-== MediaWiki 1.31 ==
-
-THIS IS NOT A RELEASE YET
-
-MediaWiki 1.31 is an alpha-quality branch and is not recommended for use in
-production.
+== MediaWiki 1.31.8 ==
+
+This is a security and maintenance release of the MediaWiki 1.31 branch.
+
+=== Changes since MediaWiki 1.31.7 ===
+* (T199809) Don't invalidate BotPasswords if a password reset email is sent.
+* (T247017) PasswordReset performance improvements.
+* (T250568) Work around change in SimpleXMLElement behavior introduced in PHP
+ 7.3.17.
+* Remove some rotten and out of date documentation.
+* (T252311) Improvements to some older SQLite update patches.
+* (T240307) Minor fixes to extension.schema.v2.json and extension.schema.v1.json.
+* (T199474) Set rc_patrolled to 2 for autopatrolled changes in
+ rebuildrecentchanges.php.
+* (T229461) Update the change_tag table in rebuildrecentchanges.php.
+* (T206476) Call ob_start() before running tests.
+* (T234450) Per-user concurrency in SpecialContributions can now be limited by
+ setting $wgPoolCounterConf['SpecialContributions'] appropriately.
+* (T248947) SECURITY: img_auth.php may leak private extension images into the
+ public cache.
+
+== MediaWiki 1.31.7 ==
+
+This is a security and maintenance release of the MediaWiki 1.31 branch.
+
+=== Changes since MediaWiki 1.31.6 ===
+* (T193565, T234022) Re-add DB domain sanity checks to LoadBalancer.
+* Use proper SemVer comparison in CheckComposerLockUpToDate.
+* (T212738) Add the MW_VERSION constant, global $wgVersion is soft deprecated.
+* Update comment about PHP versions supported by The PHP Group.
+* (T247215) Fix output of RecountCategories::doWork().
+* Add check for page existence to view.php maintenance script.
+* (T247580) Disable some broken Selenium tests.
+* (T236509) SECURITY: Fix HTML escaping in UserGroupMembership::getLink().
+* (T246602) SECURITY: jquery.makeCollapsible allows applying event handler to any
+ CSS selector.
+
+== MediaWiki 1.31.6 ==
+
+This is a security and maintenance release of the MediaWiki 1.31 branch.
+
+=== Changes since MediaWiki 1.31.5 ===
+* (T181658) Do not insert page titles into querycache.qc_value.
+* (T206013) Suppress errors when reading invalid XML file properties.
+* (T237931) Remove references to pg_attrdef.adsrc in Postgres code.
+* Use correct value for 'sslmode' in DatabasePostgres.
+* (T232866) Fix support for HTTP/2 in MultiHttpClient.
+* (T227461) Stop calling deprecated Redis delete functions.
+* (T239561) Mark options as requiring parameters in addSite.php.
+* (T239734) Replace deprecated lSize with lLen in Redis code.
+* (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset.
+* (T239428) ApiEditPage: Test for bad redirect targets.
+* (T233342) rdbms: Log debug message traces as 'exception.trace' instead of
+ 'trace'.
+* (T226751) media: Log and fail gracefully on invalid EXIF coordinates.
+* (T212067) Work around PHP bug in parse_url.
+
+== MediaWiki 1.31.5 ==
+
+This is a maintenance release of the MediaWiki 1.31 branch.
+
+=== Changes since MediaWiki 1.31.4 ===
+* Fix extra newlines in installer.
+* Followup T230402, PermissionManager doesn't exist until 1.33, so fix the
+ backported patches to use User::isAllowed() instead.
+
+== MediaWiki 1.31.4 ==
+
+This is a security and maintenance release of the MediaWiki 1.31 branch.
+
+=== Changes since MediaWiki 1.31.3 ===
+* (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3.
+* The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification
+ of headers in private wikis.
+* (T230402) SECURITY: Add permission check for suppressed account to
+ Special:Redirect.
+* Add helper for HTTPFileStreamer header syntax.
+* (T118799) Fix XMP parser errors due to trailing nullchar.
+* (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy.
+* (T202183) Give more specific error messages on Special:Redirect.
+* Cache redirects from Special:Redirect.
+* (T231386) dispatchUser() should use a 302 http status code.
+* (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into
+ separate files to help allieviate potential migration problems.
+* Make SQLite's patch-add-3d.sql a no-op to prevent clobbering other database
+ updates.
