1 Change notes from older releases. For current info, see RELEASE-NOTES-1.43.
5 PHP 8.1 workboard: https://phabricator.wikimedia.org/tag/php_8.1_support/
6 PHP 8.2 workboard: https://phabricator.wikimedia.org/tag/php_8.2_support/
7 PHP 8.3 workboard: https://phabricator.wikimedia.org/tag/php_8.3_support/
11 This is a maintenance release of the MediaWiki 1.42 branch.
13 === Changes since MediaWiki 1.42.0 ===
14 * Localisation updates.
15 * Name the PagerTools array entries to allow hooks to unset them.
17 == MediaWiki 1.42.0 ==
19 === Changes since MediaWiki 1.42.0-rc.0 ===
20 * Localisation updates.
21 * wrapOldPasswords: Improve progress output and decrease batch size.
22 * (T365060) Serialization test cases: fix filename after ParserOutput
24 * Use virtual domain when running update maintenance scripts.
25 * (T361367) ApiFeedWatchlist: Fix handling of array parameters.
26 * (T366130) EncryptedPassword: Store default parameters as strings.
28 == MediaWiki 1.42.0-rc.0 ==
30 == Upgrading notes for 1.42 ==
31 Don't forget to always back up your database before upgrading!
33 See the file UPGRADE for more detailed per-version upgrade instructions from the
34 oldest supported upgrading version, MediaWiki 1.35.
36 Some specific notes for MediaWiki 1.42 upgrades are below:
37 * MediaWiki 1.42 requires PHP 8.1 or above (up from 7.4) (T359868).
38 * MediaWiki now requires Composer 2.x, and any related (vendor) files generated
39 by Composer must be generated by Composer 2.x. Composer 1.x is mostly end of
40 life by upstream, and using it will result in slower actions when downloading
41 and installing packages. See the upstream blog post at
42 https://blog.packagist.com/deprecating-composer-1-support/ for further
45 For notes on 1.41.x and older releases, see HISTORY.
47 === Configuration changes for system administrators in 1.42 ===
48 * Composer 1.x is no longer supported, and can no longer be used with MediaWiki.
50 ==== New configuration ====
51 * $wgMicroStashType: This setting allows for control of the object cache backend
52 for the MicroStash service.
53 * $wgEditRecoveryExpiry: This setting sets the number of seconds for which to
54 keep edit recovery data after each edit is stored.
55 * $wgDjvuUseBoxedCommand and $wgDjvuShell: The first is a temporary flag to
56 control whether or not to use BoxedCommand when wrapping DejaVu rendering, and
57 the second sets the command to call if so.
58 * $wgConditionalUserOptions: This setting makes it possible to define which user
59 properties have defaults varying by user, without growing the user_properties
60 table. The typical use-case is to enable a feature only for users created
61 after a certain date when rolling out features on large wiki farms.
62 * $wgGrantRiskGroups: This setting controls the risk levels for each grant, used
63 to indicate on various UIs which grants should be considered risky. (T290790)
64 * $wgTempAccountCreationThrottle: This setting is like AccountCreationThrottle,
65 but to be used for managing temporary account creations.
67 ==== Changed configuration ====
68 * $wgAutoCreateTempUser: This setting (in active development), which configures
69 automatic 'temporary' user creation on page save, has had two changes:
70 - it now supports multiple match patterns on the 'matchPattern' key; and
71 - it now uses a different format for deciding how to label temporary accounts;
72 if your wiki used temporary accounts before 1.42, you will need to override
73 the configuration value to also match the old format of *$1.
74 * $wgLogActionsHandlers: This setting, which configures handlers for different
75 log actions, is now ObjectFactory compatible.
76 * $wgBotPasswordsCluster and $wgBotPasswordsDatabase: These settings have been
77 deprecated; use $wgVirtualDomainsMapping['virtual-botpasswords'] instead.
78 * $wgMainPageIsDomainRoot: This setting is no longer considered experimental.
80 ==== Removed configuration ====
81 * $wgDisableCookieCheck: Removed without deprecation.
82 * $wgStatsCacheType: Removed without deprecation. Set $wgMicroStashType instead.
83 * $wgJobSerialCommitThreshold: Removed without deprecation. Any setups using
84 this config will perform just fine, but might be less performant.
85 * $wgLogoHD: Deprecated since 1.35. Use $wgLogo instead.
86 * $wgContentHandlerTextFallback: Deprecated since 1.37. No longer customizable.
87 * $wgSquidPurgeUseHostHeader: Deprecated since 1.33. No longer customizable, and
89 * $wgAllowImageTag: Deprecated since 1.35. Instead, you can register an
90 extension tag named <img>.
91 * $wgMinimalPasswordLength and $wgMaximalPasswordLength: Deprecated since 1.26.
92 Use $wgPasswordPolicy instead.
93 * $wgUseMediaWikiUIEverywhere: Experimental, removed without deprecation.
94 * $wgHTMLFormAllowTableFormat: Experimental, removed without deprecation.
95 * $wgOpenSearchTemplate: Deprecated since 1.25. Instead, you can use
96 $wgOpenSearchTemplates['application/x-suggestions+json'].
97 * $wgUseSameSiteLegacyCookies: Removed without deprecation.
99 === New user-facing features in 1.42 ===
100 * (T308160) filter: is now allowed in inline CSS in wikitext
102 === New developer features in 1.42 ===
103 * (T326466) MediaWikiIntegrationTestCase's database and set-up code now avoids
104 using dynamic properties, which was causing deprecation warnings in PHP 8.2.
105 * (T13555) MediaWiki now includes styles that allow more accessible markup for
106 section headings. MediaWiki's own HTML output will be changed in the future.
107 More information: https://www.mediawiki.org/wiki/Heading_HTML_changes
108 * (T193472) PHP Notice and Warning errors that are silenced (e.g. by the "@"
109 operator, error_reporting directive, or Wikimedia\AtEase) are now logged to
110 a new "silenced-error" channel.
111 * (T347347) The CLI installer accepts a "--with-developmentsettings" argument
112 to require the DevelopmentSettings.php file at install time.
113 * (T350054) MediaWiki's ResourceLoader has been updated to add basic support
114 for code-splitting (aka "tree-shaking") when using the Codex component
115 library. A ResourceLoader module can now specify a list of "codexComponents"
116 in its module defintion and ensure that only the code for those components
117 gets sent to the client. More information:
118 https://www.mediawiki.org/wiki/Codex#Subset_of_components
119 * (T345185) The SessionProviderInterface now allows defining providers that
120 are exempt from rights checks when auto creating users.
122 === External library changes in 1.42 ===
124 ==== New external libraries ====
125 * Added mediawiki/json-codec at v2.2.1.
126 * Added mck89/peast at v1.16.2.
128 ==== Changed external libraries ====
129 * Updated OOUI from v0.48.1 to v0.49.1.
130 * Updated OOjs Router from 0.3.0 to 0.5.0.
131 * Updated codex, codex-design-tokens and codex-icons
132 from v1.0.0 to v1.3.6.
133 * Updated Vue from v3.2.37-compat to v3.3.9.
134 * Updated composer/semver from 3.3.2 to 3.4.0.
135 * Updated guzzlehttp/guzzle from 7.5.3 to 7.7.1.
136 * Updated monolog/monolog from 2.2.0 to 2.9.2.
137 * Updated pear/mail from 1.5.1 to 1.6.0.
138 * Updated pear/mail_mime from 1.10.11 to 1.10.12.
139 * Updated pear/net_smtp from 1.10.1 to 1.11.1.
140 * Updated psr/http-message from 1.0.1 to 1.1.
141 * Updated symfony/polyfill-php80 from 1.28.0 to 1.29.0.
142 * Updated symfony/polyfill-php81 from 1.28.0 to 1.29.0.
143 * Updated symfony/polyfill-php82 from 1.28.0 to 1.29.0.
144 * Updated symfony/polyfill-php83 from 1.28.0 to 1.29.0.
145 * Updated symfony/yaml from 5.4.23 to 5.4.35.
146 * Updated wikimedia/less.php from 4.1.1 to 4.2.1.
147 * Updated wikimedia/minify from 2.5.1 to 2.7.0.
148 * Updated wikimedia/relpath from 3.0.0 to 4.0.0.
149 * Updated wikimedia/remex-html from 4.0.1 to 4.1.0.
150 * Updated wikimedia/shellbox from 4.0.0 to 4.0.1.
152 ===== Changed development-only external libraries =====
153 * Updated QUnit from v2.19.4 to v2.20.0.
154 * Updated composer/spdx-licenses from 1.5.7 to 1.5.8.
155 * Updated doctrine/dbal from 3.4.2 to 3.7.2.
156 * Updated doctrine/sql-formatter from 1.1.1 to 1.1.3.
157 * Updated grunt-banana-checker from 0.11.0 to 0.11.1.
158 * Updated mediawiki/mediawiki-codesniffer from 42.0.0 to 43.0.0.
159 * Updated mediawiki/mediawiki-phan-config from 0.13.0 to 0.14.0.
160 * Updated php-parallel-lint/php-parallel-lint from 1.3.2 to 1.4.0.
161 * Updated phpunit/phpunit from 9.5.28 to 9.6.16.
162 * Updated psy/psysh from ^0.11.1 to ^0.12.3.
163 * Updated seld/jsonlint from 1.8.3 to 1.10.1.
164 * Updated wikimedia/testing-access-wrapper from 2.0.0 to 3.0.0.
166 === Action API changes in 1.42 ===
167 * APIQueryTags now includes "software" in the "source" array for software
168 generated tags. Reliance on the "extension" entries in this array is now
169 deprecated, but they will remain for backwards compatibility.
171 === Languages updated in 1.42 ===
172 MediaWiki supports over 350 languages. Many localisations are updated regularly.
173 Below only new and removed languages are listed, as well as changes to languages
174 because of Phabricator reports.
176 * (T268143) Language variant conversion has been removed for Kazakh.
177 * (T352776) Updated autonym spelling for the Mon language (mnw).
178 * (T351874) Added language support for Komering (kge).
179 * (T351992) Added language support for Efik (efi).
180 * (T352954) Added language support for Rutul (rut).
181 * (T353058) Added language support for Arbëresh (aae).
182 * (T353307) Added language support for Guadeloupean Creole (gcf).
183 * (T353500) Added language support for Southeastern Kolami (nit).
184 * (T354519) Added language support for Tooro (ttj).
185 * (T354926) Added language support for Nyoro (nyo).
186 * (T356616) Added language support for Chinook Jargon (chn).
187 * (T357879) Added language support for Ibibio (ibb).
189 === Breaking changes in 1.42 ===
190 * (T340802) ResourceLoader: The targets system is no longer active; all modules
191 will load on all platforms even if they are marked as desktop- or mobile-only
192 in the 'targets' field, which is no longer read. As part of this, the internal
193 methods RL\Module::setTarget() & ::getTargets(), and OutputPage::setTarget(),
195 * TitleArray, deprecated since 1.41, has been removed.
196 * UserRightsProxy, deprecated since 1.38, has been removed.
197 * SiteConfiguration::getConfig(), deprecated in 1.41, has been removed.
198 * UserLoginCompleteHook is always called with its $direct parameter set to
199 boolean true. The false case has been removed.
200 * MagicWord::load() has been marked @internal, and may change in the future
201 without further notice.
202 * All classes that implemented the IDBAccessObject interface and all interfaces
203 that extended it, no longer do that. See https://w.wiki/9DAX for more info.
204 * The type of the last parameter of BeforeInitializeHook::onBeforeInitialize()
205 and MediaWikiPerformActionHook::onMediaWikiPerformAction() changed from the
206 MediaWiki class to the new ActionEntryPoint. Relevant methods are still
207 available on the object.
208 * Classes that override Maintenance::finalSetup() must now declare the $settings
209 parameter and pass it on when calling the parent implementation.
210 MaintenanceRunner will always provide this parameter when calling
212 * WebResponse::disableForPostSend() is no longer static.
213 * MediaWiki's virtualrest internal library has been removed, in favor of just
214 using other HTTP libraries: Guzzle, MultiHttpClient or MwHttpRequest.
215 * Several deprecated methods have been removed from the Content interface,
216 in favor of the respective methods in ContentHandlers. Callers should
217 use a more narrow interface like ContentRenderer or ContentTransformer
218 when possible. The following methods have been removed from Content:
223 * User::blockedFor() and AbstractBlock::getReason(), deprecated in 1.35, have
224 been removed. Use AbstractBlock::getReasonComment() instead.
225 * SerializedValueContainer::newUnified(), deprecated in 1.41 has been removed.
226 * Use of ActorMigration for any of the following tables, deprecated since 1.34,
227 is no longer supported:
235 * ParserOutput::setFlag() and ::getFlag(), deprecated in 1.38, were removed. You
236 should use ::setOutputFlag() and ::getOutputFlag() instead.
237 * ParserOutput::getCategories(), deprecated in 1.40, has been removed. You
238 should use ::getCategoryNames() and ::getCategorySortKey() instead.
239 * ParserOutput::getTOCHTML(), deprecated in 1.40, has been removed. You should
240 use ::getTOCData() instead.
241 * The parser does not substitute the default category sort key at parse time;
242 this is substituted when the category links table is updated instead. As a
243 result {{DEFAULTSORT}} will affect all the contents of the page (not just
244 categories added after the location of {{DEFAULTSORT}} in the article) and
245 ParserOutput::getCategorySortKey() will return the empty string (still
246 meaning "use the default sort key") instead of the immediate value of
247 {{DEFAULTSORT}}. ParserOutput::getCategorySortKey() will directly reflect the
248 category link contents, instead of having post-processing done to it
249 (character references decoded, new lines replaced, language conversion). That
250 post-processing is now done when the category links table is updated, and so
251 it consistently applies even when categories are added directly via API.
252 * PostgresUpdater::addPgEnumValue() unused everywhere, have been removed
253 without deprecation. Use of ENUM is highly discouraged.
254 * ILoadBalancer::getAnyOpenConnection() has been removed without deprecation,
255 use ::getConnection() instead.
256 * The unused method CommentStore::getFields() has been removed without
258 * LanguageConverter's internal properties, all deprecated in 1.35 or 1.36, have
259 now had their deprecated property accessors dropped:
264 - mVarSeparatorPattern
275 * OutputPage::addParserOutputText has been marked @internal since there are no
276 known users of it. Its old behavior has been deprecated and will change
277 in the future without further notice.
278 * A some methods of ConnectionManager and SessionConsistentConnectionManager,
279 previously deprecated, have been removed:
280 - ::releaseConnection(), deprecated in 1.38; do not use
281 - ::getWriteConnectionRef(), deprecated in 1.39; use getWriteConnection()
282 - ::getReadConnectionRef(), deprecated in 1.38; use getReadConnection()
283 - ::getLazyWriteConnectionRef(), deprecated in 1.39; use getWriteConnection()
284 - ::getLazyReadConnectionRef(), deprecated in 1.38; use getReadConnection()
285 * CoreParserFunctions::mwnamespace(), deprecated in 1.39, has been removed. Use
286 CoreParserFunctions::namespace() instead.
287 * Processor:: and ExtensionProcessor::getExtraAutoloaderPaths(), deprecated in
288 1.39, have been removed; use ::getExtractedAutoloadInfo() instead.
289 * MWExceptionHandler::rollbackMasterChangesAndLog(), deprecated in 1.37, has
290 been removed. Use ::rollbackPrimaryChangesAndLog() instead.
291 * Passing a custom database connection to DatabaseBlockStore::insertBlock(),
292 deprecated since 1.41, is no longer supported.
293 * LanguageConverterFactory::isTitleConversionDisabled(), deprecated in 1.36,
294 has been removed. Use ::isLinkConversionDisabled() instead.
295 * MediaWikiIntegrationTestCase::$tablesUsed has been deprecated. The framework
296 now detects these automatically.
297 * Passing an actor id to the constructor of UserIdentityValue, deprecated
298 since 1.36, is no longer being supported.
299 * Support for setting dynamic property on StatusValue object has been removed.
300 To pass your arbitrary data along the object, use StatusValue::statusData
301 property (which is always declared).
302 * The global function wfReportTime(), deprecated since 1.40, has been removed.
303 * The skin template parameter 'reporttime', deprecated since 1.41, has been
305 * WikiPage::getPageIsRedirectField(), deprecated since 1.41, has been removed.
306 * WikiPage::insertRedirect(), deprecated since 1.41, has been removed.
307 * Several methods in PageArchive, all deprecated in 1.38, have been removed:
309 - ::getRevisionRecordByTimestamp()
310 - ::getArchivedRevisionRecord()
311 - ::getPreviousRevisionRecord()
312 - ::getLastRevisionId()
315 - ::getRevisionStatus()
316 * Database, DatabaseInstaller, DatabaseUpdater, DBPrimaryPos, ResultWrapper and
317 SQLPlatform are no longer stable to extend. It is not possible to define
318 database types in an extension.
319 * UserDef::PARAM_ALLOWED_USER_TYPES now differentiates between temporary account
320 usernames and user accounts. Any endpoints that want temp users to be
321 valid but were passing a name through will break. Temp users must now be
323 * The Hooks class, a legacy wrapper for HooksContainer, has been removed. All of
324 its contents have been previously deprecated in 1.35 (or 1.41 for ::runner()):
330 - ::runWithoutAbort()
332 * Article::__get(), ::__set(), deprecated since 1.35, have been removed.
333 * Several API calls have been updated to return a 'temp' user flag:
336 - ApiQueryRecentChanges
337 - APIs extended from ApiQueryRevisionsBase
338 * Parser::getCustomDefaultSort() and ::setDefaultSort(), deprecated since 1.38,
340 * UserOptionsLookup::getDefaultOptions() and ::getDefaultOption() now accept a
341 UserIdentity, to take conditional defaults for user properties into account.
342 When run on a wiki where conditional defaults are used, calling those methods
343 without the UserIdentity might produce unexpected results.
344 * Installer-related classes have been namespaced without having aliases added.
345 The following have been moved to MediaWiki\Installer:
348 - InstallDocFormatter
351 - InstallerSessionProvider
352 - LocalSettingsGenerator
359 - WebInstallerComplete
360 - WebInstallerCopying
361 - WebInstallerDBConnect
362 - WebInstallerDBSettings
363 - WebInstallerDocument
364 - WebInstallerExistingWikis
365 - WebInstallerInstall
366 - WebInstallerLanguage
368 - WebInstallerOptions
371 - WebInstallerReleaseNotes
372 - WebInstallerRestart
373 - WebInstallerUpgrade
374 - WebInstallerUpgradeDoc
375 - WebInstallerWelcome
376 * The file mediawiki.ui/variables.less, deprecated since 1.41, has been
377 removed in favor of mediawiki.skin.variables.less.
378 * The file mediawiki.ui/utilities.less, with its three layout CSS classes, has
380 * The module `jquery.cookie` (deprecated as of 1.41) has been removed. Please
381 use `mediawiki.cookie` instead
382 * The no-op module `es6-polyfills` (deprecated as of 1.41) has been removed.
383 * Log formatters (as defined in $wgLogActionsHandlers) are now created by
384 ObjectFactory, which means their constructors must be public. Legacy log
385 formatters using callbacks instead of class names are no longer supported.
386 * The old aliases for the namespaced ResourceLoader classes, deprecated since
387 they were moved in MediaWiki 1.39, have now been dropped:
388 - ResourceLoader – use MediaWiki\ResourceLoader\ResourceLoader
389 - ResourceLoaderCircularDependencyError
390 – use MediaWiki\ResourceLoader\CircularDependencyError
391 - ResourceLoaderClientHtml – use MediaWiki\ResourceLoader\ClientHtml
392 - ResourceLoaderCodexModule – use MediaWiki\ResourceLoader\CodexModule
393 - ResourceLoaderContext – use MediaWiki\ResourceLoader\Context
394 - ResourceLoaderFileModule – use MediaWiki\ResourceLoader\FileModule
395 - ResourceLoaderFilePath – use MediaWiki\ResourceLoader\FilePath
396 - ResourceLoaderForeignApiModule
397 – use MediaWiki\ResourceLoader\ForeignApiModule
398 - ResourceLoaderImage – use MediaWiki\ResourceLoader\Image
399 - ResourceLoaderImageModule – use MediaWiki\ResourceLoader\ImageModule
400 - ResourceLoaderLessVarFileModule
401 – use MediaWiki\ResourceLoader\LessVarFileModule
402 - ResourceLoaderModule – use MediaWiki\ResourceLoader\Module
403 - ResourceLoaderMwUrlModule – use MediaWiki\ResourceLoader\MwUrlModule
404 - ResourceLoaderOOUIFileModule – use MediaWiki\ResourceLoader\OOUIFileModule
405 - ResourceLoaderOOUIIconPackModule
406 – use MediaWiki\ResourceLoader\OOUIIconPackModule
407 - ResourceLoaderOOUIImageModule
408 – use MediaWiki\ResourceLoader\OOUIImageModule
409 - ResourceLoaderOOUIModule – use MediaWiki\ResourceLoader\OOUIModule
410 - ResourceLoaderSiteModule – use MediaWiki\ResourceLoader\SiteModule
411 - ResourceLoaderSiteStylesModule
412 – use MediaWiki\ResourceLoader\SiteStylesModule
413 - ResourceLoaderSkinModule – use MediaWiki\ResourceLoader\SkinModule
414 - ResourceLoaderStartUpModule – use MediaWiki\ResourceLoader\StartUpModule
415 - ResourceLoaderUserModule – use MediaWiki\ResourceLoader\UserModule
416 - ResourceLoaderUserOptionsModule
417 – use MediaWiki\ResourceLoader\UserOptionsModule
418 - ResourceLoaderUserStylesModule
419 – use MediaWiki\ResourceLoader\UserStylesModule
420 - ResourceLoaderWikiModule – use MediaWiki\ResourceLoader\WikiModule
421 - DerivativeResourceLoaderContext
422 – use MediaWiki\ResourceLoader\DerivativeContext
423 - MessageBlobStore – use MediaWiki\ResourceLoader\MessageBlobStore
424 - VueComponentParser – use MediaWiki\ResourceLoader\VueComponentParser
425 * (T318989) Skin::lastModified, deprecated since 1.40, has been removed.
426 * Composer 1.x is no longer supported, and can no longer be used with MediaWiki.
427 * Title::GAID_FOR_UPDATE, deprecated in 1.34, has been removed. Instead, your
428 code should use IDBAccessObject::READ_LATEST.
429 * Six private Title class members, deprecated in 1.37, are now fully private;
430 use their corresponding accessor methods:
431 - $mTextform -> getText()
432 - $mUrlform -> getPartialURL()
433 - $mDbkeyform -> getDBkey()
434 - $mNamespace -> getNamespace()
435 - $mInterwiki -> getInterwiki()
436 - $mFragment -> getFragment()
437 * Skin::bottomScripts, deprecated since 1.37, has been removed.
438 * Fallback index and options have been removed from
439 DBAccessObjectUtils::getDBOptions() without deprecation.
440 * The deprecated class aliases for now-namespaced or renamed PHP classes that
441 were added in or before 1.39 LTS have now been removed:
442 - Blob -> Wikimedia\Rdbms\Blob
443 - Block -> MediaWiki\Block\DatabaseBlock
444 - DBAccessError -> Wikimedia\Rdbms\DBAccessError
445 - DBConnectionError -> Wikimedia\Rdbms\DBConnectionError
446 - DBError -> Wikimedia\Rdbms\DBError
447 - DBExpectedError -> Wikimedia\Rdbms\DBExpectedError
448 - DBQueryError -> Wikimedia\Rdbms\DBQueryError
449 - DBReadOnlyError -> Wikimedia\Rdbms\DBReadOnlyError
450 - DBReplicationWaitError -> Wikimedia\Rdbms\DBReplicationWaitError
451 - DBTransactionError -> Wikimedia\Rdbms\DBTransactionError
452 - DBTransactionSizeError -> Wikimedia\Rdbms\DBTransactionSizeError
453 - DBUnexpectedError -> Wikimedia\Rdbms\DBUnexpectedError
454 - DatabaseMysqlBase -> Wikimedia\Rdbms\DatabaseMySQL
455 - DatabaseMysqli -> Wikimedia\Rdbms\DatabaseMySQL
456 - EasyDeflate -> Deflate
457 - Field -> Wikimedia\Rdbms\Field
458 - IMaintainableDatabase -> Wikimedia\Rdbms\IMaintainableDatabase
459 - LinksDeletionUpdate -> MediaWiki\Deferred\LinksUpdate\LinksDeletionUpdate
460 - LinksUpdate -> MediaWiki\Deferred\LinksUpdate\LinksUpdate
461 - LoadBalancer -> Wikimedia\Rdbms\LoadBalancer
462 - LoadBalancerSingle -> Wikimedia\Rdbms\LoadBalancerSingle
463 - RCFeedEngine -> FormattedRCFeed
464 - RandomPage -> MediaWiki\Specials\SpecialRandomPage
465 * The return value of IDatabase::upsert(), deprecated since 1.33, has been
467 * Instancing MediaWiki\Specials\SpecialRandomPage without injected services has
469 * SpecialPage::listed() and ::setListed(), deprecated since 1.35, have both been
470 removed. Use ::isListed() to read, and over-ride by implementing isListed() or
471 by sub-classing UnlistedSpecialPage.
472 * BlockListPager::getTotalAutoblocks() was removed.
474 === Deprecations in 1.42 ===
475 * (T273239) wfGetDB(), deprecated in 1.39, now emits deprecation warnings. Most
476 code can migrate to MediaWikiServices::getInstance()->getConnectionProvider()
477 ->getReplicaDatabase() or …->getPrimaryDatabase() as appropriate.
478 * (T166010) All PHP code in MediaWiki is slowly being moved to be in a class
479 namespace as appropriate, so that we can use PSR-4 auto-loading, which will
480 speed up general code loading of MediaWiki. The old global namespace class
481 names are being left behind as deprecated aliases.
482 In this release of MediaWiki, 1868 classes now have a namespace and 821 do
483 not yet (69% done, up from 63% in MediaWiki 1.41.0). The following have newly
489 - HTMLCacheUpdater (and fix case for consistency with HTMLFileCache)
495 - DerivativeContextSource
499 - MediaWiki\Deferred:
500 - AtomicSectionUpdate
507 - DeferredUpdatesScope
508 - DeferredUpdatesScopeMediaWikiStack
509 - DeferredUpdatesScopeStack
510 - EnqueueableDataUpdate
511 - HtmlFileCacheUpdate
512 - JobQueueEnqueueUpdate
517 - SendPasswordResetEmailUpdate
519 - TransactionRoundAwareUpdate
520 - TransactionRoundDefiningUpdate
522 - UserEditCountUpdate
523 - MediaWiki\HTMLForm:
525 - CollapsibleFieldsetLayout
527 - HTMLFormActionFieldLayout
530 - HTMLFormFieldLayout
531 - HTMLFormFieldRequiredOptionsException
532 - HTMLNestedFilterable
535 - MediaWiki\HTMLForm\Field:
537 - HTMLAutoCompleteSelectField
547 - HTMLFormFieldCloner
548 - HTMLFormFieldWithButton
552 - HTMLMultiSelectField
553 - HTMLNamespacesMultiselectField
555 - HTMLRestrictionsField
556 - HTMLSelectAndOtherField
558 - HTMLSelectLanguageField
559 - HTMLSelectLimitField
560 - HTMLSelectNamespace
561 - HTMLSelectNamespaceWithButton
562 - HTMLSelectOrOtherField
563 - HTMLSizeFilterField
566 - HTMLTagMultiselectField
569 - HTMLTextFieldWithButton
572 - HTMLTitlesMultiselectField
573 - HTMLToggleSwitchField
575 - HTMLUsersMultiselectField
576 - MediaWiki\Installer:
579 - MediaWiki\LinkedData:
580 - PageDataRequestHandler
581 - MediaWiki\Maintenance:
588 - MediaWiki\PoolCounter:
593 - PoolCounterWorkViaCallback
594 - PoolWorkArticleView
595 - PoolWorkArticleViewCurrent
596 - PoolWorkArticleViewOld
608 - (T352284) MediaWiki\User\Options:
609 - DefaultOptionsLookup
612 - StaticUserOptionsLookup
613 * Some hook classes have been moved from the generic MediaWiki\Hooks namespace
614 to live closer to the code which uses them:
615 - MediaWiki\Output\Hook:
616 - AfterBuildFeedLinksHook
617 - AfterFinalPageOutputHook
618 - BeforePageDisplayHook
619 - BeforePageRedirectHook
620 - GetCacheVaryCookiesHook
622 - MakeGlobalVariablesScriptHook
623 - OutputPageAfterGetHeadLinksArrayHook
624 - OutputPageBeforeHTMLHook
625 - OutputPageBodyAttributesHook
626 - OutputPageCheckLastModifiedHook
627 - OutputPageMakeCategoryLinksHook
628 - OutputPageParserOutputHook
629 * API modules using ApiBase::requirePostedParameters() must also override
630 mustBePosted() to return true.
631 * Overriding MWException::getHTML(), ::getText(), ::getPageTitle(), and
632 ::reportHTML() in order to display custom exception messages is now
633 deprecated. Provide the error message when constructing the Exception,
634 or if you need a whole custom error page, use ErrorPageError instead.
635 * Using `new ImportReporter( … )` or `new ApiImportReporter( … )` without
636 the $context parameter is now deprecated.
637 * Using `WikiImporterFactory::getWikiImporter()` without the $performer
638 parameter is now deprecated.
639 * BlockManager::getUserBlock() was deprecated. Instead use
640 BlockManager::getBlock(), which expects the caller to do ipblock-exempt
642 * The `composer phpunit:entrypoint` entrypoint has been deprecated, along with
643 bootstrap.integration.php and suite.xml. Run tests with `composer phpunit`
644 instead, or simply `vendor/bin/phpunit`, which use bootstrap.php and
646 * The global variable $wgCommandLineMode is deprecated. In most cases checks
647 for `$wgCommandLineMode` can be replaced with `MW_ENTRY_POINT === 'cli'`.
648 * The global function wfUnpack is deprecated and emits deprecation
649 warnings. Use StringUtils::unpack instead.
650 * BagOStuff::setNewPreparedValues() now emits deprecation warnings.
651 * SpecialEmailUser::getTarget() has been deprecated.
652 * User::isBlocked(), ::isBlockedFromCreateAccount() and ::isBlockedFrom() now
653 emit deprecation warnings. They were deprecated since 1.34, 1.37 and 1.33
655 * DatabaseBlock::newFromID() was deprecated and will emit deprecation warnings.
656 Instead use DatabaseBlockStore::newFromID().
657 * DatabaseBlock::getAutoblockExpiry() was deprecated without replacement.
658 * MagicWord::getId() has been deprecated.
659 * MagicWordFactory::getSubstIDs() has been deprecated.
660 * Status::setMessageLocalizer is deprecated. Callers that want to control the
661 localization of the Status object should obtain a StatusFormatter from
662 the StatusFormatterFactory.
663 * Html::buttonAttributes() and Html::getTextInputAttributes() methods
664 no longer do anything and have been deprecated.
665 * DatabaseBlock::doAutoblock and ::updateTimestamp are now deprecated, use
666 DatabaseBlockStore::doAutoblock and ::updateTimestamp instead.
667 * The MediaWiki class has been deprecated. Type hints in hooks should be
668 changed to refer to MediaWikiEntryPoint instead. Note that extensions should
669 not define their own entry points and should not interfere with the state of
670 MediaWikiEntryPoint instances.
671 * Various methods in ObjectCache have been deprecated and their equivalent made
672 available in ObjectCacheFactory, use them instead:
673 - ::getInstance() -> ObjectCacheFactory::getInstance()
674 - ::newFromParams() -> ObjectCacheFactory::newFromParams()
675 - ::newAnything() -> ObjectCacheFactory::newInstance(
676 ObjectCache::getAnythingId() )
677 - ::getLocalServerInstance() -> ObjectCacheFactory::getLocalServerInstance()
678 - ::clear() -> ObjectCacheFactory::clear()
679 - In addition, the ObjectCache::$instances member has been deprecated as well.
680 * Vuex has been deprecated in favor of its successor, Pinia. Though deprecated,
681 Vuex 4 will remain accessible for the foreseeable future. Pinia should be used
683 * Linker::makeHeadline() has been deprecated.
684 * SerializedValueContainer::isUnified() has been deprecated and now emits
685 deprecation warnings since 1.42.
686 * Linker::generateTOC(), Linker::tocIndent(), Linker::tocUnindent(),
687 Linker::tocLine(), Linker::tocLineEnd(), Linker::tocList() are deprecated.
688 * Title::getBrokenLinksFrom() has been deprecated.
689 * LogFormatter subclasses now emit deprecation warnings unless they are
690 constructed using LogFormatterFactory.
691 * ReplicatedBagOStuff has been deprecated since 1.42.
692 * The third argument to ContentRenderer::getParserOutput() now accepts a
693 RevisionRecord or WikiRevision; passing an integer revision id has been
694 deprecated and emits a warning.
695 * Passing a null value to ParserOutput::setPageProperty() has been deprecated
696 and emits a warning; pass an empty string or use `::unsetPageProperty()`
698 * Passing a non-string value to ParserOutput::setPageProperty() has been
699 deprecated; use ::setNumericPageProperty() instead.
700 * Passing a non-scalar value to ParserOutput::setPageProperty() will emit
701 a warning (it has never worked).
702 * ParserOutput::setLanguageLinks() has been deprecated.
703 * ParserOutput::getTimestamp() and ::setTimestamp() have been deprecated; use
704 ::getRevisionTimestamp() and ::setRevisionTimestamp() instead.
705 * ParserOutput::setText() has been deprecated; use ::setRawText() instead which
706 matches the name of the corresponding getter, ParserOutput::getRawText().
707 * ParserOutput::addTemplate() will emit a deprecation warning if it is called
708 with a non-local title, such as an interwiki link. In a future release it will
709 throw InvalidArgumentException.
710 * The use of dynamic properties of Parser has been deprecated and will emit
711 deprecation warnings.
712 * The following deprecated public properties of Parser will emit deprecation
714 - Parser::$ot, deprecated since 1.35
715 - Parser::$mTitle, deprecated since 1.35
716 - Parser::$mOptions, deprecated since 1.35
717 * The following deprecated public properties of Parser are now marked
718 for internal use only:
719 - Parser::$mPPNodeCount, deprecated since 1.35
720 - Parser::$mHighestExpansionDepth, deprecated since 1.35
721 * ApiQueryBlockInfoTrait::addBlockInfoToQuery() will emit deprecation warnings
722 and will soon stop working due to schema changes. Instead use
723 addDeletedUserFilter() or getBlockDetailsForRows().
724 * UploadBase::getImageInfo was deprecated, subclasses of ApiUpload can use
725 ApiUpload::getUploadImageInfo() instead.
726 * DatabaseBlockStore::updateTimestamp() is now internal and should not be
728 * The LocalisationCache helper class GlobalDependency has been deprecated,
729 use MainConfigDependency instead.
