-== MediaWiki 1.31 ==
-
-THIS IS NOT A RELEASE YET
-
-MediaWiki 1.31 is an alpha-quality branch and is not recommended for use in
-production.
+== MediaWiki 1.31.4 ==
+
+This is a security and maintenance release of the MediaWiki 1.31 branch.
+
+=== Changes since MediaWiki 1.31.3 ===
+* (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3.
+* The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification
+ of headers in private wikis.
+* (T230402) SECURITY: Add permission check for suppressed account to
+ Special:Redirect.
+* Add helper for HTTPFileStreamer header syntax.
+* (T118799) Fix XMP parser errors due to trailing nullchar.
+* (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy.
+* (T202183) Give more specific error messages on Special:Redirect.
+* Cache redirects from Special:Redirect.
+* (T231386) dispatchUser() should use a 302 http status code.
+* (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into
+ separate files to help allieviate potential migration problems.
+* Make SQLite's patch-add-3d.sql a no-op to prevent clobbering other database
+ updates.
+
+== MediaWiki 1.31.3 ==
+
+This is a maintenance release of the MediaWiki 1.31 branch.
+
+=== Changes since MediaWiki 1.31.2 ===
+* (T225558) Update installer link to PHP intl.
+* (T225496) Detect APC for MainCacheType in CLI installer.
+* (T226766) Remove jetbrains/phpstorm-stubs from composer dev dependancies.
+* (T202211) Fix SQLite patch-(image|page|template)links-fix-pk.sql column order.
+
+== MediaWiki 1.31.2 ==
+
+This is a security and maintenance release of the MediaWiki 1.31 branch.
+
+Required PHP version has been increased from 7.0.0 to 7.0.13.
+
+=== Changes since MediaWiki 1.31.1 ===
+* (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query all
+ titles when asked for none.
+* (T205967) Fix syntax error typo in postgres database upgrade file.
+* (T200254) Add pear/Net_SMTP 1.7.3 to composer dependencies.
+* (T206765) Load installer i18n when running update.php.
+* (T109121) Remove deprecated pear/mail_mime-decode from composer suggested libraries.
+ [Also in the bundled composer /vendor directory.]
+* Various PHP 7.2 and 7.3 compatibility fixes:
+ * (T200595, T206974) Fix PHP 7.3 warnings of using "continue" in some scenarios instead
+ of "break".
+ * (T206976, T206977) Also in the bundled LocalisationUpdate and ParserFunctions extensions.
+ * (T206979) Fix PHP 7.3 warnings of using "compact()" when some variables may
+ not be set.
+ * (T215632) FormatMetadata and UploadStash regexes fixed to be PHP 7.3-compatible.
+ * Fix PHP warnings "preg_replace(): [...] invalid range in character class.
+ * Avoid PHP 7.2 warnings in DBConRefTest about count() on non-Countable.
+ * Suppress "Headers already sent" in PHP 7.2 too.
+ * (T206476) Output only to stderr in unit tests.
+ * (T207112) Add session_write_close() calls to SessionManager tests.
+ * oyejorge/less.php replaced with our fork wikimedia/less.php
+ * (T209756) Updated wikimedia/ip-set from 1.2.0 to 1.3.0.
+ * (T213489) Avoid session double-start in Setup.php.
+ * (T206975) Switch to our fork of less.php.
+* (T207540) Include IP address in "Login for $1 succeeded" log entry.
+* (T201781) Database: Allow selectFieldValues() to accept SQL fragments.
+* (T205765) installer: Don't link to the obsolete "Extension Matrix" page.
+* (T206013) Update ImportableUploadRevisionImporter for interwiki usernames.
+* (T207541) Pass an email address, not a MailAddress, to mail().
+* (T207603) SECURITY: User JS may no longer be loaded with mime type text/javascript if
+ there is no account associated with the username.
+* (T112937, T113042) SECURITY: Do not allow loading pages raw with a text/javascript MIME
+ type if non-admins can edit the page.
+* (T17491) <ins>/<del> elements can be phrasing or flow.
+* (T200827) RemexCompatMunger: Don't call endTag() in case B/b
+* (T207088) Upgrade wikimedia/remex-html to 2.0.1.
+ [Also in the bundled composer /vendor directory.]
