X-Git-Url: http://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=RELEASE-NOTES-1.34;h=ed23b62e94bb1a9f6684d526585bcf8c489573db;hp=5fbd44451c04778af50ef4f913db1815a3cef2ba;hb=18c2d20c54f9851af639cb24603493ca197baaa8;hpb=0974c515c10806f37d9e8e388740ad3a83bd8f5b diff --git a/RELEASE-NOTES-1.34 b/RELEASE-NOTES-1.34 index 5fbd44451c..ed23b62e94 100644 --- a/RELEASE-NOTES-1.34 +++ b/RELEASE-NOTES-1.34 @@ -1,9 +1,80 @@ = MediaWiki 1.34 = -THIS IS NOT A RELEASE YET - -MediaWiki 1.34 is an pre-release testing branch, and is not recommended -for use in production. +== MediaWiki 1.34.2 == + +This is a security and maintenance release of the MediaWiki 1.34 branch. + +=== Changes since MediaWiki 1.34.1 === +* (T247017) PasswordReset performance improvements. +* The MultiHttpClient code will fallover to non-curl if curl_multi* is blocked. +* (T250568) Work around change in SimpleXMLElement behavior introduced in PHP + 7.3.17. +* (T251789) Let $wgResourceLoaderMaxQueryLength=-1 fallback to default. +* Remove some rotten and out of date documentation. +* (T252311) Improvements to some older SQLite update patches. +* (T240307) Minor fixes to extension.schema.v2.json and + extension.schema.v1.json. +* (T238043) cleanupUsersWithNoId.php: Handle missing fields. +* (T199474) Set rc_patrolled to 2 for autopatrolled changes in + rebuildrecentchanges.php. +* (T229461) Update the change_tag table in rebuildrecentchanges.php. +* (T249730) Password Reset Updates. +* (T234450) Per-user concurrency in SpecialContributions can now be limited by + setting $wgPoolCounterConf['SpecialContributions'] appropriately. +* (T248947) SECURITY: img_auth.php may leak private extension images into the + public cache. + +== MediaWiki 1.34.1 == + +This is a security and maintenance release of the MediaWiki 1.34 branch. + +=== Changes since MediaWiki 1.34.0 === +* (T211450) User: better error message when getActorId fails. +* (T241340) Don't redefine MW_ENTRY_POINT in thumb.php if already defined. +* (T236444) User: Allow newSystemUser() to create over anonymous actors. +* (T238483) Fix NewPagesPager "hide registered users" option. +* (T245072) mediawiki.language: Rename languageData back to languageNames. +* Use proper SemVer comparison in CheckComposerLockUpToDate. +* (T212738) Add the MW_VERSION constant, global $wgVersion is soft deprecated. +* (T246127) Fix error when initialising updateCollation.php. +* Update comment about PHP versions supported by The PHP Group. +* (T247215) Fix output of RecountCategories::doWork(). +* Add check for page existence to view.php maintenance script. +* (T245149) Fix fetching login token from action=query&meta=tokens on private + wikis. +* (T236509) SECURITY: Fix HTML escaping in UserGroupMembership::getLink(). +* (T232932) SECURITY: User content can redirect the logout button to different + URL. +* (T246602) SECURITY: jquery.makeCollapsible allows applying event handler to + any CSS selector. + +== MediaWiki 1.34.0 == + +=== Changes since MediaWiki 1.34.0-rc.1 === +* $wgDiffEngine (T237049) – This configuration can be used to specify which + difference engine to use. MediaWiki continues to default to automatically + choosing the first of $wgExternalDiffEngine, wikidiff2, or php that is + usable. +* (T231866) SqlBlobStore no longer needs Language object. +* (T236735) WikiExporter: Remove unnecessary check for SCHEMA_COMPAT_WRITE_OLD + flag. +* (T231673) Set MCR migration stage to SCHEMA_COMPAT_NEW. +* (T229601) Make sure DBLoadBalancerFactory service is not disabled. +* (T232866) Fix support for HTTP/2 in MultiHttpClient. +* (T231866) LocalisationCache: Don't instantiate ResourceLoader. +* (T227461) Stop calling deprecated Redis delete functions. +* (T239561) Mark options as requiring parameters in addSite.php. +* (T232866) Mimic CURLOPT_POST in GuzzleHttpRequest. +* (T239734) Replace deprecated lSize with lLen in Redis code. +* (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset. +* (T239428) ApiEditPage: Test for bad redirect targets. +* (T233342) rdbms: Log debug message traces as 'exception.trace' instead of + 'trace'. +* (T226751) media: Log and fail gracefully on invalid EXIF coordinates. +* (T240924) NewPagesPager: Fix namespace query conditions. +* (T212067) Tests for an old PHP bug in parse_url. + +== MediaWiki 1.34.0-rc.1 == === Changes since MediaWiki 1.34.0-rc.0 === * (T231742) rdbms: Restore debug toolbar "Queries" feature. @@ -19,6 +90,27 @@ for use in production. * (T235392) Deprecate setting Parser::mTitle to null. * Supporting commits for T235392 were also backported to prevent divergence from master (MediaWiki 1.35). +* (T234581) The 'jquery.tabIndex' module is deprecated. +* Fix docs for GetUserBlock hooks. +* Parser: Hard deprecate getConverterLanguage. +* (T236810) A number of public methods of Parser were exposed only for + historical reasons and have been deprecated: doMagicLinks, + doDoubleUnderscore, doHeadings, doAllQuotes, replaceExternalLinks, + replaceInternalLinks, replaceInternalLinks2, getVariableValue, + initialiseVariables, formatHeadings, testPst, testPreprocess, testSrvus, + areSubpagesAllowed, maybeDoSubpageLink, splitWhitespace, createAssocArgs, + armorLinks, makeKnownLinkHolder, getImageParams, parseLinkParameter, + stripAltText, replaceLinkHolders, replaceLinkHoldersText, armorLinks, + makeKnownLinkHolder, getImageParams, parseLinkParameter, stripAltText. +* (T30798) $wgServer must now always be set in LocalSettings.php. This is most + likely the case already for any wiki installed after 1.18. The autodetection + system was informally deprecated since 1.18 and vulnerable to cache poisoning + attacks. Older wikis may need to update their LocalSettings.php file. +* (T232169) Hard deprecate $wgSysopEmailBans. +* (T236628) Fix for ArticleRevisionViewCustom hook in DifferenceEngine.php. +* (T181658) Do not insert page titles into querycache.qc_value. +* ParamValidator has been flagged as unstable. +* Hard deprecate Parser::disableCache(). == MediaWiki 1.34.0-rc.0 == @@ -63,6 +155,10 @@ $wgPasswordPolicy['policies']['default']['PasswordNotInLargeBlacklist'] = false; redirects in their userspace unless the target of the redirect is also in their userspace. By default, this right is given to everyone. * (T226733) Add rate limiter to Special:ConfirmEmail. +* $wgDiffEngine (T237049) – This configuration can be used to specify which + difference engine to use. MediaWiki continues to default to automatically + choosing the first of $wgExternalDiffEngine, wikidiff2, or php that is + usable. ==== Changed configuration ==== * $wgUseCdn, $wgCdnServers, $wgCdnServersNoPurge, and $wgCdnMaxAge – These four @@ -76,6 +172,10 @@ $wgPasswordPolicy['policies']['default']['PasswordNotInLargeBlacklist'] = false; containing some HTML markup in metadata. As a result, the $wgAllowTitlesInSVG setting is no longer applied and is now always true. Note that MSIE 7 may still be able to misinterpret certain malformed PNG files as HTML. +* (T30798) $wgServer must now always be set in LocalSettings.php. This is most + likely the case already for any wiki installed after 1.18. The autodetection + system was informally deprecated since 1.18 and vulnerable to cache poisoning + attacks. Older wikis may need to update their LocalSettings.php file. * Introduced $wgVerifyMimeTypeIE to allow disabling the MSIE 6/7 file type detection heuristic on upload, which is more conservative than the checks that were changed above. @@ -191,7 +291,7 @@ $wgPasswordPolicy['policies']['default']['PasswordNotInLargeBlacklist'] = false; 'mime', 'mediadtype', 'bitdepth'. Clients that process these fields should first check if 'filemissing' is set. Fields that are supported even if the file is missing include: - 'canonicaltitle', ''archivename' (deleted files only), 'descriptionurl', + 'canonicaltitle', 'archivename' (deleted files only), 'descriptionurl', 'descriptionshorturl'. * The 'blockexpiry' result property in list=users and list=allusers will now be returned in the same format used by the rest of the API: ISO 8601 for @@ -639,7 +739,11 @@ because of Phabricator reports. reasons and have been deprecated: doMagicLinks, doDoubleUnderscore, doHeadings, doAllQuotes, replaceExternalLinks, replaceInternalLinks, replaceInternalLinks2, getVariableValue, initialiseVariables, formatHeadings, - testPst, testPreprocess, testSrvus, areSubpagesAllowed, maybeDoSubpageLink. + testPst, testPreprocess, testSrvus, areSubpagesAllowed, maybeDoSubpageLink, + splitWhitespace, createAssocArgs, armorLinks, makeKnownLinkHolder, + getImageParams, parseLinkParameter, stripAltText, replaceLinkHolders, + replaceLinkHoldersText, armorLinks, makeKnownLinkHolder, getImageParams, + parseLinkParameter, stripAltText. === Other changes in 1.34 === * Added option to specify "Various authors" as author in extension credits using