X-Git-Url: http://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=RELEASE-NOTES-1.31;h=82f1f9c49c5545c8027aec7c3b206adeb5764d97;hp=49d53bd39846a8a8bf5ec93c7dab3c52b814f344;hb=1785f7b24bb34b81b7d6045171421a51ca69ae3b;hpb=2a6e626af5cbccc520f4275e4ec042c4112b7194 diff --git a/RELEASE-NOTES-1.31 b/RELEASE-NOTES-1.31 index 49d53bd398..82f1f9c49c 100644 --- a/RELEASE-NOTES-1.31 +++ b/RELEASE-NOTES-1.31 @@ -1,15 +1,180 @@ -== MediaWiki 1.31 == +== MediaWiki 1.31.6 == THIS IS NOT A RELEASE YET -MediaWiki 1.31 is an alpha-quality branch and is not recommended for use in -production. +=== Changes since MediaWiki 1.31.5 === +* (T181658) Do not insert page titles into querycache.qc_value. + +== MediaWiki 1.31.5 == + +This is a maintenance release of the MediaWiki 1.31 branch. + +=== Changes since MediaWiki 1.31.4 === +* Fix extra newlines in installer. +* Followup T230402, PermissionManager doesn't exist until 1.33, so fix the + backported patches to use User::isAllowed() instead. + +== MediaWiki 1.31.4 == + +This is a security and maintenance release of the MediaWiki 1.31 branch. + +=== Changes since MediaWiki 1.31.3 === +* (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3. +* The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification + of headers in private wikis. +* (T230402) SECURITY: Add permission check for suppressed account to + Special:Redirect. +* Add helper for HTTPFileStreamer header syntax. +* (T118799) Fix XMP parser errors due to trailing nullchar. +* (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy. +* (T202183) Give more specific error messages on Special:Redirect. +* Cache redirects from Special:Redirect. +* (T231386) dispatchUser() should use a 302 http status code. +* (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into + separate files to help allieviate potential migration problems. +* Make SQLite's patch-add-3d.sql a no-op to prevent clobbering other database + updates. + +== MediaWiki 1.31.3 == + +This is a maintenance release of the MediaWiki 1.31 branch. + +=== Changes since MediaWiki 1.31.2 === +* (T225558) Update installer link to PHP intl. +* (T225496) Detect APC for MainCacheType in CLI installer. +* (T226766) Remove jetbrains/phpstorm-stubs from composer dev dependancies. +* (T202211) Fix SQLite patch-(image|page|template)links-fix-pk.sql column order. + +== MediaWiki 1.31.2 == + +This is a security and maintenance release of the MediaWiki 1.31 branch. + +Required PHP version has been increased from 7.0.0 to 7.0.13. + +=== Changes since MediaWiki 1.31.1 === +* (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query all + titles when asked for none. +* (T205967) Fix syntax error typo in postgres database upgrade file. +* (T200254) Add pear/Net_SMTP 1.7.3 to composer dependencies. +* (T206765) Load installer i18n when running update.php. +* (T109121) Remove deprecated pear/mail_mime-decode from composer suggested libraries. + [Also in the bundled composer /vendor directory.] +* Various PHP 7.2 and 7.3 compatibility fixes: + * (T200595, T206974) Fix PHP 7.3 warnings of using "continue" in some scenarios instead + of "break". + * (T206976, T206977) Also in the bundled LocalisationUpdate and ParserFunctions extensions. + * (T206979) Fix PHP 7.3 warnings of using "compact()" when some variables may + not be set. + * (T215632) FormatMetadata and UploadStash regexes fixed to be PHP 7.3-compatible. + * Fix PHP warnings "preg_replace(): [...] invalid range in character class. + * Avoid PHP 7.2 warnings in DBConRefTest about count() on non-Countable. + * Suppress "Headers already sent" in PHP 7.2 too. + * (T206476) Output only to stderr in unit tests. + * (T207112) Add session_write_close() calls to SessionManager tests. + * oyejorge/less.php replaced with our fork wikimedia/less.php + * (T209756) Updated wikimedia/ip-set from 1.2.0 to 1.3.0. + * (T213489) Avoid session double-start in Setup.php. + * (T206975) Switch to our fork of less.php. +* (T207540) Include IP address