730 * The module `mediawiki.icon` has been deprecated. Use the Codex mixin instead
732 * ConfigRepository::class and MediaWikiServices::getConfigRepository() have been
733 deprecated, they are unused.
734 * Passing a WikiPage to PageEditStash::parseAndCache() has been deprecated.
735 Use PageUpdater instance.
736 * SpecialBlock::getSuggestedDurations() has been deprecated, use
737 Language::getBlockDurations() instead.
738 * MediaWikiServices::getBlockErrorFormatter() has been deprecated, use
739 MediaWikiServices::getFormatterFactory()->getBlockErrorFormatter() instead.
740 * DummyLinker has been deprecated. The DummyLinker parameter to the
741 'ImageBeforeProduceHTML' hook will become null in the future.
742 * Database::listViews() has been deprecated. This was previously used to filter
743 views out of the return value of Database::listTables(). Now listTables()
744 will not include views. MediaWiki does not use views.
745 * (T207621) UserMailer::rfc822Phrase(), deprecated since 1.38, now emits
746 deprecation warnings.
747 * TempUserConfig::getMatchPattern() has been deprecated, use getMatchPatterns()
749 * (T230025) Title::purgeSquid(), deprecated in 1.35, now emits warnings.
750 * Title::getCdnUrls(), deprecated in 1.35, now emits warnings.
751 * The rarely-used convenience method Xml::wrapClass() is now deprecated. Instead
752 you can use Xml::tags('span', ['class'=>'foo'], 'bar').
753 * WebRequest::getCrossSiteCookie() has been deprecated due to the removal of
754 $wgUseSameSiteLegacyCookies. It will emit deprecation warnings. Use
755 WebRequest::getCookie().
756 * Using the array_merge_recursive merge strategy in extension.json and skin.json
757 now emits deprecation warnings.
758 * DBAccessObjectUtils::getDBFromIndex() is now deprecated, use
759 ::getDBFromRecency() instead.
760 * Many Xml methods that are specific to HTML but not XML are deprecated:
772 - Xml::languageSelector
774 - Xml::listDropdownOptions
775 - Xml::listDropdownOptionsOoui
784 - Xml::attrib (only for use in HTML, not XML contexts)
785 * IMaintainableDatabase::truncate() has been deprecated. Use truncateTable()
787 * TextConflictHelper->incrementStatsByUserEdits() is now deprecated. The action
788 this function previously handled should be moved into incrementConflictStats()
789 and incrementResolvedStats().
790 * SQLPlatform::getQueryVerb() is now deprecated.
792 === Other changes in 1.42 ===
793 * Gallery: Image captions are no longer wrapped in <p> tags. Skins that
794 customize rendering for galleries may need to tweak their CSS.
795 * Scripts under maintenance/dev/, for quickly setup a local MediaWiki for
796 development purposes, have been removed, see DEVELOPERS.md for alternatives.
800 PHP 8.0 workboard: https://phabricator.wikimedia.org/tag/php_8.0_support/
801 PHP 8.1 workboard: https://phabricator.wikimedia.org/tag/php_8.1_support/
802 PHP 8.2 workboard: https://phabricator.wikimedia.org/tag/php_8.2_support/
803 PHP 8.3 workboard: https://phabricator.wikimedia.org/tag/php_8.3_support/
805 == MediaWiki 1.41.2 ==
807 This is a maintenance release of the MediaWiki 1.41 branch.
809 === Changes since MediaWiki 1.41.1 ===
810 * Localisation updates.
811 * maintenance/generateSitemap.php: Partially revert 676fcf4.
812 * tests: Skip failing tests on php8.2 (and make pass).
813 * (T326480) ApiResult: Make array ordering consistent across PHP versions.
814 * (T352789, T287972) build: Raise TestingAccessWrapper from 2.0.0 to 3.0.0.
815 * (T326478) tests: Create new classes to hold dynamic properties in auth tests.
816 * (T353180) WANObjectCacheTest::testPreemptiveRefresh: Skip flaky test for PHP
818 * tests: Remove es6 option from StartUpModuleTest.
819 * (T326478) tests: Avoid dynamic properties in AuthenticationProvider Test.
820 * tests: Skip failing tests on php8.3 (and make pass).
821 * (T326466) Introduce and use DynamicPropertyTestHelper.
822 * (T326478) tests: Avoid dynamic properties in auth tests.
823 * (T352910) tests: Use TestingAccessWrapper::newFromClass in session tests.
824 * (T326478) tests: Avoid dynamic properties in SessionManagerTest.
825 * ArticleTest: Skip testGetOrSetOnNewProperty() if PHP >= 8.2.
826 * tests: Remove dead code from WikiPageDbTest::assertPreparedEditNotEquals.
827 * (T326479, T361985) StatusValue: Allow passing arbitrary data to augment
829 * (T357760) Use i18n strings for truncated subpage message in SpecialMovePage.
830 * debug: Update PsySH 0.11.1 -> 0.12.3.
831 * (T361991) Fix slash-delimited regex from CLI on maintenence/grep.php.
832 * (T352695) tests: Only set $dbSetup if setupTestDB() ends without throwing.
833 * (T362272) api: Replace null $httpCode by 0 in ApiBase::dieWithErrorOrDebug.
834 * (T362740) api: Pass wikiId to UserIdentity instance for action=userrights.
835 * (T343994) SpecialPages: Document which class getDescription is returning a
837 * (T150647, T216682) Make EncryptedPassword work with Argon2Password.
838 * (T364270) Fix long param names overlapping docs in API help pages.
839 * wrapOldPasswords: Improve progress output and decrease batch size.
840 * (T361367) ApiFeedWatchlist: Fix handling of array parameters.
841 * (T366130) EncryptedPassword: Store default parameters as strings.
842 * Name the PagerTools array entries to allow hooks to unset them.
843 * Do not mark HttpRequestFactory as @internal.
845 == MediaWiki 1.41.1 ==
847 This is a security and maintenance release of the MediaWiki 1.41 branch.
849 === Changes since MediaWiki 1.41.0 ===
850 * Localisation updates.
851 * CategoryViewer: Fix "count(): Argument #1 ($value) must be of type
852 Countable|array, null given".
853 * (T353929) ActiveUsersPager: Count actions only once.
854 * composer: Use @php instead of php.
855 * (T334992) Headings in the license pickers should not be selected.
856 * (T326065) Indent JsonContent using tabs.
857 * Correct deprecation version of mediawiki.ui resource loader module.
858 * Resources.php: Replace short urls with full urls.
859 * (T354541) authmanager: Improve AuthenticationRequest docs.
860 * Tweak docs for UseLegacyMediaStyles.
861 * (T353870) Parse custom edit intro as content to enable language conversion.
862 * (T330428) ForeignResourceManager: Add trailing newline in validateLicense.
863 * ForeignResourceManager: Make it clearer what is being skipped for
865 * (T355017) Add missing space in Special:RecentChangesLinked.
866 * (T355003) composer.json Add ext-bcmath and ext-gmp to suggests.
867 * PHPVersionCheck: Update text to match currently supported upstream PHP
869 * (T354045) API: mark HTML output as non-cacheable.
870 * (T355530) filerepo: Fix img_major_mime for files with a non-standard
872 * (T355530) MimeAnalyzer: Add @since to isValidMajorMimeType.
873 * (T352554) ZhConverter: Fix language variant fallback chain.
874 * (T347541) Add 'maxlength' and 'minlength' support to HTMLTextAreaField.
875 * (T357668) Parser::getExternalLinkAttribs: Don't set rel attribute to null.
876 * LockManagerGroupIntegrationTest: Remove test depending on DBLockManager.
877 * (T357808) LinkRendererTest: Add missing import for LinkTarget.
878 * (T353305) ApiResetPassword: Allow both user and email parameters to be passed
880 * (T358949) updateCollation: Explicitly cast $scale to int.
881 * (T359055) api: Improve linking of language codes lists in top level i18n
883 * (T359294) Make sure MovePage::isValidFileMove matches UploadBase::getTitle.
884 * (T230245) Respect $maxConcurrency when queuing async FileOps.
885 * (T352554) Follow-up "ZhConverter: Fix language variant fallback chain".
886 * (T359139) Restore ability to disable footer links with "-".
887 * Fix use of array keys in SessionManager::getVaryHeaders().
888 * (T292237, T317451) build: Restore Doxygen output for MediaWiki release tags.
889 * (T324903) HistoryPager: Add #[AllowDynamicProperties].
890 * (T360850) Update Apache config syntax in .htaccess files.
891 * Update wikimedia/parsoid to 0.18.2.
892 * docs: Remove use of $IP from mwdocgen.php.
893 * (T317451) build: Restore Doxygen output for MediaWiki release tags (take 3).
894 * docs: Set stable permalink on markdown files.
895 * (T360608) WebRequest: detectServer appends default ports that should be
897 * (T357019) allow maintenance/deleteBatch.php to accept page ID.
898 * (T355538, CVE-2024-34507) SECURITY: XSS in edit summary parser.
899 * (T357760, CVE-2024-34506) SECURITY: Denial of service vector via GET request
900 to Special:MovePage on pages with thousands of subpages.
902 === Changes since MediaWiki 1.41.0-rc.0 ===
903 * Localisation updates.
904 * Update wikimedia/parsoid to 0.18.0.
905 * (T351758) DEVELOPERS.md: reword WSL instructions to include best practices.
906 * (T350615) PoolCounterConnectionManager: Add support for ipv6.
907 * (T321234) Make MagicWordArray not fail on old revs with broken UTF-8.
908 * thumb: Fix "PHP Deprecated: strlen(): Passing null to parameter".
909 * (T344971) Maintenance: Fix RebuildTextIndex.
910 * (T327007) htmlform: Correct validation for file input field.
912 == MediaWiki 1.41.0-rc.0 ==
914 == Upgrading notes for 1.41 ==
915 Don't forget to always back up your database before upgrading!
917 See the file UPGRADE for more detailed per-version upgrade instructions from the
918 oldest supported upgrading version, MediaWiki 1.35.
920 Some specific notes for MediaWiki 1.41 upgrades are below:
921 * (T178356) MediaWiki now requires browsers to support ES6 for them to receive
922 JavaScript, up from ES5. In practice, this primarily means that users of
923 Internet Explorer 11 (EOL in 2022) will no longer get JavaScript tools.
925 For notes on 1.40.x and older releases, see HISTORY.
927 === Configuration changes for system administrators in 1.41 ===
928 * $wgGroupPermissions: The 'purge' permission is now considered an
929 implicit right that can be rate limited, but not revoked. This has
930 effectively already been the case for a long time, see T291316.
932 ==== New configuration ====
933 * $wgPrivilegedGroups – Users belonging in some of the listed groups will be
934 audited more aggressively.
935 * $wgPageLinksSchemaMigrationStage – This temporary flag lets you control the
936 migration stage for converting the pagelinks database table into normal form.
937 * $wgExternalLinksDomainGaps – Can be used by large wikis to optimize certain
938 external link queries.
939 * $wgResourceLoaderEnableSourceMapLinks - Add a SourceMap header to
940 ResourceLoader responses for JavaScript modules (T47514).
941 * $wgVirtualDomainsMapping - Mapping of virtual domains to other dbs. It's
942 useful to get connection to the external cluster.
944 ==== Changed configuration ====
945 * $wgAuthManagerAutoConfig – When using this setting to modify the
946 authentication system in MediaWiki, the classes
947 TemporaryPasswordPrimaryAuthenticationProvider,
948 LocalPasswordPrimaryAuthenticationProvider and
949 EmailNotificationSecondaryAuthenticationProvider now require
950 DBLoadBalancerFactory, not DBLoadBalancer, as a service.
951 * $wgUseFileCache is no longer used for ResourceLoader module caching.
952 * $wgLBFactoryConf['secret'] has been replaced by $wgChronologyProtectorSecret.
954 ==== Removed configuration ====
955 * $wgCommentTempTableSchemaMigrationStage – This temporary flag did let you
956 control the migration stage for the temporary comment database table, from
958 * $wgExternalLinksSchemaMigrationStage – This temporary flag did let you
959 control the migration stage for the externallinks database table.
960 * $wgParserOutputHooks - This array interacted with
961 ParserOutput::addOutputHook(), which has been deprecated since 1.38 and was
962 removed in this release.
964 === New user-facing features in 1.41 ===
965 * Special:RandomPage can now take multiple namespaces in its URL, split by ','.
966 * The aria-level HTML attribute is now allowed in wikitext by the Sanitizer.
968 === New features for sysadmins in 1.41 ===
969 * $wgDBssl can now enabled in the installer when the database type is
970 Postgres or MariaDB/MySQL (T335828).
971 * MWHttpRequest will forward 'tracestate' and/or 'traceparent' headers when
972 those are present in the original request and $wgAllowExternalReqID is set
974 * MultiHttpClient will send X-Request-Id header and additionally will forward
975 'tracestate' and/or 'traceparent' headers when those are present in the
976 original request and $wgAllowExternalReqID is set to true.
978 === New developer features in 1.41 ===
979 * Added ForeignResourcesDir extension.json / skin.json attribute, which should
980 point to the directory holding your foreign-resources.yaml file. See
981 https://www.mediawiki.org/wiki/Foreign_resources for background.
982 * Added PrivilegedGroups attribute for extension.json / skin.json, which lets
983 you add any new user groups you define to wgPrivilegedGroups (see above).
984 * Added a .gitmessage commit template. To use it, run:
985 `git config commit.template .gitmessage`
986 * A new hook, TextSlotDiffRendererTablePrefixHook, has been added to allow
987 extensions to add content within #mw-content-text but after the
988 DifferenceEngineViewHeader or DifferenceEngineShowDiffPage hooks have been
989 run. The new hook is used to add elements within a horizontal display area,
990 where their order can be explicitly set. Examples of uses for this include
991 adding the VisualEditor diff-type switch, and the legend for inline diffs that
992 is displayed if Wikidiff2 is installed.
993 * validation callbacks for HTMLForm fields can now return Status objects.
994 HTMLForm::validate will convert good Status instances to true and Status
995 instances to a string containing a list with the errors.
996 * ?action=rollback, if successful, will fire core's postEdit JavaScript hook;
997 for now, we do *not* display a success message to the user via mw.notify(),
998 as the RollbackAction form's success page is already shown
999 * MultiHttpClient constructor will accept `headers` property which defines a
1000 set of headers attached to every request performed by the client.
1001 * New `Wikimedia/Http/TelemetryHeadersInterface` interface that provides a
1002 telemetry information which could be attached to HTTP Requests
1003 * Wikimedia/Http/TelemetryHeadersInterface can be passed to MultiHttpClient
1004 via 'telemetry' option.
1005 * UserRegistrationLookup adds support for multiple kinds of registration dates
1006 Extensions providing support for wiki-farm can use this to provide a global
1007 registration date (across all wikis), for example.
1008 * When $wgUseXssLanguage is set to true (enabled by default in
1009 DevelopmentSettings.php), ?uselang=x-xss can be used to easily test
1010 whether all messages are being escaped correctly.
1011 * Html::noticeBox accepts new optional parameters, 'heading' & 'iconClassName'.
1012 'heading' allows to pass an string as title; 'iconClassName' overwrites the
1015 === External library changes in 1.41 ===
1017 ==== New external libraries ====
1018 * Added pinia at v2.0.16.
1019 * Added symfony/polyfill-php81 at v1.28.0.
1020 * Added symfony/polyfill-php82 at v1.28.0.
1021 * Added symfony/polyfill-php83 at v1.28.0.
1023 ==== Changed external libraries ====
1024 * Updated codex, codex-design-tokens and codex-icons
1025 from v0.6.2 to v1.0.0.
1026 * Updated guzzlehttp/guzzle from 7.5.0 to 7.5.3.
1027 * Updated jQuery from v3.6.1 to v3.7.0.
1028 * Updated justinrainbow/json-schema from 5.2.12 to v5.2.13.
1029 * Updated Mustache from 3.0.1 to 4.2.0.
1030 * Updated OOjs from 6.0.0 to 7.0.1.
1031 * Updated OOUI from v0.46.3 to v0.48.1.
1032 * Updated pear/mail from 1.5.0 to 1.5.1.
1033 * Updated symfony/polyfill-php82 from v1.27.0 to v1.28.0.
1034 * Updated symfony/yaml from v5.4.17 to v5.4.23.
1035 * Updated wikimedia/bcp-47-code from 1.0.0 to 2.0.0.
1036 * Updated wikimedia/common-passwords from 0.4.0 to 0.5.0.
1037 * Updated wikimedia/composer-merge-plugin from 2.0.1 to 2.1.0.
1038 * Updated wikimedia/html-formatter from 3.0.1 to 4.0.3.
1039 * Updated wikimedia/ip-utils from 4.0.0 to 5.0.0.
1040 * Updated wikimedia/less.php from 4.0.0 to 4.1.1.
1041 * Updated wikimedia/minify from 2.3.0 to 2.5.1.
1042 * Updated wikimedia/remex-html from 3.0.3 to 4.0.1.
1043 * Updated wikimedia/timestamp from 4.1.0 to 4.1.1.
1044 * Updated wikimedia/utfnormal from 3.0.2 to 4.0.0.
1046 ===== Changed development-only external libraries =====
1047 * Updated mediawiki/mediawiki-codesniffer from 41.0.0 to 42.0.0.
1048 * Updated mediawiki/mediawiki-phan-config from 0.12.1 to 0.13.0.
1050 ==== Removed external libraries ====
1051 * jquery.hoverIntent was removed.
1052 * codex-search was removed, it's part of codex now.
1053 * wikimedia/ip-set was removed, it's part of wikimedia/ip-utils now.
1054 * jquery.color was removed.
1055 * jquery.fullscreen was removed.
1056 * jquery.form was removed.
1058 === Action API changes in 1.41 ===
1059 * (T322944) `Authorization` was added to the default list of headers
1060 allowed for cross-origin API requests ($wgAllowedCorsHeaders).
1062 === Languages updated in 1.41 ===
1063 MediaWiki supports over 350 languages. Many localisations are updated regularly.
1064 Below only new and removed languages are listed, as well as changes to languages
1065 because of Phabricator reports.
1067 * (T345807) Added language support for Karekare (kai).
1068 * (T333765) Removed language support for Akan (Ak).
1069 * (T332113) Added language support for Northern Hindko (hno).
1070 * (T333425) Added language support for Iraqi (Mesopotamian) Arabic (acm).
1071 * (T336919) Added language support for Crimean Tatar (Romania) (crh-ro).
1072 * (T338416) Added language support for Betawi (bew).
1073 * (T341545) Added language support for West Coast Bajau (a.k.a. Sama; bdr).
1074 * (T332118) Namespace translations for Angika (anp) were added
1075 * (T341942) The autonym of the Buginese language is changed to the Latin-script
1076 name "Basa Ugi", and the localization in the language code "bug" is now only
1077 in the Latin script. It's possible to add localization in the Lontara script
1078 in translatewiki under the code "bug-bugi".
1079 * (T341943) Main Page name translation was changed from "Leppa Indoë"
1080 to "Watangpola". If you manage a wiki in this language, make sure that
1081 links to the main page are correctly updated. See
1082 https://translatewiki.net/w/i.php?title=Support&oldid=11723654#Change_MediaWiki:Mainpage/bug
1084 === Breaking changes in 1.41 ===
1085 * Article::doDelete(), deprecated since 1.37, has been removed.
1086 * CommentStore::getStore(), deprecated since 1.31, has been removed.
1087 * Article::getRedirectHeaderHtml() no longer accepts an array as $target.
1088 Passing an array was deprecated in 1.39. (The method itself has also
1090 * BagOStuff::addBusyCallback(), deprecated since 1.39, has been removed.
1091 * IExpiringStore has been removed, use either ExpirationAwareness or
1092 StorageAwareness constants instead.
1093 * IDatabase::wasErrorReissuable(), deprecated since 1.40, has been removed.
1094 * IDatabase::lastQuery and IReadableDatabase::lastQuery, deprecated in 1.40,
1096 * Database::queryMulti(), unused, has been removed without deprecation.
1097 The protected Database::doMultiStatementQuery method was removed, and the
1098 protected Database::executeQuery method signature was changed to take
1099 Query object as argument instead of a raw SQL string.
1100 * Database::unionConditionPermutations(), unused, has been removed without
1102 * SimpleSearchResultSetWidget and SimpleSearchResultWidget classes, deprecated
1103 in 1.31, have been removed.
1104 * Database::factory(), deprecated in 1.39, has been removed.
1105 * Calling IDatabase::delete() or IDatabase::update() with empty conditions
1106 has been deprecated since 1.35. This now throws an error.
1107 * Maintenance::shutdown() has been moved over into the MaintenanceRunner class
1108 without deprecation.
1109 * The following DatabasePostgres methods were unused and have been removed:
1110 - ::currentSequenceValue()
1113 * The following IDatabase methods were unused and removed without deprecation:
1114 - ::wasLockTimeout()
1115 - ::wasConnectionLoss()
1116 * Database::getTempTableWrites(), previously protected, is now private.
1117 * DatabasePostgres class parameter "keywordTableMap", deprecated since 1.37,
1119 * Database::doUpsert() and ::doReplace() have been removed without deprecation.
1120 Subclasses should override ::upsert() or ::replace() respectively.
1121 * SelectQueryBuilder::lockForUpdate(), deprecated in 1.40 and unused,
1122 has been removed without hard deprecation.
1123 * TransactionProfiler::setSilenced() deprecated in 1.40, has been removed.
1124 * ILoadBalancer::closeConnection, unused, has been removed without deprecation.
1125 * ILoadBalancer::waitFor, unused, has been removed without deprecation.
1126 * ILBFactory::resolveDomainID and ::getChronologyProtectorTouched, unused,
1127 have been removed without deprecation.
1128 * The following methods have been moved from ILoadBalancer to
1129 ILoadBalancerForOwner:
1130 - ::redefineLocalDomain()
1131 - ::hasPrimaryConnection()
1132 - ::setIndexAliases()
1133 * LBFactory::makeCookieValueFromCPIndex() and ::getCPInfoFromCookieValue()
1134 has been moved to ChronologyProtector class without backward compatability
1135 as they are not supposed to be used outside of core.
1136 * MWHttpRequest::factory(), deprecated since 1.34, has been removed.
1137 * The Http class, deprecated since 1.34, with the functions ::request(),
1138 ::get(), ::post(), ::userAgent(), ::isValidURI(), ::getProxy(),
1139 ::createMultiClient() have been removed.
1140 * WikiPage::factory(), ::newFromID() and ::newFromRow, deprecated in 1.36,
1142 * Maintenance::$mArgList, ::shouldExecute(), ::setAgentAndTriggers(),
1143 ::adjustMemoryLimit(), ::globals(), and ::loadSettings() have been removed.
1144 * The GenericArrayObject class, deprecated in 1.40,
1146 * The $replace parameter has been removed from HookContainer::scopedRegister.
1147 This parameter was unused outside core, and the functionality was intended
1149 * PrevNextNavigationRenderer class, deprecated in 1.39,
1151 * class alias MediaWiki\User\WatchlistNotificationManager, deprecated in 1.36,
1153 * MediaWikiServices::getWatchlistNotificationManager(), deprecated in 1.36,
1155 * Interface MediaWiki\Hook\ParserTestTablesHook, deprecated in 1.36,
1157 * The NewPagesLineEndingHook now takes NewPagesPager instead of
1158 SpecialNewpages as first argument.
1159 * The following methods in the Title class, deprecated since 1.37, have been
1161 - ::areCascadeProtectionSourcesLoaded()
1162 - ::areRestrictionsCascading()
1163 - ::areRestrictionsLoaded()
1164 - ::getAllRestrictions()
1165 - ::getCascadeProtectionSources()
1166 - ::getFilteredRestrictionTypes()
1167 - ::getRestrictionExpiry()
1168 - ::getRestrictionTypes()
1169 - ::getRestrictions()
1170 - ::isCascadeProtected()
1172 - ::isSemiProtected()
1173 - ::loadRestrictionsFromRows()
1174 * Global function wfShowingResults, deprecated in 1.40, has been removed.
1175 * Global function wfClearOutputBuffers, deprecated in 1.36, has been removed.
1176 * LinkBatch::__construct() now requires that all parameters be passed. The
1177 fallback to MediaWikiServices emitted deprecation notices since 1.35.
1178 * The methods IndexPager::getPagingLinks(), IndexPager::getLimitLinks() and
1179 IndexPager::buildPrevNextNavigation(), deprecated in 1.39,
1181 * Overriding the method IndexPager::makeLink(), deprecated in 1.39,
1182 is no longer possible.
1183 * MagicWordFactory::getCacheTime() is deprecated and returns -1.
1184 * Various mediawiki.less mediawiki.ui variables, deprecated in 1.35, have been
1185 removed. See also below that the remaining mediawiki.ui variables are now also
1187 * Calling getId() on an AbstractBlock from the wrong wiki, deprecated since
1188 1.38, now throws an exception.
1189 * SQLite no longer supports raw MySQL queries.
1190 * The following functions from the mediawiki.mixins Less import, deprecated
1191 since 1.37, have been removed: .transition(), .transition-transform(),
1192 .transform() and .transform-origin().
1193 * Support was dropped for skins with paths relative to core which has been
1194 sending deprecation notices since 1.37. The skin `templateDirectory` key
1195 should now always be relative to the skin.
1196 * The Skin public thisquery property was removed without deprecation. Only
1197 one skin was known to use it and that has been patched accordingly.
1198 * The jquery.tipsy module, deprecated since 1.28, has now been removed.
1199 * NamespaceInfo::getRestrictionLevels(), deprecated in 1.34, has been removed.
1200 Use PermissionManager::getNamespaceRestrictionLevels() instead.
1201 * Proto-relative external links are now stored and indexed only as HTTPS
1202 instead of two rows, one for HTTP and one for HTTPS.
1203 * MediaWikiIntegrationTestCase::getTestUser(), ::getTestSysop(), and
1204 ::getMutableTestUser() have been made protected and non-static.
1205 * MediaWikiIntegrationTestCase::$supportedDBs has been changed to a private
1207 * MediaWikiIntegrationTestCase::addCoreDBData() has been deprecated. The method
1208 is now a no-op and is no longer called. Tests should create the fixtures
1210 * Saving preferences for a temporary user now throws an error (e.g. via
1211 UserOptionsManager::saveOptions)
1212 * ApiQuery::getNamedDB() and ApiQueryBase::selectNamedDB(), deprecated in
1213 1.39, have been removed.
1214 * ChangeTags::addTagsAccompanyingChangeWithChecks() and
1215 ChangeTags::undefineTag() unused everywhere, have been removed without
1217 * Usage of MediaWiki::preOutputCommit() with the $postCommitWork arg has been
1218 dropped. It's no longer used.
1219 * SkinTemplateNavigation and SkinTemplateNavigation::SpecialPage hooks,
1220 deprecated in 1.39, have been removed.
1221 * The PersonalUrls hook, deprecated in 1.39, has been removed.
1222 * OutputPage::getCSPNonce(), soft deprecated in 1.35, now emits deprecation
1224 * Support of the third parameter of LogEventsListGetExtraInputs hook,
1225 deprecated since 1.32, has been removed.
1226 * JobSpecification::getTitle(), deprecated in 1.37, has been removed.
1227 * The module mw.ui.anchor has been removed. Projects that need it should
1228 maintain a local copy or use the Codex link mixin. More information
1230 * ParsoidCachePrewarmJob::newSpec() now requires a PageRecord as the second
1231 parameter instead of a page ID.
1232 * Public access to the DifferenceEngine properties mOldid, mNewid, mOldRev,
1233 mNewRev, mOldPage, mNewPage, mOldContent, mNewContent, mRevisionsLoaded,
1234 mTextLoaded and mCacheHit, deprecated in 1.32, was removed.
1235 * SearchDatabase::db, deprecated since 1.38, has been removed.
1236 * SearchDatabase::lb has been removed without deprecation, use ::dbProvider
1238 * StreamFile::STREAM_HEADLESS and StreamFile::STREAM_ALLOW_OB, deprecated
1239 in 1.34, have been removed.
1240 * AbstractAuthenticationProvider::setLogger(), ::setManager(), ::setConfig()
1241 and ::setHookContainer() have been removed and also from it's related
1242 interface, AuthenticationProvider. The corresponding properties are set in
1243 AbstractAuthenticationProvider::init(). For side effects, you can override
1244 AbstractAuthenticationProvider::postInitSetup().
1245 * Title::newFromTitleValue(), deprecated since 1.34, has been removed.
1246 * Parser::OT_MSG, related to OT_MSG(3) MediaWiki constant, parameter for
1247 starting external parse has been dropped. This was kept since 2008 for B/C
1248 only and no longer used. Use instead Parser::OT_PREPROCESS as the
1250 * SpecialPageAction has been removed without deprecation. There were no known
1251 uses outside of core.
1252 * ConfigRepository::getValueOf() has been removed without deprecation. This
1253 method was introduced and never used for a long time now.
1254 * BacklinkCache::get(), ::getLinks(), ::getCascadeProtectedLinks() which
1255 emitted deprecation warnings has no usage left. It has been removed.
1256 * The following constants and methods in the Language class, hard deprecated
1257 since 1.40, have been removed:
1260 - ::MESSAGES_FALLBACKS
1261 - ::STRICT_FALLBACKS
1263 - ::isSupportedLanguage()
1264 - ::isWellFormedLanguageTag()
1266 - ::isValidBuiltInCode()
1267 - ::isKnownLanguageTag()
1268 - ::getLocalisationCache()
1269 - ::fetchLanguageNames()
1270 - ::fetchLanguageName()
1273 - ::autoConvertToAllVariants()
1275 - ::convertNamespace()
1279 - ::convertCategoryKey()
1281 - ::getPreferredVariant()
1282 - ::getDefaultVariant()
1284 - ::getExtraHashOptions()
1285 - ::getParentLanguage()
1287 - ::getMessagesFileName()
1288 - ::getJsonMessagesFileName()
1289 - ::getFallbackFor()
1290 - ::getFallbacksFor()
1291 - ::getFallbacksIncludingSiteLanguage()
1292 - ::getMessagesFor()
1294 - ::getMessageKeysFor()
1295 - ::getConvRuleTitle()
1296 * The parameter noSeparators to Language::formatNum, deprecated since 1.36,
1297 has been removed. Use Language::formatNumNoSeparators instead.
1298 * The following methods in the ParserOutput class, deprecated since 1.38, have
1301 - ::addTrackingCategory()
1303 - ::getCategoryLinks()
1304 - ::getOutputHooks()
1307 - ::hasDynamicContent()
1308 - ::hideNewSection()
1309 - ::preventClickjacking()
1310 - ::setCategoryLinks()
1313 * OutputPage::allowClickjacking() and ::preventClickjacking(), deprecated
1314 since 1.38, have been removed.
1315 * ResourceFileCache has been removed without deprecation. There were no known
1316 uses outside of core.
1317 * Many LocalisationCache constants, properties and methods that have no known
1318 usage outside of the class have been made private without deprecation.
1319 * User::idFromName(), deprecated in 1.37, has been removed. Instead, you should
1320 use UserIdentityLookup::getUserIdentityByName().
1321 * User::incEditCount(), deprecated in 1.37, has been removed. Instead, use
1322 UserEditTracker::incrementUserEditCount().
1323 * Article::getTimestamp(), deprecated in 1.35, has been removed. Use WikiPage's
1324 or RevisionRecord's version of this method instead.
1325 * ActionFactory::actionExists(), deprecated since 1.38, has been dropped.
1326 * Action::exists(), deprecated since 1.38, has been dropped.
1327 * ContentHandler::getForTitle(), deprecated since 1.35, has been dropped.
1328 * LockManagerGroup::getDefault() and ::getAny(), deprecated since 1.35, have
1330 * BaseTemplate::getToolbox(), deprecated since 1.35, has been dropped. To add
1331 items to the toolbox, use the SidebarBeforeOutput hook. To get the toolbox,
1332 subclasses can use $this->data['sidebar']['TOOLBOX'].
1333 * IndexPager::getHookContainer(), deprecated since 1.40, has been removed. You
1334 should instead inject a HookContainer into your code.
1335 * Not specifying a manifest_version in your extension.json or skin.json file,
1336 deprecated since 1.26 and emitting warnings since 1.29, is no longer supported
1337 with a fallback; it will now have unspecified behaviour.
1338 * RecentChange::getEngine(), deprecated since 1.29, has been removed. Use
1339 RCFeed::factory() instead.
1340 * EditPage::showEditForm() no longer respects the $formCallback parameter, which
1341 was deprecated in 1.25. Use the EditPage::showEditForm:fields hook instead.
1342 * The following properties in EditPage, deprecated in 1.38, were made private:
1346 - $allowBlankArticle
1348 - $allowSelfRedirect
1353 * EditPage::addNewLineAtEnd(), deprecated since 1.38, was removed.
1354 * AuthManager::checkAccountCreatePermissions(), deprecated in 1.39, has been
1355 removed. Use authorizeCreateAccount() or probablyCanCreateAccount() instead.
1356 * LinkCache::addGoodLinkObj(), deprecated in 1.37, has been removed. You should
1357 use ::addGoodLinkObjFromRow().
1358 * Constructing TextConflictHelper without a ContentHandlerFactory, deprecated
1359 since 1.35, will now trigger a type error.
1360 * JobQueue::getWiki(), deprecated in 1.33, has been removed.
1361 * ManualLogEntry::setTags(), deprecated in 1.33, has been removed.
1362 * WikiPage::getDeletionUpdates(), deprecated in 1.37, has been removed.
1363 * ResourceLoader\Context::getConfig(), deprecated in 1.34, has been removed.
1364 * When creating a SearchUpdate instance, passing a non-Content string or Boolean
1365 as the $c parameter, deprecated since 1.34, will now trigger type errors.
1366 * SkinTemplate::getNameSpaceKey(), deprecated in 1.35, has been dropped. Instead
1367 you should use Title::getNamespaceKey().
1368 * The AddNewAccount hook, deprecated since 1.27, will now trigger deprecation
1369 warnings. You should use the LocalUserCreated hook instead.
1370 * The PrefixSearchBackend hook, deprecated since 1.27, will now trigger
1371 deprecation warnings. Override SearchEngine::completionSearchBackend instead.
1372 * PrefixSearch::validateNamespaces(), completely unused everywhere, has been
1373 removed without deprecation.
1374 * BaseTemplate::getTrail() and ::printTrail(), deprecated since 1.39, have been
1376 * Passing a second query parameter to Title::getFullURL(), Title::getLocalURL(),
1377 Title::getInternalURL(), or Title::getCanonicalURL(), each deprecated in 1.19,
1378 is now not supported. Pass it as a key,value pair in the first parameter array
1380 * Title::getBacklinkCache(), deprecated since 1.37, has been dropped. Instead,
1381 use BacklinkCacheFactory::getBacklinkCache().
