-== MediaWiki 1.31.1 ==
+== MediaWiki 1.31.2 ==
+
+THIS IS NOT A RELEASE YET
+
+=== Changes since MediaWiki 1.31.1 ===
+* (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query all
+ titles when asked for none
+* (T205967) Fix syntax error typo in postgres database upgrade file.
+* (T200254) Add pear/Net_SMTP 1.7.3 to composer dependencies.
+* (T206765) Load installer i18n when running update.php.
+* (T109121) Remove deprecated pear/mail_mime-decode from composer suggested libraries.
+* (T200595) Fix PHP 7.3 warnings of using "continue" in some scenarios instead
+ of "break".
+* (T206979) Fix PHP 7.3 warnings of using "compact()" when some variables may
+ not be set.
+* Fix PHP 7.3 warnings "preg_replace(): [...] invalid range in character class"
+* (T207540) Include IP address in "Login for $1 succeeded" log entry.
+* (T207541) Pass email address to mail().
+* (T207603) User JS may no longer be loaded with mime type text/javascript if
+ there is no account associated with the username.
+* (T113042) Do not allow loading pages raw with a text/javascript MIME type if
+ non-admins can edit the page.
-THIS IS NOT A RELEASE YET!
+== MediaWiki 1.31.1 ==
This is a security and maintenance release of the MediaWiki 1.31 branch.
=== Changes since MediaWiki 1.31.0 ===
+* (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
+ 'newbie'.
+* (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's
+ account lock.
+* (T199029, CVE-2018-13258) SECURITY: Tarball was missing .htaccess files.
* (T197229) Bundle Nuke extension, it was accidentally omitted.
* (T193995) Fix undefined patchPath() method call in parser tests.
* (T198687) Fix various selectFields methods to use the string 'NULL', not null.
* (T193829) Indicate when a Bot Password needs reset.
* (T198037) GitInfo: Don't try shelling out if it's disabled.
* (T151415) Log email changes.
-
-== MediaWiki 1.31 ==
+* (T197206) Fix performance regression when multiple DB used without caching.
+* (T197030) PHPSessionHandler: Suppress headers warnings in initialize().
+* (T182377, T196793) Exif: Guard against uncountable tag values.
+* (T200861) Fix total breakage of SQLite web upgrade.
+* (T200864) Fix pingback over-reporting on non-MySQL databases
+* (T202550) Unbreak SpecialListusersHeaderForm and SpecialListusersHeader
+ hooks.
=== Changes since MediaWiki 1.31.0-rc.2 ===
* (T195783) Initialize PSR-4 namespaces at same stage as normal autoloader.
to the ar_text and ar_flags columns of the archive table or make those
columns nullable before upgrading to MediaWiki 1.31.
maintenance/archives/patch-nullable-ar_text.sql shows how to do this for MySQL.
+* The CologneBlue and Modern skins are no longer bundled with the tarball. You
+ will need to remove the wfLoadSkin() calls from your LocalSettings.php or
+ download them separately
+ (<https://www.mediawiki.org/wiki/Special:SkinDistributor>).
=== Configuration changes in 1.31 ===
* $wgEnableAPI and $wgEnableWriteAPI are now deprecated and will be removed in
dépôts / lhc / web / wiklou.git / blobdiff