+* (T194052) Updated wikimedia/base-convert from 1.0.1 to 2.0.0.
+ [Also in the bundled composer /vendor directory.]
+* (T199494) Fix notices in maintenance/removeUnusuedAccounts.php.
+* Require ext-fileinfo in composer.json, per PHPVersionCheck.
+* (T176390) Bundled LocalisationUpdate extension: Handle exceptions from GitHubFetcher.
+* (T208255) Completion search should not change the search query.
+* (T209870) Fix SQL syntax error in MS-SQL initialisation file for new wikis.
+* (T185049) LogFormatter: Fail softer when trying to link an invalid titles.
+* (T210998) Properly set $wgLanguageCode in the generated LocalSettings.php
+ if --lang is used with the command-line installer (install.php).
+* (T211061) ImageListPager: Actor migration for buildQueryConds().
+* (T209335) Clarify the default sidebar 'Help' link is about MediaWiki itself.
+* Fix addition of ug_expiry column to user_groups table on MSSQL.
+* (T204767) Add join conditions to ActiveUsersPager.
+* (T210621) User: Bypass repeatable-read when creating an actor_id.
+* (T204531) rdbms: reduce LoadBalancer replication log spam.
+* (T195525) Fix db error outage page.
+* (T208871) The hard-coded Google search form on the database error page was
+ removed.
+* (T176097) Fix flaky MessageBlobStoreTest assertion failures.
+* (T209423) Update required PHP version to 7.0.13.
+* (T209885) Prevent populateSearchIndex.php from breaking once actor migration
+ has been started.
+* (T216968) Return pageid as int in both list=iwbacklinks and list=langbacklinks.
+* (T215169) Fix for Database::update() with IGNORE option fails on PostgreSQL.
+* (T204423) Backport support for hyphenated DB names in JobQueueGroup.
+* (T199474) Fix typo in rebuildrecentchanges.php resulting in rogue flags.
+* (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when
+ $wgBlockDisablesLogin is true.
+* (T216029) Chrome redirects to Special:BadTitle after editing a section with
+ a non-Latin name on a page with non-Latin characters in title.
+* (T219728) Added support for new Japanese era name "Reiwa".
+* (T25227) SECURITY: action=logout now requires to be posted and have a csrf token.
+* Updated cssjanus/cssjanus from 1.2.0 to 1.3.0.
+* (T222385) resourceloader: Use AND instead of OR for upsert conds in
+ saveFileDependencies().
+* (T224374) Fix message parameters so that the message that says SQLite is out of date
+ makes sense.
+* SpecialPage::checkLoginSecurityLevel() will now preserve POST data when
+ reauthenticating.
+* FormSpecialPage::execute() will now call checkLoginSecurityLevel() if
+ getLoginSecurityLevel() returns non-false.
+* (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
+* (T208881) SECURITY: blacklist CSS var().
+* (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
+* (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
+* (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
+* (T222036, T222038) SECURITY: Add permission check for user is permitted to
+ view the log type.
+* (T221739) SECURITY: resources: Patch jQuery 3.2.1 for CVE-2019-11358.
+
+== MediaWiki 1.31.1 ==
+
+This is a security and maintenance release of the MediaWiki 1.31 branch.
+
+=== Changes since MediaWiki 1.31.0 ===
+* (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
+ 'newbie'.
+* (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's
+ account lock.
+* (T199029, CVE-2018-13258) SECURITY: Tarball was missing .htaccess files.
+* (T197229) Bundle Nuke extension, it was accidentally omitted.
+* (T193995) Fix undefined patchPath() method call in parser tests.
+* (T198687) Fix various selectFields methods to use the string 'NULL', not null.
+* Special:BotPasswords now requires reauthentication.
+* (T191608, T187638) Add 'logid' parameter to Special:Log.
+* (T193829) Indicate when a Bot Password needs reset.
+* (T198037) GitInfo: Don't try shelling out if it's disabled.
+* (T151415) Log email changes.
+* (T197206) Fix performance regression when multiple DB used without caching.
+* (T197030) PHPSessionHandler: Suppress headers warnings in initialize().
+* (T182377, T196793) Exif: Guard against uncountable tag values.