1382 * Title::newFromIDs and TitleFactory::newFromIDs, deprecated in 1.38, have been
1383 dropped; use a PageStore QueryBuilder instead.
1384 * Title::getSelectFields(), deprecated since 1.36, has been dropped. You can use
1385 PageStore::newSelectQueryBuilder() instead.
1386 * Title::getTouched() will now trigger an error if you pass it an instance of
1387 IDatabase rather than a READ_XXX constant. This legacy behaviour has been
1388 deprecated since 1.38.
1389 * User::getGroupPermissions(), getGroupsWithPermission() & groupHasPermission(),
1390 all of which were deprecated since 1.34, have been removed. Instead, use the
1391 GroupPermissionsLookup service.
1392 * Similarly, PermissionManager::getGroupPermissions(), getGroupsWithPermission()
1393 & groupHasPermission(), all of which were deprecated since 1.36, have also
1394 been removed. Instead, use the GroupPermissionsLookup service.
1395 * The following old, deprecated aliases for classes in the RDBMS layer, have now
1397 - DBConnRef (use Wikimedia\Rdbms\DBConnRef)
1398 - Database (use Wikimedia\Rdbms\Database)
1399 - DatabaseBase (use Wikimedia\Rdbms\Database)
1400 - DatabaseMysqlBase (use Wikimedia\Rdbms\DatabaseMySQL)
1401 - DatabaseMysqli (use Wikimedia\Rdbms\DatabaseMySQL)
1402 - DatabasePostgres (use Wikimedia\Rdbms\DatabasePostgres)
1403 - DatabaseSqlite (use Wikimedia\Rdbms\DatabaseSqlite)
1404 - IDatabase (use Wikimedia\Rdbms\IDatabase)
1405 - FakeResultWrapper (use Wikimedia\Rdbms\FakeResultWrapper)
1406 - ResultWrapper (use Wikimedia\Rdbms\ResultWrapper)
1407 * The following old, deprecated aliases for classes have now been removed:
1408 - MediaWiki\Rest\Handler\HtmlInputTransformHelper
1409 - MediaWiki\Rest\Handler\HtmlMessageOutputHelper
1410 - MediaWiki\Rest\Handler\HtmlOutputRendererHelper
1411 - MediaWiki\Rest\Handler\PageContentHelper
1412 - MediaWiki\Rest\Handler\PageRestHelperFactory
1413 - MediaWiki\Rest\Handler\ParsoidFormatHelper
1414 - MediaWiki\Rest\Handler\RevisionContentHelper
1415 (use the classes from namespace MediaWiki\Rest\Handler\Helper)
1416 - SearchNearMatcher (use MediaWiki\Search\TitleMatcher)
1417 * $CHANGEDORCREATED argument of 'enotif_body' message was removed.
1418 It wasn't used in the default messages since 1.21.
1419 * The AbstractBlock and DatabaseBlock public properties mExpiry, mHideName,
1420 mTimestamp, mAuto and mParentBlockId, deprecated since 1.34, have been
1422 * WikiPage::doDeleteUpdates() and ::getDeletionUpdates(), deprecated in 1.37,
1424 * The User public properties mOptions, mBlock, mBlockedby and mHideName,
1425 deprecated since 1.35, were removed.
1426 * User::CHECK_USER_RIGHTS and User::IGNORE_USER_RIGHTS were removed. They were
1427 flags passed to methods which were previously removed.
1428 * All public properties of LinksUpdate, deprecated in 1.38, were removed.
1429 * The class Wikimedia\Rdbms\MySQLMasterPos, deprecated in 1.37, has been
1430 removed. Use Wikimedia\Rdbms\MySQLPrimaryPos instead.
1431 * The class GetBlockErrorMessageKey, deprecated in 1.40, has been removed.
1432 * The ability to set Parser::mTitle to null, deprecated in 1.34, was removed.
1433 * The following MagicWord methods have been removed without deprecation. There
1436 - ::compareStringLength
1437 - ::getVariableRegex
1438 - ::getVariableStartToEndRegex
1441 - ::matchVariableStartToEnd
1442 - ::pregRemoveAndRecord
1443 - ::substituteCallback
1444 * The following MagicWordArray methods have been removed or made private without
1445 deprecation. There were no known uses outside of the class.
1447 - ::getRegex, already marked as @internal, now private
1448 - ::getRegexStart, already marked as @internal, now private
1449 - ::getVariableRegex, deprecated since 1.36
1450 - ::getVariableStartToEndRegex, already marked as @internal, now private
1451 - ::parseMatch, now private
1452 * AbstractContent::getRedirectChain() and ::getUltimateRedirectTarget(), both
1453 deprecated in 1.38, have been removed.
1455 === Deprecations in 1.41 ===
1456 * The MessageCache::get hook is deprecated for performance reasons. Use
1457 MessageCacheFetchOverrides instead.
1458 * EtcdConfig::setLogger() is deprecated as it was unused and could not be
1459 used correctly. As a standalone class, its warnings now surface
1460 unconditionally via the native PHP error log.
1461 * The interface for hook ParserModifyImageHTML have been renamed from
1462 ParserModifyImageHTML to ParserModifyImageHTMLHook,
1463 the old name is deprecated.
1464 * (T178356) The es6-polyfills module is deprecated and is now a no-op.
1465 * SerializedValueContainer::newUnified() is unused and now emits deprecation
1467 * Profiler::setProfileID() and ::getAllowOutput() are now deprecated and also
1468 emit deprecation warnings. For ::setProfileID(), override the related class
1469 member directly in sub-class.
1470 * (T166010) All PHP code in MediaWiki is slowly being moved to be in a class
1471 namespace as appropriate, so that we can use PSR-4 auto-loading, which will
1472 speed up general code loading of MediaWiki. The old global namespace class
1473 names are being left behind as deprecated aliases.
1475 In this release of MediaWiki, 1661 classes now have a namespace and 972 do
1476 not yet (63% done, up from 54% in MediaWiki 1.40.0). The following have newly
1483 - EtcdConfigParseError
1489 - MediaWiki\EventRelayer:
1493 - MediaWiki\Installer:
1503 - AllMessagesTablePager
1508 - DeletedContribsPager
1518 - ProtectedPagesPager
1519 - ProtectedTitlesPager
1520 - RangeChronologicalPager
1521 - ReverseChronologicalPager
1526 - MediaWiki\Request:
1529 - MediaWiki\SiteStats:
1532 - MediaWiki\Specials:
1533 - SpecialActiveUsers
1534 - SpecialAllMessages
1535 - SpecialAncientPages
1538 - SpecialAutoblockList
1542 - SpecialBookSources
1543 - SpecialBotPasswords
1544 - SpecialBrokenRedirects
1546 - SpecialChangeContentModel
1547 - SpecialChangeCredentials
1548 - SpecialChangeEmail
1549 - SpecialChangePassword
1550 - SpecialComparePages
1551 - SpecialConfirmEmail
1553 - SpecialContributions
1554 - SpecialCreateAccount
1555 - SpecialDeadendPages
1557 - SpecialDeletedContributions
1559 - SpecialDoubleRedirects
1562 - SpecialEditWatchlist
1563 - SpecialEmailInvalidate
1565 - SpecialExpandTemplates
1567 - SpecialFewestRevisions
1568 - SpecialFileDuplicateSearch
1570 - SpecialGoToInterwiki
1572 - SpecialJavaScriptTest
1573 - SpecialLinkAccounts
1575 - SpecialListDuplicatedFiles
1578 - SpecialListGroupRights
1579 - SpecialListRedirects
1583 - SpecialLonelyPages
1586 - SpecialMediaStatistics
1587 - SpecialMergeHistory
1588 - SpecialMostCategories
1589 - SpecialMostInterwikis
1591 - SpecialMostLinkedCategories
1592 - SpecialMostLinkedTemplates
1593 - SpecialMostRevisions
1597 - SpecialNewPages (and capitalisation corrected)
1600 - SpecialPageHistory
1602 - SpecialPageLanguage
1603 - SpecialPagesWithProp
1604 - SpecialPasswordPolicies
1605 - SpecialPasswordReset
1606 - SpecialPermanentLink
1607 - SpecialPreferences
1608 - SpecialPrefixIndex (and capitalisation corrected)
1609 - SpecialProtectedPages (and capitalisation corrected)
1610 - SpecialProtectedTitles (and capitalisation corrected)
1611 - SpecialProtectPage
1613 - SpecialRandomInCategory
1615 - SpecialRandomRedirect
1616 - SpecialRandomRootPage
1617 - SpecialRecentChanges
1618 - SpecialRecentChangesLinked
1620 - SpecialRedirectToSpecial
1621 - SpecialRemoveCredentials
1622 - SpecialRenameUser (and capitalisation corrected)
1623 - SpecialResetTokens
1624 - SpecialRevisionDelete
1628 - SpecialSpecialPages (and capitalisation corrected)
1631 - SpecialTrackingCategories
1633 - SpecialUncategorizedCategories
1634 - SpecialUncategorizedImages
1635 - SpecialUncategorizedPages
1636 - SpecialUncategorizedTemplates
1638 - SpecialUnlinkAccounts
1640 - SpecialUnusedCategories
1641 - SpecialUnusedImages
1642 - SpecialUnusedTemplates
1643 - SpecialUnwatchedPages
1645 - SpecialUploadStash
1649 - SpecialWantedCategories
1650 - SpecialWantedTemplates
1652 - SpecialWhatLinksHere
1653 - SpecialWithoutInterwiki
1654 - MediaWiki\Specials\Redirects:
1655 - SpecialAllMyUploads
1658 - SpecialMycontributions
1663 - MediaWiki\SpecialPage:
1664 - AuthManagerSpecialPage
1665 - ChangesListSpecialPage
1666 - DisabledSpecialPage
1669 - IncludableSpecialPage
1670 - LoginSignupSpecialPage
1673 - RedirectSpecialArticle
1674 - RedirectSpecialPage
1676 - SpecialRedirectToSpecial
1677 - SpecialRedirectWithAction
1678 - UnlistedSpecialPage
1684 - ForeignTitleFactory
1685 - ImportTitleFactory
1686 - MalformedTitleException
1687 - MediaWikiTitleCodec
1688 - NaiveForeignTitleFactory
1689 - NaiveImportTitleFactory
1690 - NamespaceAwareForeignTitleFactory
1691 - NamespaceImportTitleFactory
1693 - SubpageImportTitleFactory
1700 - LoggedOutEditToken
1704 - UserArrayFromResult
1705 - UserGroupMembership
1707 - MediaWiki\User\CentralId:
1713 - ExtensionInfo (previously under MediaWiki\ExtensionInfo)
1715 - ConfiguredReadOnlyMode
1717 * Various mediawiki.ui variables have been deprecated in favor of
1718 'mediawiki.skin.variables.less' Codex design tokens featuring replacements.
1719 * Hook handlers must now be specified either as a PHP callable, or as a PHP
1720 object that has a method matching the hook name. Other ways to specify
1721 the handler are deprecated and will soon be removed. Deprecated ways to
1722 specify a hook handler include callables wrapped in an array. Handlers
1723 defined using a "HookHandlers" entry in extension.json are not affected.
1724 * TitleArray::newFromResult() has been deprecated and now emits deprecation
1725 warnings, use TitleArrayFromResults instead.
1726 * The MediaWikiIntegrationTestCase::$users has been deprecated. Use Authority
1727 if possible, or call ::getTestUser() or ::getTestSysop() directly.
1728 * WebRequest::isSafeRequest() and ::markAsSafeRequest() has been deprecated
1729 and now emits deprecation warnings. Use ::hasSafeMethod() instead.
1730 * The tests/phpunit/phpunit.php entrypoint has been deprecated. PHPUnit
1731 tests should be run with composer, for example with the
1732 `composer phpunit:entrypoint` command.
1733 * The unnamespace UserNamePrefixSearch class, deprecated in 1.36, now emits
1734 deprecation warnings. Use the MediaWiki\User\UserNamePrefixSearch service.
1735 * The jquery.cookie ResourceLoader module has been merged into the existing
1736 mediawiki.cookie module; jquery.cookie remains but is deprecated.
1737 * Passing a database to DatabaseBlockStore::insertBlock() is deprecated.
1738 DatabaseBlockStoreFactory should be used to fetch a correct
1739 DatabaseBlockStore instead.
1740 * The global function wfGetLangObj is deprecated and emits deprecation
1741 warnings. Use MediaWiki\Languages\LanguageFactory::getLanguage instead.
1742 * The SwiftVirtualRESTService class is deprecated in 1.41 and now emits
1743 deprecation warnings.
1744 * SqlBagOStuff::expireAll() is deprecated and now emits deprecation warnings,
1745 use SqlBagOStuff::deleteObjectsExpiringBefore() instead.
1746 * SqlBagOStuff::deleteAll() is deprecated and now emits deprecation warnings.
1747 * Passing an actor id to the UserIdentityValue constructor is now emits
1748 deprecation warnings, it is deprecated since 1.36.
1749 * UserGroupMembership::getGroupName(), deprecated in 1.38, and
1750 UserGroupMembership::getGroupMemberName(), deprecated in 1.40, now emit
1751 deprecation warnings.
1752 * UserGroupMembership::getLink() has been deprecated in favour of
1753 ::getLinkHTML() and ::getLinkWiki().
1754 * Linker::formatComment(), ::formatLinksInComment(), ::commentBlock() and
1755 ::revComment(), deprecated in 1.38, now emit deprecation warnings.
1756 * PageArchive::listRevisions(), ::getRevisionRecordByTimestamp(),
1757 ::getArchivedRevisionRecord(), ::getPreviousRevisionRecord(),
1758 ::getLastRevisionId() and ::isDeleted(), deprecated in 1.38,
1759 now emit deprecation warnings.
1760 * SearchResultThumbnail::getSize() has been deprecated to be dropped in the
1761 future as it is resource intensive and degrades performance.
1762 * The EmailUserPermissionsErrors and UserCanSendEmail hooks have been
1763 deprecated in favour of the EmailUserAuthorizeSend hook.
1764 * The EmailUser hook has been deprecated in favour of the EmailUserSendEmail
1766 * The InterwikiLoadPrefix hook now emits deprecation warnings. Resetting the
1767 $wgInterwikiCache setting instead.
1768 * SiteConfiguration::getConfig() now emits deprecation warnings, Use ::get()
1770 * SiteConfiguration::extractVar() and ::extractGlobal() have been deprecated
1771 and also emit deprecation warnings.
1772 * JobQueueGroup::waitForBackups() is deprecated. JobQueue::waitForBackups()
1773 should be used instead.
1774 * Hooks::isRegistered(), ::getHandlers(), ::run() and ::runWithoutAbort(),
1775 deprecated in 1.35, now emit deprecation warnings.
1776 * VirtualRESTService class and its subclasses now emit deprecation warnings
1777 in 1.41 and as a replacement we can use MultiHttpClient.
1778 * Calling the MediaWikiServices::getVirtualRESTServiceClient() function
1779 which creates the VirtualRESTServiceClient now emits deprecation warnings.
1780 * Language::getMessage and Language::getAllMessages are deprecated. Use
1781 LocalisationCache or MessageCache as appropriate.
1782 * VirtualRESTService class is deprecated in 1.41 and as a replacement
1783 we can use MultiHttpClient.
1784 * MediaWikiServices::getConfiguredReadOnlyMode() is deprecated. Use
1785 ::getReadOnlyMode() instead. ReadOnlyMode::getConfiguredReason()
1786 and ::isConfiguredReadOnly() has been added to support that.
1787 * UploadBase::isThrottled() has been deprecated and is emitting deprecation
1788 warnings. Rate limits are enforced by UploadBase::verifyTitlePermissions(),
1789 since rate limit checks are now implicit in permission checks.
1790 * JobSpecification::toSerializableArray() now emits deprecation warnings.
1791 * The following skin methods were deprecated:
1792 - Skin::makeSpecialUrl (use Title or Special class instead)
1793 - Skin::makeSpecialUrlSubpage (use Title or Special class instead)
1794 * mw.jqueryMsg.parser, deprecated in 1.31, now emits deprecation warnings.
1795 * ResourceLoader (T127268): The targets system is deprecated. Modules that
1796 have been marked as desktop or mobile only are no longer supported and
1797 will send deprecation warnings.
1798 * TextSlotDiffRenderer::setLanguage() is deprecated, and calling it will
1799 have no effect. Use ContentHandler::getSlotDiffRenderer(), or in subclasses,
1800 ContentHandler::createTextSlotDiffRenderer(), to correctly inject
1801 dependencies into TextSlotDiffRenderer.
1802 * The static methods encodeJsVar() and encodeJsCall() have been moved from the
1803 Xml class to the more appropriate MediaWiki\Html\Html one, and the old ones
1805 * Some work to rename classes was done in previous releases, but the renaming
1806 was not noted at the time. The old aliases work for now but are deprecated;
1807 this is now explicitly noted:
1809 - Category -> MediaWiki\Category\Category
1810 - CategoriesRdf -> MediaWiki\Category\CategoriesRdf
1811 - CategoryViewer -> MediaWiki\Category\CategoryViewer
1812 - TrackingCategories -> MediaWiki\Category\TrackingCategories
1813 - CommentStore -> MediaWiki\CommentStore\CommentStore
1814 - CommentStoreComment -> MediaWiki\CommentStore\CommentStoreComment
1815 - EditPage -> MediaWiki\EditPage\EditPage
1816 - TemplatesOnThisPageFormatter
1817 -> MediaWiki\EditPage\TemplatesOnThisPageFormatter
1818 - LinkFilter -> MediaWiki\ExternalLinks\LinkFilter
1819 - AtomFeed -> MediaWiki\Feed\AtomFeed
1820 - ChannelFeed -> MediaWiki\Feed\ChannelFeed
1821 - FeedItem -> MediaWiki\Feed\FeedItem
1822 - FeedUtils -> MediaWiki\Feed\FeedUtils
1823 - RSSFeed -> MediaWiki\Feed\RSSFeed
1824 - Html -> MediaWiki\Html\Html
1825 - FormOptions -> MediaWiki\Html\FormOptions
1826 - HtmlHelper -> MediaWiki\Html\HtmlHelper
1827 - ListToggle -> MediaWiki\Html\ListToggle
1828 - TemplateParser -> MediaWiki\Html\TemplateParser
1829 - RawMessage -> MediaWiki\Language\RawMessage
1830 - FileDeleteForm -> MediaWiki\Page\File\FileDeleteForm
1831 - MergeHistory -> MediaWiki\Page\File\MergeHistory
1832 - MovePage -> MediaWiki\Page\File\MovePage
1833 - ProtectionForm -> MediaWiki\Page\File\ProtectionForm
1834 - MediaWiki\BadFileLookup -> MediaWiki\Page\File\BadFileLookup
1835 - PageProps -> MediaWiki\Page\PageProps
1836 - MagicWord -> MediaWiki\Parser\MagicWord
1837 - MagicWordArray -> MediaWiki\Parser\MagicWordArray
1838 - MagicWordFactory -> MediaWiki\Parser\MagicWordFactory
1839 - Linker -> MediaWiki\Linker\Linker
1840 - DummyLinker -> MediaWiki\Linker\DummyLinker
1841 - ForkController -> MediaWiki\Maintenance\ForkController
1842 - OrderedStreamingForkController
1843 -> MediaWiki\Maintenance\OrderedStreamingForkController
1844 - ContentSecurityPolicy -> MediaWiki\Request\ContentSecurityPolicy
1845 - DerivativeRequest -> MediaWiki\Request\DerivativeRequest
1846 - FauxRequest -> MediaWiki\Request\FauxRequest
1847 - FauxRequestUpload -> MediaWiki\Request\FauxRequestUpload
1848 - PathRouter -> MediaWiki\Request\PathRouter
1849 - WebRequestUpload -> MediaWiki\Request\WebRequestUpload
1850 - FauxResponse -> MediaWiki\Request\FauxResponse
1851 - WebResponse -> MediaWiki\Request\WebResponse
1852 - MediaWiki\HeaderCallback -> MediaWiki\Request\HeaderCallback
1853 - StubObject -> MediaWiki\StubObject\StubObject
1854 - DeprecatedGlobal -> MediaWiki\StubObject\DeprecatedGlobal
1855 - StubGlobalUser -> MediaWiki\StubObject\StubGlobalUser
1856 - StubUserLang -> MediaWiki\StubObject\StubUserLang
1857 - Title -> MediaWiki\Title\Title
1858 - TitleArray -> MediaWiki\Title\TitleArray
1859 - TitleArrayFromResult -> MediaWiki\Title\TitleArrayFromResult
1860 - TitleFactory -> MediaWiki\Title\TitleFactory
1861 - ActorMigration -> MediaWiki\User\ActorMigration
1862 - ActorMigrationBase -> MediaWiki\User\ActorMigrationBase
1863 - WikiMap -> MediaWiki\WikiMap\WikiMap
1864 - WikiReference -> MediaWiki\WikiMap\WikiReference
1866 - ResourceLoader -> MediaWiki\ResourceLoader\ResourceLoader
1868 - IMaintainableDatabase -> Wikimedia\Rdbms\IMaintainableDatabase
1869 * The WebRequest::getRequestId() and WebRequest::overrideRequestId() are
1870 deprecated. Use methods from MediaWiki\Http\Telemetry class instead.
1871 * The XmlJsCode wrapper class has been renamed to MediaWiki\Html\HtmlJsCode,
1872 and the old name is now deprecated.
1873 * The use of non-serializable arguments to ParserOutput::addWarningMsg() has
1874 been deprecated and will emit deprecation warnings.
1875 * Class UserRightsProxy, deprecated since 1.38, now emits
1876 deprecation warnings from its factory functions.
1877 * MediaWiki\ResourceLoader\Module::getDeprecationInformation() is deprecated.
1878 Use ::getDeprecationWarning() instead.
1879 * Passing a Message to OutputPage::setPageTitle() is deprecated.
1880 Use ::setPageTitleMsg() instead (which escapes HTML metacharacters).
1881 * Passing arguments to OutputPage::prepareErrorPage() is deprecated.
1882 Use explicit calls to OutputPage::setPageTitleMsg() and ::setHTMLTitle()
1884 * Returning a string from Action::getPageTitle() is deprecated;
1885 return a Message instead, which will be formatted using FORMAT_ESCAPED.
1886 * Returning a string from SpecialPage::getDescription() is deprecated;
1887 return a Message instead, which will be formatted using FORMAT_ESCAPED.
1888 * MediaWiki\Block\AbstractBlock::getReason(), deprecated since 1.35, now emits
1889 deprecation warnings. Use ::getReasonComment() instead.
1890 * User::getGroups(), ::addGroup(), ::removeGroup(), ::getGroupMemberships(),
1891 ::getAllGroups(), ::getImplicitGroups(), deprecated since 1.35, now emit
1892 deprecation warnings.
1893 * The global function wfReportTime(), deprecated since 1.40, now emits
1894 deprecation warnings. The SkinTemplate parameter 'reporttime' is deprecated.
1895 * RevisionStore::getQueryInfo() and RevisionFactory::getQueryInfo() have been
1896 deprecated. Use ::newSelectQueryBuilder() instead.
1897 * Following methods in rdbms library have been made internal:
1898 - IDatabase::getLBInfo()
1899 - IDatabase::setLBInfo()
1900 - IDatabase::insert() Use InsertQueryBuilder instead.
1901 - IDatabase::update() Use UpdateQueryBuilder instead.
1902 - IDatabase::replace() Use ReplaceQueryBuilder instead.
1903 - IDatabase::upsert() Use InsertQueryBuilder instead.
1904 - IDatabase::delete() Use DeleteQueryBuilder instead.
1905 - IReadableDatabase::selectField() Use SelectQueryBuilder instead.
1906 - IReadableDatabase::selectFieldValues() Use SelectQueryBuilder instead.
1907 - IReadableDatabase::select() Use SelectQueryBuilder instead.
1908 - IReadableDatabase::selectRow() Use SelectQueryBuilder instead.
1909 - IReadableDatabase::estimateRowCount() Use SelectQueryBuilder instead.
1910 - IReadableDatabase::selectRowCount() Use SelectQueryBuilder instead.
1911 - ISQLPlatform::unionQueries() Use UnionQueryBuilder instead.
1912 * The core Wikimedia\Rdbms\DatabaseMysqlBase class has been renamed to reflect
1913 the earlier merger of Mysqli into it; it's now Wikimedia\Rdbms\DatabaseMySQL.
1914 * The following methods in SpecialEmailUser have been deprecated:
1915 - SpecialEmailUser::validateTarget(), use EmailUser::validateTarget()
1916 - SpecialEmailUser::getPermissionsError(), use EmailUser::canSend() or
1917 EmailUser::authorizeSend()
1918 - SpecialEmailUser::submit(), use EmailUser::sendEmailUnsafe()
1919 * User::isBlockedFromEmailuser() has been deprecated. EmailUser::canSend()
1920 checks blocks amongst other things. If you only need this check, use
1921 User::getBlock()->appliesToRight( 'sendemail' ).
1922 * User::canSendEmail() has been deprecated. Use EmailUser::canSend() instead.
1923 * The following methods, previously deprecated, now emit deprecation warnings:
1924 - ConfigFactory::getDefaultInstance(), deprecated since 1.27
1925 - AbstractContent::getNativeData(), deprecated since 1.33
1926 - TablePager::getBody(), deprecated since 1.24
1927 - ContentHandler::getSlotDiffRendererInternal(), deprecated since 1.35
1928 - ParserOutput::getCategories(), deprecated since 1.40
1929 - PasswordFactory::init(), deprecated since 1.32
1930 * WikitextContent::getRedirectTargetAndText has been deprecated, use
1931 WikitextContentHandler::extractRedirectTargetAndText instead.
1932 * WikiPage::doDeleteArticleBatched, deprecated in 1.37, now emits deprecation
1934 * WikiPage::getPageIsRedirectField() is now deprecated.
1935 * WikiPage::insertRedirect() is now deprecated.
1936 * Parser::getFreshParser(), deprecated since 1.39, now emits deprecation
1938 * The legacy MediaWiki UI ResourceLoader modules, such as `mediawiki.ui`, are
1939 all now emitting deprecation warnings in the JavaScript console. Please use
1940 Codex CSS components instead.
1941 * Article::getRedirectHeaderHtml() has been deprecated and emits deprecation
1942 warnings, use LinkRenderer::makeRedirectHeader() instead.
1943 * SpecialBlock::getTargetAndType(), deprecated since 1.36, now emits deprecation
1945 * ApiBase::checkTitleUserPermissions() now type-forces a PageIdentity instead of
1946 a LinkTarget. Passing a LinkTarget has been deprecated since 1.36.
1947 * Passing a User to ApiBase::checkUserRightsAny() in the second parameter, which
1948 was deprecated in 1.36, is no longer read. Instead, it will use the request
1949 context's set Authority via IContextSource::getAuthority().
1950 * Sanitizer::escapeIdReferenceList(), deprecated since 1.36, has been dropped.
1951 * RecentChange::getPerformer(), deprecated since 1.36, has been dropped.
1952 * SpecialPage::getLanguageConverter(), deprecated since 1.36, has been dropped.
1953 Use LanguageConverterFactory::getLanguageConverter() directly.
1954 * SpecialBlock::checkUnblockSelf(), deprecated since 1.36, has been dropped. Use
1955 BlockPermissionChecker instead.
1956 * DifferenceEngine::localiseLineNumbers() has been deprecated in favor of
1957 BaseTextDiffer::localizeLineNumbers(). Subclasses such as PhpTextDiffer may
1958 make this available via a ::localize() method.
1959 * ChangeTags::modifyDisplayQuery() and ChangeTagsStore::modifyDisplayQuery()
1960 have been deprecated in favor of ChangeTagsStore::modifyDisplayQueryBuilder()
1961 * Calling SpecialRandomPage::__construct without services as parameters is
1962 deprecated and emit deprecation warnings.
1964 === Other changes in 1.41 ===
1965 * ExternalLinksLookup::getExternalLinksForPage() now exists to centralize
1966 logic of looking up externallinks rows.
1967 * The update script no longer accepts the --skip-compat-checks option.
1968 * Use of the deprecated "Pragma: no-cache" HTTP response header on uncachable
1969 responses has been removed in favour of "Cache-Control: no-cache" (T345420).
1970 * Type hints were added to:
1971 - The return value of WebRequest:: and DerivativeRequest::getSession()
1972 - The return value of WebRequest:: and DerivativeRequest::getIP()
1973 - The return value of User::getTitleKey()
1974 - The return value of User::getRequest()
1975 - The `$key` parameter to Skin::normalizeKey()
1976 None of the methods whose return value was updated belongs to a class
1977 stable to extend, and adding type hints to parameters is backwards
1978 compatible. Therefore, this is not considered a breaking change.
1979 * The mergeMessageFileList script now only works for extensions and skins
1980 supporting extension registration (using extension.json or skin.json).
1981 It will no longer attempt to load PHP entry points.
1982 * Parser will no longer fall back to $wgTitle if a null is provided as a
1983 Title or PageReference. To change the relevant title used for methods
1984 that do not offer an option to set the page, call Parser::setPage.
1985 This affects the methods cleanSig, getSection and replaceSection.
1986 * (T347726, CVE-2023-51704) SECURITY: logging: Fix non-escaped messages
1991 MediaWiki 1.41 requires PHP 7.4.3 or later and the following PHP extensions:
2002 MariaDB is the recommended database software. MySQL, PostgreSQL, or SQLite can
2003 be used instead, but support for them is somewhat less mature.
2005 The supported versions are:
2007 * MariaDB 10.3 or higher
2008 * MySQL 5.7.0 or higher
2009 * PostgreSQL 10 or later
2010 * SQLite 3.8.0 or later
2012 == Online documentation ==
2013 Documentation for both end-users and site administrators is available on
2014 MediaWiki.org, and is covered under the GNU Free Documentation License (except
2015 for pages that explicitly state that their contents are in the public domain):
2017 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
2020 A mailing list is available for MediaWiki user support and discussion:
2022 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
2024 A low-traffic announcements-only list is also available:
2026 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
2028 It's highly recommended that you sign up for one of these lists if you're
2029 going to run a public MediaWiki, so you can be notified of security fixes.
2032 There's usually someone online in #mediawiki on irc.libera.chat.
2036 PHP 8.0 workboard: https://phabricator.wikimedia.org/tag/php_8.0_support/
2037 PHP 8.1 workboard: https://phabricator.wikimedia.org/tag/php_8.1_support/
2038 PHP 8.2 workboard: https://phabricator.wikimedia.org/tag/php_8.2_support/
2039 PHP 8.3 workboard: https://phabricator.wikimedia.org/tag/php_8.3_support/
2041 == MediaWiki 1.40.4 ==
2043 This is a maintenance release of the MediaWiki 1.41 branch.
2045 === Changes since MediaWiki 1.40.3 ===
2046 * Localisation updates.
2047 * tests: Skip failing tests on php8.2 (and make pass).
2048 * (T326480) ApiResult: Make array ordering consistent across PHP versions.
2049 * (T352789, T287972) build: Raise TestingAccessWrapper from 2.0.0 to 3.0.0.
2050 * (T326478) tests: Create new classes to hold dynamic properties in auth tests.
2051 * (T326478) tests: Avoid dynamic properties in AuthenticationProvider Test.
2052 * tests: Skip failing tests on php8.3 (and make pass).
2053 * (T326466) Introduce and use DynamicPropertyTestHelper.
2054 * (T352910) tests: Use TestingAccessWrapper::newFromClass in session tests.
2055 * (T326478) tests: Avoid dynamic properties in SessionManagerTest.
2056 * ArticleTest: Skip testGetOrSetOnNewProperty() if PHP >= 8.2.
2057 * (T326478) tests: Avoid dynamic properties in auth tests.
2058 * tests: Remove dead code from WikiPageDbTest::assertPreparedEditNotEquals.
2059 * (T326479, T361985) StatusValue: Allow passing arbitrary data to augment
2061 * (T357760) Use i18n strings for truncated subpage message in SpecialMovePage.
2062 * debug: Update PsySH 0.11.1 -> 0.12.3.
2063 * (T361991) Fix slash-delimited regex from CLI on maintenence/grep.php.
2064 * (T352695) tests: Only set $dbSetup if setupTestDB() ends without throwing.
2065 * (T362272) api: Replace null $httpCode by 0 in ApiBase::dieWithErrorOrDebug.
2066 * (T150647, T216682) Make EncryptedPassword work with Argon2Password.
2067 * (T364270) Fix long param names overlapping docs in API help pages.
2068 * wrapOldPasswords: Improve progress output and decrease batch size.
2069 * (T361367) ApiFeedWatchlist: Fix handling of array parameters.
2070 * (T366130) EncryptedPassword: Store default parameters as strings.
2071 * Name the PagerTools array entries to allow hooks to unset them.
2072 * (T302186) Add title cache for Title::newMainPage().
2074 == MediaWiki 1.40.3 ==
2076 This is a security and maintenance release of the MediaWiki 1.40 branch.
2078 === Changes since MediaWiki 1.40.2 ===
2079 * Localisation updates.
2080 * (T296896) CategoryViewer::getSectionPagingLinks: Fix null array offset
2082 * CategoryViewer: Fix "count(): Argument #1 ($value) must be of type
2083 Countable|array, null given".
2084 * (T334992) Headings in the license pickers should not be selected.
2085 * (T353929) ActiveUsersPager: Count actions only once.
2086 * composer: Use @php instead of php.
2087 * (T326065) Indent JsonContent using tabs.
2088 * (T309714, T354274) mime: Add support for 'font/woff' and 'font/woff2' mime
2090 * (T353644) Update wikimedia/parsoid to 0.17.3.
2091 * (T354541) authmanager: Improve AuthenticationRequest docs.
2092 * (T330428) ForeignResourceManager: Add trailing newline in validateLicense.
2093 * (T355017) Add missing space in Special:RecentChangesLinked.
2094 * (T355003) composer.json Add ext-bcmath and ext-gmp to suggests.
2095 * PHPVersionCheck: Update text to match currently supported upstream PHP
2097 * (T354045) API: mark HTML output as non-cacheable.
2098 * (T355530) filerepo: Fix img_major_mime for files with a non-standard
2100 * (T355530) MimeAnalyzer: Add @since to isValidMajorMimeType.
2101 * (T352554) ZhConverter: Fix language variant fallback chain.
2102 * (T357668) Parser::getExternalLinkAttribs: Don't set rel attribute to null.
2103 * LockManagerGroupIntegrationTest: Remove test depending on DBLockManager.
2104 * (T357808) LinkRendererTest: Add missing import for LinkTarget.
2105 * (T353305) ApiResetPassword: Allow both user and email parameters to be passed
2107 * (T358949) updateCollation: Explicitly cast $scale to int.