+
+== MediaWiki 1.31.3 ==
+
+This is a maintenance release of the MediaWiki 1.31 branch.
+
+=== Changes since MediaWiki 1.31.2 ===
+* (T225558) Update installer link to PHP intl.
+* (T225496) Detect APC for MainCacheType in CLI installer.
+* (T226766) Remove jetbrains/phpstorm-stubs from composer dev dependancies.
+* (T202211) Fix SQLite patch-(image|page|template)links-fix-pk.sql column order.
+
+== MediaWiki 1.31.2 ==
+
+This is a security and maintenance release of the MediaWiki 1.31 branch.
+
+Required PHP version has been increased from 7.0.0 to 7.0.13.
+
+=== Changes since MediaWiki 1.31.1 ===
+* (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query all
+ titles when asked for none.
+* (T205967) Fix syntax error typo in postgres database upgrade file.
+* (T200254) Add pear/Net_SMTP 1.7.3 to composer dependencies.
+* (T206765) Load installer i18n when running update.php.
+* (T109121) Remove deprecated pear/mail_mime-decode from composer suggested libraries.
+ [Also in the bundled composer /vendor directory.]
+* Various PHP 7.2 and 7.3 compatibility fixes:
+ * (T200595, T206974) Fix PHP 7.3 warnings of using "continue" in some scenarios instead
+ of "break".
+ * (T206976, T206977) Also in the bundled LocalisationUpdate and ParserFunctions extensions.
+ * (T206979) Fix PHP 7.3 warnings of using "compact()" when some variables may
+ not be set.
+ * (T215632) FormatMetadata and UploadStash regexes fixed to be PHP 7.3-compatible.
+ * Fix PHP warnings "preg_replace(): [...] invalid range in character class.
+ * Avoid PHP 7.2 warnings in DBConRefTest about count() on non-Countable.
+ * Suppress "Headers already sent" in PHP 7.2 too.
+ * (T206476) Output only to stderr in unit tests.
+ * (T207112) Add session_write_close() calls to SessionManager tests.
+ * oyejorge/less.php replaced with our fork wikimedia/less.php
+ * (T209756) Updated wikimedia/ip-set from 1.2.0 to 1.3.0.
+ * (T213489) Avoid session double-start in Setup.php.
+ * (T206975) Switch to our fork of less.php.
+* (T207540) Include IP address in "Login for $1 succeeded" log entry.
+* (T201781) Database: Allow selectFieldValues() to accept SQL fragments.
+* (T205765) installer: Don't link to the obsolete "Extension Matrix" page.
+* (T206013) Update ImportableUploadRevisionImporter for interwiki usernames.
+* (T207541) Pass an email address, not a MailAddress, to mail().
+* (T207603) SECURITY: User JS may no longer be loaded with mime type text/javascript if
+ there is no account associated with the username.
+* (T112937, T113042) SECURITY: Do not allow loading pages raw with a text/javascript MIME
+ type if non-admins can edit the page.
+* (T17491) <ins>/<del> elements can be phrasing or flow.
+* (T200827) RemexCompatMunger: Don't call endTag() in case B/b
+* (T207088) Upgrade wikimedia/remex-html to 2.0.1.
+ [Also in the bundled composer /vendor directory.]
+* (T194052) Updated wikimedia/base-convert from 1.0.1 to 2.0.0.
+ [Also in the bundled composer /vendor directory.]
+* (T199494) Fix notices in maintenance/removeUnusuedAccounts.php.
+* Require ext-fileinfo in composer.json, per PHPVersionCheck.
+* (T176390) Bundled LocalisationUpdate extension: Handle exceptions from GitHubFetcher.
+* (T208255) Completion search should not change the search query.
+* (T209870) Fix SQL syntax error in MS-SQL initialisation file for new wikis.
+* (T185049) LogFormatter: Fail softer when trying to link an invalid titles.
+* (T210998) Properly set $wgLanguageCode in the generated LocalSettings.php
+ if --lang is used with the command-line installer (install.php).
+* (T211061) ImageListPager: Actor migration for buildQueryConds().
+* (T209335) Clarify the default sidebar 'Help' link is about MediaWiki itself.
+* Fix addition of ug_expiry column to user_groups table on MSSQL.
+* (T204767) Add join conditions to ActiveUsersPager.
+* (T210621) User: Bypass repeatable-read when creating an actor_id.