+* (T200861) Fix total breakage of SQLite web upgrade.
+* (T200864) Fix pingback over-reporting on non-MySQL databases
+* (T202550) Unbreak SpecialListusersHeaderForm and SpecialListusersHeader
+ hooks.
+
+=== Changes since MediaWiki 1.31.0-rc.2 ===
+* (T195783) Initialize PSR-4 namespaces at same stage as normal autoloader.
+* (T196092) Hide MySQL binary/utf-8 charset option in the installer.
+* (T196185) Don't allow setting $wgDBmysql5 in the installer.
+* (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.
+* (T182366) UploadBase::checkXMLEncodingMissmatch() now works on PHP 7.1+
+* (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete hook.
+* (T196672) The mtime of extension.json files is now able to be zero
+* (T180403) Validate $length in padleft/padright parser functions.
+* (T143790) Make $wgEmailConfirmToEdit only affect edit actions.
+
+=== Changes since MediaWiki 1.31.0-rc.0 ===
+* (T33223) Drop archive.ar_text and ar_flags.
+* Add default edit rate limit of 90 edits/minute for all users.
+* (T187645) Use codepoint as tiebreaker when getting first-letters in
+ IcuCollation.
+* (T191947) Don't shell during the installer if shelling out is disabled.
+* (T194319) Improve duplicate config setting exception as part of extension
+ registration.
+* (T195211) Don't require trailing slash in PSR-4 autoloader directory.
+* (T186565) Fix PHP Notice from `ob_end_flush()` in `FileRepo::streamFile()`.
+* Do not incorrectly hide namespace input field in the installer.
+* (T186456) Refactor checks looking for PEAR maik libraries to be clearer.
=== Important pre-upgrade notes for 1.31 ===
* If you're using MySQL, SQLite, or MSSQL, are not using update.php to apply
to the ar_text and ar_flags columns of the archive table or make those
columns nullable before upgrading to MediaWiki 1.31.
maintenance/archives/patch-nullable-ar_text.sql shows how to do this for MySQL.
+* The CologneBlue and Modern skins are no longer bundled with the tarball. You
+ will need to remove the wfLoadSkin() calls from your LocalSettings.php or
+ download them separately
+ (<https://www.mediawiki.org/wiki/Special:SkinDistributor>).
=== Configuration changes in 1.31 ===
* $wgEnableAPI and $wgEnableWriteAPI are now deprecated and will be removed in
framework that it enables. Some extensions mistakenly used this to check
whether any AJAX functionality at all should be enabled, further making this
problematic to retain.
-* Add default edit rate limit of 90 edits/minute for all users.
* $wgDBmysql5 is now deprecated, and will be removed in a future version. It
has been marked as experimental ever since it was introduced.
+* Fix $magicWords for the Sanskrit language
=== New features in 1.31 ===
* (T76554) User sub-pages named ….json are now protected in the same way that
* (T2087, T10897, T87753, T174639) Whitespace created by category and language
links is now stripped rather than leaving blank lines in odd places.
* (T3780) Uploads with UTF-8 names now work on PHP7.1+ on Windows servers.
-* (T186565) Fix PHP Notice from `ob_end_flush()` in `FileRepo::streamFile()`.
+* (T182366) UploadBase::checkXMLEncodingMissmatch() now works on PHP 7.1+
=== Action API changes in 1.31 ===
* (T185058) The 'name' value to tgprop for action=query&list=tags has been
wikitext table captions, wikitext table headings, wikitext table cells. HTML
headings, HTML list items, HTML table captions, HTML table headings, HTML
table cells will not have this trimming behavior.
-* (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.
== Compatibility ==
-MediaWiki 1.31 requires PHP 7.0.0 or later. Although HHVM 3.18.5 or later is
-supported, it is generally advised to use PHP 7.0.0 or later for long term
-support.
+MediaWiki 1.31 requires PHP 7.0.13 or later. Although HHVM 3.18.5 or later is
+supported, it is generally advised to use PHP 7.0.13 or later for long term
+support. MediaWiki requires that the mbstring, xml, ctype, json, iconv and
+fileinfo PHP extensions are loaded to work.
MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
but support for them is somewhat less mature. There is experimental support for
dépôts / lhc / web / wiklou.git / blobdiff