X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=RELEASE-NOTES-1.27;h=e644ae4011a51b546c09199437c1f034275d74d0;hb=f9bcbb84e3625010d55227468f505764731a5d21;hp=7ddcdfbae27fd23bcf1303ddfe24dfae2f4bbd79;hpb=5fdf7d1918d6aee64fa3ece5c0d7690a10bea2c5;p=lhc%2Fweb%2Fwiklou.git diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27 index 7ddcdfbae2..e644ae4011 100644 --- a/RELEASE-NOTES-1.27 +++ b/RELEASE-NOTES-1.27 @@ -11,8 +11,10 @@ HHVM 3.1. Additionally, the following PHP extensions are required: * ctype * iconv * json -* mbstring +* mbstring (new requirement in 1.27) * xml +The following PHP extensions are strongly recommended: +* openssl === Configuration changes in 1.27 === * $wgAllowMicrodataAttributes and $wgAllowRdfaAttributes were removed, @@ -114,6 +116,31 @@ HHVM 3.1. Additionally, the following PHP extensions are required: module should express a dependency on it. * Removed configuration option $wgCopyrightIcon (deprecated since 1.18). Use $wgFooterIcons['copyright']['copyright'] instead. +* If the openssl and mcrypt PHP extensions are both unavailable, secure + session storage (used for login) will raise an exception. This exception may + be bypassed by setting $wgSessionInsecureSecrets = true. +* Massive overhaul to authentication: +** AuthPlugin and AuthPluginUser are deprecated. +** LoginForm and associated templates are deprecated. Extensions which called + static LoginForm methods should be converted into authentication providers. +** The following hooks are deprecated: +*** AbortAutoAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead) +*** AbortLogin (create a MediaWiki\Auth\PreAuthenticationProvider instead) +*** AbortNewAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead) +*** AddNewAccount (use LocalUserCreated instead) +*** AuthPluginSetup (create a MediaWiki\Auth\PrimaryAuthenticationProvider instead) +*** ChangePasswordForm (use AuthChangeFormFields instead, or security levels) +*** LoginUserMigrated (create a MediaWiki\Auth\PreAuthenticationProvider instead) +*** UserCreateForm (create a MediaWiki\Auth\AuthenticationProvider of some type instead) +*** UserLoginForm (create a MediaWiki\Auth\AuthenticationProvider of some type instead) +** The following hooks are removed: +*** AbortChangePassword +*** LoginPasswordResetMessage +*** PrefsPasswordAudit +** The UserLoginComplete hook will no longer be called for all logins, only for + those via the web UI. Use UserLoggedIn if you need to do something on all + logins. +** $wgRequirePasswordforEmailChange is removed. === New features in 1.27 === * $wgDataCenterUpdateStickTTL was also added. This decides how long a user @@ -190,6 +217,30 @@ HHVM 3.1. Additionally, the following PHP extensions are required: is deprecated. * (T33313) Add a preference for watching uploads by default, also applies to API-based upload tools. +* $wgJpegPixelFormat was added to override chroma subsampling for JPEG image + thumbnails created via ImageMagick. Defaults to 'yuv420', providing bandwidth + savings versus the previous behavior on many files. +* MediaWiki\Auth infrastructure (called "AuthManager") allows for more flexible + configuration of multiple authentication pieces that was possible with + AuthPlugin. For example, it's now easy to plug in second-factor + authentication, or add additional checks to the login process, or to support + multiple login methods at once, or to support non-password-based login methods. +** Providers are configured via the global setting $wgAuthManagerConfig. +** A global, $wgDisableAuthManager, is temporarily available to disable + AuthManager until extensions are ready to support it. +** New hook, AuthChangeFormFields, to adjust the form fields on + AuthManager-related special pages. +** New hook, AuthManagerLoginAuthenticateAudit, for additional logging of + AuthManager-related authentication requests. +** New hook, ChangeAuthenticationDataAudit, for additional logging of + AuthManager-related authentication data changes. +** New hook, SecuritySensitiveOperationStatus, to work with the new mechanism + for requiring a recent login before taking security-sensitive operations + like changing a password. +** Two new globals, $wgChangeCredentialsBlacklist and $wgRemoveCredentialsBlacklist + can be used to prevent the web UI and the API changing certain authentication data. +* The file upload dialog (available if you install WikiEditor or VisualEditor) + can now be configured using $wgUploadDialog. === External library changes in 1.27 === @@ -231,6 +282,18 @@ HHVM 3.1. Additionally, the following PHP extensions are required: merely need to change the username and password used after setting up a bot password. * action=upload no longer understands statuskey, asyncdownload or leavemessage. +* Several changes when $wgDisableAuthManager is false: +** action=login is deprecated for uses other than bot passwords. +** list=users can now indicate if a missing username is creatable. +** action=createaccount is changed in a non-backwards-compatible manner. +** Added action=query&meta=authmanagerinfo. +** Added action=clientlogin to be used to log into the main account instead of + action=login. +** Added action=linkaccount. +** Added action=unlinkaccount. +** Added action=changeauthenticationdata. +** Added action=removeauthenticationdata. +** Added action=resetpassword. === Action API internal changes in 1.27 === * ApiQueryORM removed. @@ -263,6 +326,7 @@ HHVM 3.1. Additionally, the following PHP extensions are required: * ApiMain::addFormat() was removed (deprecated in 1.21). * ApiMain::getFormats() was removed (deprecated in 1.21). * ApiPageSet::finishPageSetGeneration() was removed (deprecated in 1.21). +* ApiCreateAccount is deprecated, and will be removed soon. === Languages updated in 1.27 === @@ -463,6 +527,15 @@ changes to languages because of Phabricator reports. * Skin::tooltipAndAccesskeyAttribs was removed (deprecated since 1.21). * Skin::userTalkLink was removed (deprecated since 1.21). * Skin::userToolLinksRedContribs was removed (deprecated since 1.21). +* wikidiff3 is now the default and only PHP diff engine. It provides improved diff + performance on complex changes. $wgExternalDiffEngine = 'wikidiff3' therefore + makes no difference now. Users are still recommended to use wikidiff2 if possible, + though. +* User::addNewUserLogEntry() was deprecated. +* User::addNewUserLogEntryAutoCreate() was deprecated. +* User::isPasswordReminderThrottled() was deprecated. +* Bot-oriented parameters to Special:UserLogin (wpCookieCheck, wpSkipCookieCheck) + were removed. == Compatibility ==