) Don't rely on implicit string->int cast in comparison. * (T272327) Exif::isSlong: Cast input to float so PHP 8.0 abs() doesn't whine. * (T272328) UploadBase: Don't call MimeAnalyzer if mTempPath is null. * Remove nonfunctional default sampling for WANObjectCache metrics. * (T258851) Prevent service injection to LoadExtensionSchemaUpdates hook. * (T270852) Hooks: Map dash character to underscore when generating hook names. * (T271551, T270145) Fix fetching ipblock-exempt within BlockManager::getUserBlock. * PHPVersionCheck: The PHP Group only supports PHP >= 7.3.0. * (T248925) Set empty closures in DatabaseTest to fix PHP 8 tests. * (T34217) rdbms: Remove outdated MySQL 4 references and fix doc URLs. * (T248925) Special:Contributions reports negative namespace error on PHP 8. * (T248925) objectcache: Fix non-numeric string check in HashBagOStuff for PHP 8. * (T248925) Fix CacheTime::getCacheExpiry for PHP 8. * (T259685) Allow REST API POST handlers to opt out of mandatory SQLite locking. * (T91820, T259685) MWLBFactory: rename magic HTTP header for opting out of SQLite write lock. * (T272326) Fix DeprecationHelperTest on PHP 8. * Upgrade wikimedia/less.php from 3.0.0 to 3.1.0 for PHP 8.0 support. * (T236639) OutputPage: Make $wgDebugRedirects work again. * (T274648) registration: Allow reusing cached metadata between wikis. * CdnCacheUpdate: Send full URL instead of path to Curl for purge. * Upgrade monolog/monolog from 1.25.3 to 2.2.0 for PHP 8.0 support. * FileBackend: Do not use SOCKET_ENOENT on windows. * (T275441) ApiQueryUserInfo: Allow all uiprops to be requested at once. * (T275261) Escape wikitext in the title in invalid title error messages. * (T275242) Extend iwlinks.iwl_prefix to VARBINARY(32) on MySQL. * (T246594, T270228) PHPVersionCheck: Complain about known-bad versions above minimum. * (T275824) Upgrade wikimedia/composer-merge-plugin from 1.4.1 to 2.0.1 for Composer 2.0 support. * (T269293) Record all used options in metadata. * Allow usage of Composer 2.0 to install MediaWiki's dependencies. * (T259872) skins: Call headElement() after getTemplateData() in SkinMustache. * (T277009, CVE-2021-30158) SECURITY: Allow blocked users to access Special:ResetTokens. * (T272412) Add "Account data" section to user preferences. * (T268310) Add list of thumbnail urls to LocalFilePurgeThumbnails hook. * (T277520) registration: Allow specifying immovable namespaces in extension.json. * (T275619) Maintenance::hasOption and Maintenance::getOption now behave as documented and are not altered by previous calls to these methods. * (T254688) Remove page inner join from subquery in SpecialWhatLinksHere. * (T122124) signup: added help message for security. * (T278014, CVE-2021-30154) SECURITY: Escape mediastatistics-header-* messages on Special:NewFiles. * (T278058, CVE-2021-30157) SECURITY: Escape rcfilters-filter-* messages on ChangesList pages. * (T277414) HTMLFormField: Use non namespaced class name rather than static::class. * (T268673) maintenance: Don't create SearchUpdate in rebuildtextindex.php for page_namespace below 0. * (T246594, T270228) Mark ParserOptionsTests skipped on PHP 7.4.0-7.4.8. * (T268230) Switch to new MediaWiki logo by Serhio Magpie. * (T271735) Expand config-pingback-help, link to privacy policy in config-pingback. * Fix documentation of user-global in $wgRateLimits. * BackupDumper: Add -o as shortcode for --output. * (T235554) Disable DEFER_SET_LENGTH_AND_FLUSH headers to avoid HTTP errors. * (T270713, CVE-2021-30152) SECURITY: Allow user to only apply protection they have right to do so via action=protect. * (T272386, CVE-2021-30159) SECURITY: Non-admin deleted enwiki page in fast double move. * (T270988, CVE-2021-30155) SECURITY: ContentModelChange: Check that user can create pages. * (T279451, CVE-2021-30458) SECURITY: Parsoid comment fostering allows for inserting mostly arbitrary <meta> tags. == MediaWiki 1.35.1 == This is a maintenance release of the MediaWiki 1.35 branch. While normally running update.php isn't required for point releases, it is recommended to run it for 1.35.1 so that sites.site_language is updated to take 35 characters. Watchlist Expiry is no longer