+* (T204531) rdbms: reduce LoadBalancer replication log spam.
+* (T195525) Fix db error outage page.
+* (T208871) The hard-coded Google search form on the database error page was
+ removed.
+* (T176097) Fix flaky MessageBlobStoreTest assertion failures.
+* (T209423) Update required PHP version to 7.0.13.
+* (T209885) Prevent populateSearchIndex.php from breaking once actor migration
+ has been started.
+* (T216968) Return pageid as int in both list=iwbacklinks and list=langbacklinks.
+* (T215169) Fix for Database::update() with IGNORE option fails on PostgreSQL.
+* (T204423) Backport support for hyphenated DB names in JobQueueGroup.
+* (T199474) Fix typo in rebuildrecentchanges.php resulting in rogue flags.
+* (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when
+ $wgBlockDisablesLogin is true.
+* (T216029) Chrome redirects to Special:BadTitle after editing a section with
+ a non-Latin name on a page with non-Latin characters in title.
+* (T219728) Added support for new Japanese era name "Reiwa".
+* (T25227) SECURITY: action=logout now requires to be posted and have a csrf token.
+* Updated cssjanus/cssjanus from 1.2.0 to 1.3.0.
+* (T222385) resourceloader: Use AND instead of OR for upsert conds in
+ saveFileDependencies().
+* (T224374) Fix message parameters so that the message that says SQLite is out of date
+ makes sense.
+* SpecialPage::checkLoginSecurityLevel() will now preserve POST data when
+ reauthenticating.
+* FormSpecialPage::execute() will now call checkLoginSecurityLevel() if
+ getLoginSecurityLevel() returns non-false.
+* (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
+* (T208881) SECURITY: blacklist CSS var().
+* (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
+* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
+* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
+* (T222036, T222038) SECURITY: Add permission check for user is permitted to
+ view the log type.
+* (T221739) SECURITY: resources: Patch jQuery 3.2.1 for CVE-2019-11358.
+
+== MediaWiki 1.31.1 ==
+
+This is a security and maintenance release of the MediaWiki 1.31 branch.
+
+=== Changes since MediaWiki 1.31.0 ===
+* (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
+ 'newbie'.
+* (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's
+ account lock.
+* (T199029, CVE-2018-13258) SECURITY: Tarball was missing .htaccess files.
+* (T197229) Bundle Nuke extension, it was accidentally omitted.
+* (T193995) Fix undefined patchPath() method call in parser tests.
+* (T198687) Fix various selectFields methods to use the string 'NULL', not null.
+* Special:BotPasswords now requires reauthentication.
+* (T191608, T187638) Add 'logid' parameter to Special:Log.
+* (T193829) Indicate when a Bot Password needs reset.
+* (T198037) GitInfo: Don't try shelling out if it's disabled.
+* (T151415) Log email changes.
+* (T197206) Fix performance regression when multiple DB used without caching.
+* (T197030) PHPSessionHandler: Suppress headers warnings in initialize().
+* (T182377, T196793) Exif: Guard against uncountable tag values.
+* (T200861) Fix total breakage of SQLite web upgrade.
+* (T200864) Fix pingback over-reporting on non-MySQL databases
+* (T202550) Unbreak SpecialListusersHeaderForm and SpecialListusersHeader
+ hooks.
+
+=== Changes since MediaWiki 1.31.0-rc.2 ===
+* (T195783) Initialize PSR-4 namespaces at same stage as normal autoloader.
+* (T196092) Hide MySQL binary/utf-8 charset option in the installer.
+* (T196185) Don't allow setting $wgDBmysql5 in the installer.
+* (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.
+* (T182366) UploadBase::checkXMLEncodingMissmatch() now works on PHP 7.1+
+* (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete hook.
+* (T196672) The mtime of extension.json files is now able to be zero
+* (T180403) Validate $length in padleft/padright parser functions.
+* (T143790) Make $wgEmailConfirmToEdit only affect edit actions.
+
+=== Changes since MediaWiki 1.31.0-rc.0 ===
+* (T33223) Drop archive.ar_text and ar_flags.
+* Add default edit rate limit of 90 edits/minute for all users.
+* (T187645) Use codepoint as tiebreaker when getting first-letters in
+ IcuCollation.
+* (T191947) Don't shell during the installer if shelling out is disabled.