in "Login for $1 succeeded" log entry. +* (T201781) Database: Allow selectFieldValues() to accept SQL fragments. +* (T205765) installer: Don't link to the obsolete "Extension Matrix" page. +* (T206013) Update ImportableUploadRevisionImporter for interwiki usernames. +* (T207541) Pass an email address, not a MailAddress, to mail(). +* (T207603) SECURITY: User JS may no longer be loaded with mime type text/javascript if + there is no account associated with the username. +* (T112937, T113042) SECURITY: Do not allow loading pages raw with a text/javascript MIME + type if non-admins can edit the page. +* (T17491) / elements can be phrasing or flow. +* (T200827) RemexCompatMunger: Don't call endTag() in case B/b +* (T207088) Upgrade wikimedia/remex-html to 2.0.1. + [Also in the bundled composer /vendor directory.] +* (T194052) Updated wikimedia/base-convert from 1.0.1 to 2.0.0. + [Also in the bundled composer /vendor directory.] +* (T199494) Fix notices in maintenance/removeUnusuedAccounts.php. +* Require ext-fileinfo in composer.json, per PHPVersionCheck. +* (T176390) Bundled LocalisationUpdate extension: Handle exceptions from GitHubFetcher. +* (T208255) Completion search should not change the search query. +* (T209870) Fix SQL syntax error in MS-SQL initialisation file for new wikis. +* (T185049) LogFormatter: Fail softer when trying to link an invalid titles. +* (T210998) Properly set $wgLanguageCode in the generated LocalSettings.php + if --lang is used with the command-line installer (install.php). +* (T211061) ImageListPager: Actor migration for buildQueryConds(). +* (T209335) Clarify the default sidebar 'Help' link is about MediaWiki itself. +* Fix addition of ug_expiry column to user_groups table on MSSQL. +* (T204767) Add join conditions to ActiveUsersPager. +* (T210621) User: Bypass repeatable-read when creating an actor_id. +* (T204531) rdbms: reduce LoadBalancer replication log spam. +* (T195525) Fix db error outage page. +* (T208871) The hard-coded Google search form on the database error page was + removed. +* (T176097) Fix flaky MessageBlobStoreTest assertion failures. +* (T209423) Update required PHP version to 7.0.13. +* (T209885) Prevent populateSearchIndex.php from breaking once actor migration + has been started. +* (T216968) Return pageid as int in both list=iwbacklinks and list=langbacklinks. +* (T215169) Fix for Database::update() with IGNORE option fails on PostgreSQL. +* (T204423) Backport support for hyphenated DB names in JobQueueGroup. +* (T199474) Fix typo in rebuildrecentchanges.php resulting in rogue flags. +* (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when + $wgBlockDisablesLogin is true. +* (T216029) Chrome redirects to Special:BadTitle after editing a section with + a non-Latin name on a page with non-Latin characters in title. +* (T219728) Added support for new Japanese era name "Reiwa". +* (T25227) SECURITY: action=logout now requires to be posted and have a csrf token. +* Updated cssjanus/cssjanus from 1.2.0 to 1.3.0. +* (T222385) resourceloader: Use AND instead of OR for upsert conds in + saveFileDependencies(). +* (T224374) Fix message parameters so that the message that says SQLite is out of date + makes sense. +* SpecialPage::checkLoginSecurityLevel() will now preserve POST data when + reauthenticating. +* FormSpecialPage::execute() will now call checkLoginSecurityLevel() if + getLoginSecurityLevel() returns non-false. +* (T197279) SECURITY: Fix reauth in Special:ChangeEmail. +* (T208881) SECURITY: blacklist CSS var(). +* (T209794) SECURITY: rate-limit and prevent blocked users from changing email. +* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block. +* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query. +* (T222036, T222038) SECURITY: Add permission check for user is permitted to + view the log type. +* (T221739) SECURITY: resources: Patch jQuery 3.2.1 for CVE-2019-11358. + +== MediaWiki 1.31.1 == + +This is a security and maintenance release of the