2108 * (T359055) api: Improve linking of language codes lists in top level i18n
2110 * (T359294) Make sure MovePage::isValidFileMove matches UploadBase::getTitle.
2111 * (T230245) Respect $maxConcurrency when queuing async FileOps.
2112 * (T352554) Follow-up "ZhConverter: Fix language variant fallback chain".
2113 * (T359139) Restore ability to disable footer links with "-".
2114 * (T292237, T317451) build: Restore Doxygen output for MediaWiki release tags.
2115 * (T324903) HistoryPager: Add #[AllowDynamicProperties].
2116 * (T360850) Update Apache config syntax in .htaccess files.
2117 * (T309714) mime: Make test cases use data provider.
2118 * (T317489, T319202) Mark some parserTests on talk pages Parsoid only on
2120 * Update wikimedia/parsoid to 0.17.4.
2121 * docs: Remove use of $IP from mwdocgen.php.
2122 * (T317451) build: Restore Doxygen output for MediaWiki release tags (take 3).
2123 * docs: Set stable permalink on markdown files.
2124 * (T357019) allow maintenance/deleteBatch.php to accept page ID.
2125 * (T355538, CVE-2024-34507) SECURITY: XSS in edit summary parser.
2126 * (T357760, CVE-2024-34506) SECURITY: Denial of service vector via GET request
2127 to Special:MovePage on pages with thousands of subpages.
2129 == MediaWiki 1.40.2 ==
2131 This is a security and maintenance release of the MediaWiki 1.40 branch.
2133 === Changes since MediaWiki 1.40.1 ===
2134 * Localisation updates.
2135 * Updated symfony/polyfill-php80 from 1.27.0 to 1.28.0.
2136 * Updated symfony/polyfill-php81 from 1.27.0 to 1.28.0.
2137 * (T344912) mail: Encode period (ascii 46) if it appears in encoded email
2139 * Added symfony/polyfill-php82.
2140 * Added symfony/polyfill-php83.
2141 * Updated symfony/yaml from 5.4.17 to 5.4.23.
2142 * Updated wikimedia/timestamp from 4.1.0 to 4.1.1.
2143 * tests: Provide coverage for StatusValue::__toString.
2144 * StatusValue: Improve logging/debug output with multibyte characters.
2145 * (T347726, CVE-2023-51704) SECURITY: logging: Fix non-escaped messages
2147 * Updated wikimedia/parsoid from 0.17.0 to 0.17.1.
2148 * (T229992) LocalisationCache: Preserve fallback source language info.
2149 * (T340840) Title: Check local fallbacks for system message.
2150 * (T346332) Installer: Make Minerva works correctly for $wgDefaultSkin.
2151 * specials: Use options-messages on Special:RevisionDelete.
2152 * Fix use of buildComparison() in uppercaseTitlesForUnicodeTransition.php.
2153 * (T275085) Fix logging Status objects to 'authevents' channel.
2154 * (T341310) DEVELOPERS.md: mention git clone and WSL.
2155 * (T351758) DEVELOPERS.md: reword WSL instructions to include best practices.
2156 * (T350615) PoolCounterConnectionManager: Add support for ipv6.
2157 * ParsoidCachePrewarmJob::newSpec() now requires a PageRecord as the second
2158 parameter instead of a page ID.
2159 * (T341123) ParsoidCachePrewarmJob: enable deduplication.
2160 * (T349115) LocalisationCache: Fix a rare case in fallback source language.
2161 * (T351848) language: Avoid multiple signs in Language::userAdjust.
2162 * SwiftFileBackend: Fix "PHP Deprecated: strlen(): Passing null to parameter #1
2163 ($string) of type string is deprecated".
2164 * maintenance: Add missing parenthesis to SQL in attachLatest.php.
2165 * (T321234) Make MagicWordArray not fail on old revs with broken UTF-8.
2166 * thumb: Fix "PHP Deprecated: strlen(): Passing null to parameter".
2167 * (T327007) htmlform: Correct validation for file input field.
2169 == MediaWiki 1.40.1 ==
2171 This is a security and maintenance release of the MediaWiki 1.40 branch.
2173 === Changes since MediaWiki 1.40.0 ===
2174 * Localisation updates.
2175 * (T333050, CVE-2023-45363) SECURITY: Fix infinite loop for self-redirects
2176 with variants conversion.
2177 * docs: Fix a few typos in MainConfigSchema.
2178 * (T290464) Add DiscussionTools bundling to release notes.
2179 * (T309714) mime: Add support for 'font/sfnt' mime type.
2180 * (T341434) WikiImporter: Improve error message output.
2181 * (T341737) ApiBase: Cast $id to string in filterIDs.
2182 * (T286291, T296188) Merge zh and zh-tw namespace translations back to zh-hans,
2183 zh-hant, zh-hk respectively.
2184 * (T337875) WRStats: Round up SequenceSpec::hardExpiry to the nearest integer.
2185 * (T237898) installer: Check MariaDB version in updater/installer.
2186 * (T342632) ApiComparePages: Add help url.
2187 * (T326182, T324903) EditPage: Add #[AllowDynamicProperties].
2188 * (T342351) rdbms: Fix postgres db function call.
2189 * (T343675) user: Use {@} to escape annotation when writting about annotation.
2190 * (T343797) LanguageWa: Fix double timezone adjustment.
2191 * (T343669) skins: Avoid function call on array.
2192 * (T326454) Update pear/mail to 1.5.1.
2193 * (T343622) docs: Set the <comment> tag back to optional.
2194 * (T330528) Upgrade wikimedia/html-formatter from 3.0.1 to 4.0.3.
2195 * Updated jQuery from v3.6.1 to v3.7.1.
2196 * (T337463) wdio-mediawiki: await saveScreenshot.
2197 * (T208477) $wgPrivilegedGroups – Users belonging in some of the listed groups
2198 will be audited more aggressively.
2199 * doc: Improve description of "type" in extension.schema.v2.json.
2200 * Added PrivilegedGroups attribute for extension.json / skin.json, which lets
2201 you add any new user groups you define to wgPrivilegedGroups (see above).
2202 * (T288624) MultiHttpClient: Unset $this->cmh after closing it.
2203 * (T345039) Do not run SkinAfterBottomScripts hook twice unconditionally.
2204 * (T265734) API Help: Note that parameters may be inherited from other context.
2205 * (T285545) i18n: Split apihelp for standard dir parameter.
2206 * (T285545) i18n: Split apihelp for redirects/linkshere/transcludedin/fileusage
2208 * (T285545) i18n: Split apihelp for parameter list=deletedrevs&drprop=.
2209 * (T285545) i18n: Split apihelp for parameter list=allpages&apprexpiry=.
2210 * (T285545) i18n: Split apihelp for parameter action=opensearch&redirects=.
2211 * (T285545) i18n: Split apihelp for parameter action=managetags&operation=.
2212 * (T285545) api: Add message for list=watchlist&wlprop=expiry.
2213 * (T334011) ApiComparePages: expose 'difftype' param if wikidiff2 is installed.
2214 * (T342633) api: Add message for action=compare&prop=timestamp.
2215 * API: revids=… does not necessarily return the queried revisions.
2216 * (T235207) Get correct main page in API call examples.
2217 * doc: Make extension.schema.v2.json a valid JSON schema.
2218 * (T326696) Add since tag to UserOptionsManager::MAX_BYTES_OPTION_VALUE.
2219 * (T310378) Ensure that installer i18n is loaded by update.php.
2220 * updateSpecialPages.php: Avoid implicit float conversion on modulo.
2221 * (T347227) ImportReporter: Make callback functions public.
2222 * (T346898) importDump: Unconditionally call $importer->setUsernamePrefix().
2223 * (T204470) Remove feedback messages from RawHtmlMessages.
2224 * (T127268) MainConfigSchema: Update doc for "ResourceLoader: Default File
2225 modules to mobile and desktop targets".
2226 * (T264765, CVE-2023-45364) SECURITY: Article: Check permissions before
2227 showing link to view deleted revision.
2228 * doc: Improve description of type in extension.schema.v1.json.
2229 * (T340217, CVE-2023-45359) SECURITY: Vector 2022: Numerous unescaped messages
2230 leading to potential XSS.
2231 * (T340220, CVE-2023-45361) SECURITY: Vector 2022: vector-intro-page message
2232 is assumed to yield a valid title.
2233 * (T340221, CVE-2023-45360) SECURITY: XSS via 'youhavenewmessagesmanyusers'
2234 and 'youhavenewmessages' messages.
2235 * (T341529, CVE-2023-45362) SECURITY: diff-multi-sameuser ("X intermediate
2236 revisions by the same user not shown") ignores username suppression.
2237 * (T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted
2238 XML file to Special:Upload (non standard configuration).
2240 == MediaWiki 1.40.0 ==
2242 === Changes since MediaWiki 1.40.0-rc.0 ===
2243 * Localisation updates.
2244 * (T330464) Work around argument corruption bug in XMLReader::open.
2245 * build: Updating mediawiki/mediawiki-phan-config to 0.12.1.
2246 * Fix frame and frameless rdfa depending on file existing.
2247 * (T329214) Pass whether current rev of file exists to
2248 Linker::makeBrokenImageLinkObj.
2249 * (T334659) Handle thumb errors when !$enableLegacyMediaDOM.
2250 * A manualthumb that doesn't exist should be considered a thumb error.
2251 * (T313157) IndexPager: Also protect against $offset being 0.
2252 * (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.
2254 == MediaWiki 1.40.0-rc.0 ==
2256 == Upgrading notes for 1.40 ==
2257 Don't forget to always back up your database before upgrading!
2259 See the file UPGRADE for more detailed per-version upgrade instructions from the
2260 oldest supported upgrading version, MediaWiki 1.35.
2262 Some specific notes for MediaWiki 1.40 upgrades are below:
2263 * Maintenance scripts should now be executed using maintenance/run.php, e.g.
2264 maintenance/run.php update not maintenance/update.php as before.
2265 * Five extensions have now been bundled with MediaWiki:
2266 * The DiscussionTools extension, which provides a forum-like editing
2267 experience for wikitext-based discussion pages.
2268 * The Echo extension, which provides a system of user notifications.
2269 * The Linter extension, which warns about use of deprecated wikitext.
2270 * The LoginNotify extension, which warns users about failed attempted logins.
2271 * The Thanks extension, which lets users thank editors for edits.
2272 * The Renameuser extension has been moved to MediaWiki core. It is now possible
2273 to rename users without installing an extension. The extension had already
2274 been bundled with MediaWiki since 1.18.
2276 For notes on 1.39.x and older releases, see HISTORY.
2278 === Configuration changes for system administrators in 1.40 ===
2279 * When computing PBKDF2 password hashes, MediaWiki now detects and uses OpenSSL
2280 support if available, unless $wgPasswordConfig['pbkdf2']['class'] is set in
2281 LocalSettings.php. OpenSSL is more efficient, so if that setting is present,
2282 you should remove it (or set it to 'Pbkdf2PasswordUsingOpenSSL' if possible).
2283 If users get an internal error when trying to log in, you can try setting it
2284 to 'Pbkdf2PasswordUsingHashExtension'. In particular, this would be necessary
2285 if existing PBKDF2 password hashes were computed using a hash algorithm other
2286 than "sha512" or "sha256" (the current and prior defaults).
2287 * You should configure your webserver to return the http header
2288 'X-Content-Type-Options: nosniff' for the /images directory. This will
2289 instruct browsers to not apply content sniffing when accessing the files.
2290 MediaWiki before 1.40 shipped with a content sniffer which disallowed
2291 potentially dangerous files at upload time, but this protection has now been
2292 removed in favor of this 'X-Content-Type-Options: nosniff' header and the
2293 installer will return a warning when it is not in place.
2294 * Support for MW_USE_LEGACY_DEFAULT_SETTINGS has been removed, setting this
2295 constant will not have any effect. Use of MW_USE_LEGACY_DEFAULT_SETTINGS
2296 had been deprecated since 1.39.
2298 ==== New configuration ====
2299 * $wgThumbnailNamespaces - This setting lets you define the namespaces for which
2300 image thumbnails (or a placeholder in the absence of a thumbnail) will be
2301 displayed on Special:Search.
2302 * $wgResourceLoaderClientPreferences – This experimental flag lets you enable
2303 client-side preferences for logged-out users.
2304 * $wgExternalLinksSchemaMigrationStage – This temporary flag lets you control
2305 the migration stage for the new schema for the external links database table.
2306 Ignore it unless you have a large wiki farm with complex migration needs.
2307 * $wgCommentTempTableSchemaMigrationStage – This temporary flag lets you control
2308 the migration stage for the temporary comment database table, from revision.
2309 Ignore it unless you have a large wiki farm with complex migration needs.
2310 * $wgSpecialContributeSkinsEnabled – This setting lets you list skins on which
2311 Special:Contribute is available, for where others don't work for the feature.
2312 * $wgPrivilegedGroups – Users belonging in some of the listed groups will be
2313 audited more aggressively.
2315 ==== Changed configuration ====
2316 * $wgPasswordPolicies – This setting, which controls what makes for a valid
2317 password for wiki accounts, has been adjusted to raise the minimal password
2318 length from 1 to 8 characters. The initial limit of 1 has been in place since
2319 MediaWiki 1.26. If you wish to allow shorter passwords, you can over-ride it
2320 in your LocalSettings following the guidance on MediaWiki.org.
2321 * (T254045) New accounts can no longer use an equals sign (=) in their
2322 usernames because of issues it causes in wikitext syntax. This can be
2323 adjusted by changing the value of $wgInvalidUsernameCharacters.
2324 * (T314318) $wgParserEnableLegacyMediaDOM – This setting has been changed, so
2325 the alternative modern HTML structure for media is now the default. You can
2326 disable it for now by over-riding this back to `true` in LocalSettings, but
2327 this configuration will be removed in future versions of MediaWiki. For more
2328 details, see the documentation at:
2329 https://www.mediawiki.org/wiki/Parsoid/Parser_Unification/Media_structure/FAQ
2330 * $wgWatchlistExpiryMaxDuration – This setting, which controls the maximum
2331 allowed duration for users to set their temporary watchlist entries for expiry
2332 if that feature is enabled, has been increased from 6 months to 1 year.
2334 ==== Removed configuration ====
2335 * $wgShellboxUrl – This setting, deprecated in 1.37, has now been removed; use
2336 $wgShellboxUrls instead.
2337 * $wgMainWANCache and $wgWANObjectCaches – These never-used settings have been
2338 removed. To inject WANObjectCache parameters, use $wgWANObjectCache instead.
2339 These variables were introduced for multi-DC wiki farms to add a separate
2340 memcached proxy for cross-DC relaying of purges but never used because
2341 WANObjectCache works based on route prefixes, which can be transparently
2342 handled by the main memcached proxy.
2343 * $wgParserTestFiles – This setting, deprecated in 1.30, has now been removed;
2344 extensions can place their parser test files in `tests/parser` instead.
2345 * (T231412) $wgAutoloadAttemptLowercase – This setting, deprecated in 1.35, no
2346 longer has any effect. If you run into difficulties, fix the names of miscased
2348 * (T309787) $wgVerifyMimeTypeIE – This setting, to provide extra security checks
2349 for very old versions of Internet Explorer clients, was removed. These user
2350 agents aren't used in practice, and haven't been served JavaScript content for
2353 === New user-facing features in 1.40 ===
2354 * Special:Search can now show thumbnails for results for titles outside NS_FILE.
2355 This is controlled via the new onSearchResultProvideThumbnail hook.
2356 * A new preference ('search-thumbnail-extra-namespaces') to allow users to
2357 control whether to show more thumbnails (per $wgThumbnailNamespaces)
2358 * (T324910) On pages using multi-content revisions, the raw content of a
2359 specific slot can be retrieved using the action=raw&slot=<role-name> query
2361 * (T313804) The preferences page now provides a search bar to find preferences,
2362 regardless of the tab on which they appear.
2364 === New developer features in 1.40 ===
2365 * The MediaWiki-Docker development environment is now configured to
2366 run on PHP 8.1 by default, up from PHP 7.4 now that that's EOL.
2367 * Vue development mode is enabled by default in DevelopmentSettings.php
2368 * (T277618) The @noVarDump annotation from the DebugInfoTrait tool can now be
2369 added to references to stop them from being expanded when their object is
2370 passed to var_dump(), to make its use for debugging more feasible.
2371 * The ApiSandbox will now by default request responses in the latest API format,
2372 rather than the original format. Users can set `formatversion` to a different
2374 * A new hook, GetBlockErrorMessageKeyHook, allows extensions' block error
2375 messages to be received and displayed by BlockErrorFormatter.
2376 * A new hook, SpecialCreateAccountBenefits, lets extensions and local code set
2377 custom content on the signup page about the benefits of using an account.
2378 * (T321412) A new 'PageUndeleteComplete' hook has been added for more thorough
2379 information about a page post restoration than the 'PageUndelete' hook passes.
2380 This provides similar functionality to the 'PageDeleteComplete' hook.
2381 * The Linker::specialLink() method can now link to a Special page's with a sub-
2382 page or action parameter set, e.g. [[Special:Contributions/JohnDoe]].
2383 * The PHPUnit entrypoints (tests/phpunit/phpunit.php and vendor/bin/phpunit)
2384 now check if composer dependencies are up-to-date, like update.php, using
2385 CheckComposerLockUpToDate. To disable this check, use
2386 MW_SKIP_EXTERNAL_DEPENDENCIES=1 environment flag when running PHPUnit.
2387 * ManualLogEntry::setForceBotFlag() has been added to allow the forcing of the
2388 bot flag for log entries which are inserted to the recent changes.
2390 === External library changes in 1.40 ===
2392 ==== New external libraries ====
2393 * Added codex-design-tokens at v0.6.2.
2394 * Added symfony/polyfill-php81 at v1.28.0.
2395 * Added symfony/polyfill-php82 at v1.28.0.
2396 * Added symfony/polyfill-php83 at v1.28.0.
2397 * Added wikimedia/bcp-47-code at v1.0.0.
2399 ===== New development-only external libraries =====
2400 * Added wikimedia/langconv at v0.4.2.
2402 ==== Changed external libraries ====
2403 * Updated OOUI from v0.44.3 to v0.46.3.
2404 * Updated codex, codex-search, and codex-icons from v0.2.2 to v0.6.2.
2405 * Updated cssjanus/cssjanus from 2.1.0 to 2.1.1.
2406 * Updated guzzlehttp/guzzle 7.4.5 to 7.5.0.
2407 * Updated justinrainbow/json-schema from 5.2.11 to 5.2.12.
2408 * Updated pear/mail from 1.4.1 to 1.5.1.
2409 * Updated pear/net_smtp from 0.10.0 to 0.10.1.
2410 * Updated psr/container from 1.1.1 to 1.1.2.
2411 * Updated symfony/polyfill-php80 from 1.26.0 to 1.28.0.
2412 * Updated symfony/yaml from 5.4.10 to 5.4.23.
2413 * Updated wikimedia/html-formatter from 3.0.1 to 4.0.3.
2414 * Updated wikimedia/less.php from 3.1.0 to 4.0.0.
2415 * Updated wikimedia/object-factory from 4.0.0 to 5.0.1.
2416 * Updated wikimedia/parsoid from 0.16.0 to 0.17.0.
2417 * Updated wikimedia/remex-html from 3.0.2 to 3.0.3.
2418 * Updated wikimedia/shellbox from 3.0.0 to 4.0.0.
2419 * Updated wikimedia/timestamp from 4.0.0 to 4.1.1.
2420 * Updated wikimedia/xmp-reader from 0.8.4 to 0.9.1.
2422 ===== Changed development-only external libraries =====
2423 * Updated QUnit from 2.18.2 to 2.19.4.
2424 * Updated api-testing from 1.5.0 to 1.5.1.
2425 * Updated composer/spdx-licenses from 1.5.6 to 1.5.7.
2426 * Updated eslint-config-wikimedia from 0.22.1 to 0.24.0.
2427 * Updated giorgiosironi/eris from ^0.10.0 to ^0.13.0.
2428 * Updated grunt from 1.5.2 to 1.6.1.
2429 * Updated grunt-banana-checker from 0.9.0 to 0.10.0.
2430 * Updated grunt-eslint from 24.0.0 to 24.0.1.
2431 * Updated karma from 6.3.15 to 6.4.1.
2432 * Updated mediawiki/mediawiki-codesniffer from 38.0.0 to 41.0.0.
2433 * Updated mediawiki/mediawiki-phan-config from 0.11.1 to 0.12.1.
2434 * Updated php-parallel-lint/php-console-highlighter from 0.5 to 1.0.0.
2435 * Updated php-parallel-lint/php-parallel-lint from 1.3.1 to 1.3.2.
2436 * Updated phpunit/phpunit from 8.5.28 to 9.5.28.
2437 * Updated stylelint-config-wikimedia from 0.13.0 to 0.13.1.
2438 * Updated wikimedia/alea from 0.9.3 to 1.0.0.
2440 ==== Removed external libraries ====
2441 * jquery.throttle-debounce, deprecated since MediaWiki 1.33.
2442 * WVUI, deprecated since MediaWiki 1.39.
2444 === Action API changes in 1.40 ===
2445 * New `cancreateaccount` parameter on action=query&meta=userinfo that allows
2446 you to check if the user can create an account. Some of the errors that have
2447 previously been returned by action=query&list=users&usprop=cancreate are now
2450 === Languages updated in 1.40 ===
2451 MediaWiki supports over 400 languages. Many localisations are updated regularly.
2452 Below only new and removed languages are listed, as well as changes to languages
2453 because of Phabricator reports.
2455 * (T300378) Added language support for Toki Pona (tok).
2456 * (T320465) Added language support for Magahi (mag).
2457 * (T320912) Added language support for Arakanese (rki).
2458 * (T323971) Added language support for Khakas (kjh).
2459 * (T326526) Added language support for Igala (igl).
2460 * (T329476) Added language support for Kusaal (kus).
2461 * (T330266) Added language support for Southern Dagaare (dga).
2462 * (T331596) Added language support for Obolo (ann).
2463 * (T331597) Added language support for Nogai (nog).
2464 * (T331599) Added language support for Wolaytta (wal).
2465 * (T295637) Add no to fallback chain of nb and nn.
2467 === Breaking changes in 1.40 ===
2468 * OutputPage::enableClientCache no longer accepts a parameter, nor does it
2469 return the current value. It simply sets the OutputPage::mEnableClientCache
2470 to true. Use OutputPage::disableClientCache to disable client side caching
2472 * ResourceLoader::makeMessageSetScript, unused since 1.26, has been removed
2473 without deprecation.
2475 - The internal protected method Skin::getFooterLinks() was removed.
2476 It had no known usages. Different from SkinTemplate::getFooterLinks.
2477 - The internal public method Skin::getSiteFooterLinks() was removed.
2478 It had no known usages.
2479 * The 'oojs-router' module has been removed without deprecation in favour
2480 of the 'mediawiki.router' wrapper module.
2481 * BagOStuff::makeKeyInternal(), deprecated for public use in 1.36, is now a
2482 protected method of MediumSpecificBagOStuff.
2483 * WANObjectCache::reap() and WANObjectCache::reapCheckKey(), deprecated since
2484 1.39, have been removed.
2485 * The EnqueueJob class, unused since 1.31, has been removed without
2487 * JobQueueGroup::singleton() and ::destroySingletons(), deprecated since 1.37,
2489 * JobRunner no longer supports manually calling the constructor,
2490 use MediaWikiServices::getInstance()->getJobRunner() instead.
2491 * JobRunner::setLogger, deprecated since 1.35, has been removed.
2492 * ContextSource::getStats, deprecated since 1.27, has been removed.
2493 * The following public properties of Parser, deprecated in 1.35,
2494 have been made private: Parser::$mLinkId, Parser::$mIncludeSizes,
2495 Parser::$mDoubleUnderscore, Parser::$mShowToc, Parser::$mRevisionId,
2496 Parser::$mRevisionTimestamp, Parser::$mRevisionUser, Parser::$mRevisionSize,
2497 Parser::$mInputSize, Parser::$mInParse, Parser::$mFirstCall,
2498 Parser::$mGeneratedPPNodeCount
2499 * The MWGrants class, deprecated since 1.38, has been removed.
2500 * PageProps::getInstance(), deprecated since 1.38, has been removed.
2501 * Global functions wfReadOnly and wfReadOnlyReason, deprecated since 1.38, have
2503 * Global function wfQueriesMustScale, deprecated since 1.39, has been removed.
2504 * Global function wfLogProfilingData, deprecated since 1.38, has been removed.
2505 * The HTMLCacheUpdate class, deprecated since 1.34, has been removed.
2506 * Linker::normaliseSpecialPage(), deprecated since 1.35, has been removed.
2507 * MWTimestamp::getHumanTimestamp(), deprecated since 1.26, has been removed.
2508 * Collation::singleton() and ::factory(), deprecated since 1.37, have been
2510 * SpecialVersion::listToText() and SpecialVersion::arrayToString()
2511 have become private or internal without deprecation.
2512 * The 'ParserTestFiles' key in the schema for extension.json has been removed.
2513 This was deprecated in 1.30 and the corresponding $wgParserTestFiles
2514 configuration variable has also been removed in this release. Extensions
2515 can put parser test files in their `tests/parser` directory to have them
2517 * DBLockManager, MySqlLockManager, and PostgreSqlLockManager have been
2518 removed without deprecation.
2519 * MediaWikiTestCaseTrait::checkPHPExtension() has been removed without
2520 deprecation. Use PHPUnit @requires annotations instead.
2521 * EditPage::getCopywarn(), deprecated since 1.38, has been removed.
2522 * EditPage::getCopyrightWarning() now requires a MessageLocalizer parameter.
2523 Use of other parameter types or omitting it was deprecated since 1.38.
2524 * Action constructor now requires Article and IContextSource parameters.
2525 Use of other parameter types or omitting them was deprecated since 1.35.
2526 * Article::viewRedirect(), deprecated since 1.30, has been removed.
2527 * Title::getNotificationTimestamp(), deprecated since 1.35, has been removed.
2528 * WikiRevision::$fileIsTemp property, deprecated since 1.29, has been removed.
2529 * Use of CommentStore::insertWithTempTable() with 'img_description' is no
2530 longer supported, it was deprecated since 1.32. Use CommentStore::insert()
2532 * Return values in the parameter $pageLang of the PageContentLanguage hook with
2533 other types than a Language object, deprecated since 1.33 & emitting warnings
2534 since 1.38, now throws an exception.
2535 * FormatMetadata::flattenArrayContentLang(), deprecated since 1.36, has been
2537 * WikiRevision::downloadSource() and ::importUpload(), deprecated since 1.31,
2539 * DataUpdate::runUpdates(), deprecated since 1.28, has been removed.
2540 * CdnCacheUpdate::newFromTitles(), deprecated since 1.35, has been removed.
2541 * HtmlFileCacheUpdate::newFromTitles(), deprecated since 1.37, has been
2543 * BaseTemplate::renderAfterPortlet() and ::getAfterPortlet(), has been removed.
2544 Use the corresponding methods in Skin class.
2545 * DifferenceEngine::textDiff(), deprecated since 1.32, has been removed.
2546 * Skin::getSearchPageTitle() and Skin::setSearchPageTitle(), deprecated since
2547 1.38, have been removed.
2548 * DifferenceEngine::getDiffBodyCacheKey(), deprecated since 1.31, has been
2550 * ForeignDBViaLBRepo::getMasterDB(), LocalRepo::getMasterDB(), and
2551 JobQueueDB::getMasterDB(), deprecated since 1.37, have been removed.
2552 * Clarified that the InitializeArticleMaybeRedirect hook should not change
2553 its $article parameter; the behavior when doing so was previously
2555 * IDatabase::ping()'s $rtt parameter was removed without deprecation.
2556 * IDatabase::setBigSelects(), unused, was removed without deprecation.
2557 * IDatabase::attributesFromType(), unused, was removed without deprecation.
2558 * IMaintainableDatabase::deadlockLoop() was removed without deprecation.
2559 * DatabasePostgres::remappedTableName(), deprecated since 1.37, has been
2561 * ILBFactory::getChronologyProtectorClientId and ::commitAll, unused, were
2562 removed without deprecation.
2563 * LoadBalancer::haveIndex() and ::isNonZeroLoad(), deprecated in 1.34,
2565 * LoadBalancer::getLazyConnectionRef(), deprecated in 1.38, has been removed.
2566 * ILBFactory::forEachLB(), deprecated in 1.39, has been removed.
2567 * LoadBalancer::getTransactionRoundStage and ::commitAll, unused, were
2568 removed without deprecation.
2569 * ILoadBalancer::getLaggedReplicaMode, unused, was removed without
2570 deprecation. Use ILBFactory::laggedReplicaUsed() instead.
2571 * Optional parameters of ILoadBalancer::waitForPrimaryPos(), $pos and $timeout
2572 have been removed without deprecation as they are unused.
2573 * LoadMonitorMysql was removed without deprecation. Use LoadMonitor instead.
2574 * IDatabase::selectDB(), deprecated since 1.32, has been removed.
2575 Use IDatabase::selectDomain() instead.
2576 * The following deprecated hooks have been removed:
2577 - BaseTemplateAfterPortlet, deprecated in 1.35
2578 - BeforeParserFetchTemplateAndtitle, deprecated in 1.36
2579 - BeforeParserrenderImageGallery, deprecated in 1.35
2580 - InternalParseBeforeSanitize, deprecated in 1.35
2581 - LinksUpdateConstructed, deprecated in 1.38
2582 - LinksUpdateAfterInsert, deprecated in 1.38
2583 - ParserSectionCreate, deprecated in 1.35
2584 - ResourceLoaderTestModules, deprecated in 1.33
2585 - SpecialMuteSubmit, deprecated in 1.35
2586 - UserLoadFromDatabase, deprecated in 1.37
2587 - UserSetCookies, deprecated in 1.27
2588 * RemexDriver::__construct() now only accepts a ServiceOptions instance as
2589 the only argument. Passing an array was deprecated since 1.36.
2590 * TidyDriverBase::supportsValidate(), deprecated since 1.36, has been removed.
2591 * RevDelList::reloadFromMaster(), deprecated since 1.37, has been removed.
2592 * ExternalStoreDB::getMaster(), deprecated since 1.37, has been removed.
2593 * DeletePage::deletionWasScheduled(), deprecated since 1.38, has been removed.
2594 * The SearchResultProvideThumbnailHook (which was unstable) and now no longer
2595 used, has been removed. Use SearchResultProvideThumbnailHook in the search
2596 namespace: MediaWiki\Search\Hook\SearchResultProvideThumbnailHook.
2597 * Command::cgroup(), deprecated since 1.36, has been removed.
2598 * When running tests, the serialize_precision INI setting is now set to -1
2599 (current PHP default) instead of 17. Extension tests may need to be adjusted
2600 accordingly; string representations of floating-point numbers in serialized
2601 or JSON-encoded data may change.
2602 * WikiRevision::$sha1base36 is now private.
2603 * IcuCollation::getUnicodeVersionForICU() was removed without deprecation.
2604 * LinkFilter::supportsIDN() was removed without deprecation.
2605 * The ability to pass null for the errorData parameter of HttpException and
2606 LocalizedHttpException was removed without deprecation.
2607 * ApiQueryExtLinksUsage::getProtocolPrefix() and ::prepareProtocols() have
2608 been moved to LinkFilter with the same name.
2609 * .box-sizing() Less mixin, deprecated since 1.37, has been removed.
2610 Use CSS box-sizing now.
2611 * MimeAnalyzer::getIEMimeTypes() and IEContentAnalyzer were removed.
2612 * Language::commafy and mw.language.commafy, deprecated since 1.36, has been
2614 * BagOStuff::decr(), deprecated since 1.28, has been removed.
2615 * BagOStuff::incr(), deprecated since 1.28, has been removed.
2617 === Deprecations in 1.40 ===
2619 - The public Skin::footerLink is deprecated.
2620 Use SkinComponentMenuLink::getTemplateData instead.
2621 It now emits deprecation warnings.
2622 - The protected Skin::lastModified is deprecated, and marked for @internal use
2623 and now emits deprecation warnings.
2624 * Manipulating $wgHooks after initialization is deprecated.
2625 HookContainer::register() or HookContainer::scopedRegister() should be
2626 used instead. During initialization, SettingsBuilder::registerHookHandlers
2627 can be used. For backwards compatibility, $wgHooks is replaced by a fake
2628 array that calls methods on HookContainer. $wgHooks can still be used as a
2629 configuration variable, only dynamic manipulation is deprecated.
2630 * ParserOptions::{get,set}ExternalLinkTarget() and
2631 ParserOptions::{get,set}MaxTemplateDepth() have been deprecated and marked
2632 for @internal use only.
2633 * ParserOutput::getCategories() has been deprecated; use ::getCategoryNames()
2634 and ::getCategorySortKey() instead.
2635 * ParserOutput::{get,set}TOCHTML() has been deprecated; use
2636 ::{get,set}TOCData() instead.
2637 * TransactionProfiler::setSilenced() is deprecated.
2638 Use TransactionProfiler::silenceForScope() instead.
2639 * The following methods in the Title class, deprecated since 1.37, emits
2640 deprecations warnings:
2641 - ::areCascadeProtectionSourcesLoaded()
2642 - ::areRestrictionsCascading()
2643 - ::areRestrictionsLoaded()
2644 - ::getAllRestrictions()
2645 - ::getCascadeProtectionSources()
2646 - ::getFilteredRestrictionTypes()
2647 - ::getRestrictionExpiry()
2648 - ::getRestrictionTypes()
2649 - ::getRestrictions()
2650 - ::isCascadeProtected()
2652 - ::isSemiProtected()
2653 - ::loadRestrictionsFromRows()
2654 * The class Pbkdf2Password was renamed to Pbkdf2PasswordUsingHashExtension,
2655 and the old name is now deprecated.
2656 * WikiPage::factory(), ::newFromID() and ::newFromRow, deprecated in 1.36, now
2657 emit deprecation warnings.
2658 * Manually constructing a LinkBatch object, deprecated in 1.35, now emits
2659 deprecation warnings. Use LinkBatchFactory instead.
2660 * Calling MediaWikiSite::getFileUrl() without a $path argument is deprecated.
2661 If you need the "generic" full file path, with $1 not replaced by anything,
2662 call $site->getPath( MediaWikiSite::PATH_FILE ) directly.
2663 * In SessionConsistentConnectionManager, the methods
2664 getReadConnectionRef() and getWriteConnectionRef() are deprecated;
2665 the ConnectionManager methods they override had been deprecated already.
2666 * Database::wasErrorReissuable() is deprecated.
2667 * MimeAnalyzer::isPHPImageType was not used and will now emit deprecation
2669 * GenericArrayObject, originally developed for Wikibase and SiteList, has been
2670 deprecated. Use built-in ArrayObject directly instead.