+* (T194319) Improve duplicate config setting exception as part of extension
+ registration.
+* (T195211) Don't require trailing slash in PSR-4 autoloader directory.
+* (T186565) Fix PHP Notice from `ob_end_flush()` in `FileRepo::streamFile()`.
+* Do not incorrectly hide namespace input field in the installer.
+* (T186456) Refactor checks looking for PEAR maik libraries to be clearer.
+
+=== Important pre-upgrade notes for 1.31 ===
+* If you're using MySQL, SQLite, or MSSQL, are not using update.php to apply
+ schema changes, and cannot have downtime to run migrateArchiveText.php and
+ apply patch-drop-ar_text.sql manually, you'll have to apply a default value
+ to the ar_text and ar_flags columns of the archive table or make those
+ columns nullable before upgrading to MediaWiki 1.31.
+ maintenance/archives/patch-nullable-ar_text.sql shows how to do this for MySQL.
+* The CologneBlue and Modern skins are no longer bundled with the tarball. You
+ will need to remove the wfLoadSkin() calls from your LocalSettings.php or
+ download them separately
+ (<https://www.mediawiki.org/wiki/Special:SkinDistributor>).
=== Configuration changes in 1.31 ===
* $wgEnableAPI and $wgEnableWriteAPI are now deprecated and will be removed in
framework that it enables. Some extensions mistakenly used this to check
whether any AJAX functionality at all should be enabled, further making this
problematic to retain.
+* $wgDBmysql5 is now deprecated, and will be removed in a future version. It
+ has been marked as experimental ever since it was introduced.
+* Fix $magicWords for the Sanskrit language
=== New features in 1.31 ===
* (T76554) User sub-pages named ….json are now protected in the same way that
* Most code accessing rows for logged actions from the database should use
the relevant getQueryInfo() methods to get the information needed to build
the SQL query. The ActorMigration class may also be used to get feature
- -flagged information needed to access actor-related fields during the
- migration period.
+ -flagged information needed to access actor-related fields during the
+ migration period.
* Added Wikimedia\Rdbms\IDatabase::cancelAtomic(), to roll back an atomic
section without having to roll back the whole transaction.
* Wikimedia\Rdbms\IDatabase::doAtomicSection(), non-native ::insertSelect(),
property in extension.json. See the documentation at
<https://mediawiki.org/wiki/Manual:Extension.json/Schema#AutoloadNamespaces>
for more details and an example.
+* (T19099) Tabs which link to pages that don't exist (like those to uncreated
+ discussion pages) now have a tooltip to indicate state, not just colour.
=== External library changes in 1.31 ===
+* pear/mail, pear/mail_mime and pear/mail_mime-decode have been moved from
+ suggested to required. These packages now must be installed via composer
+ and not via PEAR itself.
==== Upgraded external libraries ====
* Updated jquery.chosen from v0.9.14 to v1.8.2.
* Updated wikimedia/php-session-serializer from 1.0.4 to 1.0.6.
* Updated wikimedia/remex-html from 1.0.2 to 1.0.3.
* Updated wikimedia/html-formatter from 1.0.1 to 1.0.2.
-* …
==== New external libraries ====
* Added wikimedia/object-factory 1.0.0
-* …
==== Removed and replaced external libraries ====
* (T17845) The deprecated 'jquery.badge' module was removed.
=== Bug fixes in 1.31 ===
* (T90902) Non-breaking space in header ID breaks anchor.
-* (T189375) CSSMin now allows quoted urls in `url()` syntax to start with a space.
+* (T189375) CSSMin now allows quoted urls in `url()` syntax to start with a
+ space.
+* (T2087, T10897, T87753, T174639) Whitespace created by category and language
+ links is now stripped rather than leaving blank lines in odd places.
+* (T3780) Uploads with UTF-8 names now work on PHP7.1+ on Windows servers.
+* (T182366) UploadBase::checkXMLEncodingMissmatch() now works on PHP 7.1+
=== Action API changes in 1.31 ===
* (T185058) The 'name' value to tgprop for action=query&list=tags has been
'watchlist' instead.
=== Action API internal changes in 1.31 ===
-* ApiBase::getProfileDBTime, deprecated since 1.25,
- was removed
-* ApiBase::getModuleProfileName, deprecated since 1.25, was removed
-* ApiBase::getProfileTime, deprecated since 1.25, was removed
+* ApiBase::getProfileDBTime, deprecated since 1.25, was removed.
