X-Git-Url: http://git.heureux-cyclage.org/?a=blobdiff_plain;f=RELEASE-NOTES-1.31;h=14aab7fef3c642c9a180fbc837e7bd0c1078fe8c;hb=refs%2Ftags%2F1.31.6;hp=54672be5e310e26a0f429e6cc36d9959ed9b94ae;hpb=63a9098e9cafcbf8bb4bd02f20cf5643c61c2472;p=lhc%2Fweb%2Fwiklou.git diff --git a/RELEASE-NOTES-1.31 b/RELEASE-NOTES-1.31 index 54672be5e3..14aab7fef3 100644 --- a/RELEASE-NOTES-1.31 +++ b/RELEASE-NOTES-1.31 @@ -1,6 +1,66 @@ +== MediaWiki 1.31.6 == + +This is a security and maintenance release of the MediaWiki 1.31 branch. + +=== Changes since MediaWiki 1.31.5 === +* (T181658) Do not insert page titles into querycache.qc_value. +* (T206013) Suppress errors when reading invalid XML file properties. +* (T237931) Remove references to pg_attrdef.adsrc in Postgres code. +* Use correct value for 'sslmode' in DatabasePostgres. +* (T232866) Fix support for HTTP/2 in MultiHttpClient. +* (T227461) Stop calling deprecated Redis delete functions. +* (T239561) Mark options as requiring parameters in addSite.php. +* (T239734) Replace deprecated lSize with lLen in Redis code. +* (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset. +* (T239428) ApiEditPage: Test for bad redirect targets. +* (T233342) rdbms: Log debug message traces as 'exception.trace' instead of + 'trace'. +* (T226751) media: Log and fail gracefully on invalid EXIF coordinates. +* (T212067) Work around PHP bug in parse_url. + +== MediaWiki 1.31.5 == + +This is a maintenance release of the MediaWiki 1.31 branch. + +=== Changes since MediaWiki 1.31.4 === +* Fix extra newlines in installer. +* Followup T230402, PermissionManager doesn't exist until 1.33, so fix the + backported patches to use User::isAllowed() instead. + +== MediaWiki 1.31.4 == + +This is a security and maintenance release of the MediaWiki 1.31 branch. + +=== Changes since MediaWiki 1.31.3 === +* (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3. +* The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification + of headers in private wikis. +* (T230402) SECURITY: Add permission check for suppressed account to + Special:Redirect. +* Add helper for HTTPFileStreamer header syntax. +* (T118799) Fix XMP parser errors due to trailing nullchar. +* (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy. +* (T202183) Give more specific error messages on Special:Redirect. +* Cache redirects from Special:Redirect. +* (T231386) dispatchUser() should use a 302 http status code. +* (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into + separate files to help allieviate potential migration problems. +* Make SQLite's patch-add-3d.sql a no-op to prevent clobbering other database + updates. + +== MediaWiki 1.31.3 == + +This is a maintenance release of the MediaWiki 1.31 branch. + +=== Changes since MediaWiki 1.31.2 === +* (T225558) Update installer link to PHP intl. +* (T225496) Detect APC for MainCacheType in CLI installer. +* (T226766) Remove jetbrains/phpstorm-stubs from composer dev dependancies. +* (T202211) Fix SQLite patch-(image|page|template)links-fix-pk.sql column order. + == MediaWiki 1.31.2 == -THIS IS NOT A RELEASE YET +This is a security and maintenance release of the MediaWiki 1.31 branch. Required PHP version has been increased from 7.0.0 to 7.0.13. @@ -83,6 +143,14 @@ Required PHP version has been increased from 7.0.0 to 7.0.13. reauthenticating. * FormSpecialPage::execute() will now call checkLoginSecurityLevel() if getLoginSecurityLevel() returns non-false. +* (T197279) SECURITY: Fix reauth in Special:ChangeEmail. +* (T208881) SECURITY: blacklist CSS var(). +* (T209794) SECURITY: rate-limit and prevent blocked users from changing email. +* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block. +* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query. +* (T222036, T222038) SECURITY: Add permission check for user is permitted to + view the log type. +* (T221739) SECURITY: resources: Patch jQuery 3.2.1 for CVE-2019-11358. == MediaWiki 1.31.1 ==