2671 * Parser::getFunctionLang() has been deprecated; use
2672 Parser::getTargetLanguage() instead.
2673 * MagicWordArray::getVariableRegex(), deprecated in 1.36, now emits deprecation
2675 * AbstractBlock::getId() now emits deprecation warnings in case of cross-wiki
2676 access. This use was deprecated in 1.38.
2677 * CommentStore::getStore, deprecated in 1.31, now emits deprecation warnings.
2678 * BacklinkCache::get(), ::getLinks() and ::getCascadeProtectedLinks(),
2679 deprecated in 1.37, now emit deprecation warnings.
2680 * LanguageConverterFactory::isTitleConversionDisabled(), deprecated in 1.36,
2681 now emits deprecation warnings.
2682 * Language::getFileName(), ::getMessagesFileName() and
2683 ::getJsonMessagesFileName(), deprecated in 1.34,
2684 now emit deprecation warnings.
2685 * Language::getLocalisationCache(), deprecated in 1.34, also
2686 Language::getMessagesFor(), ::getMessageFor() and ::getMessageKeysFor(),
2687 deprecated in 1.35, now emit deprecation warnings.
2688 * User::incEditCount(), deprecated in 1.37, now emits deprecation warnings.
2689 * User::idFromName(), deprecated in 1.37, now emits deprecation warnings.
2690 * The ability to override and use User::$mRights, deprecated in 1.34, now emits
2691 deprecation warnings.
2692 * IndexPager::getHookContainer is deprecated and emits deprecation warnings.
2693 Inject a HookContainer instead.
2694 * User::getGroupPermissions(), ::getGroupsWithPermission() and
2695 ::groupHasPermission(), deprecated in 1.34, now emit deprecation warnings.
2696 * PermissionManager::getGroupPermissions(), ::getGroupsWithPermission() and
2697 ::groupHasPermission(), deprecated in 1.36, now emit deprecation warnings.
2698 * Global function wfShowingResults is deprecated and emits deprecation warnings.
2699 * UserGroupMembership::getGroupMemberName is deprecated, the deprecation of
2700 UserGroupMembership::getGroupName in 1.38 missed a release note.
2701 Use Language::getGroupMemberName or ::getGroupName instead.
2702 * AbstractBlock::getPermissionsError(), deprecated in 1.35, now emits
2703 deprecation warnings.
2704 * SearchEngine::getNearMatcher() and ::getDefaultMatcher() have been deprecated
2705 in favor of MediaWikiServices::getInstance()->getTitleMatcher().
2706 * SearchNearMatcher class has been deprecated in 1.40 in favor of TitleMatcher.
2707 * The following functions are deprecated: User::isBlockedGlobally and
2708 User::getGlobalBlock. Use User::getBlock instead.
2709 * The UserIsBlockedGlobally hook is deprecated.
2710 Use GetUserBlock hook instead.
2711 * The SystemBlock type global-block is deprecated.
2712 GlobalBlocks are now added into CompositeBlocks via the GetUserBlock hook.
2713 * Language::isWellFormedLanguageTag(), deprecated in 1.39, now emits deprecation
2714 notices. Please use LanguageCode::isWellFormedLanguageTag() instead.
2715 * Language::fetchLanguageNames() and ::fetchLanguageName(), deprecated in 1.34,
2716 now emit deprecation warnings.
2717 * Language::getFallbackFor(), ::getFallbacksIncludingSiteLanguage() and
2718 ::getFallbacksFor(), deprecated in 1.35, now emit deprecation warnings.
2719 * Language::isSupportedLanguage(), ::isValidCode(), ::isValidBuiltInCode() and
2720 ::isKnownLanguageTag(), deprecated in 1.34, now emit deprecation warnings.
2721 * Language::getConverter(), ::autoConvert(), ::autoConvertToAllVariants(),
2722 ::convert(), ::convertNamespace(), ::convertHtml(), ::convertCategoryKey(),
2723 ::getVariants(), ::hasVariants(), ::hasVariant(), ::getDefaultVariant(),
2724 ::getURLVariant(), ::getExtraHashOptions(), ::getConvRuleTitle(),
2725 deprecated in 1.35, now emit deprecation warnings.
2726 * Language::factory() and ::getParentLanguage(), deprecated in 1.35, now emit
2727 deprecation warnings.
2728 * Executing maintenance scripts directly is deprecated. The maintenance/run.php
2729 entry point should be used instead.
2730 * MWHttpRequest::factory, deprecated in 1.34, now emits deprecation warnings.
2731 * Job::factory is deprecated, use JobFactory::newJob instead.
2732 * Http::request(), ::get(), ::post(), ::userAgent() and ::isValidURI(),
2733 deprecated in 1.34, now emit deprecation warnings.
2734 * Title.js's confusingly-named getName() and getNameText() methods, for using
2735 media files' pages, have been renamed to getFileNameWithoutExtension() and
2736 getFileNameTextWithoutExtension() respectively. The old names are deprecated.
2737 * Command::whitelistPaths() should now emit deprecation warnings. Make use of
2738 Command::allowPaths/disallowPaths() instead.
2739 * When manually creating an HTMLFormField (i.e. not via HTMLForm::factory),
2740 it is deprecated to not include the "parent" field as one of the parameters.
2741 * The MWException class is deprecated. Use native exceptions, either directly
2743 * SelectQueryBuilder::lockForUpdate() is deprecated. Use ::forUpdate() with
2744 ::fetchRowCount() or ::acquireRowLocks() instead.
2745 * ArticleUndelete hook is deprecated. Use PageUndeleteComplete hook instead.
2746 * The global function wfReportTime() is now deprecated.
2747 * PrevNextNavigationRenderer, deprecated in 1.39, now emits deprecation
2749 * PagerNavigationBuilder::setMakeLinkCallback(), deprecated in 1.39, now emits
2750 deprecation warnings.
2751 * IndexPager::getPagingLinks(), IndexPager::getLimitLinks() and
2752 IndexPager::buildPrevNextNavigation(), deprecated in 1.39, now emit
2753 deprecation warnings.
2754 * Overriding the method IndexPager::makeLink(), deprecated in 1.39, now emits
2755 deprecation warnings.
2756 * The following class names were namespaced (and, for the special pages,
2757 also renamed), and the old class names are now deprecated:
2758 - MostimagesPage -> MediaWiki\Specials\SpecialMostImages
2759 - MovePageForm -> MediaWiki\Specials\SpecialMovePage
2760 - UserrightsPage -> MediaWiki\Specials\SpecialUserRights
2761 - WantedFilesPage -> MediaWiki\Specials\SpecialWantedFiles
2762 - WantedPagesPage -> MediaWiki\Specials\SpecialWantedPages
2763 - DerivativeRequest -> MediaWiki\Request\DerivativeRequest
2764 - FauxRequest -> MediaWiki\Request\FauxRequest
2765 - FauxRequestUpload -> MediaWiki\Request\FauxRequestUpload
2766 - PathRouter -> MediaWiki\Request\PathRouter
2767 - WebRequestUpload -> MediaWiki\Request\WebRequestUpload
2768 - HeaderCallback -> MediaWiki\Request\HeaderCallback
2769 - FauxResponse -> MediaWiki\Request\FauxResponse
2770 - WebResponse -> MediaWiki\Request\WebResponse
2771 - ForeignResourceManager ->
2772 MediaWiki\ResourceLoader\ForeignResourceManager
2773 - DummyLinker -> MediaWiki\Linker\DummyLinker
2774 - Linker -> MediaWiki\Linker\Linker
2775 - PageProps -> MediaWiki\Page\PageProps
2776 - MagicWord -> MediaWiki\Parser\MagicWord
2777 - MagicWordArray -> MediaWiki\Parser\MagicWordArray
2778 - MagicWordFactory -> MediaWiki\Parser\MagicWordFactory
2779 - RawMessage -> MediaWiki\Language\RawMessage
2780 - ActorMigration -> MediaWiki\User\ActorMigration
2781 - ActorMigrationBase -> MediaWiki\User\ActorMigrationBase
2782 - CategoriesRdf -> MediaWiki\Category\CategoriesRdf
2783 - Category -> MediaWiki\Category\Category
2784 - CategoryViewer -> MediaWiki\Category\CategoryViewer
2785 - TrackingCategories -> MediaWiki\Category\TrackingCategories
2786 - EditPage -> MediaWiki\EditPage\EditPage
2787 - TemplatesOnThisPageFormatter ->
2788 MediaWiki\EditPage\TemplatesOnThisPageFormatter
2789 - ContentSecurityPolicy -> MediaWiki\Request\ContentSecurityPolicy
2790 - FormOptions -> MediaWiki\Html\FormOptions
2791 - Html -> MediaWiki\Html\Html
2792 - HtmlHelper -> MediaWiki\Html\HtmlHelper
2793 - TemplateParser -> MediaWiki\Html\TemplateParser
2794 - FormOptions -> MediaWiki\Html\FormOptions
2795 - WikiMap -> MediaWiki\WikiMap\WikiMap
2796 - WikiReference -> MediaWiki\WikiMap\WikiReference
2797 - MediaWiki\BadFileLookup -> MediaWiki\Page\File\BadFileLookup
2798 - FileDeleteForm -> MediaWiki\Page\File\FileDeleteForm
2799 - MergeHistory -> MediaWiki\Page\MergeHistory
2800 - MovePage -> MediaWiki\Page\MovePage
2801 - ProtectionForm -> MediaWiki\Page\ProtectionForm
2802 - LinkFilter -> MediaWiki\ExternalLinks\LinkFilter
2803 - TitleArray -> MediaWiki\Title\TitleArray
2804 - TitleArrayFromResult -> MediaWiki\Title\TitleArrayFromResult
2805 - TitleFactory -> MediaWiki\Title\TitleFactory
2806 - Title -> MediaWiki\Title\Title
2807 - ForkController -> MediaWiki\Maintenance\ForkController
2808 - OrderedStreamingForkController ->
2809 MediaWiki\Maintenance\OrderedStreamingForkController
2810 - AtomFeed -> MediaWiki\Feed\AtomFeed
2811 - ChannelFeed -> MediaWiki\Feed\ChannelFeed
2812 - FeedItem -> MediaWiki\Feed\FeedItem
2813 - FeedUtils -> MediaWiki\Feed\FeedUtils
2814 - RSSFeed -> MediaWiki\Feed\RSSFeed
2815 - DeprecatedGlobal -> MediaWiki\StubObject\DeprecatedGlobal
2816 - StubGlobalUser -> MediaWiki\StubObject\StubGlobalUser
2817 - StubObject -> MediaWiki\StubObject\StubObject
2818 - StubUserLang -> MediaWiki\StubObject\StubUserLang
2819 * ContentHandler::getParserOutputForIndexing() and ::getDataForSearchIndex()
2820 now take an optional RevisionRecord parameter.
2821 * The SearchDataForIndex hook is deprecated in favor of SearchDataForIndex2
2822 * IDatabase::lastQuery and IReadableDatabase::lastQuery are deprecated without
2823 without replacement.
2825 === Other changes in 1.40 ===
2826 * Calling RecentChange::doMarkPatrolled() with $auto = true has no effect and
2827 logs a warning. Since 1.31, it would mark the change as manually patrolled,
2828 but would not log it as such in patrol log and would still require
2829 'autopatrol' right (not 'patrol'). Generally, whether a change should become
2830 autopatrolled, is usually determined before it's inserted in the database.
2831 * In versions of MediaWiki before 1.39, the table of contents location
2832 was marked internally with <mw:toc>...</mw:toc>; in version 1.39
2833 this was changed to an empty tag <mw:tocplace />. In 1.40 this has
2834 been changed a final time to use an empty <meta> tag for future
2835 Parsoid compatibility (see Parser::TOC_PLACEHOLDER). This may
2836 affect you if stale content is left in the ParserCache or if your
2837 skin did manual ToC replacement without using the recommended
2838 Parser::replaceTableOfContentsMarker() function.
2839 * Skins can now choose which Codex theme should be loaded by setting the
2840 SkinCodexThemes attribute in their skin.json file.
2841 * The parser test framework has been updated, and the 'pst', 'ill', 'cat'
2842 and 'showflags' options have slight differences in their output. These
2843 options are not much used outside core, but third parties may need to
2844 update parser tests.
2845 * (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter.
2849 MediaWiki 1.40 requires PHP 7.4.3 or later and the following PHP extensions:
2860 MariaDB is the recommended database software. MySQL, PostgreSQL, or SQLite can
2861 be used instead, but support for them is somewhat less mature.
2863 The supported versions are:
2865 * MariaDB 10.3 or higher
2866 * MySQL 5.7.0 or higher
2867 * PostgreSQL 10 or later
2868 * SQLite 3.8.0 or later
2870 == Online documentation ==
2871 Documentation for both end-users and site administrators is available on
2872 MediaWiki.org, and is covered under the GNU Free Documentation License (except
2873 for pages that explicitly state that their contents are in the public domain):
2875 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
2878 A mailing list is available for MediaWiki user support and discussion:
2880 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
2882 A low-traffic announcements-only list is also available:
2884 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
2886 It's highly recommended that you sign up for one of these lists if you're
2887 going to run a public MediaWiki, so you can be notified of security fixes.
2890 There's usually someone online in #mediawiki on irc.libera.chat.
2894 PHP 8.0 workboard: https://phabricator.wikimedia.org/tag/php_8.0_support/
2895 PHP 8.1 workboard: https://phabricator.wikimedia.org/tag/php_8.1_support/
2896 PHP 8.2 workboard: https://phabricator.wikimedia.org/tag/php_8.2_support/
2897 PHP 8.3 workboard: https://phabricator.wikimedia.org/tag/php_8.3_support/
2899 == MediaWiki 1.39.8 ==
2901 This is a maintenance release of the MediaWiki 1.39 branch.
2903 === Changes since 1.39.7 ===
2904 * Localisation updates.
2905 * tests: Skip failing tests on php8.2 (and make pass).
2906 * (T326480) ApiResult: Make array ordering consistent across PHP versions.
2907 * (T352789, T287972) build: Raise TestingAccessWrapper from 2.0.0 to 3.0.0.
2908 * (T326478) tests: Create new classes to hold dynamic properties in auth tests.
2909 * (T326478) tests: Avoid dynamic properties in AuthenticationProvider Test.
2910 * (T326466) Introduce and use DynamicPropertyTestHelper.
2911 * tests: Skip failing tests on php8.3 (and make pass).
2912 * (T352910) tests: Use TestingAccessWrapper::newFromClass in session tests.
2913 * (T326478) tests: Avoid dynamic properties in auth tests.
2914 * (T326479, T361985) StatusValue: Allow passing arbitrary data to augment
2916 * tests: Remove dead code from WikiPageDbTest::assertPreparedEditNotEquals.
2917 * (T326478) tests: Avoid dynamic properties in SessionManagerTest.
2918 * (T361990) Upgrading wikimedia/parsoid (v0.16.3 => v0.16.4).
2919 * (T357760) Use i18n strings for truncated subpage message in SpecialMovePage.
2920 * ArticleTest: Skip testGetOrSetOnNewProperty() if PHP >= 8.2.
2921 * (T361982) Update wikimedia/less.php from 3.1.0 to 3.2.1.
2922 * debug: Update PsySH 0.11.1 -> 0.12.3.
2923 * (T361991) Fix slash-delimited regex from CLI on maintenence/grep.php.
2924 * (T362078) Improve RestAPIAdditionalRouteFiles path expansion.
2925 * (T352695) tests: Only set $dbSetup if setupTestDB() ends without throwing.
2926 * (T302186) Add title cache for Title::newMainPage().
2927 * objectcache: Fix flaky WANObjectCacheTest::testLockTSESlow case.
2928 * (T362272) api: Replace null $httpCode by 0 in ApiBase::dieWithErrorOrDebug.
2929 * (T150647, T216682) Make EncryptedPassword work with Argon2Password.
2930 * (T327220) Special:ApiHelp: Move widths and floats in CSS to media query.
2931 * (T364270) Fix long param names overlapping docs in API help pages.
2932 * MaintenanceRunner.php: Add trailing newline to error message.
2933 * wrapOldPasswords: Improve progress output and decrease batch size.
2934 * (T361367) ApiFeedWatchlist: Fix handling of array parameters.
2935 * (T132418) ResourceLoader: Add 1min grace via stale-while-revalidate
2937 * (T366130) EncryptedPassword: Store default parameters as strings.
2938 * Name the PagerTools array entries to allow hooks to unset them.
2940 == MediaWiki 1.39.7 ==
2942 This is a security and maintenance release of the MediaWiki 1.39 branch.
2944 === Changes since 1.39.6 ===
2945 * Localisation updates.
2946 * (T334992) Headings in the license pickers should not be selected.
2947 * (T353929) ActiveUsersPager: Count actions only once.
2948 * composer: Use @php instead of php.
2949 * (T326065) Indent JsonContent using tabs.
2950 * (T354541) authmanager: Improve AuthenticationRequest docs.
2951 * (T355017) Add missing space in Special:RecentChangesLinked.
2952 * (T355003) composer.json Add ext-bcmath and ext-gmp to suggests.
2953 * PHPVersionCheck: Update text to match currently supported upstream PHP
2955 * (T354045) API: mark HTML output as non-cacheable.
2956 * (T355530) filerepo: Fix img_major_mime for files with a non-standard
2958 * (T355530) MimeAnalyzer: Add @since to isValidMajorMimeType.
2959 * (T317489, T319202) Mark some parserTests on talk pages Parsoid only on
2961 * (T350594) Update wikimedia/parsoid to 0.16.3.
2962 * (T352554) ZhConverter: Fix language variant fallback chain.
2963 * (T357668) Parser::getExternalLinkAttribs: Don't set rel attribute to null.
2964 * LockManagerGroupIntegrationTest: Remove test depending on DBLockManager.
2965 * (T357808) LinkRendererTest: Add missing import for LinkTarget.
2966 * (T353305) ApiResetPassword: Allow both user and email parameters to be passed
2968 * (T358949) updateCollation: Explicitly cast $scale to int.
2969 * (T359055) api: Improve linking of language codes lists in top level i18n
2971 * (T359294) Make sure MovePage::isValidFileMove matches UploadBase::getTitle.
2972 * (T230245) Respect $maxConcurrency when queuing async FileOps.
2973 * (T352554) Follow-up "ZhConverter: Fix language variant fallback chain".
2974 * (T292237, T317451) build: Restore Doxygen output for MediaWiki release tags.
2975 * (T324903) HistoryPager: Add #[AllowDynamicProperties].
2976 * (T360850) Update Apache config syntax in .htaccess files.
2977 * (T309714, T354274) mime: Add support for 'font/woff' and 'font/woff2' mime
2979 * (T309714) mime: Make test cases use data provider.
2980 * (T331608) installer: Bear with schema drift caused by running old updater.
2981 * docs: Remove use of $IP from mwdocgen.php.
2982 * (T317451) build: Restore Doxygen output for MediaWiki release tags (take 3).
2983 * docs: Set stable permalink on markdown files.
2984 * (T357019) allow maintenance/deleteBatch.php to accept page ID.
2985 * (T355538, CVE-2024-34507) SECURITY: XSS in edit summary parser.
2986 * (T357760, CVE-2024-34506) SECURITY: Denial of service vector via GET request
2987 to Special:MovePage on pages with thousands of subpages.
2989 == MediaWiki 1.39.6 ==
2991 This is a security and maintenance release of the MediaWiki 1.39 branch.
2993 === Changes since MediaWiki 1.39.5 ===
2994 * Localisation updates.
2995 * Updated symfony/polyfill-php80 from 1.26.0 to 1.28.0.
2996 * Updated symfony/polyfill-php81 from 1.26.0 to 1.28.0.
2997 * (T344912) mail: Encode period (ascii 46) if it appears in encoded email
2999 * Added symfony/polyfill-php82.
3000 * Added symfony/polyfill-php83.
3001 * Updated symfony/yaml from 5.4.10 to 5.4.23.
3002 * (T329609) ApiQueryLanguageinfoTest: Do not pass a float to setFakeTime.
3003 * Updated wikimedia/timestamp from 4.0.0 to 4.1.1.
3004 * tests: Provide coverage for StatusValue::__toString.
3005 * StatusValue: Improve logging/debug output with multibyte characters.
3006 * (T347726, CVE-2023-51704) SECURITY: logging: Fix non-escaped messages
3008 * Updated wikimedia/parsoid from 0.16.1 to 0.16.2.
3009 * (T229992) LocalisationCache: Preserve fallback source language info.
3010 * (T275085) Fix logging Status objects to 'authevents' channel.
3011 * (T341310) DEVELOPERS.md: mention git clone and WSL.
3012 * (T351758) DEVELOPERS.md: reword WSL instructions to include best practices.
3013 * (T349115) LocalisationCache: Fix a rare case in fallback source language.
3014 * SwiftFileBackend: Fix "PHP Deprecated: strlen(): Passing null to parameter #1
3015 ($string) of type string is deprecated".
3016 * maintenance: Add missing parenthesis to SQL in attachLatest.php.
3017 * (T353472) maintenance: Fix join condition in DeduplicateArchiveRevId.
3019 == MediaWiki 1.39.5 ==
3021 This is a security and maintenance release of the MediaWiki 1.39 branch.
3023 === Changes since MediaWiki 1.39.4 ===
3024 * Localisation updates.
3025 * (T333050, CVE-2023-45363) SECURITY: Fix infinite loop for self-redirects
3026 with variants conversion.
3027 * docs: Fix a few typos in MainConfigSchema.
3028 * (T309714) mime: Add support for 'font/sfnt' mime type.
3029 * (T341434) WikiImporter: Improve error message output.
3030 * (T317255) VueComponentParser: Use Zest's getElementsByTagName() rather than
3032 * (T341737) ApiBase: Cast $id to string in filterIDs.
3033 * (T286291, T296188) Merge zh and zh-tw namespace translations back to zh-hans,
3034 zh-hant, zh-hk respectively.
3035 * (T337875) WRStats: Round up SequenceSpec::hardExpiry to the nearest integer.
3036 * (T237898) installer: Check MariaDB version in updater/installer.
3037 * (T342632) ApiComparePages: Add help url.
3038 * (T326182, T324903) EditPage: Add #[AllowDynamicProperties].
3039 * (T342351) rdbms: Fix postgres db function call.
3040 * (T343675) user: Use {@} to escape annotation when writting about annotation.
3041 * (T343797) LanguageWa: Fix double timezone adjustment.
3042 * (T326454) Update pear/mail to 1.5.1.
3043 * (T204470) Remove feedback messages from RawHtmlMessages.
3044 * (T264765, CVE-2023-45364) SECURITY: Article: Check permissions before
3045 showing link to view deleted revision.
3046 * (T310378) Ensure that installer i18n is loaded by update.php.
3047 * (T343622) docs: Set the <comment> tag back to optional.
3048 * (T330528) Upgrade wikimedia/html-formatter from 3.0.1 to 4.0.3.
3049 * (T337463) wdio-mediawiki: await saveScreenshot.
3050 * (T274041) Include core PSR-4 classes in the generated classmap.
3051 * (T208477) $wgPrivilegedGroups – Users belonging in some of the listed groups
3052 will be audited more aggressively.
3053 * doc: Improve description of "type" in extension.schema.v2.json.
3054 * Added PrivilegedGroups attribute for extension.json / skin.json, which lets
3055 you add any new user groups you define to wgPrivilegedGroups (see above).
3056 * HTMLForm: Fix E_NOTICE when hide-if is used with setFormIdentifier.
3057 * (T288624) MultiHttpClient: Unset $this->cmh after closing it.
3058 * (T345039) Do not run SkinAfterBottomScripts hook twice unconditionally.
3059 * (T265734) API Help: Note that parameters may be inherited from other context.
3060 * API: Make continue parameter help description more specific.
3061 * (T285545) i18n: Split apihelp for standard dir parameter.
3062 * (T285545) i18n: Split apihelp for redirects/linkshere/transcludedin/fileusage
3064 * (T285545) i18n: Split apihelp for parameter list=deletedrevs&drprop=.
3065 * (T285545) i18n: Split apihelp for parameter list=allpages&apprexpiry=.
3066 * (T285545) i18n: Split apihelp for parameter action=opensearch&redirects=.
3067 * (T285545) i18n: Split apihelp for parameter action=managetags&operation=.
3068 * (T285545) api: Add message for list=watchlist&wlprop=expiry.
3069 * (T334011) ApiComparePages: expose 'difftype' param if wikidiff2 is installed.
3070 * (T342633) api: Add message for action=compare&prop=timestamp.
3071 * API: revids=… does not necessarily return the queried revisions.
3072 * (T326696) user: Truncate option value in UserOptionsManager.
3073 * (T326696) ApiOptions: Give warning if the value is too long.
3074 * API i18n: Add {{PLURAL:}} for byte count messages.
3075 * (T235207) Get correct main page in API call examples.
3076 * doc: Make extension.schema.v2.json a valid JSON schema.
3077 * updateSpecialPages.php: Avoid implicit float conversion on modulo.
3078 * (T347227) ImportReporter: Make callback functions public.
3079 * (T346898) importDump: Unconditionally call $importer->setUsernamePrefix().
3080 * doc: Improve description of type in extension.schema.v1.json.
3081 * (T340217, CVE-2023-45359) SECURITY: Vector 2022: Numerous unescaped
3082 messages leading to potential XSS.
3083 * (T340220, CVE-2023-45361) SECURITY: Vector 2022: vector-intro-page
3084 message is assumed to yield a valid title.
3085 * (T340221, CVE-2023-45360) SECURITY: XSS via
3086 'youhavenewmessagesmanyusers' and 'youhavenewmessages' messages.
3087 * (T341529, CVE-2023-45362) SECURITY: diff-multi-sameuser
3088 ("X intermediate revisions by the same user not shown") ignores
3089 username suppression.
3090 * (T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted
3091 XML file to Special:Upload (non-standard configuration).
3093 == MediaWiki 1.39.4 ==
3095 This is a security and maintenance release of the MediaWiki 1.39 branch.
3097 === Changes since MediaWiki 1.39.3 ===
3098 * Localisation updates.
3099 * (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1.
3100 * (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7
3102 * (T333776) {{ACTIVEUSERS}} wasn't being updated without updateSpecialPages.php.
3103 * (T258860) Prevent LogicCache exception from message cache during IO errors
3105 * (T336868) Improve idempotency of postgres index upgrades.
3106 * (T322944) Add Authorization to default $wgAllowedCorsHeaders.
3107 * (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter.
3108 * A fake MessageLocalizer for use in unit tests.
3109 * (T338114) Title: Add forward alias.
3110 * composer: Add symfony/polyfill-php81 like symfony/polyfill-php80.
3111 * (T330464) Work around argument corruption bug in XMLReader::open.
3112 * Fix frame and frameless rdfa depending on file existing.
3113 * Fixes for the phan upgrade, part 1.
3114 * Fixes for the phan upgrade, part 2.
3115 * (T298571) build: Update mediawiki/mediawiki-phan-config to 0.12.0.
3116 * build: Updating mediawiki/mediawiki-phan-config to 0.12.1.
3117 * (T329214) Pass whether current rev of file exists to
3118 Linker::makeBrokenImageLinkObj.
3119 * (T334659) Handle thumb errors when !$enableLegacyMediaDOM.
3120 * A manualthumb that doesn't exist should be considered a thumb error.
3121 * (T313157) IndexPager: Also protect against $offset being 0.
3122 * (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.
3124 == MediaWiki 1.39.3 ==
3126 This is a security and maintenance release of the MediaWiki 1.39 branch.
3128 === Changes since MediaWiki 1.39.2 ===
3129 * Localisation updates.
3130 * (T328477) LinksUpdate: Use DB key for category links table.
3131 * GlobalFunctions: Remove check for MEDIAWIKI constant.
3132 * (T329484) API: Fix query+allimages user parameter description.
3133 * (T330529) SpecialEditTags: Set default of '' for wpReason.
3134 * (T330382) postgres: Make the upgrade ignore dropping indexes that
3136 * (T330526) htmlform: Handle null from HTMLFormField::getDefault in
3138 * (T291753) rdbms: escape backslashes in makeConnectionString for PostgreSQL.
3139 * (T325529) Fix total breakage of wgCanonicalServer fallback.
3140 * (T318103) mediawiki.storage: Disable async GC during integration test.
3141 * (T332461, T332397) TempFSFile: Keep the WeakMap alive.
3142 * (T332902) page: fix InvalidArgumentException in SQLPlatform::makeList.
3143 * (T285159, CVE-2023-29141) SECURITY: Do not apply autoblocks to untrusted
3146 == MediaWiki 1.39.2 ==
3148 This is a maintenance release of the MediaWiki 1.39 branch.
3150 === Changes since MediaWiki 1.39.1 ===
3151 * Localisation updates.
3152 * (T325872) ChangeTags: Remove table name from condition.
3153 * (T324895) MWCallbackStream: Add explicit $stream property.
3154 * (T297031, T326039) PostgresUpdater: Move setDefault ahead of
3155 changeNullableField.
3156 * (T321319) Produce HTML for invalid JSON.
3157 * (T215466, T326071) MigrateActors: Write to revision table (Follow-up 24115a8).
3158 * (T223027) ReservedUsernames config: Add reserved names from maintenance
3160 * (T325000, T324896, T307631) Updated OOUI from v0.44.3 to v0.44.5.
3161 * Remove /images .htaccess rules that are no longer relevant.
3162 * Disable php in .htaccess of images directory as a hardening measure.
3163 * (T322583) Include missing message parameter in message.
3164 * LocalFileTest: use encodeBlob/decodeBlob for img_metadata.
3165 * DatabaseSqlite: fix null blobs.
3166 * rdbms: avoid pg_escape_bytea() call-style deprecation notices.
3167 * (T322278) Improve LocalisationCache post-merge validation check.
3168 * (T324408, T326367) Updated wikimedia/remex-html from 3.0.2 to 3.0.3.
3169 * (T322278) Fix the remaining Phan failures on PHP 8.1.
3170 * (T322278, T326367) Respond to some messages from Phan on PHP 8.1.
3171 * Fix phan error when Excimer is enabled.
3172 * (T326021) Add matrix: to $wgUrlProtocols.
3173 * (T314099) stream wrapper: Declare $context class property.
3174 * (T314099) libs\jsminplus: Declare JSNode::$expression.
3175 * (T314096) composer.json: Updated composer/spdx-licenses from 1.5.6 to 1.5.7.
3176 * (T326472) Upgrading cssjanus/cssjanus (v2.1.0 => v2.1.1).
3177 * (T308536) rdbms: Remove deprecation mark for $wgSharedDB.
3178 * (T215466, T326071) installer: Split drop action out of the SQL patch for actor
3180 * (T322603) SqliteMaintenance.php: Fix fatally broken instanceof check.
3181 * (T326377) rdbms: Use DBConnRef in SelectQueryBuilder.
3182 * api/en.json: api-help-datatype-expiry add missing 'may'.
3183 * (T317329) OutputPage: Fix undefined ['host'] in ImagePreconnect code.
3184 * (T328222) Pass empty string to strlen() if schema is null for
3186 * (T289926) SpecialRevisionDelete: Set default of '' for wpReason.
3187 * (T155582, T328503) Fix XML dumps for content types with non-string
3189 * (T326886) PoolCounterRedis: Fix wrong cast, locks weren't being released.
3190 * (T314099) revisiondelete: Replace dynamic property Status::$itemStatuses
3191 * (T327821) skin: Restore default 'value' attribute in makeSearchButton().
3192 * (T329198) ParamValidator: Improve paramvalidator-help-multi-max message.
3193 * (T329415) Clear the statsd data buffer regardless of StatsdServer config.
3194 * (T292348) WikiImporter: do not fail if upload entry in dump lacks 'text' tag.
3195 * (T330049) UnregisteredLocalFile: Don't call MimeAnalyzer if no path.
3196 * (T324894 TempFSFile: Use a WeakMap for reference tracking if available.
3197 * (T295637) Add no to fallback chain of nb and nn.
3199 == MediaWiki 1.39.1 ==
3201 This is a security and maintenance release of the MediaWiki 1.39 branch.
3203 === Changes since MediaWiki 1.39.0 ===
3204 * Localisation updates.
3205 * PostgresUpdater: Remove trailing space from 'user_id ' column.
3206 * (T304515) LCStoreStaticArray: atomically replace the cache file.
3207 * (T324516) postgres: Fix upgrade for templatelinks primary key.
3208 * (T324890, T324891, T324901) Parser: Allow dynamic properties on PHP 8.2.
3209 * (T324513) uuid\GlobalIdGenerator: Check if getmyuid() exists.
3210 * (T314099) OutputPage: Remove unused dynamic property ParserOptions->isBogus.
3211 * (T314099) api: Remove use of undeclared property in action=comparepages.
3212 * Upgrading wikimedia/xmp-reader (0.8.5 => 0.8.6).
3213 * (T324489) Upgrading wikimedia/parsoid (v0.16.0 => v0.16.1).
3214 * Updated pear/mail (v1.4.1 => v1.5.0).
3215 * Removed wikimedia/dodo (v0.4.0).
3216 * (T324910) On pages using multi-content revisions, the raw content of a
3217 specific slot can be retrieved using the action=raw&slot=<role-name> query
3219 * (T322637) SECURITY: sqlite should not create DB file world-readable.
3221 == MediaWiki 1.39.0 ==
3223 === Changes since MediaWiki 1.39.0-rc.1 ===
3224 * Localisation updates.
3225 * exception: Tolerate no service container when trying DB rollback.
3226 * (T320282) Upgrading wikimedia/xmp-reader (0.8.3 => 0.8.4).
3227 * objectcache: Deprecate WANObjectCache::reap() and ::reapCheckKey().
3228 * (T320864) When calling mail(), use an array for headers.
3229 * Upgrading wikimedia/xmp-reader (0.8.4 => 0.8.5).
3230 * (T321154) Call setFormIdentifier() on LogEventsList form.
3231 * When importing revision with same timestamp as latest revision, treat
3232 it as the new latest.
3233 * (T320726) RandomImageGenerator::getImageSpec: Don't pass a float to mt_rand(),
3235 * (T298485, T322360) WikiExporter: Avoid calling reload in processing every row.
3236 * (T321551) pager: Fix null used for foreach in Pager::getNavigationBar.
3237 * (T321551) pager: Remove unused AlphabeticPager::getOrderTypeMessages()
3239 * pager: Remove unused PagerNavigationBuilder::setExtra().
3240 * PagerNavigationBuilder: Document that nulls in setLinkQuery() etc. are
3242 * (T322335) ApiQueryRevisionsBase: Fix 'rvdiffto' parameter handling on PHP 8.0.
3243 * (T314096) TestFileEditor: Fix string interpolation.
3244 * (T289926) api: Fix minor PHP 8.1 incompatibility in ApiOptions.
3245 * (T322803) SpecialBotPasswords: Don't pass null to trim().
3246 * (T289926) Fix incomplete ITextFormatter mocks.