considered experimental, but is off by default. To enable it, set $wgWatchlistExpiry = true; in your LocalSettings.php. === Changes since MediaWiki 1.35.0 === * (T263929) purgeList.php Fix all-namespaces option to match one used in code. * (T248719) ParserCache::get - fix wfDeprecated call. * (T261430) WatchlistExpiryWidget: Move focus to expiry dropdown after hitting Tab. * Preload mediawiki.watchstar.widgets before api request. * (T261030) ApiEditPage: Show existing watchlist expiry if status is not being changed. * (T264502) Fix PHP 8 compat with strcspn() $length parameter exceeding string. * (T248925) Remove final modifier on private function. * (T264683) Remove ipb_anon_only from ipb_address_unique index addition. * (T261415) Add days left messages to changes-lists' clock icons. * Fix order of wfDeprecated parameters in ExternalStoreDB::getSlave. * (T261260) Preload class used in HeaderCallback. * (T260868, T260009) Normalize WatchedItem expiry field. * (T264683) Remove doTable check from (Mysql|Sqlite)Updater::indexHasFields. * (T264534) ApiPageSet: Avoid infinite loop when merging redirects. * (T196906) Empty Monolog loggers are now real blackholes. * (T258649) WatchAction: avoid UPDATE when old and new watch period is indefinite. * Parser: Adjust typehint to show that getTitle can return null. * (T263592) media: Fix case of FlashPixVersion in FormatMetadata::makeFormattedData(). * (T265223) BaseTemplate: Guard against passing zero arg to array_merge(). * (T264965) Fix base path handling for MessagePosterModule registration. * (T252183) Fix Database::getTempTableWrites for multi table DDLs. * (T182546) Fix switch/case indentation per mediawiki coding conventions. * Flip Yoda conditionals. * (T263213) Move SkinTemplate::getFooterLinks() to Skin. * build: Updating mediawiki/mediawiki-codesniffer to 33.0.0. * (T267105) Make ImageBuilder::checkMissingImage public. * Updating guzzlehttp/guzzle (6.5.4 => 6.5.5). * (T266681) Support new style hook registration on install and update. * (T266980) Fix unsetting of copyright icon in FooterIcons. * upload.js: Don't assume that warnings array will include 'code' key. * upload.js: Fix typo in upload API. * (T264333, T190988, T266903) Pass along ignorewarnings param to all individual chunks being uploaded. * (T267558) importTextFiles.php: Replace deprecated WikiRevision:setText(). * (T266418) composer.json: add requirement for composer-plugin-api ^1.1. * (T261431) Add ARIA attributes to watchlink and its notification. * (T258877) Change invalid 'Content-Encoding: none' header. * Fix trailing ; in patch-sites-site_language-35.sql. * (T248852) wfAssembleUrl: Handle empty query field in URL bits. * (T268846) Updating wikimedia/testing-access-wrapper (1.0.0 => 2.0.0). * (T268887) migrateComments: Cast array keys back to string before passing to the DB. * (T266619) Introduce new $wgThumbPath config. * (T269178) MemcachedClient: Cast Resource to integer. * (T263925) Use the old HookContainer to set up the post-reset services. * Change "site cache" to just "cache" in the right-purge message. * [UploadedFileStreamTest] Skip test with chmod. * (T269710) Updating composer/semver (1.5.1 => 1.7.2). * (T269710) Updating mediawiki/mediawiki-codesniffer (33.0.0 => 34.0.0). * (T260631, T260633), BotPassword::save() now returns a Status object for the result rather than a bool. The length of the bot password grants and restriction fields are now validated, and an error will be thrown if it would be truncated by the database. * (T265778) Fix English/*nix specific error messages in FSFileBackend. * (T267543) Split dropping of image.img_user_timestamp. * [FileTest] Do not assume /tmp exists on windows. * Clean up temp files correctly after unit tests. * Skip undo related phpunit tests when diff3 is missing. * (T269964) rdbms: Remove outer parentheses in insert query for Postgres. * (T263911) In MWExceptionHandler::report(), catch all throwables. * (T268894, CVE-2020-35474) SECURITY: Use Html::element in ChangeListSpecialPage for sanity. * (T268917) Use Xml::element in SpecialUserrights for sanity. * (T268938, CVE-2020-35478, CVE-2020-35479) SECURITY: Pass escaped html to