X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=RELEASE-NOTES-1.31;h=6421a043c4a57d576a4962262627fd0fee8438f0;hb=5b69f06a4b47acb0e0d89fbb3d66a6e35ed443f7;hp=7872403e416459fb177ea1f477c75987e08dff15;hpb=2bf035f9f4b7b864fd3e9f4164292f05905bac08;p=lhc%2Fweb%2Fwiklou.git diff --git a/RELEASE-NOTES-1.31 b/RELEASE-NOTES-1.31 index 7872403e41..6421a043c4 100644 --- a/RELEASE-NOTES-1.31 +++ b/RELEASE-NOTES-1.31 @@ -1,10 +1,36 @@ -== MediaWiki 1.31.1 == +== MediaWiki 1.31.2 == + +THIS IS NOT A RELEASE YET + +=== Changes since MediaWiki 1.31.1 === +* (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query all + titles when asked for none +* (T205967) Fix syntax error typo in postgres database upgrade file. +* (T200254) Add pear/Net_SMTP 1.7.3 to composer dependencies. +* (T206765) Load installer i18n when running update.php. +* (T109121) Remove deprecated pear/mail_mime-decode from composer suggested libraries. +* (T200595) Fix PHP 7.3 warnings of using "continue" in some scenarios instead + of "break". +* (T206979) Fix PHP 7.3 warnings of using "compact()" when some variables may + not be set. +* Fix PHP 7.3 warnings "preg_replace(): [...] invalid range in character class" +* (T207540) Include IP address in "Login for $1 succeeded" log entry. +* (T207541) Pass email address to mail(). +* (T207603) User JS may no longer be loaded with mime type text/javascript if + there is no account associated with the username. +* (T113042) Do not allow loading pages raw with a text/javascript MIME type if + non-admins can edit the page. -THIS IS NOT A RELEASE YET! +== MediaWiki 1.31.1 == This is a security and maintenance release of the MediaWiki 1.31 branch. === Changes since MediaWiki 1.31.0 === +* (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides + 'newbie'. +* (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's + account lock. +* (T199029, CVE-2018-13258) SECURITY: Tarball was missing .htaccess files. * (T197229) Bundle Nuke extension, it was accidentally omitted. * (T193995) Fix undefined patchPath() method call in parser tests. * (T198687) Fix various selectFields methods to use the string 'NULL', not null. @@ -13,8 +39,13 @@ This is a security and maintenance release of the MediaWiki 1.31 branch. * (T193829) Indicate when a Bot Password needs reset. * (T198037) GitInfo: Don't try shelling out if it's disabled. * (T151415) Log email changes. - -== MediaWiki 1.31 == +* (T197206) Fix performance regression when multiple DB used without caching. +* (T197030) PHPSessionHandler: Suppress headers warnings in initialize(). +* (T182377, T196793) Exif: Guard against uncountable tag values. +* (T200861) Fix total breakage of SQLite web upgrade. +* (T200864) Fix pingback over-reporting on non-MySQL databases +* (T202550) Unbreak SpecialListusersHeaderForm and SpecialListusersHeader + hooks. === Changes since MediaWiki 1.31.0-rc.2 === * (T195783) Initialize PSR-4 namespaces at same stage as normal autoloader. @@ -47,6 +78,10 @@ This is a security and maintenance release of the MediaWiki 1.31 branch. to the ar_text and ar_flags columns of the archive table or make those columns nullable before upgrading to MediaWiki 1.31. maintenance/archives/patch-nullable-ar_text.sql shows how to do this for MySQL. +* The CologneBlue and Modern skins are no longer bundled with the tarball. You + will need to remove the wfLoadSkin() calls from your LocalSettings.php or + download them separately + (). === Configuration changes in 1.31 === * $wgEnableAPI and $wgEnableWriteAPI are now deprecated and will be removed in