3247 * Language: Handle ronna and quetta.
3248 * (T72510) rdbms: make SqlitePlatform::tableName() apply double quotes.
3249 * (T323373) Parser: Fix extractSections() behavior for PHP >= 8.0.
3250 * .gitattributes: Ship docker-compose.yml to the tarball.
3252 == MediaWiki 1.39.0-rc.1 ==
3254 === Changes since MediaWiki 1.39.0-rc.0 ===
3255 * Localisation updates.
3256 * (T318481) composer: Drop symfony/php73-polyfill.
3257 * (T318460) SpecialChangeEmail: Set default for returntoquery.
3258 * (T318307) HTMLFormField::validate(): Update docs to permit all data types
3259 * (T306802) docker: update to latest published images.
3260 * (T318754) WebInstallerOptions::addPersonalizationOptions(): Close fieldset.
3261 * (T227047) Soft-deprecate the remainder of ActorMigration.
3262 * (T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results
3263 in an IP range check on Special:Contributions.
3264 * (T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence
3266 * (T307278, CVE-2022-41766) SECURITY: On action=rollback the message
3267 "alreadyrolled" can leak revision deleted user name.
3268 * (T319186) .phan/config.php: Update minimum_target_php_version.
3269 * Tests: Explicit cast to int in RandomImageGenerator test (php8 warnings).
3270 * (T319186) .phan/config.php: Update minimum_target_php_version.
3271 * (T310243) Deprecate use of 'wvui-search' package.
3272 * utils: Fix return doc about false/null for UrlUtils::expand.
3273 * (T319000) WebInstaller: Don't try and run trim() on null.
3274 * In the event of preg failure in MagicWordArray throw exception.
3275 * (T318753) Installer: Disable logo dropper for now.
3277 == MediaWiki 1.39.0-rc.0 ==
3279 == Upgrading notes for 1.39 ==
3280 Don't forget to always back up your database before upgrading!
3282 See the file UPGRADE for more detailed per-version upgrade instructions from the
3283 oldest supported upgrading version, MediaWiki 1.31.
3285 Some specific notes for MediaWiki 1.39 upgrades are below:
3286 * (T278139) Drop PHP 7.3 support in MediaWiki 1.39; require 7.4.3 or higher.
3288 For notes on 1.38.x and older releases, see HISTORY.
3290 === Configuration changes for system administrators in 1.39 ===
3292 ==== New configuration ====
3293 * $wgAutoCreateTempUser – This configures automatic user creation on page save.
3294 * $wgCopyUploadAllowOnWikiDomainConfig – This configures if administrators can
3295 use the MediaWiki:Copyupload-allowed-domains system message to define which
3296 domains can be used with the upload-by-url tool.
3297 * $wgCdnMatchParameterOrder – This can be set to false if MediaWiki is behind a
3298 CDN that re-orders query parameters. This will make the code that matches
3299 request URLs to canonical CDN URLs insensitive to parameter order.
3300 * $wgMultiShardSiteStats – This allows you to split site_stats across multiple
3301 rows. Only useful for very large, heavily edited wikis. (T306589)
3302 * $wgPrivilegedGroups – Users belonging in some of the listed groups will be
3303 audited more aggressively.
3305 ==== Changed configuration ====
3306 * $wgInvalidUsernameCharacters – This setting now contains the char '>', which
3307 is now the reserved delimiter for external user names.
3308 * $wgLocalFileRepo – The default serialization method for file meta-data has
3309 been changed to JSON. You can revert it to PHP by setting the property
3310 'useJsonMetadata' to false.
3311 * $wgLBFactoryConf – The 'configCallback' flag can now be set to a callback
3312 function that returns an array with keys to update in $wgLBFactoryConf. This
3313 can be used to update the database configuration on the fly, e.g. to take
3314 replica hosts out of rotation.
3315 * $wgDBservers and $wgLBFactoryConf – The DBO_SSL flag in has been deprecated in
3316 favour of a boolean "ssl" parameter.
3317 * $wgObjectCaches – The 'globalKeyLB' and 'localKeyLB' flags are no longer
3320 ==== Removed configuration ====
3321 * $wgMultiContentRevisionSchemaMigrationStage - This transition flag, deprecated
3322 since MediaWiki 1.35, has been removed; the data migration is over.
3323 * $wgActorTableSchemaMigrationStage - This transition flag has been removed; the
3324 data migration is over.
3325 * $wgWikiFarmSiteDetector – This experimental setting has been removed without
3326 replacement. Use the MW_WIKI_NAME environment variable to specifiy the name of
3327 the site for which to load configuration. Using the WIKI_NAME environment
3328 variable for this purpose is deprecated.
3329 * $wgParserCacheUseJson - The ParserCache now always uses JSON serialization.
3330 Reading old non-JSON cache entries is still supported. The setting had been
3331 deprecated since 1.36.
3332 * $wgAllowJavaUploads - To allow uploads of JAR files, remove application/java
3333 from $wgMimeTypeExclusions.
3334 * $wgMaxRedirects – This broken feature was removed, as it never worked as
3336 * $wgElementTiming – This experimental, default-disabled feature has been
3337 removed without replacement.
3338 * $wgPriorityHints and $wgPriorityHintsRatio – The related experimental feature
3339 has been removed without replacement.
3340 * $wgIncludeLegacyJavaScript – This flag has been removed, without loss of any
3341 functionality in this release. Most former "wikibits" functions were removed
3342 after deprecation in previous releases. The remaining functions, such as
3343 importScript, are now available unconditionally.
3344 * $wgLegacySchemaConversion - This unused setting has been removed.
3345 * $wgInterwikiPrefixDisplayTypes - This unused setting has been removed.
3346 * $wgMangleFlashPolicy – This is no longer functional, and is now deprecated.
3347 Users who are somehow still using Flash as a browser extension will be exposed
3348 to CSRF vulnerabilities.
3350 === New user-facing features in 1.39 ===
3351 * Optional automatic user creation on page save ($wgAutoCreateTempUser)
3352 * Administrators now have the option to delete/undelete the associated "Talk"
3353 page when they are (un)deleting a given page. `deletetalk` and `undeletetalk`
3354 options were added to the 'delete' and 'undelete' action APIs in MW 1.38.
3355 * `{{=}}` is now a wikitext built-in magic word, expanding to `=`. This is
3356 conventionally used as an escape mechanism to allow the use of `=` in
3357 unnamed template arguments. Defining [[Template:=]] to expand to something
3358 other than `=` has been deprecated since 1.36, with affected pages put into
3359 a special tracking category for migration.
3360 * (T284020) Bot passwords are now supported when using the REST API.
3362 === New developer features in 1.39 ===
3363 * Added optional $size param to SearchResultProvideThumbnail hook.
3364 * SearchResultProvideThumbnail hook interface moved from MediaWiki\Rest\Hook
3365 namespace to MediaWiki\Search\Hook.
3366 * JsonValidateSaveHook has been added to allow extensions to set additional
3367 pre-save validations for specific JSON pages (T313254)
3368 * Added 'PermissionErrorAudit' hook, enabling extensions to audit permission
3369 errors on specfic actions. For instance account registration failed attempts
3370 due to a block (T306018).
3372 === External library changes in 1.39 ===
3374 ==== New external libraries ====
3375 * Added Codex v0.1.1. This replaces the now deprecated wvui library.
3376 * Added symfony/polyfill-php81.
3377 * Added symfony/polyfill-php82.
3378 * Added symfony/polyfill-php83.
3380 ===== New development-only external libraries =====
3381 * Updated QUnit from 2.18.0 to 2.18.2.
3383 ==== Changed external libraries ====
3384 * Updated jQuery from v3.6.0 to v3.6.1.
3385 * Updated OOUI from v0.43.2 to v0.44.5.
3386 * Updated composer/semver from 3.2.6 to 3.3.2.
3387 * Updated cssjanus/cssjanus fromv2.1.0 to v2.1.1.
3388 * Updated pear/mail from v1.4.1 to v1.5.1.
3389 * Updated symfony/polyfill-php80 from 1.25.0 to 1.28.0.
3390 * Updated symfony/yaml from 5.4.3 to 5.4.23.
3391 * Updated vue/compat from 3.2.23 to 3.2.37.
3392 * Updated wikimedia/base-convert from 2.0.1 to 2.0.2.
3393 * Updated wikimedia/html-formatter from 3.0.1 to 4.0.3.
3394 * Updated wikimedia/ip-set from 3.0.0 to 3.1.0.
3395 * Updated wikimedia/minify from 2.2.6 to 2.3.0.
3396 * Updated wikimedia/php-session-serializer from 2.0.0 to 2.0.1.
3397 * Updated wikimedia/remex-html from 3.0.2 to 3.0.3.
3398 * Updated wikimedia/running-stat from 1.2.1 to 2.1.0.
3399 * Updated wikimedia/scoped-callback from 3.0.0 to 4.0.0.
3400 * Updated wikimedia/services from 2.0.1 to 3.0.0.
3401 * Updated wikimedia/timestamp from 3.0.0 to 4.1.1.
3402 * Updated wikimedia/xmp-reader from 0.8.1 to 0.8.6.
3404 ===== Changed development-only external libraries =====
3405 * Updated composer/spdx-licenses from 1.5.5 to 1.5.7.
3406 * Updated doctrine/dbal for PHP < 7.3 from 2.13.6 to 2.13.9.
3407 * Updated doctrine/dbal for PHP >= 7.3 from 3.1.5 to 3.4.2.
3408 * Updated mediawiki/mediawiki-phan-config from 0.11.1 to 0.12.1.
3410 ==== Removed external libraries ====
3411 * Removed wikimedia/dodo (v0.4.0).
3413 === Bug fixes in 1.39 ===
3414 * (T314013) $wgExtraNamespaces no longer overrides canonical namespace names
3415 specified in extension.json files. While this setting can still be used to
3416 rename extension-defined namespaces, system administrators may need to run
3417 namespaceDupes.php after upgrading.
3419 === Action API changes in 1.39 ===
3420 * New `undeletetalk` parameter on action=undelete that allows you to restore
3421 all revisions of the associated talk page.
3423 === Languages updated in 1.39 ===
3424 MediaWiki supports over 350 languages. Many localisations are updated regularly.
3425 Below only new and removed languages are listed, as well as changes to languages
3426 because of Phabricator reports.
3428 * Actual localization was added for several languages, which were already
3429 in Names.php and even used for a Wikipedia:
3430 ** (T313200) Added language support for Rundi (Kirundi, rn).
3431 ** (T310976) Added language support for Tumbuka (ChiTumbuka, tum).
3432 ** (T314270) Added language support for Kanuri (kr).
3433 * (T313199) Added language support for Sylheti (syl).
3434 * (T311975) Added language support for Ghanaian Pidgin (gpe).
3435 * (T307080) Added language support for Okinawan (ryu).
3436 * (T307887) Added language support for Mooré (mos).
3437 * (T308813) Added language support for Nigerian Pidgin (pcm).
3438 * (T309763) Added language support for Tai Nüa (tdd).
3439 * (T310040) Added language support for Fante (fat).
3440 * (T311034) Added language support for Campidanese Sardinian (sro).
3441 * (T315406) Fix the autonym of the Iñupiaq language to "Iñupiatun".
3442 * (T315677) Removed French fallback from the Fula language (ff).
3443 * (T304920) In Swahili, The "Media" namespace is now "Media", as in English,
3444 and the "File" namespace is now "Faili". The old name of the "File" namespace
3445 was "Picha", and it's kept for backwards compatibility. If you manage a wiki
3446 in Swahili, and you use "Faili:" as a namespace anywhere in wikitext, and
3447 you mean to use it as "Media:", these need to be replaced to "Media:".
3448 * (T309866) Some namespace translations were updated for Kyrgyz (ky). The old
3449 ones are retained as aliases for backwards compatibility.
3450 * (T117845) Started the renaming of the language codes for Serbian from sr-ec
3451 and sr-el to sr-cyrl and sr-latn.
3452 * (T295637) Add no to fallback chain of nb and nn.
3454 === Breaking changes in 1.39 ===
3455 * Basic non-JavaScript (Grade C) support has been dropped for Internet Explorer
3456 9-10, Firefox 27-38, and Android 4.3-4.4.
3457 * The following methods, deprecated since 1.37, have been removed from IDatabase
3462 * Title::getDefaultNamespace(), deprecated since 1.37, has been removed.
3463 * The DBPrimaryPos class alias 'DBMasterPos' has been removed.
3464 * The global function wfGetLB(), deprecated since 1.27, has been removed.
3465 * Passing a db to BlockRestrictionStore::loadByBlockId() is no longer supported.
3466 BlockRestrictionStoreFactory should be used to fetch a correct
3467 BlockRestrictionStore instead. This was deprecated since 1.38.
3468 * The global function wfGetCache(), deprecated since 1.32, has been removed. You
3469 can use ObjectCache::getInstance() instead.
3470 * The global function wfGetMainCache(), deprecated since 1.32, has been removed.
3471 You can use ObjectCache::getLocalClusterInstance() instead.
3472 * MovePage::__construct() now requires that all parameters be passed. The
3473 fallback to MediaWikiServices emitted deprecation notices since 1.37.
3474 * WikiPage::doEditContent(), deprecated since 1.32, was removed.
3475 * WikiPage::prepareContentForEdit() now requires a UserIdentity parameter to be
3476 provided. Not providing one has been deprecated since 1.37.
3477 * EventRelayerKafka, deprecated in 1.38, was removed.
3478 * MediaWiki\Logger\Monolog\KafkaHandler, deprecated in 1.38, was removed.
3479 * The "trace" option of SectionProfiler, deprecated in 1.38, was removed.
3480 * The global function wfWikiID(), deprecated since 1.35, has been removed.
3481 * Database::wasKnownStatementRollbackError() was removed. Subclasses should
3482 override isKnownStatementRollbackError() instead.
3483 * Database::wasQueryTimeoutError() was removed. Subclasses should
3484 override isQueryTimeoutError() instead.
3485 * Database::buildSuperlative() has been removed without deprecation.
3486 * The following methods, deprecated in 1.37, have been removed:
3487 - Linker::setStubThreshold(), ::getStubThreshold().
3488 - LinkRendererFactory::createForUser().
3489 - ParserOptions::getStubThreshold(), ::setStubThreshold().
3490 * Changes to ResourceLoader modules:
3491 - The mediawiki.viewport module, deprecated in 1.37 has been
3492 removed. Use IntersectionObserver instead.
3493 * If you manage a wiki in Swahili, and you use "Faili:" as a namespace anywhere,
3494 and you mean to use it as "Media:", replace it with "Media:". See T304920.
3496 - Skin::getCopyrightIcon(), ::getPoweredBy(), deprecated in 1.37 have been
3498 - Skin::bottomScripts, deprecated in 1.37, now emits deprecation notices.
3499 Skins using SkinTemplate must set bodyOnly as a skin option and
3500 remove lines of code generating html, body and head elements.
3501 - Skin::makeSearchButton and Skin::makeSearchInput were deprecated in 1.38.
3502 Use SkinTemplate methods with the same name or Skin::getTemplateData
3504 - Styles for the HTML classes `warningbox`, `errorbox` and `successbox` have
3505 been removed in favor of Html class methods.
3506 - The feature `legacy` used inside ResourceLoaderSkinModule,
3507 deprecated in 1.37, will no longer ship any styles.
3508 - Skin::getSkinStylePath, deprecated since 1.36, has been removed.
3509 - Skin::getPortletData has been made private.
3510 - SkinTemplate::getPersonalToolsList(), deprecated in 1.35 has been
3512 - The following SkinTemplate template data, deprecated in 1.37,
3516 - The following hooks, deprecated in 1.37, have been removed:
3517 - SkinGetPoweredBy: SkinGetPoweredByHook
3518 - The following hooks are deprecated and replaced with
3519 SkinTemplateNavigation::Universal:
3520 - SkinTemplateNavigation::SpecialPage
3521 - SkinTemplateNavigation
3523 - The mediawiki.skinning.content.externallinks module, which was
3524 deprecated in 1.36 has been removed. Skins that still rely on it
3525 will lose the icon styling of external links by type.
3526 * Experimental wiki farm support: Automatic detection of the requested site
3527 within a wiki farm based on the requested domain has been removed.
3528 Use the MW_WIKI_NAME environment variable to specify the name of the site
3529 to load configuration for. Using the WIKI_NAME environment variable for this
3530 purpose is deprecated. This is only relevant if you have been using
3531 $wgWikiFarmSettingsDirectory to load wiki farm config.
3532 * MWExceptionHandler::installHandler was marked @internal and had required
3533 arguments added. This method is intended for use in bootstrap code and is
3534 unused in known extensions.
3535 * MWException::useOutputPage was made private without deprecation.
3536 This method was apparently only public for testing and is unused in known
3538 * Calling getId() on a User or UserIdentityValue from the wrong wiki, deprecated
3539 since 1.36, now throws an exception.
3540 * The following methods have been removed from ExtensionRegistry without
3541 deprecation and without replacement. They had been introduced in 1.35 for use
3542 in the testing framework, and were not in use by any known extension:
3543 - exportAutoloadClassesAndNamespaces
3544 - exportTestAutoloadClassesAndNamespaces
3545 * The MWNamespace class, deprecated since 1.34, has been removed. Use the
3546 NamespaceInfo service instead.
3547 * The UnknownContent and UnknownContentHandler class aliases have been removed,
3548 use FallbackContent and FallbackContentHandler instead.
3549 * IResultWrapper::next() now returns void, to match the Iterator interface that
3550 it implements. fetchObject() has the same behavior as next() used to.
3551 * In HTMLForm HTMLAutoCompleteSelectFields, the parameters 'autocomplete' and
3552 'autocomplete-messages', which were deprecated in MediaWiki 1.29, were
3553 removed. Instead, use 'autocomplete-data' and 'autocomplete-data-messages'.
3554 * The global $wgParser, deprecated in 1.32, was removed. Use
3555 MediaWikiServices::getInstance()->getParser() instead.
3556 * ParserOutput::setText will now set the ParserOutput's text to null if
3557 given null. Previously it did nothing if given null.
3558 * The default value for the first argument to the ParserOutput constructor
3559 is now null instead of ''.
3560 * IDatabase::lockTables() and IDatabase::unlockTables(), deprecated since 1.38,
3562 * The $context parameter to `new HTMLForm( … )` and `HTMLForm::factory( … )`
3564 * The class alias for revision related classes in namespace MediaWiki\Storage
3565 has been removed. Classes are IncompleteRevisionException,
3566 MutableRevisionRecord, MutableRevisionSlots, RevisionAccessException,
3567 RevisionArchiveRecord, RevisionFactory, RevisionLookup, RevisionRecord,
3568 RevisionSlots, RevisionStore, RevisionStoreRecord, SlotRecord, and
3569 SuppressedDataException.
3570 * Calling getBy() on an AbstractBlock from the wrong wiki, deprecated since
3571 1.38, now throws an exception.
3572 * Passing a MediaWiki\Linker\LinkTarget to EditPage::makeTemplatesOnThisPageList
3573 or TemplatesOnThisPageFormatter::format is no longer supported,
3574 a MediaWiki\Page\PageIdentity is required.
3575 * The deprecated class alias FakeConverter has been removed, use
3576 TrivialLanguageConverter instead.
3577 * The deprecated ApiQueryContributions class alias has been removed, use
3578 ApiQueryUserContribs instead.
3579 * The deprecated MediaWiki\Special\SpecialPageFactory class alias has been
3580 removed, use MediaWiki\SpecialPage\SpecialPageFactory instead.
3581 * The following skin modules, deprecated in 1.37, have been removed:
3582 - mediawiki.skinning.elements
3583 - mediawiki.skinning.content
3584 - mediawiki.toc.styles
3585 - mediawiki.legacy.config
3586 - mediawiki.legacy.shared
3587 - mediawiki.legacy.commonPrint
3588 * FileModule::compileLessFile(), deprecated since 1.35, has been removed. Use
3589 ::compileLessString() instead.
3590 * LogFormatter::styleRestricedElement(), deprecated since 1.37, has been
3591 removed. Use ::styleRestrictedElement() instead.
3592 * Title::isNamespaceProtected(), deprecated in 1.34, has been removed.
3593 * ApiStashEdit::parseAndStash(), deprecated in 1.34, has been removed.
3594 * LinkCache::forUpdate(), deprecated in 1.34, has been removed.
3595 * Passing null instead of a NamespaceInfo instance to LinkCache::__construct()
3596 is not supported anymore. It is recommended to request an instance from the
3598 * ApiQueryBase::showHiddenUsersAddBlockInfo(), deprecated in 1.34, has been
3599 removed. Use ApiQueryBlockInfoTrait instead.
3600 * ApiQueryBase::prefixedTitlePartToKey(), deprecated in 1.35, has been removed.
3601 Use ::parsePrefixedTitlePart() instead.
3602 * ExternalStoreDB::getSlave(), deprecated in 1.34, has been removed. Use
3603 ExternalStoreDB::getReplica() instead.
3604 * ChangesListSpecialPage::checkStructuredFilterUiEnabled() and
3605 SpecialWatchlist::checkStructuredFilterUiEnabled() now support UserIdentity
3606 as the only argument. Passing Config argument was deprecated in 1.34.
3607 * DatabaseUpdater::ifNoActorTable(), deprecated in 1.35, has been removed. Use
3608 ::ifTableNotExists() instead.
3609 * MediaWiki\Revision\RevisionStoreFactory::getRevisionStore was documented
3610 to allow passing bool true as a dbDomain, this is no longer possible,
3611 because that is an invalid value for a dbDomain.
3612 * LinkHolderArray::__construct() had its signature changed. The class was marked
3614 * SpecialMute::isTargetBlacklisted(), deprecated in 1.35, has been removed. Use
3615 ::isTargetMuted() instead.
3616 * WebRequest::checkUrlExtension(), deprecated in 1.35, has been removed.
3617 * ContentHandler::cleanupHandlersCache(), deprecated in 1.35, has been removed.
3618 * SpecialVersion::getExtAuthorsFileName, deprecated in 1.35, has been removed.
3619 Use MediaWiki\ExtensionInfo::getAuthorsFileName.
3620 * SpecialVersion::getExtLicenseFileName, deprecated in 1.35, has been removed.
3621 Use MediaWiki\ExtensionInfo::getLicenseFileNames.
3622 * CategoryPage::getCategoryViewerClass and ::setCategoryViewerClass, deprecated
3623 in 1.35, have been removed.
3624 * SqlBlobStore::getLegacyEncodingConversionLang(), deprecated in 1.34, has been
3626 * wfCanIPUseHTTPS(), deprecated in 1.37, has been removed.
3627 * wfGetScriptUrl(), deprecated in 1.35, has been removed.
3628 * The following methods of Database class, are no longer stable to override:
3629 - ::implicitOrderby()
3637 - ::buildSubstring()
3638 - ::buildStringCast()
3639 - ::buildIntegerCast()
3641 - ::addIdentifierQuotes()
3644 - ::unionSupportsOrderAndLimit()
3650 - ::setTableAliases()
3651 - ::setIndexAliases()
3652 - ::buildGroupConcatField()
3653 * SpecialUnblock::processUnblock(), deprecated in 1.36, has been removed. Use
3654 UnblockUser instead.
3655 * wfLocalFile() and wfFindFile(), deprecated in 1.34, have been removed.
3656 * Maintenance script resetUserTokens.php, deprecated in 1.27, has been removed.
3657 * These methods in Database have been removed without deprecation as they are
3658 not used outside core. Users should override corresponding methods in
3659 SQLPlatform instead:
3660 - Database::doInsert -> SQLPlatform::insertSqlText
3661 - Database::doDropTable -> SQLPlatform::dropTableSqlText
3662 - Database::doRollback -> SQLPlatform::rollbackSqlText
3663 - Database::doSavepoint -> SQLPlatform::savepointSqlText
3664 - Database::doReleaseSavepoint -> SQLPlatform::releaseSavepointSqlText
3665 - Database::doRollbackToSavepoint -> SQLPlatform::rollbackToSavepointSqlText
3666 * The following protected methods of Database class have been removed without
3667 deprecation as they are not used outside core. Users should call
3668 corresponding methods in SQLPlatform:
3669 - Database::makeInsertLists -> SQLPlatform::makeInsertLists
3670 - Database::isFlagInOptions -> SQLPlatform::isFlagInOptions
3671 - Database::normalizeOptions -> SQLPlatform::normalizeOptions
3672 - Database::fieldNameWithAlias -> SQLPlatform::fieldNameWithAlias
3673 - Database::isTransactableQuery -> SQLPlatform::isTransactableQuery
3674 * $wgCanonicalNamespaceNames no longer includes custom namespaces defined using
3675 $wgExtraNamespaces. Extensions should use the NamespaceInfo service instead
3676 of accessing this configuration setting directly.
3677 * The following hook, deprecated in 1.35, has been removed:
3678 - ParserGetVariableValueVarCache: ParserGetVariableValueVarCacheHook
3679 * The $variableCache parameter to the ParserGetVariableValueSwitch hook is
3680 no longer used; non-standard use of this parameter has been deprecated since
3682 * These methods have been moved from IDatabase to IMaintainableDatabase:
3683 - IDatabase::fieldExists -> IMaintainableDatabase::fieldExists
3684 - IDatabase::indexExists -> IMaintainableDatabase::indexExists
3685 - IDatabase::tableExists -> IMaintainableDatabase::tableExists
3686 * DBConnRef doesn't accept live connection in constructor anymore.
3687 Only parameters for getting connection should be provided.
3688 * IDatabase::getTopologyRootPrimary() was removed.
3689 * User::blockedBy(), deprecated since 1.38, has been removed.
3690 * User::getBlockId(), deprecated since 1.38, has been removed.
3691 * AlphabeticPager::getOrderTypeMessages(), unused since 1.13, has been removed
3692 without deprecation.
3694 === Deprecations in 1.39 ===
3695 * PageProps::getInstance(), deprecated since 1.38, emits deprecations warnings.
3696 * The global function wfGetDB() has been deprecated. Use
3697 LoadBalancer::getConnection() instead.
3698 * SpecialRedirectWithAction::__construct without SearchEngineFactory argument
3699 will now emit a deprecation notice.
3700 * Use of the SiteStatsUpdate constructor has been deprecated in favor of
3701 the ::factory() method.
3702 * AuthManager::checkAccountCreatePermissions has been deprecated. Use
3703 AuthManager::authorizeCreateAccount or AuthManager::probablyCanCreateAccount
3705 * Title::getSelectFields() has been deprecated in favor of
3706 PageStore::newSelectQueryBuilder()
3707 * Title::newFromTitleValue(), deprecated since in 1.34, now emits deprecation
3708 warnings. Use ::newFromLinkTarget() instead.
3709 * ExtensionRegistry::readFromQueue() has been marked @internal. Extensions
3710 should use ExtensionProcessor instead.
3711 * Processor::getExtraAutoloaderPaths() and
3712 ExtensionProcessor::getExtraAutoloaderPaths() have been deprecated, use get
3713 getExtractedAutoloadInfo() instead.
3714 * The following global functions are deprecated in favor of the listed UrlUtils
3716 - wfExpandUrl -> UrlUtils::expand
3717 - wfGetServerUrl -> UrlUtils::getServer
3718 - wfAssembleUrl -> UrlUtils::assemble
3719 - wfRemoveDotSegments -> UrlUtils::removeDotSegments
3720 - wfUrlProtocols -> UrlUtils::validProtocols
3721 - wfUrlProtocolsWithoutProtRel -> UrlUtils::validAbsoluteProtocols
3722 - wfParseUrl -> UrlUtils::parse
3723 - wfExpandIRI -> UrlUtils::expandIRI
3724 - wfMatchesDomainList -> UrlUtils::matchesDomainList
3725 These methods are exact replacements except that
3726 1) they return null instead of false or empty string on error (where
3728 2) UrlUtils::validProtocols does not take a parameter (documentation said not
3729 to pass one to wfUrlProtocols anyway);
3730 3) they use type hints (don't try passing null instead of string, etc.).
3731 * MaintainableDBConnRef is deprecated, use DBConnRef instead.
3732 * Loading DefaultSettings.php is deprecated. To get default values of main
3733 config settings, use MainConfigSchema::listDefaultValues() or
3734 MainConfigSchema::getDefaultValue().
3735 * AbstractContent::getRedirectChain() and
3736 AbstractContent::getUltimateRedirectTarget() are now emitting deprecation
3738 * (T244138) QueryPage::getSQL() is deprecated. Instead QueryPage::getQueryInfo()
3739 should be overridden.
3740 * Calling new JobRunner() directly without $serviceOptions now emits
3741 deprecation warnings. Use MediaWikiServices::getInstance()->getJobRunner()
3743 * Passing an array of targets to Article::getRedirectHeaderHtml() is
3744 deprecated. Supply a single redirect target instead (T296430).
3745 * The following Less mediawiki.mixins have been deprecated:
3747 - .animation-delay()
3748 - .transform-rotate()
3749 * Skin::getAction is deprecated. Use IContextSource::getActionName instead.
3750 * User::getOption, deprecated since 1.35, now emits deprecation warnings.
3751 Use UserOptionsLookup::getOption instead.
3752 * ILBFactory::forEachLB() is deprecated. Use ::getAllLBs().
3753 * LoadBalancer::forEachOpenConnection() and ::forEachOpenPrimaryConnection()
3754 are deprecated without replacement.
3755 * The following classes were moved from the root namespace to the
3756 MediaWiki\ResourceLoader namespace, the old names becoming deprecated aliases:
3757 ResourceLoader, MessageBlobStore, VueComponentParser.
3758 * The following classes had the "ResourceLoader" prefix stripped while being
3759 moved to the MediaWiki\ResourceLoader namespace, the old names becoming
3760 deprecated aliases: DerivativeResourceLoaderContext,
3761 ResourceLoaderCircularDependencyError, ResourceLoaderClientHtml,
3762 ResourceLoaderCodexModule, ResourceLoaderContext, ResourceLoaderFileModule,
3763 ResourceLoaderFilePath, ResourceLoaderForeignApiModule, ResourceLoaderImage,
3764 ResourceLoaderImageModule, ResourceLoaderLanguageDataModule,
3765 ResourceLoaderLessVarFileModule, ResourceLoaderModule,
3766 ResourceLoaderMwUrlModule, ResourceLoaderOOUIFileModule,
3767 ResourceLoaderOOUIIconPackModule, ResourceLoaderOOUIImageModule,
3768 ResourceLoaderOOUIModule, ResourceLoaderSiteModule,
3769 ResourceLoaderSiteStylesModule, ResourceLoaderSkinModule,
3770 ResourceLoaderStartUpModule, ResourceLoaderUserModule,
3771 ResourceLoaderUserOptionsModule, ResourceLoaderUserStylesModule,
3772 ResourceLoaderWikiModule.
3773 * WANObjectCache::reap() and WANObjectCache::reapCheckKey() have been
3774 deprecated without replacement.
3775 * The following methods in WikiRevision and their interfaces
3776 ImportableUploadRevision and ImportableOldRevision are deprecated:
3777 - ::getUserObj() → ::getUser()
3778 - ::setUserObj() → ::setUsername()
3779 - ::setUserIP() → ::setUsername()
3780 * ObjectCache::addBusyCallback() is deprecated and non-functional.
3781 * MWTimestamp::getHumanTimestamp(), deprecated in 1.26, now emits deprecation
3783 * Article::viewRedirect(), deprecated in 1.30, now emits deprecation warnings.
3784 * Parser::getFreshParser() is deprecated, use ParserFactory::getInstance().
3785 * CoreParserFunctions::mwnamespace() is deprecated and emits deprecation
3786 warnings, use CoreParserFunctions::namespace() instead.
3787 * Registering magic variables whose names include a colon is deprecated.
3788 * User::blockedFor(), deprecated in 1.35, now emits deprecation warnings.
3789 * Access to previously public properties AbstractBlock::$mExpiry,
3790 AbstractBlock::$mHideName, AbstractBlock::$mTimestamp, DatabaseBlock::$mAuto,
3791 and DatabaseBlock::$mParentBlockId, deprecated in 1.34, now emits deprecation
3793 * Access to previously public properties User::$mBlock, User::$mBlockedby, and
3794 User::$mHideName, deprecated in 1.35, now emits deprecation warnings.
3795 * JobQueueGroup::singleton() and ::destroySingletons(), deprecated in 1.37, now
3796 emit deprecation warnings.
3797 * Title::getNotificationTimestamp(), deprecated in 1.35, now emits deprecation
3799 * Global functions wfReadOnly and wfReadOnlyReason, deprecated in 1.38, now
3800 emit deprecation warnings.
3801 * Overriding or calling DifferenceEngine::getDiffBodyCacheKey(), deprecated in
3802 1.31, now emits deprecation warnings.
3803 * Access to previously public property WikiRevision::$fileIsTemp, deprecated in
3804 1.29, now emits deprecation warnings.
3805 * wfQueriesMustScale() has been deprecated and emits deprecation warnings.
3806 * ContextSource::getStats(), RequestContext::getStats(), and
3807 DerivativeContext::getStats(), deprecated in 1.27, now emit deprecation
3809 * ManualLogEntry::setTags(), deprecated in 1.33, now emits deprecation warnings.
3810 * WikiRevision::downloadSource(), deprecated in 1.31, now emits deprecation
3812 * DifferenceEngine::textDiff(), deprecated in 1.32, now emits deprecation
3814 * FormatMetadata::flattenArrayContentLang(), deprecated in 1.36, now emits
3815 deprecation warnings.
3816 * SkinTemplate::getNameSpaceKey(), deprecated in 1.35, now emits deprecation
3818 * EnqueueJob::newFromJobsByWiki(), deprecated in 1.33, now emits deprecation
3820 * The following methods of the MWGrants class, all deprecated since 1.38,
3821 are now emitting deprecation warnings:
3832 * DataUpdate::runUpdates(), deprecated in 1.28, now emits deprecation warnings.
3833 * CdnCacheUpdate::newFromTitles(), deprecated in 1.35, now emits deprecation
3835 * Instantiating HTMLCacheUpdate class, deprecated in 1.34, now emits deprecation
3837 * ISQLPlatform::tableNames() (implemented by IDatabase) is now deprecated.
3838 None of the tableName*() functions should be used by most users;
3839 if you absolutely must use raw SQL, write several tableName() calls instead.
3840 * Language::isWellFormedLanguageTag() has been deprecated in favor of
3841 LanguageCode::isWellFormedLanguageTag().
3842 * The PrevNextNavigationRenderer helper class has been deprecated in favor of
3843 the new PagerNavigationBuilder one.
3844 * The methods IndexPager::getPagingLinks(), IndexPager::getLimitLinks() and
3845 IndexPager::buildPrevNextNavigation() have been deprecated in favor of
3846 IndexPager::getNavigationBuilder().
3847 * Overriding the method IndexPager::makeLink() has been deprecated.