LogFormatter::makePageLink for sanity. * (T268938) Fixed mixed escaping in Language::translateBlockExpiry. * (T263911) UserOptionsManager: don't differentiate anons caches. * (T261260) HeaderCallback: pre-cache request ID. * Parsoid updated to v0.12.1. * (T205908, CVE-2020-35477) SECURITY: Unable to change visibility of log entries when MediaWiki:Mainpage uses Special:MyLanguage. * (T120883, CVE-2020-35480) SECURITY: Divergent behavior for contributions and user pages of hidden users and missing users. * (T270145) Fix condition that can lead to using APCOND_BLOCKED in $wgAutopromote to cause an OOM in PHP. === Changes since MediaWiki 1.35.0-rc.3 === * (T261258) Remove checks for ancient ImageMagick versions in BitmapHandler. * (T260232) Don't include null page ids in query list for category dumps. * (T260009) Check existing watchitem when saving action=watch. * (T259055) Correct success messages for action=watch. * mediawiki.page.ready: Simpler tablesorter/makeCollapsible call. * mediawiki.page.ready: Fix skin override config flags, wrong way round. * (T262175, T248512) Remove requirement for ApiWatchlistTrait to be in ApiBase. * (T259053, T260434) Watchlist: Fix updateWatchLink removing css class when action=watch. * (T261901, T261476) mediawiki.notification: Don't close notif when clicking <select> element. * (T251506) Sanitizer: Truncate IDs to a reasonable length. * (T259452) Parsoid updated to v0.12.0. * (T261970) watch.ajax: Add expiry support to watchpage.mw event. * (T262900) Fix failure of rebuildLocalisationCache.php due to ResourceLoader hook. * (T263014) Hard deprecate File::userCan() with $user=null. * (T262547) Use localized success message after watching via action=watch. * (T201491) Fix typo 'Watchlst' in `apihelp-edit-param-watchlistexpiry`. * (T261081) Installer: consistently reset Language objects. * (T250449, T250450) Installer: consistently reset Language objects. * Explicitly wrap some XML calls in libxml_disable_entity_loader(). * (T262934) Ensure dropdown label is always on its own line. * (T246855) resourceloader: Use a local HookRunner. * (T263604) Have findBadBlobs.php require Maintenance.php rather than cleanupTable.inc. * (T263606) Set fake time, to avoid flaky tests. * (T261325) Add FindMissingActors script. * (T262364) shell: Don't blacklist /run/firejail. * (T263655) NewPagesPager: Ignore nonexistent namespaces. * Update specialPageAliases and magicWords for Egyptian Arabic (arz). * (T261347) ParserOutput: don't throw on bad editsection. * (T232568, CVE-2020-25813) SpecialUserrights: If a viewer lacks `hideuser`, ignore hidden users. * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on Special:Contributions. * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within LogEventsList. * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking firejail's --output functionality. * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and 'style' attribute. * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in mw.message( ... ).parse(). * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct database. * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used. * Add Finnish special page aliases. * Fix GuzzleHttpRequest request headers. * Fix description for pruneFileCache.php. * emptyUserGroup.php: handle more than 5000 users. * Make ApiSandbox copyable URL absolute. * (T261087) Add a link from a deleted page to that page's logs. == MediaWiki 1.35.0-rc.3 == === Changes since MediaWiki 1.35.0-rc.2 === * (T258662) mediawiki.visibleTimeout: Update the nextVisibleTimeoutId value. * Ensure Parsoid doesn't throw when <ref> is used w/o Cite installed. * Remove maintenance/createCommonPasswordCdb.php. * (T260468) Increase "sites.site_global_key" to varbinary(64). * (T183759) Fix shell edge-cases in Windows. * (T257879) Drop PHP 7.2 support; require 7.3.19. * (T251661, CVE-2020-25827) SECURITY: User::pingLimiter: add user-global rate limit type. * (T246991) User: enforce pingLimiter() expiry time. * (T256831) Rest: Handle Uri constructor exception. * (T259094) Fix RequestFromGlobalsTest failing in Travis CI. * (T256831, T261344) Rest: Use try/catch to handle URIs with embedded colon.