+* ApiBase::getModuleProfileName, deprecated since 1.25, was removed.
+* ApiBase::getProfileTime, deprecated since 1.25, was removed.
=== Languages updated in 1.31 ===
MediaWiki supports over 350 languages. Many localisations are updated
* (T186647) New language support: Kumyk [къумукъ] (kum).
* (T187750) New language support: Spanish formal address (es-formal).
* (T187824) New language support: Hungarian formal address (hu-formal).
+* (T189127) New language support: Gorontalo (gor).
=== Breaking changes in 1.31 ===
* MessageBlobStore::insertMessageBlob(), deprecated in 1.27, was removed.
* $isCssJsSubpage — use ::isUserConfigPage()
* $isCssSubpage — use ::isUserCssConfigPage()
* $isJsSubpage — use ::isUserJsConfigPage()
- * $isWrongCaseCssJsPage – use ::isWrongCaseUserConfigPage()
- * ::getSummaryInput() – use ::getSummaryInputWidget()
- * ::getSummaryInputOOUI() – use ::getSummaryInputWidget()
- * ::getCheckboxes() – use ::getCheckboxesWidget() or
+ * $isWrongCaseCssJsPage – use ::isWrongCaseUserConfigPage()
+ * ::getSummaryInput() – use ::getSummaryInputWidget()
+ * ::getSummaryInputOOUI() – use ::getSummaryInputWidget()
+ * ::getCheckboxes() – use ::getCheckboxesWidget() or
::getCheckboxesDefinition()
- * ::getCheckboxesOOUI() – use ::getCheckboxesWidget() or
+ * ::getCheckboxesOOUI() – use ::getCheckboxesWidget() or
::getCheckboxesDefinition()
* ResourceLoaderModule::getPosition(), deprecated in 1.29, has been removed.
* In User, the cookie-related methods which were wrappers for the functions on
Note that User::setCookies() remains, and is not deprecated.
* Also in User, some auth-related methods which were deprecated in 1.27 have
been removed:
- * ::getEditTokenTimestamp() – use MediaWiki\Session\Token::getTimestamp()
- * ::getPasswordFactory() – create a PasswordFactory directly
+ * ::getEditTokenTimestamp() – use MediaWiki\Session\Token::getTimestamp()
+ * ::getPasswordFactory() – create a PasswordFactory directly
* ::passwordChangeInputAttribs()
* The global functions wfProfileIn and wfProfileOut, deprecated in 1.25, have
been removed.
* CommentStore::insertWithTemplate
* The following methods in Title have been renamed, and the old ones are
deprecated:
- * Title::getSkinFromCssJsSubpage – use ::getSkinFromConfigSubpage
- * Title::isCssOrJsPage – use ::isSiteConfigPage
- * Title::isCssJsSubpage – use ::isUserConfigPage
+ * Title::getSkinFromCssJsSubpage – use ::getSkinFromConfigSubpage
+ * Title::isCssOrJsPage – use ::isSiteConfigPage
+ * Title::isCssJsSubpage – use ::isUserConfigPage
* Title::isCssSubpage – use ::isUserCssConfigPage
* Title::isJsSubpage – use ::isUserJsConfigPage
* The following methods related to caching of half-parsed HTML were deprecated:
used instead.
* The function wfShellWikiCmd() has been deprecated, use
MediaWiki\Shell::makeScriptCommand().
+* In the future, the hooks 'PreferencesFormPreSave' and 'PreferencesGetLegend'
+ will be allowed to provide any HTMLForm object rather than PreferencesForm.
=== Other changes in 1.31 ===
* Browser support for Internet Explorer 10 was lowered from Grade A to Grade C.
table cells will not have this trimming behavior.
== Compatibility ==
-MediaWiki 1.31 requires PHP 7.0.0 or later. Although HHVM 3.18.5 or later is
-supported, it is generally advised to use PHP 7.0.0 or later for long term
-support.
+MediaWiki 1.31 requires PHP 7.0.13 or later. Although HHVM 3.18.5 or later is
+supported, it is generally advised to use PHP 7.0.13 or later for long term
+support. MediaWiki requires that the mbstring, xml, ctype, json, iconv and
+fileinfo PHP extensions are loaded to work.
MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
but support for them is somewhat less mature. There is experimental support for
dépôts / lhc / web / wiklou.git / blobdiff