3848 * ActorMigration is deprecated. The temporary table is no longer needed, the
3849 actor table can be directly joined to the revision table, which is simple
3850 enough to not need a helper class. See the methods of ActorMigration for more
3851 specific information on replacements. ActorMigrationBase remains usable for
3852 migrations in extension tables.
3854 === Other changes in 1.39 ===
3855 * Dynamic default values are now applied before extension registration callbacks
3856 are run. This way, extensions have a complete view of config variables, with
3857 all defaults applied. For example, when the default value of X used to be
3858 static but becomes dynamic, and an extension reads the value of X in the
3859 registration callback, it will now continue to function as expected. In some
3860 cases however, this may cause an undesired change in behavior: if the dynamic
3861 default of setting X depends on the value of setting Y, and an extension
3862 changes Y, the changed value of Y will no longer affect the value of X.
3866 MediaWiki 1.39 requires PHP 7.4.3 or later and the following PHP extensions:
3877 MariaDB is the recommended database software. MySQL, PostgreSQL, or SQLite can
3878 be used instead, but support for them is somewhat less mature.
3880 The supported versions are:
3882 * MariaDB 10.3 or higher
3883 * MySQL 5.7.0 or higher
3884 * PostgreSQL 10 or later
3885 * SQLite 3.8.0 or later
3887 == Online documentation ==
3888 Documentation for both end-users and site administrators is available on
3889 MediaWiki.org, and is covered under the GNU Free Documentation License (except
3890 for pages that explicitly state that their contents are in the public domain):
3892 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
3895 A mailing list is available for MediaWiki user support and discussion:
3897 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
3899 A low-traffic announcements-only list is also available:
3901 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
3903 It's highly recommended that you sign up for one of these lists if you're
3904 going to run a public MediaWiki, so you can be notified of security fixes.
3907 There's usually someone online in #mediawiki on irc.libera.chat.
3911 == MediaWiki 1.38.7 ==
3913 This is a security and maintenance release of the MediaWiki 1.38 branch.
3915 === Changes since MediaWiki 1.38.6 ===
3916 * Localisation updates.
3917 * (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1.
3918 * (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7
3920 * (T322944) Add Authorization to default $wgAllowedCorsHeaders.
3921 * (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter.
3922 * (T330464) Work around argument corruption bug in XMLReader::open.
3923 * (T313157) IndexPager: Also protect against $offset being 0.
3924 * (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.
3926 == MediaWiki 1.38.6 ==
3928 This is a security and maintenance release of the MediaWiki 1.38 branch.
3930 === Changes since MediaWiki 1.38.5 ===
3931 * Localisation updates.
3932 * (T325872) ChangeTags: Remove table name from condition.
3933 * (T324895) MWCallbackStream: Add explicit $stream property.
3934 * (T297031, T326039) PostgresUpdater: Move setDefault ahead of
3935 changeNullableField.
3936 * Remove /images .htaccess rules that are no longer relevent.
3937 * Disable php in .htaccess of images directory as a hardening measure.
3938 * (T322583) Include missing message parameter in message.
3939 * Fix phan error when Excimer is enabled.
3940 * (T323373) Parser: Fix extractSections() behavior for PHP >= 8.0
3941 * (T326021) Add matrix: to $wgUrlProtocols.
3942 * (T326377) rdbms: Use DBConnRef in SelectQueryBuilder.
3943 * api/en.json: api-help-datatype-expiry add missing 'may'.
3944 * (T328222) Pass empty string to strlen() if schema is null for
3946 * (T317329) OutputPage: Fix undefined ['host'] in ImagePreconnect code.
3947 * (T289926) SpecialRevisionDelete: Set default of '' for wpReason.
3948 * (T155582, T328503) Fix XML dumps for content types with non-string
3950 * (T314099) revisiondelete: Replace dynamic property Status::$itemStatuses.
3951 * (T329198) ParamValidator: Improve paramvalidator-help-multi-max message.
3952 * (T292348) WikiImporter: do not fail if upload entry in dump lacks 'text'
3954 * (T295637) Add no to fallback chain of nb and nn.
3955 * (T329484) API: Fix query+allimages user parameter description.
3956 * (T330529) SpecialEditTags: Set default of '' for wpReason.
3957 * (T330526) htmlform: Handle null from HTMLFormField::getDefault in
3959 * (T285159, CVE-2023-29141) SECURITY: Do not apply autoblocks to untrusted
3962 == MediaWiki 1.38.5 ==
3964 This is a security and maintenance release of the MediaWiki 1.38 branch.
3966 === Changes since MediaWiki 1.38.4 ===
3967 * Localisation updates.
3968 * Tests: Explicit cast to int in RandomImageGenerator test (php8 warnings).
3969 * (T319000) WebInstaller: Don't try and run trim() on null.
3970 * (T318753) Installer: Disable logo dropper for now.
3971 * (T320864) When calling mail(), use an array for headers.
3972 * (T311567) In ManualLogEntry, cast the comment to string.
3973 * (T289926) api: Fix minor PHP 8.1 incompatibility in ApiOptions.
3974 * (T322803) SpecialBotPasswords: Don't pass null to trim().
3975 * (T323082) Upgrading wikimedia/xmp-reader (0.8.1 => 0.8.5).
3976 * Language: Handle ronna and quetta.
3977 * PostgresUpdater: Remove trailing space from 'user_id ' column.
3978 * (T304515) LCStoreStaticArray: atomically replace the cache file.
3979 * (T324890, T324891, T324901) Parser: Allow dynamic properties on PHP 8.2.
3980 * (T324910) On pages using multi-content revisions, the raw content of a
3981 specific slot can be retrieved using the action=raw&slot=<role-name> query
3983 * (T322637) SECURITY: sqlite should not create DB file world-readable.
3985 == MediaWiki 1.38.4 ==
3987 This is a maintenance release of the MediaWiki 1.38 branch.
3989 === Changes since MediaWiki 1.38.3 ===
3990 * Fix missing use statement from backport of fix for T307278.
3992 == MediaWiki 1.38.3 ==
3994 This is a security and maintenance release of the MediaWiki 1.38 branch.
3996 === Changes since MediaWiki 1.38.2 ===
3997 * Localisation updates.
3998 * (T311568) UploadBase::setTempFile() handle $tempPath being passed as null.
3999 * (T311559) SpecialListFiles: user parameter isn't always present.
4000 * (T311561) ImageListPager: Don't call htmlspecialchars() on null.
4001 * (T311920) SpecialBlockList: Prevent passing null to trim().
4002 * (T311921) SpecialUserrights: Don't pass null to str_replace.
4003 * (T311570) SpecialWithoutInterwiki: Don't pass null through to
4004 Title::capitalize().
4005 * (T311574, T311576) SpecialLinkSearch: Don't pass null through to the parser.
4006 * (T311360) RecentChange: Straight join to actor table when needed.
4007 * (T311360) RecentChange: Make join to comment table also straight.
4008 * Remove messages in en-gb.json.
4009 * (T312519, T312520) Parser::extensionSubstitution() Don't run substr() on null.
4010 * (T287564) populateInterwiki: Include not null columns iw_api/iw_wikiid.
4011 * (T312302) SpecialRedirect: Don't pass null to explode.
4012 * RemoveInvalidEmails: Fix quoting for postgres.
4013 * (T312678) import: UploadSourceAdapter::stream_read() don't pass null to
4015 * (T312300) SpecialDiff: Don't pass null to explode().
4016 * (T312680) parser: Fix CoreParserFunctions::urlencode() null coalescence $arg.
4017 * (T289926) Handle null passed to wfShorthandToInteger() and Html::element().
4018 * (T289926) Ensure that strlen() does not get passed a (valid) null.
4019 * (T312301) SpecialDiff: Don't pass null to trim().
4020 * Hooks: Use more meaningful name for SkinAfterPortlet hook parameter.
4021 * (T289926) Ensure we don't pass null to mb_strlen.
4022 * (T312305, T311572, T311571, T311578) HTMLForm: Null coalescence in trim()
4024 * (T289926) site: Consistently return null from Site::getDomain().
4025 * (T307304, T289879) filebackend,jobqueue: Add signature for
4026 FilterIterator::accept().
4027 * (T304559) Use page ID from parent revision, improve logging.
4028 * (T312183) rdbms: Adapt hasOrMadeRecentPrimaryChanges test mock for PHP 8.1.
4029 * Add application/vnd.ms-opentype to MIME list.
4030 * Allow composer/installers plugin in composer.json.
4031 * (T313663) Make ReadOnlyModeTest work in php8.
4032 * (T313663) Make HandlerTestTrait compatible with php8.1.
4033 * (T313663) [php8] Make DeletePageTest stop giving warnings on php8.1.
4034 * Change type hints for BatchRowIterator and NotRecursiveIterator for
4035 compatibility with PHP 8.1.
4036 * (T313663) [php8.1] Change override of $wgResourceBasePath for CSP tests.
4037 * (T313663) parser: Mock WikiPage::getContentModel in ParserCacheTest to fix
4039 * (T313663) [php8.1] Make WikiImporterFactoryTest use better mock for
4041 * Fix tests so getName() doesn't return null.
4042 * (T313663) [php8] Don't use strlen on potentially null string.
4043 * (T313663) [php8.1] Suppress test warning about providing null.
4044 * (T313663) [php8.1] mock User::getTitleKey() in DeaultPreferencesFactoryTest.
4045 * (T313663) Parser will use current timestamp instead of null if passed a
4046 RevisionRecord that does not have a timestamp.
4047 * (T313663) Add explicit null check for $sha in FileBackend [php8.1].
4048 * (T313663) LogFormatter: Cast argument of ctype_digit to string [php8.1].
4049 * (T313663) Mock UserOptionsManager::getOption for php8.1.
4050 * (T289879, T289926) Get rid of warnings on PHP 8.1.
4051 * (T313663) Check for null return of preg_replace in MediaWikiTitleCodec.
4052 * (T313663) cast db name to string when checking if it is read only [php8.1].
4053 * (T313663) Avoid testing strlen on null in ApiQuerySiteinfo [php 8.1 compat].
4054 * (T313663) Use default timezone UTC for SpecialWatchlistTest [php 8.1].
4055 * (T313663) Mock User::getTitleKey in SpecialPreferencesTest [php 8.1].
4056 * (T314096) Migrate use of ${var}-style string interpolation.
4057 * (T314099) preprocessor: Add missing field declarations.
4058 * (T313663, T313662) Make default value for optional args {{PAGESINCAT:..}} be
4060 * (T313663) [php8.1] Mock out getLocalDomainID for WatchedItemStore tests.
4061 * (T313663) Suppress warnings for the null test of addIdentifierQuotes.
4062 * (T314225) SpecialCategories: Null coalescene $par.
4063 * (T314099) User: Allow dynamic properties on PHP 8.2.
4064 * (T314404) SpecialGoToInterwiki: Null coalescene $par.
4065 * (T314397) SpecialBlock: Better handle null in getTargetUserTitle.
4066 * (T314099) phpunit: Fix trivial dynamic property usages in tests.
4067 * (T314405) UploadStash: Check if us_prop is set in the fileMetadata.
4068 * (T313663) Make ChangesListSpecialPageTest cast to string for php 8.1.
4069 * (T313663) Do not test giving a null fragment to Title::makeTitle.
4070 * (T314550) SpecialMergeHistory: Set timestamp to '' if no mergepoint.
4071 * (T314551) SpecialMergeHistory: Set defaults for target and dest parameters.
4072 * (T313663) Cast results of Sqlite test to string [php 8.1].
4073 * (T314208) Set $wgServer for HttpRequestFactoryTest to prevent warnings on
4075 * (T314208, T297082) phpunit: Fallback to global default user options.
4076 * (T307282) Avoid passing null to strcasecmp(), for PHP 8.1.
4077 * Fix a couple deprecation warnings in the installer under PHP 8.1.
4078 * api: Add rel=nofollow to help examples.
4079 * (T307613) Validate length of user email on Special:ChangeEmail/
4080 Special:CreateAccount.
4081 * (T314226) LoginSignupSpecialPage: Check if $value is a string before length.
4082 * (T314824) tests: Update parser test after i18n change.
4083 * (T313663, T296083) context: Replace deprecated User::getOption.
4084 * (T295958, T278847) MediaWiki-Docker: Switch PHP images to PHP7.4.
4085 * (T314906, T314907) SpecialBlock: Set defaults for wpPageRestrictions and
4086 wpNamespaceRestrictions.
4087 * (T315309) ImportStreamSource::newFromURL() Prevent passing null to fwrite.
4088 * (T315892) composer.json: Pin phpunit to 8.5.28.
4089 * (T313663) Do not compare byte-for-byte of serialized items in tests [php8.1].
4090 * objectcache: avoid php 8.1 argument type warnings in
4091 genericKeyFromComponents().
4092 * (T317750) session: Fix broken SessionTest case due to PHPUnit dependency
4094 * ManualLogEntry: Don't pass null to trim() as PHP 8.1 whines.
4095 * (T313663) Add a null check VueComponentParser to prevent php8.1 issues.
4096 * (T313049) Bump wikimedia/parsoid to v0.15.1.
4097 * (T318754) WebInstallerOptions::addPersonalizationOptions(): Close fieldset.
4098 * (T318460) SpecialChangeEmail: Set default for returntoquery.
4099 * (T318307) Update docs for HTMLFormField::validate() to permit all data types.
4100 * (T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results
4101 in an IP range check on Special:Contributions.
4102 * (T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence
4104 * (T307278, CVE-2022-41766) SECURITY: On action=rollback the message
4105 "alreadyrolled" can leak revision deleted user name.
4107 == MediaWiki 1.38.2 ==
4109 This is a security and maintenance release of the MediaWiki 1.38 branch.
4111 === Changes since MediaWiki 1.38.1 ===
4112 * Localisation updates.
4113 * (T309426) Repair language selector for SVGs.
4114 * (T310013) Fix default value for $wgShowEXIF and $wgUsePathInfo.
4115 * (T308471) SECURITY: Escape welcomeuser message passed to showSuccessPage().
4116 * (T308473) SECURITY: Escape contributions-title msg for use within page title.
4117 * (T311272) Call parent constructor of AddSite maintenance script first.
4118 * MediaWiki: Don't eagerly initialize action name.
4119 * (T311384, CVE-2022-27776) Updated guzzlehttp/guzzle from 7.4.1 to 7.4.5.
4120 * (T289926) Avoid passing null to trim() in SkinTemplate.
4121 * (T289879) Address deprecations for PHP 8.1.
4122 * (T311473) rollbackEdits: Pass user identity to RollbackPage.
4123 * Upgrade wikimedia/remex-html from 3.0.1 to 3.0.2.
4124 * (T311551) ShellboxClientFactory::getUrl(): Check if $this->key is null.
4125 * (T311552) ChangesListSpecialPage: Don't pass null to FormatJson::decode().
4126 * (T311569) FileBackend::isStoragePath() Handle being passed null.
4127 * (T311544) Pass int to ApiUsageException::newWithMessage()'s $httpCode param.
4128 * (T311678) SpecialEditWatchlist: Prevent passing null to strtolower().
4129 * (T311554) ChangeTags: Return early in formatSummaryRow() if $tags === null.
4130 * Upgrade wikimedia/common-passwords from 0.3.0 to 0.4.0.
4132 == MediaWiki 1.38.1 ==
4134 This is a maintenance release of the MediaWiki 1.38 branch.
4136 === Changes since MediaWiki 1.38.0 ===
4137 * (T309860) Add justinrainbow/json-schema to vendor.
4138 * (T309933) Drop PHP 7.2 support in MediaWiki 1.38; require 7.3.19.
4140 == MediaWiki 1.38.0 ==
4142 === Changes since MediaWiki 1.38.0-rc.1 ===
4143 * Localisation updates.
4144 * (T309114) LocalFile::prerenderThumbnails: Limit the number of thumbnail
4146 * (T305779) phpunit: Support setting skin context in BundleSizeTest subclasses.
4147 * (T309028) SECURITY: ApiEditPage: update title after redirects.
4148 * (T308967) notifications: prevent log spam when invalid user object listed.
4149 * composer: Lock Parsoid version to specific 0.15.0 release.
4150 * (T306362, T308680) change-your-logo.svg: Resize to 135px square, re-crush,
4151 and manually minify.
4153 == MediaWiki 1.38.0-rc.1 ==
4155 === Changes since MediaWiki 1.38.0-rc.0 ===
4156 * Localisation updates.
4157 * (T305028) Undeprecate EditPage::$textbox2.
4158 * (T305635) LogActions is a map, not a list.
4159 * (T306721) Add wikimedia/equivset to vendor; needed by bundled AbuseFilter.
4160 * (T307284) Simplify TransactionManager::pendingWriteQueryDuration.
4161 * (T307307) Add symfony/yaml to vendor.
4162 * Fix old_name in UserLogoutComplete hook.
4163 * REST: don't send stack trace in error responses.
4164 * (T307998) SessionManager: stop storing an ObjectFactory instance.
4165 * (T193565) UserGroupManager: Fix dbDomain in addUserToGroup() deferred update.
4167 == Upgrading notes for 1.38 ==
4168 Don't forget to always back up your database before upgrading!
4170 See the file UPGRADE for more detailed per-version upgrade instructions from the
4171 oldest supported upgrading version, MediaWiki 1.29.
4173 Some specific notes for MediaWiki 1.38 upgrades are below:
4174 * (T191740) The AbuseFilter extension is now bundled with MediaWiki. This is an
4175 anti-abuse feature that lets privileged users to set specific actions to be
4176 taken when actions by users, such as edits or file uploads, match certain
4178 * (T232948) The Math extension is now bundled with MediaWiki. This is a content
4179 feature that lets users create mathematical formulæ, written in a sub-set of
4180 LaTeX and rendered in MathML with a fallback SVG image. By default, it will
4181 use Wikimedia's mathoid service to render each formula, but local rendering
4182 can be set up for network isolation or performance.
4183 * (T191743) The Minerva skin is now bundled with MediaWiki. This is a simple,
4184 light-weight, and scalable skin that is particularly optimised for mobile use,
4185 and integrates well with the MobileFrontend extension (available separately),
4186 but can also be used as a regular desktop skin.
4188 For notes on 1.37.x and older releases, see HISTORY.
4190 === Configuration changes for system administrators in 1.38 ===
4192 ==== New configuration ====
4193 * (T297708) $wgMaxExecutionTimeForExpensiveQueries - This setting can be used to
4194 control the maximum execution time for several expensive query pages (e.g.
4195 RecentChanges and UserContribs).
4196 * $wgBrowserFormatDetection – This setting allows overriding browsers' automatic
4197 detection and handling of formats. It's initially used to prevent auto-linking
4198 of possible telephone numbers in wiki pages' output in Safari on iOS; this can
4199 be re-enabled if you wish, or locally extended for other browsers' quirks.
4200 * (T240685) $wgMetricsTarget, $wgMetricsFormat, $wgMetricsPrefix - These provide
4201 configuration for a new MetricsFactory service with support for the dogstatsd
4202 format, intended for integration with Prometheus integration.
4203 * $wgGroupInheritsPermissions – This setting allows inheriting permissions, both
4204 granted and revoked, from another group.
4205 * $wgForeignApiRepos – ForeignAPIRepo now has a apiMetadataExpiry option to
4206 control for how long file metadata is cached. Additionally the default changed
4207 from 1 hour to 4 hours.
4208 * $wgSkinsPreferred – This lets you set a list of preferred skins to be listed
4209 higher in Special:Preferences.
4210 * $wgWikiFarmSettingsDirectory – A directory that contains site-specific
4211 configuration files. Setting this will enable multi-tenant ("wiki farm")
4212 mode, causing site-specific settings to be loaded based on information from
4213 the web request. EXPERIMENTAL.
4214 * $wgWikiFarmSettingsExtension – The file extension to be used when looking up
4215 site-specific settings files in $wgWikiFarmSettingsDirectory, such as 'json'
4216 or 'yaml'. EXPERIMENTAL.
4217 * $wgWikiFarmSiteDetector – A callback function that returns the name of the
4218 wiki for the current request. This is used in multi-tenant ("wiki farm")
4219 mode to determine which settings file to load from
4220 $wgWikiFarmSettingsDirectory. EXPERIMENTAL.
4221 * $wgEnableRemoteBagOStuffTests – This replaces the environment variable
4222 PHPUNIT_USE_BAGOSTUFF.
4223 * (T230211) $wgForceDeferredUpdatesPreSend – Force deferred updates to be run
4224 before sending a response to the client, instead of attempting to run them
4225 after sending the response. Setting this to true is useful for end-to-end
4226 testing, to ensure that the effects of a request are visible to any subsequent
4227 requests, even if they are made immediately after the first one. Note however
4228 that this does not ensure that database replication is complete, nor does it
4229 execute any jobs enqueued for later.
4230 * $wgTemplateLinksSchemaMigrationStage – Templatelinks table schema migration
4231 stage, for normalizing tl_namespace and tl_title fields.
4233 ==== Changed configuration ====
4234 * $wgStyleDirectory and $wgExtensionDirectory – These are now set later, so can
4235 no longer be used within LocalSettings.php unless explicitly set in that file.
4236 * $wgFileBackends – This setting no longer takes 'fileJournal' as an option.
4237 * $wgMaxImageArea - This setting may now be set to false to disable size.
4238 checking before scaling. Extensions can still override its value by using the
4239 BitmapHandlerCheckImageArea hook.
4240 * $wgAjaxUploadDestCheck – This is now deprecated, and act as always-true.
4241 * $wgInterwikiCache – This no longer supports the string value for CDB files.
4242 * $wgParserOutputHooks – This is now deprecated; adjustments using this should
4243 be done with OutputPageParserOutputHook instead. (T292321)
4244 * $wgExternalStores – This is newly documentated in
4245 includes/externalstore/README.md.
4247 ==== Removed configuration ====
4248 * $wgShellLocale - This setting has been removed as it was a flawed solution to
4249 the problem of locale dependence, MediaWiki will now always set a locale of
4250 C.UTF-8 or C and works around the remaining problems of the C locale by not
4251 using escapeshellarg. This follows the direction of PHP 8.0, which sets a
4252 locale of C by default instead of respecting LC_CTYPE.
4253 * $wgLoggedOutMaxAge - Experiment removed, originally added in 1.35. (T293848)
4254 * $wgIncludejQueryMigrate - Deprecated in 1.36. We only support jQuery v3.
4255 * $wgUseCategoryBrowser - This experimental feature has been removed. If you
4256 still need to use this feature, please see [[mw:Extension:CategoryExplorer]].
4257 * $wgStyleSheetPath - alias for $wgStylePath, deprecated since 1.3 (2004).
4259 === User-facing changes in 1.38 ===
4260 * (T284921) The "auto-number headings" feature was removed following a
4261 consultation, due to performance reasons.
4263 === New operator/developer features in 1.38 ===
4264 * EXPERIMENTAL: The environment variable MW_CONFIG_FILE can be used to specify
4265 the location of the settings file. This allows alternative settings files to
4266 be loaded depending on the environment. Settings files may be given as PHP
4267 files like the traditional LocalSettings.php file, or they may use JSON or
4269 See https://www.mediawiki.org/wiki/Manual:YAML_settings_file_format
4270 * Added a deleteUserEmail maintenance script - This file enables the deletion of
4271 a given user's associated email address. It can be helpful for
4272 privacy-preserving operations.
4273 * The description array for constructing an HTMLForm now can use 'disable-if' to
4274 disable fields on condition easily, supported expressions are the same as
4276 * There is a new interface, IForeignRepoWithMWApi, to allows you to mark file
4277 repos provided by an extension as supporting making API queries against the
4278 foreign file repo so that extensions like TimedMediaHandler that depend on
4279 this can stop hard-coding looking for specific class names.
4280 * Added EXPERIMENTAL support for an easy to configure multi-tenant ("wiki
4282 Settings for each site can be placed in a directory specified by
4283 $wgWikiFarmSettingsDirectory. Site detection is controlled by
4284 $wgWikiFarmSiteDetector and defaults to the requested host name.
4285 For example, setting $wgWikiFarmSettingsDirectory = "sites" would cause
4286 the settings for wiki.example.com to be loaded from
4287 "sites/wiki_example_com.yaml".
4288 WARNING: YAML files under the web root may be accessible to browsers, please
4289 take appropriate measures to protect them from access via HTTP.
4290 * Running QUnit tests for an individual test suite module is possible with
4291 `grunt qunit --qunit-component={componentName}`, where {componentName} is
4292 "MediaWiki" to run core's QUnit tests or the skin or extension name.
4293 * The 'mediawiki.mixins' module now has a `.user-select()` Less mixin.
4295 === External library changes in 1.38 ===
4297 ==== New external libraries ====
4298 * symfony/yaml was promoted from development-only.
4299 * justinrainbow/json-schema was promoted from development-only.
4301 ==== Changed external libraries ====
4302 * Updated OOUI from v0.42.0 to v0.43.2.
4303 * Updated Vue from 2.6.11 to 3.2.23.
4304 * Updated WVUI from v0.3.0 to v0.4.0.
4305 * Updated composer/semver from 3.2.5 to 3.2.6.
4306 * Updated guzzlehttp/guzzle from 7.2.0 to 7.4.5.
4307 * Updated pear/mail_mime from 1.10.9 to 1.10.11.
4308 * Updated pear/net_smtp from 1.9.2 to 1.10.0.
4309 * Updated psr/log from 1.1.3 to 1.1.4.
4310 * Updated psy/psysh from 0.10.5 to 0.11.1.
4311 * Updated symfony/polyfill-php80 from 1.23.1 to 1.25.0.
4312 * Updated wikimedia/assert from 0.5.0 to 0.5.1.
4313 * Updated wikimedia/cdb from 1.4.1 to 2.0.0.
4314 * Updated wikimedia/ip-utils from 3.0.2 to 4.0.0.
4315 * Updated wikimedia/minify from 2.2.4 to 2.2.6.
4316 * Updated wikimedia/object-factory from 3.0.2 to 4.0.0.
4317 * Updated wikimedia/parsoid from v0.14.0-a14 to v0.15.0.
4318 * Updated wikimedia/purtle from 1.0.7 to 1.0.8.
4319 * Updated wikimedia/request-timeout from 1.1.0 to 1.2.0.
4320 * Updated wikimedia/shellbox from 2.0.0 to 3.0.0.
4321 * Updated wikimedia/wrappedstring from 3.2.0 to 4.0.1.
4322 * Updated wikimedia/remex-html from 3.0.1 to 3.0.2.
4323 * Updated wikimedia/common-passwords from 0.3.0 to 0.4.0.
4325 ===== Changed development-only external libraries =====
4326 * Updated QUnit from 2.16.0 to 2.18.0.
4327 * Updated composer/semver from 3.5.4 to 3.5.5.
4328 * Updated composer/spdx-licenses from 1.5.4 to 1.5.5.
4329 * Updated doctrine/dbal for PHP < 7.3 from 2.10.4 to 2.13.6.
4330 * Updated doctrine/dbal for PHP >= 7.3 from 3.0.0 to 3.1.5.
4332 ==== Removed external libraries ====
4333 * jquery.jStorage, deprecated since MW 1.28; use "mediawiki.storage" instead.
4335 === Action API changes in 1.38 ===
4336 * New `deletetalk` parameter on action=delete that allows you to delete the
4337 associated talk page of a subject page.
4338 * New `variant` parameter for all API actions, for specifying language variant
4339 (akin to the existing `variant` parameter for index.php). Task T117549.
4341 === Languages updated in 1.38 ===
4342 MediaWiki supports over 400 languages. Many localisations are updated regularly.
4343 Below only new and removed languages are listed, as well as changes to languages
4344 because of Phabricator reports.
4346 * (T292166) Updated namespace names for the Lombard language.
4347 * (T299201) Changed the autonym of the Angika language to अंगिका
4348 * (T298309) Changed the autonym of the Abkhaz language to аԥсшәа
4349 * (T302972) Changed the autonym of the Kirundi language to ikirundi
4350 * (T220303) Show numbered lists with Burmese numerals in relevant languages
4351 * (T291899) Added language support for Xiang Chinese (hsn).
4352 * (T292612) Added language support for S'gaw Karen (ksw).
4353 * (T293656) Added language support for Farefare (gur).
4354 * (T294729) Added language support for Pa'O (blk).
4355 * (T296286) Added language support for Skolt Sámi (sms).
4356 * (T296612) Added language support for Makhuwa (vmw).
4357 * (T296707) Added language support for Ga (gaa).
4358 * (T297073) Added language support for Nanai (gld).
4359 * (T297074) Added language support for Nawdm (nmz).
4360 * (T298075) Added language support for Northern Thai (nod).
4361 * (T298182) Added language support for Cape Verdean Creole (kea).
4362 * (T298385) Added language support for Nheengatu (yrl).
4363 * (T299329) Added language support for Fon (fon).
4364 * (T300474) Added language support for Nkore (nyn).
4365 * (T302556) Added language support for Pannonian Rusyn (rsk).
4367 === Breaking changes in 1.38 ===
4368 * (T291008) The IP class, deprecated since 1.35 in favor of the IPUtils library,
4369 has been removed. The IP related regexes which were also deprecated in favor
4370 of the IPUtils library were also removed, IPUtils::RE_* should be used
4372 * (T293043) The MediaWikiIntegrationTestCase class alias 'MediaWikiTestCase' has
4374 * LinkCache::singleton(), deprecated since 1.28, has been removed.
4375 * RepoGroup::singleton(), ::destroySingletons() and setSingleton(), all
4376 deprecated since 1.34, have been removed.
4377 * The following methods from FileDeleteForm were removed:
4378 - ::__construct (the class is no longer newable)
4380 - ::haveDeletableFile()
4381 Use FileDeleteAction instead.
4382 * MessageCache::singleton(), deprecated since 1.34, has been removed.
4383 * LockManagerGroup::singleton() and ::destroySingletons(), both deprecated since
4384 1.34, have been removed.
4385 * FileBackendGroup::singleton() and ::destroySingletons(), both deprecated since
4386 1.35, have been removed.
4387 * TemplateParser used to support disabling the cache with a boolean parameter in
4388 its constructor. This was deprecated in 1.35 and has now been removed.
4389 * The ArticleUndeleteLogEntry hook, deprecated in 1.37, was removed.
4390 * The BeforeResetNotificationTimestamp hook, deprecated in 1.37, was removed.
4391 * The global function mimeTypeMatch() has been removed without a deprecation
4393 * The following JavaScript mw.config keys have been removed:
4397 - $wgCookieExpiration
4398 Use mw.cookie from the mediawiki.cookie module instead.
4399 * The signature of PageUpdater::markAsRevert method was changed. It has never
4400 been used outside of MediaWiki core.
4401 * If you want to use interwiki titles with HTMLTitleTextField, you now need to
4402 pass 'interwiki' => true. In 1.37, the default behavior was to let interwiki
4403 title through by default, logging a deprecation warning.
4404 * The `UndeleteForm::undelete` hook, deprecated in 1.37, was removed.
4405 * BagOStuff::setDebug(), deprecated since 1.36, has been removed.
4406 * The `jquery.mw-jump` ResourceLoader module was removed.
4407 * The `wgForeignUploadTargets` and `wgEnableUploads` configuration values were
4408 removed from mw.config. They had previously been documented as being included
4409 for internal use by the mediawiki.ForeignUpload module.
4410 *The `&$hasHistory` parameter to WikiPage::getAutoDeleteReason() and
4411 ContentHandler::getAutoDeleteReason() was hard-deprecated with no replacement.
4412 * Several Skin methods, which have emitted deprecation warnings since 1.36, have
4413 been removed. These include:
4414 - Skin::privacyLink()
4416 - Skin::disclaimerLink()
4417 For these, instead use Skin::footerLink() to alter footer links.
4419 For this, use ResourceLoaderSkinModule::getAvailableLogos() instead.
4420 - Skin::getIndicatorsHTML()
4421 For this, use Skin::getIndicatorsData() instead.
4422 - Skin::subPageSubtitle()
4423 For this, use Skin::prepareSubtitle() instead.
4424 - Skin::makeVariablesScript()
4425 For this, use ResourceLoader::makeInlineScript() instead.
4426 - Skin::getAllowedSkins()
4427 - Skin::getSkinNames()
4428 For these, use SkinFactory::getAllowedSkins() or ::getInstalledSkins().
4430 - Skin::getSearchLink()
4431 - Skin::mainPageLink()
4432 * Parser::getUser and ::mUser, as well as ParserOptions::getUser, deprecated
4433 since 1.37, has been removed.
4434 * Parser::$mStripState, deprecated in 1.35, has been made private. Use
4435 Parser::getStripState() instead.
4436 * The following deprecated features in blocks were removed:
4437 - DatabaseBlock constructor 'byText' property with blocker's name, use 'by'
4438 property with UserIdentity value instead.
4439 - DatabaseBlock constructor 'by' property with blocker's ID, use 'by' property
4440 with UserIdentity value instead.
4441 - DatabaseBlock::isWhitelistedFromAutoblocks, use ::isExemptedFromAutoblocks.
4442 - DatabaseBlock::setBlocker now only accepts UserIdentity.
4443 - AbstractBlock::getTargetAndType and ::getTarget, use ::getTargetName,
4444 ::getTargetUserIdentity and ::getType instead
4445 * The following functions, emitting deprecations since 1.37, have been removed:
4446 - Title::isWatchable()
4447 - WatchAction::doWatchOrUnwatch(), WatchAction::doWatch(),
4448 WatchAction::doUnwatch(), WatchAction::getWatchToken()
4449 - User::isWatched(), User::isTempWatched(), User::addWatch(),
4451 * ParserOptions::setTidy() that had no effect and was deprecated since 1.35 has
4453 * The "YAML" encoding option of EtcdConfig, has been removed without
4455 * The constant ApiBase::PARAM_VALUE_LINKS, deprecated since 1.35 has been
4457 * UserLoadOptions, UserSaveOptions and UserResetAllOptions hooks, deprecated
4458 since 1.37, were removed.
4459 * The experimental FileJournal system has been removed without deprecation. This
4460 includes the FileJournal abstract class, its implementation classes
4461 DBFileJournal and NullFileJournal, various minor getters and setters, and the
4462 option for the wiki configuration $wgFileBackends.
4463 * The return values for each `bind` function in checkboxHack.js has been changed
4464 from an object to a function. In addition, the `unbind` function has been
4465 removed. A deprecation process was assumed unnecessary as there were no known
4467 * File::getUser, ::getImageSize, ArchivedFile::getRawDescription, ::getUser,
4468 ::getRawUser and ::getRawDescription, deprecated since 1.37, has been removed.
4469 * ShellboxHttpClient class has been removed without deprecation. It was an
4470 internal class used by ShellboxClientFactory.