MediaWiki 1.31 branch. + +=== Changes since MediaWiki 1.31.0 === +* (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides + 'newbie'. +* (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's + account lock. +* (T199029, CVE-2018-13258) SECURITY: Tarball was missing .htaccess files. +* (T197229) Bundle Nuke extension, it was accidentally omitted. +* (T193995) Fix undefined patchPath() method call in parser tests. +* (T198687) Fix various selectFields methods to use the string 'NULL', not null. +* Special:BotPasswords now requires reauthentication. +* (T191608, T187638) Add 'logid' parameter to Special:Log. +* (T193829) Indicate when a Bot Password needs reset. +* (T198037) GitInfo: Don't try shelling out if it's disabled. +* (T151415) Log email changes. +* (T197206) Fix performance regression when multiple DB used without caching. +* (T197030) PHPSessionHandler: Suppress headers warnings in initialize(). +* (T182377, T196793) Exif: Guard against uncountable tag values. +* (T200861) Fix total breakage of SQLite web upgrade. +* (T200864) Fix pingback over-reporting on non-MySQL databases +* (T202550) Unbreak SpecialListusersHeaderForm and SpecialListusersHeader + hooks. === Changes since MediaWiki 1.31.0-rc.2 === * (T195783) Initialize PSR-4 namespaces at same stage as normal autoloader. * (T196092) Hide MySQL binary/utf-8 charset option in the installer. * (T196185) Don't allow setting $wgDBmysql5 in the installer. * (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported. +* (T182366) UploadBase::checkXMLEncodingMissmatch() now works on PHP 7.1+ +* (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete hook. +* (T196672) The mtime of extension.json files is now able to be zero +* (T180403) Validate $length in padleft/padright parser functions. +* (T143790) Make $wgEmailConfirmToEdit only affect edit actions. === Changes since MediaWiki 1.31.0-rc.0 === * (T33223) Drop archive.ar_text and ar_flags. @@ -31,6 +196,10 @@ production. to the ar_text and ar_flags columns of the archive table or make those columns nullable before upgrading to MediaWiki 1.31. maintenance/archives/patch-nullable-ar_text.sql shows how to do this for MySQL. +* The CologneBlue and Modern skins are no longer bundled with the tarball. You + will need to remove the wfLoadSkin() calls from your LocalSettings.php or + download them separately + (). === Configuration changes in 1.31 === * $wgEnableAPI and $wgEnableWriteAPI are now deprecated and will be removed in @@ -72,6 +241,7 @@ production. problematic to retain. * $wgDBmysql5 is now deprecated, and will be removed in a future version. It has been marked as experimental ever since it was introduced. +* Fix $magicWords for the Sanskrit language === New features in 1.31 === * (T76554) User sub-pages named ….json are now protected in the same way that @@ -166,6 +336,7 @@ production. * (T2087, T10897, T87753, T174639) Whitespace created by category and language links is now stripped rather than leaving blank lines in odd places. * (T3780) Uploads with UTF-8 names now work on PHP7.1+ on Windows servers. +* (T182366) UploadBase::checkXMLEncodingMissmatch() now works on PHP 7.1+ === Action API changes in 1.31 === * (T185058) The 'name' value to tgprop for action=query&list=tags has been @@ -429,9 +600,10 @@ changes to languages because of Phabricator reports. table cells will not have this trimming behavior. == Compatibility == -MediaWiki 1.31 requires PHP 7.0.0 or later. Although HHVM 3.18.5 or later is -supported, it is generally advised to use PHP 7.0.0 or later for long term -support. +MediaWiki 1.31 requires PHP 7.0.13 or later. Although HHVM 3.18.5 or later is +supported, it is generally advised to use PHP 7.0.13 or later for long term +support. MediaWiki requires that the mbstring, xml, ctype, json, iconv and +fileinfo PHP extensions are loaded to work. MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used, but support for them is somewhat less mature. There is experimental support for