4471 * The following hard deprecated User methods have been removed:
4472 - ::resetIdByNameCache,
4473 - ::getStubThreshold,
4474 - ::matchEditTokenNoSuffix,
4475 - ::changeableByGroup,
4476 - ::changeableGroups,
4477 - ::isAllowUsertalk,
4482 - ::isValidUserName,
4484 - ::isCreatableName,
4485 - ::getCanonicalName,
4486 - ::addAutopromoteOnceGroups,
4487 - ::getDefaultOptions,
4488 - ::getDefaultOption,
4496 - ::getEffectiveGroups,
4497 - ::getAutomaticGroups,
4500 - ::getFirstEditTimestamp
4501 - ::getLatestEditTimestamp
4502 * Http::$httpEngine, deprecated since 1.34, has been removed. The only available
4503 HTTP engine is now Guzzle. CurlHttpRequest and PhpHttpRequest classes were
4505 * The UserRightsProxy class was deprecated. Pass the correct domain to
4506 UserGroupManagerFactory instead.
4507 * Parser option enableLimitReport was deprecated. The report is now generated
4508 post-parse and can be included by providing 'includeDebugInfo' option to
4509 ParserOutput::getText. Thus, ParserOptions::enableLimitReport and
4510 ::getEnableLimitReport methods were deprecated.
4511 * Ajax action that was deprecated in 1.27 now has been removed.
4512 * The following methods have been removed from IDatabase without deprecation as
4513 they were completely unused:
4514 - ::preCommitCallbacksPending()
4515 - ::pendingWriteRowsAffected()
4516 - ::getServerUptime()
4518 * The following deprecated methods have been removed from IDatabase:
4519 - ::aggregateValue() soft-deprecated since 1.33
4520 - ::getTopologyRootMaster() since 1.37
4521 - ::masterPosWait() since 1.37
4522 - ::dataSeek() soft-deprecated since 1.37
4523 - ::numFields() soft-deprecated since 1.37
4524 - ::fieldName() soft-deprecated since 1.37
4525 - ::onTransactionIdle() soft-deprecated since 1.32
4526 - ::getMasterPos() since 1.37
4527 * DatabaseMysqlBase::fieldType() and DatabasePostgres::fieldType(), deprecated
4528 since 1.37, have been removed.
4529 * Database::assertIsWritableMaster(), deprecated since 1.37, has been removed.
4530 * ResultWrapper::getInternalResult(), soft-deprecated since 1.37 and
4531 ResultWrapper::unwrap(), deprecated since 1.37, have been removed.
4532 * Language::AS_AUTONYMS, deprecated since 1.34, has been removed. You can use
4533 the LanguageNameUtils::AUTONYMS constant instead.
4534 * Several Language class variables deprecated in 1.35 have been removed; they
4535 are each replaced by a constant, as listed after the arrow:
4536 - ::$mWeekdayMsgs → WEEKDAY_MESSAGES
4537 - ::$mWeekdayAbbrevMsg → WEEKDAY_ABBREVIATED_MESSAGES
4538 - ::$mMonthGenMsgs → MONTH_GENITIVE_MESSAGES
4539 - ::$mIranianCalendarMonthMsgs → IRANIAN_CALENDAR_MONTHS_MESSAGES
4540 - ::$mHebrewCalendarMonthMsgs → HEBREW_CALENDAR_MONTHS_MESSAGES
4541 - ::$mHebrewCalendarMonthGenMsgs → HEBREW_CALENDAR_MONTH_GENITIVE_MESSAGES
4542 - ::$mHijriCalendarMonthMsgs → HIJRI_CALENDAR_MONTH_MESSAGES
4543 * wfIncrStats, deprecated since 1.36, has been removed.
4544 * Profiler::profileIn and ::profileOut, deprecated in 1.33, has been removed.
4545 * IEditObject::AS_CANNOT_USE_CUSTOM_MODEL, deprecated in 1.35, was removed.
4546 * Several protected methods in EditPage were made private. None of these was
4547 used outside of EditPage itself. Since the class is not stable to extend,
4548 this change happened without a deprecation phase.
4549 * The following public methods in EditPage, unused externally, were
4552 - ::isSupportedContentModel()
4553 - ::getParentRevId()
4554 * EditPage::setApiEditOverride() was marked as @internal for use by
4556 * SelectQueryBuilder::straightJoin() was renamed to straightJoinOption().
4557 * The following deprecated methods have been removed from ILBFactory:
4558 - ::beginMasterChanges() since 1.37
4559 - ::commitMasterChanges() since 1.37
4560 - ::rollbackMasterChanges() since 1.37
4561 - ::hasMasterChanges() since 1.37
4562 - ::hasOrMadeRecentMasterChanges() since 1.37
4563 * The "groupLoadsByDB" option to LBFactoryMulti has been removed. Consider using
4564 "groupLoadsBySection" instead.
4565 * The following methods have been removed from ILoadBalancer without deprecation
4566 as they were completely unused:
4569 - ::forEachOpenReplicaConnection()
4570 * The following deprecated methods have been removed from ILoadBalancer:
4571 - ::getMasterPos() since 1.37
4572 - ::finalizeMasterChanges() since 1.37
4573 - ::approveMasterChanges() since 1.37
4574 - ::beginMasterChanges() since 1.37
4575 - ::commitMasterChanges() since 1.37
4576 - ::runMasterTransactionIdleCallbacks() since 1.37
4577 - ::runMasterTransactionListenerCallbacks() since 1.37
4578 - ::rollbackMasterChanges() since 1.37
4579 - ::flushMasterSnapshots() since 1.37
4580 - ::hasMasterConnection() since 1.37
4581 - ::hasMasterChanges() since 1.37
4582 - ::lastMasterChangeTimestamp() since 1.37
4583 - ::hasOrMadeRecentMasterChanges() since 1.37
4584 - ::pendingMasterChangeCallers() since 1.37
4585 - ::forEachOpenMasterConnection() since 1.37
4586 - ::waitForMasterPos() since 1.37
4587 * LoadBalancer::safeGetLag() which has been soft-deprecated since 1.34 has been
4589 * The following properties of the EditPage class, deprecated since 1.35, were
4591 - ::$deletedSinceEdit
4599 - ::$allowBlankSummary
4602 - ::$hasPresetSummary
4606 - ::$nosummaryparentRevId
4610 * Special:ListFiles and Special:NewFiles no longer allows to search for parts of
4611 file names (option was not available for $wgMiserMode = true)
4612 * DBAccessBase, deprecated since 1.37, has been removed.
4613 * The UserNamePrefixSearch service no longer supports a UserIdentity parameter
4614 to search(), to check for a specific audience an Authority object is required.
4615 * The methods CoreParserFunctions::register() and CoreTagHooks::register() have
4616 been marked @internal, and had a seconds parameter added. These methods are
4617 intended for use in Parser's constructor, and are not used by any known
4619 * LoadBalancer::openConnection(), deprecated since 1.34, has been removed.
4620 * Skin::preloadExistence has been made private. There is no known usages outside
4623 === Deprecations in 1.38 ===
4624 * The MWGrants class is deprecated in favor of the new GrantsInfo and
4625 GrantsLocalization services.
4626 * The global functions wfReadOnly() and wfReadOnlyReason() have been deprecated
4627 in favor of the ReadOnlyMode service.
4628 * PageProps::getInstance() has been deprecated. Use
4629 MediaWikiServices::getPageProps() instead.
4630 * User::setOption(), deprecated since 1.35, now emits deprecation warnings.
4631 * Linker::formatComment(), ::formatLinksInComment(), ::commentBlock() and
4632 revComment() were deprecated. Use the new CommentFormatter service.
4633 * Several Skin methods have been deprecated.
4634 - Skin::setSearchPageTitle(), Skin::getSearchPageTitle(). For these,
4635 use SpecialPage::newSearchPage() or associated user preference instead.
4636 - Skin::getSkinStylePath now triggers deprecation warnings. Direct string path
4637 should be used instead.
4638 - SkinTemplate::getPersonalToolsList(), deprecated since 1.35, now emits
4639 deprecation warnings.
4640 - In preparation for SkinTemplate::getPortletData becoming a private
4641 function, extending the method is no longer permitted. Use
4642 SkinTemplate::getTemplateData instead.
4643 - SkinTemplate::buildContentNavigationUrls is now deprecated. Skins can
4644 use the runOnSkinTemplateNavigationHooks method or the
4645 SkinTemplateNavigation__Universal hook if they need access to this data.
4646 * Usage of several template data keys in QuickTemplate are now deprecated:
4647 - searchaction, poweredbyico, copyrightico
4648 * DatabaseBlock::purgeExpired(), deprecated since 1.36, now emits deprecation
4650 * The following methods from the User class now trigger deprecation warnings:
4653 * Content::getParserOutput and AbstractContent::fillParserOutput was
4654 hard-deprecated, use ContentRenderer::getParserOutput instead. Extensions
4655 defining a content model should override ContentHandler::fillParserOutput.
4656 * Title::newFromIDs and TitleFactory::newFromIDs have been hard deprecated. Use
4657 a PageSelectQueryBuilder from a PageStore instead.
4658 * Content::getRedirectChain() and Content::getUltimateRedirectTarget() have been
4659 deprecated with no replacement because support for $wgMaxRedirect will be
4660 removed completely. See T296430 for more information.
4661 * WikiPage::getRedirectTarget() has been deprecated. Use the equivalent
4662 RedirectLookup::getRedirectTarget() instead.
4663 * Article::doDelete() was deprecated. Use WikiPage::doDeleteArticleReal if you
4664 only need to delete the article. If you also need things to happen with
4665 OutputPage, you may want to check the hooks in DeleteAction instead.
4666 * Instantiating the MessageContent class now emits deprecation notices.
4667 * Message::content() now triggers deprecation warnings.
4668 * Parser::setDefaultSort(), Parser::getDefaultSort(), and
4669 Parser::getCustomDefaultSort() now trigger deprecation warnings. Use
4670 ParserOutput::{get,set}PageProperty('defaultsort') instead.
4671 * The following methods from the ParserOutput class now emit deprecation
4673 - ::hideNewSection() - use ::setHideNewSection()
4674 - ::preventClickjacking() - use ::{get,set}PreventClickjacking()
4675 - ::getProperty() - use ::getPageProperty() (return value changed)
4676 - ::setProperty() - use ::setPageProperty()
4677 - ::unsetProperty() - use ::unsetPageProperties()
4678 - ::getProperties() - use ::getPageProperties()
4679 - ::getCategoryLinks() - use ::getCategoryNames()
4680 - ::setCategoryLinks() - use ::setCategories()
4681 - ::addTrackingCategory() - use Parser::addTrackingCategory()
4682 or TrackingCategories::addTrackingCategory()
4683 - ::addWarning() - use ::addWarningMsg()
4684 - ::hasDynamicContent() - use ::hasReducedExpiry()
4685 * The following methods from the ParserOutput class were deprecated:
4686 - ::getFlag() - use ::getOutputFlag()
4687 - ::setFlag() - use ::setOutputFlag()
4688 - ::getAllFlags() - this method is now marked @internal
4689 - ::addJsConfigVars() - use ::setJsConfigVar() or ::appendJsConfigVar()
4690 - ::addOutputHook() / ::getOutputHooks() - these hooks should be migrated
4691 to use the OutputPageParserOutput hook instead
4692 * The use of ParserOutput::setExtensionData() to overwrite previous values
4693 stored under a given key has been deprecated; use the new
4694 ::appendExtensionData() to collect multiple values in the ParserOutput rather
4695 than destructively updating stored values. (T300981)
4696 * The signatures of the following methods from the ParserOutput class were
4697 narrowed, restricting the permitted argument types:
4698 - ::addModules() - if you formerly passed a string, pass an array with
4699 the string as the only element.
4700 - ::addModuleStyles() - if you formerly passed a string, pass an array
4701 with the string as the only element.
4702 * Access to the following public or protected properties of OutputPage was
4703 deprecated; they will be made private or removed in a future release.
4704 Use accessor functions instead.
4713 - ::$mEnableClientCache
4714 - ::$mNewSectionLink
4715 - ::$mHideNewSectionLink
4717 * The following methods were deprecated; use ::setPreventClickjacking(..)
4719 - OutputPage::preventClickjacking()
4720 - OutputPage::allowClickjacking()
4721 - ImageHistoryList::preventClickjacking()
4722 - ImageHistoryPseudoPager::preventClickjacking()
4723 - ContribsPager::preventClickjacking()
4724 * OutputPage::enableClientCache() was deprecated, because it is universally used
4725 to do the opposite -- use OutputPage::disableClientCache() instead.
4726 * Sanitizer::removeHTMLtags() has been deprecated. Its output can include
4727 unbalanced or ill-formed HTML and thus external callers may be misled about
4728 how to safely incorporate its output into a page. It is recommended to use the
4729 new Sanitizer::removeSomeTags() method instead, which will always return
4731 * EventRelayerKafka was deprecated. To use $wgEventRelayerConfig with Kafka,
4732 add a similar class to your code.
4733 * MediaWiki\Logger\Monolog\KafkaHandler was deprecated. Consider using
4734 $wgMWLoggerDefaultSpi with SyslogHandler, or to use Kafka, add a similar
4735 Monolog handler class to your code.
4736 * Collation::singleton() and ::factory() now trigger deprecation warnings.
4737 * The following methods in MWNamespace, all deprecated since 1.34, now emit
4738 deprecation warnings:
4742 - getCanonicalNamespaces()
4743 - getCanonicalName()
4744 - getCanonicalIndex()
4745 - getValidNamespaces()
4748 - getContentNamespaces()
4749 * Return values in the parameter $pageLang of the hook PageContentLanguage with
4750 other types than a Language object, deprecated since 1.33, now emmits
4751 deprecation warnings.
4752 * Passing a db to BlockRestrictionStore::loadByBlockId() is deprecated.
4753 BlockRestrictionStoreFactory should be used to fetch a correct
4754 BlockRestrictionStore instead.
4755 * All external access to ParserOutput and CacheTime classes properties will now
4756 emit deprecation warnings. Use getters and setters instead.
4757 * The custom jQuery event `watchpage.mw` emitted on #ca-watch and #ca-unwatch is
4758 now deprecated in favour of the new `wikipage.watchlistChange` hook.
4759 * The global function wfLogProfilingData() has been deprecated without a
4760 replacement. The logic has been moved to the MediaWiki class.
4761 * The "trace" option of SectionProfiler has been deprecated.
4762 * The PageArchive class has had several methods deprecated. The replacements are
4764 - Use UndeletePage instead of ::undeleteAsUser(), ::getFileStatus() and
4765 ::getRevisionStatus().
4766 - Use the respective methods of the new ArchivedRevisionLookup service
4767 instead of ::listRevisions, ::getRevisionRecordByTimestamp,
4768 ::getArchivedRevisionRecord, ::getPreviousRevisionRecord and
4769 ::getLastRevisionId.
4770 - Use ArchivedRevisionLookup::hasArchivedRevisions instead of ::isDeleted.
4771 * PageUpdater::isUnchanged() has been deprecated, use wasRevisionCreated()
4773 * The `mediawiki.pager.tablePager` module was deprecated in favor of the more
4774 generic `mediawiki.pager.styles`.
4775 * wfGetCache() and wfGetMainCache(), both deprecated since 1.32, now emit
4776 deprecation warnings.
4777 * LinkCache::addGoodLinkObj() has been hard deprecated.
4778 * ApiStashEdit::parseAndStash has been hard deprecated.
4779 * Content::prepareSave was hard-deprecated, now emits deprecation warnings.
4780 Use ContentHandler::validateSave instead.
4781 * The hooks LinksUpdateAfterInsert and LinksUpdateConstructed were deprecated.
4782 * Access to all public properties in LinksUpdate was deprecated.
4783 * The global variable $IP has been deprecated for use in application logic.
4784 It will remain available for use in LocalSettings.php for now, though
4785 $wgBaseDirectory is preferred.
4786 Application logic should use the BaseDirectory setting from the main config.
4787 Tests and framework code that need to function without MediaWiki being
4788 fully initialized should use the MW_INSTALL_PATH constant.
4789 * The global function wfWikiID(), deprecated since 1.35, now emits deprecation
4791 * AbstractBlock::getBy() now takes a wikiId as a parameter and emits deprecation
4792 warnings in case of cross-wiki accesses.
4793 * The `button` parameter for `bindUpdateAriaExpandedOnInput` and
4794 `updateAriaExpanded` in checkboxHack.js have been deprecated.
4795 `bindToggleOnSpaceEnter` has also been deprecated in favor of
4796 `bindToggleOnEnter`.
4797 * IDatabase::lockTables() and IDatabase::unlockTables() have been deprecated
4798 with no replacement. Instead, callers should batch updates into atomic
4799 transactions, using FOR UPDATE for SELECT queries.
4800 * EditPage::addNewLineAtEnd() was deprecated; use
4801 TextboxBuilder::addNewLineAtEnd instead.
4802 * EditPage::getCopywarn() was deprecated; use EditPage::getCopyrightWarning
4804 * EditPage::getCopyrightWarning() without passing a MessageLocalizer parameter
4805 has been deprecated.
4806 * Passing the $formCallback parameter to EditPage::showEditForm, deprecated in
4807 1.25 and previously emitting a warn notice, now emits a deprecation notice.
4808 * EditPage::$action has been deprecated.
4809 * The following properties in EditPage now emit deprecation notices when used
4811 - mArticle (use ::getArticle() instead)
4812 - mTitle (use ::getTitle() instead)
4813 - isNew (no replacement)
4814 - allowBlankArticle (no replacement)
4815 - selfRedirect (no replacement)
4816 - allowSelfRedirect (no replacement)
4817 - diff (no replacement)
4818 - textbox2 (no replacement)
4819 - undoAfter (no replacement)
4820 - edit (no replacement)
4821 - contentLength (no replacement)
4822 * The HTMLForm methods getPreText, setPreText, addPreText, getPostText,
4823 setPostText, addPostText, getHeaderText, setHeaderText, addHeaderText,
4824 getFooterText, setFooterText and addFooterText have been renamed to
4825 getPreHtml, setPreHtml, addPreHtml, getPostHtml, setPostHtml, addPostHtml,
4826 getHeaderHtml, setHeaderHtml, addHeaderHtml, getFooterHtml, setFooterHtml and
4827 addFooterHtml respectively.
4828 * The FormSpecialPage methods preText and postText have been renamed to preHtml
4829 and postHtml respectively.
4830 * Article::doDelete, deprecated in 1.37, now emits deprecation notices.
4831 * The following Less mediawiki.mixins have been deprecated:
4832 - .background-image()
4833 - .list-style-image()
4834 * Category::getPageCount now takes a parameter. Category::COUNT_ALL_MEMBERS
4835 return count of all members while Category::COUNT_CONTENT_PAGES return that
4836 of content pages. For the former behavior use Category::getMemberCount()
4837 * Using `new HTMLForm( … )` or `HTMLForm::factory( … )` without the $context
4838 parameter is now deprecated.
4839 * BagOStuff::incr() and BagOStuff::decr() are now deprecated.
4840 * Action::exists() and ActionFactory::actionExists() are deprecated, use
4841 (bool)ActionFactory::getAction().
4843 === Other changes in 1.38 ===
4844 * The following things were changed in the file deletion form:
4845 - The name and ID of the submit button are now `wpConfirmB`, not
4846 `mw-filedelete-submit`
4847 - The ID of the form is now `deleteconfirm`, not `mw-img-deleteconfirm`
4848 - The `mw-filedelete-editreasons` class was replaced with
4849 `mw-delete-editreasons`
4850 The goal of these changes is to make the HTML more similar to that of
4851 normal page deletion.
4852 * ParserOptions created with ::newFrom* or ::newCanonical are now identical.
4853 * MediaWiki initialization order have been changed to load vendor autoload
4854 earlier. This means that extensions that are installed via composer and
4855 execute code upon autoloading can not depend on any MediaWiki classes,
4856 constants or globals in that code.
4857 * The source of truth for configuration defaults is now the MainConfigSchema
4858 class. DefaultSettings.php still exists for backwards compatibility. A PHP
4859 file generated for optimized loading will be used in Setup.php to initialize
4860 configuration variables. Setup.php can be made to load DefaultSettings.php
4861 as before by setting MW_USE_LEGACY_DEFAULT_SETTINGS as an environment
4862 variable (e.g. via SetEnv in htaccess) or a PHP constant (e.g. via
4863 auto_prepend_file in php.ini).
4866 MediaWiki 1.38 requires PHP 7.3.19 or later and the following PHP extensions:
4877 MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
4878 but support for them is somewhat less mature.
4880 The supported versions are:
4882 * MySQL 5.5.8 or later
4883 * PostgreSQL 9.4 or later
4884 * SQLite 3.8.0 or later
4886 == Online documentation ==
4887 Documentation for both end-users and site administrators is available on
4888 MediaWiki.org, and is covered under the GNU Free Documentation License (except
4889 for pages that explicitly state that their contents are in the public domain):
4891 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
4894 A mailing list is available for MediaWiki user support and discussion:
4896 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
4898 A low-traffic announcements-only list is also available:
4900 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
4902 It's highly recommended that you sign up for one of these lists if you're
4903 going to run a public MediaWiki, so you can be notified of security fixes.
4906 There's usually someone online in #mediawiki on irc.libera.chat.
4910 == MediaWiki 1.37.6 ==
4912 This is a maintenance release of the MediaWiki 1.37 branch.
4914 === Changes since MediaWiki 1.37.5 ===
4915 * Fix missing use statement from backport of fix for T307278.
4917 == MediaWiki 1.37.5 ==
4919 This is a security and maintenance release of the MediaWiki 1.37 branch.
4921 === Changes since MediaWiki 1.37.4 ===
4922 * Localisation updates.
4923 * (T312519, T312520) Parser::extensionSubstitution() Don't run substr() on null.
4924 * (T287564) populateInterwiki: Include not null columns iw_api/iw_wikiid.
4925 * (T312302) SpecialRedirect: Don't pass null to explode.
4926 * RemoveInvalidEmails: Fix quoting for postgres.
4927 * (T312678) import: UploadSourceAdapter::stream_read() don't pass null to
4929 * (T312300) SpecialDiff: Don't pass null to explode().
4930 * (T312680) parser: Fix CoreParserFunctions::urlencode() null coalescence $arg.
4931 * (T289926) Handle null passed to wfShorthandToInteger() and Html::element().
4932 * (T289926) Ensure that strlen() does not get passed a (valid) null.
4933 * (T312301) SpecialDiff: Don't pass null to trim().
4934 * Hooks: Use more meaningful name for SkinAfterPortlet hook parameter.
4935 * (T289926) Ensure we don't pass null to mb_strlen.
4936 * (T312305, T311572, T311571, T311578) HTMLForm: Null coalescence in trim()
4938 * (T289926) site: Consistently return null from Site::getDomain().
4939 * (T307304, T289879) filebackend,jobqueue: Add signature for
4940 FilterIterator::accept().
4941 * (T312183) rdbms: Adapt hasOrMadeRecentPrimaryChanges test mock for PHP 8.1.
4942 * Add application/vnd.ms-opentype to MIME list.
4943 * Allow composer/installers plugin in composer.json.
4944 * Change type hints for BatchRowIterator and NotRecursiveIterator for
4945 compatibility with PHP 8.1.
4946 * (T313663) [php8.1] Change override of $wgResourceBasePath for CSP tests.
4947 * (T313663) parser: Mock WikiPage::getContentModel in ParserCacheTest to fix
4949 * (T313663) [php8.1] Make WikiImporterFactoryTest use better mock for
4951 * Fix tests so getName() doesn't return null.
4952 * (T313663) [php8] Don't use strlen on potentially null string.
4953 * (T313663) [php8.1] Suppress test warning about providing null.
4954 * (T313663) Parser will use current timestamp instead of null if passed a
4955 RevisionRecord that does not have a timestamp.
4956 * (T313663) Add explicit null check for $sha in FileBackend [php8.1].
4957 * (T313663) LogFormatter: Cast argument of ctype_digit to string [php8.1].
4958 * (T313663) Mock UserOptionsManager::getOption for php8.1.
4959 * (T289879, T289926) Get rid of warnings on PHP 8.1.
4960 * (T313663) Check for null return of preg_replace in MediaWikiTitleCodec.
4961 * (T313663) cast db name to string when checking if it is read only [php8.1].
4962 * (T313663) Avoid testing strlen on null in ApiQuerySiteinfo [php 8.1 compat].
4963 * Fix a couple deprecation warnings in the installer under PHP 8.1.
4964 * (T313663) Use default timezone UTC for SpecialWatchlistTest [php 8.1].
4965 * (T313663) Mock User::getTitleKey in SpecialPreferencesTest [php 8.1].
4966 * (T314096) Migrate use of ${var}-style string interpolation.
4967 * (T314099) preprocessor: Add missing field declarations.
4968 * (T313663, T313662) Make default value for optional args {{PAGESINCAT:..}} be
4970 * (T314225) SpecialCategories: Null coalescene $par.
4971 * (T314099) User: Allow dynamic properties on PHP 8.2.
4972 * (T314397) SpecialBlock: Better handle null in getTargetUserTitle.
4973 * (T314099) phpunit: Fix trivial dynamic property usages in tests.
4974 * (T314405) UploadStash: Check if us_prop is set in the fileMetadata.
4975 * (T313663) Make ChangesListSpecialPageTest cast to string for php 8.1.
4976 * (T313663) Do not test giving a null fragment to Title::makeTitle.
4977 * (T314550) SpecialMergeHistory: Set timestamp to '' if no mergepoint.
4978 * (T314551) SpecialMergeHistory: Set defaults for target and dest parameters.
4979 * api: Add rel=nofollow to help examples.
4980 * (T307613) Validate length of user email on Special:ChangeEmail/
4981 Special:CreateAccount.
4982 * (T314226) LoginSignupSpecialPage: Check if $value is a string before length.
4983 * (T314824) tests: Update parser test after i18n change.
4984 * (T295958, T278847) MediaWiki-Docker: Switch PHP images to PHP7.4.
4985 * (T314906, T314907) SpecialBlock: Set defaults for wpPageRestrictions and
4986 wpNamespaceRestrictions.
4987 * (T315309) ImportStreamSource::newFromURL() Prevent passing null to fwrite.
4988 * (T315892) composer.json: Pin phpunit to 8.5.28.
4989 * (T313049) Bump wikimedia/parsoid to v0.14.2.
4990 * (T317750) session: Fix broken SessionTest case due to PHPUnit dependency
4992 * (T318079) SpecialEditTags: Set default value of wpTagsToRemove to empty array.
4993 * (T318460) SpecialChangeEmail: Set default for returntoquery.
4994 * (T318307) Update docs for HTMLFormField::validate() to permit all data types.
4995 * (T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results
4996 in an IP range check on Special:Contributions.
4997 * (T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence
4999 * (T307278, CVE-2022-41766) SECURITY: On action=rollback the message
5000 "alreadyrolled" can leak revision deleted user name.
5002 == MediaWiki 1.37.4 ==
5004 This is a maintenance release of the MediaWiki 1.37 branch.
5006 === Changes since MediaWiki 1.37.3 ===
5007 * Localisation updates.
5008 * (T311568) UploadBase::setTempFile() handle $tempPath being passed as null.
5009 * (T311559) SpecialListFiles: user parameter isn't always present.
5010 * (T311561) ImageListPager: Don't call htmlspecialchars() on null.
5011 * (T311920) SpecialBlockList: Prevent passing null to trim().
5012 * (T311921) SpecialUserrights: Don't pass null to str_replace.
5013 * (T311570) SpecialWithoutInterwiki: Don't pass null through to
5014 Title::capitalize().
5015 * (T311574, T311576) SpecialLinkSearch: Don't pass null through to the parser.
5016 * (T312059) Update guzzlehttp/guzzle to 7.4.5 in vendor.
5017 * (T296435, T297669) cache: Add four fields to LinkCache::getSelectFields.
5019 == MediaWiki 1.37.3 ==
5021 This is a security and maintenance release of the MediaWiki 1.37 branch.
5023 === Changes since MediaWiki 1.37.2 ===
5024 * Localisation updates.
5025 * (T289879) Type hints for ArrayAccess and JsonSerializable.
5026 * (T304783) TemplateParser: avoid warnings when called by NoLocalSettings.
5027 * Rebuilt vendor with composer 2.3.3.
5028 * Fix old_name in UserLogoutComplete hook.
5029 * (T289879) Address some deprecations for PHP 8.1.
5030 * (T193565) UserGroupManager: Fix dbDomain in addUserToGroup() deferred update.
5031 * (T309114) LocalFile::prerenderThumbnails: Limit the number of thumbnail jobs
5033 * (T307982) Updated wikimedia/parsoid from v0.14.0 to v0.14.1.
5034 * (T308471) SECURITY: Escape welcomeuser message passed to showSuccessPage().
5035 * (T308473) SECURITY: Escape contributions-title msg for use within page title.
5036 * (T311272) Call parent constructor of AddSite maintenance script first.
5037 * MediaWiki: Don't eagerly initialize action name.
5038 * Updated wikimedia/shellbox from v2.0.0 to v2.1.1.
5039 * (T311384, CVE-2022-27776) Updated guzzlehttp/guzzle from 7.2.0 to 7.4.5.
5040 * (T289926) Avoid passing null to trim() in SkinTemplate.
5041 * (T311473) rollbackEdits: Pass user identity to RollbackPage.
5042 * (T307282) Avoid passing null to strcasecmp(), for PHP 8.1.
5043 * (T311551) ShellboxClientFactory::getUrl(): Check if $this->key is null.
5044 * (T311552) ChangesListSpecialPage: Don't pass null to FormatJson::decode().
5045 * (T311569) FileBackend::isStoragePath() Handle being passed null.
5046 * (T311544) Pass int to ApiUsageException::newWithMessage()'s $httpCode param.
5047 * (T311678) SpecialEditWatchlist: Prevent passing null to strtolower().
5048 * (T281741) ChangeTags: Fix adding CSS classes for hidden tags.
5049 * (T296642) changetags: Fix management of a '0' tag.
5050 * (T311554) ChangeTags: Return early in formatSummaryRow() if $tags === null.
5051 * (T303033) Handle null in ChangeTags::modifyDisplayQuery.
5052 * Updated wikimedia/common-passwords from 0.3.0 to 0.4.0.
5054 == MediaWiki 1.37.2 ==
5056 This is a security and maintenance release of the MediaWiki 1.37 branch.
5058 === Changes since MediaWiki 1.37.1 ===
5059 * (T298261) Fix support for Composer 2.2.
5060 * (T298283) composer.json: Add wikimedia/composer-merge-plugin to allow-plugins.
5061 * Update doctrine/dbal (3.0.0 => 3.1.5).
5062 * (T296898) Add entry point name to disabled Session exception if possible.
5063 * (T298564) MemcachedClient: Add support for IPv6.
5064 * (T297543, CVE-2022-28202) SECURITY: properly escape output used within
5065 galleries and Special:RevisionDelete.
5066 * (T289956) WatchAction: Fix bug that prevents showing proper success
5067 message in the noscript fallback mode.
5068 * (T268847) Suppress deprecation warnings from libxml_disable_entity_loader().
5069 * (T283275) Fix PHP 8.0 failure of RefreshSecondaryDataUpdateTest.
5070 * (T283275) Fix PHP 8.0 failure of WikiExporterFactoryTest.
5071 * (T275673) objectcache: Avoid getCurrentTime() call in MapCacheLRU::has().
5072 * (T275673) objectcache: split up MapCacheLRU::getAge() to avoid conditional
5074 * Fix the json schema and the extension processor for Parsoid extension modules.
5075 * (T299696) update.php: Avoid passing null to substr.
5076 * (T195807, T256401) Fix signature of DatabasePostgres::buildGroupConcatField.
5077 * In PHP 8.1 don't throw exceptions from mysqli.
5078 * (T289926) SiteConfiguration: Don't pass null to str_replace().
5079 * (T264735) Fix deprecation warning from CURLPIPE_HTTP1.
5080 * (T260735) Stop using is_resource() where possible.
5081 * (T289879) Apply ReturnTypeWillChange to various implementations of built in
5083 * (T299312) Implement __serialize/__unserialize for PHP 8.1 support.
5084 * ExtensionRegistry: Add process cache for lazy attributes.
5085 * (T301041) ApiPageSet: Add "missing": true to missing revisions.
5086 * Allow ParsoidModules extension schema to register services.
5087 * (T300462) SpecialUndelete: Do not show empty comments as deleted.
5088 * (T297708) Allow setting max execution time to several special pages.
5089 * (T205349) LinkCache: Try invalidating cache before throwing.
5090 * (T302540) composer.json: Add ext-calendar to require.
5091 * (T302540) composer.json: Add ext-simplexml to require-dev.
5092 * (T302540) composer.json: Add various PHP extensions to suggests.
5093 * Upgrading symfony/polyfill-php80 (v1.23.1 => v1.25.0).
5094 * (T304008) Don't re-check "Move subpages" on Special:MovePage after a warning.
5095 * (T293576) listFiles: Display file name instead of version.
5096 * (T303871) Fix @since of Title::getId().
5097 * (T303560) Installer: Check correct PCRE_CONFIG_NEWLINE value.
5098 * wrapOldPasswords: add \n to two output calls.
5099 * (T297571, CVE-2022-28201) Title::newMainPage() goes into an infinite recursion
5100 loop if it points to a local interwiki.
5101 * (T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with many file
5102 uploads with actor as a condition can result in a DoS.
5103 * (T297754, CVE-2022-28204) Special:WhatLinksHere can result in a DoS when a
5104 page is used on a extremely large number of other pages.
5106 == MediaWiki 1.37.1 ==
5108 This is a security and maintenance release of the MediaWiki 1.37 branch.
5110 === Changes since MediaWiki 1.37.0 ===
5111 * (T296112) Allow inserting new sections named '0'.
5112 * Fix path for ZhConversion.php.
5113 * nukeNS: don't run purgeRedundantText() after every change.
5114 * (T286779, T297031) installer: Fix Postgres mistakes in using changeField
5116 * (T225888) RollbackAction: fix missing pagetitle.
5117 * (T297322, CVE-2021-44858, CVE-2021-44857) SECURITY: Fix permissions checks in
5119 * (T297574, CVE-2021-45038) SECURITY: Fix permissions check in action=rollback.
5120 * (T34716, T297416) SECURITY: Require 'read' right for most actions.
5121 * (T271037, CVE-2021-44856) SECURITY: Fix use of EditFilterMergedContent hook
5122 when changing content model.
5124 == MediaWiki 1.37.0 ==
5126 === Changes since MediaWiki 1.37.0-rc.2 ===
5127 * Remove justinrainbow/json-schema from vendor.
5128 * Updated pear/mail_mime from 1.10.9 to 1.10.11.
5129 * Update deprecated Guzzle Psr7 function calls.
5130 * (T281972) UserIdentityValue: Correct @since tags.
5131 * Updated wikimedia/parsoid from v0.14.0-a19 to v0.14.0.
5132 * Localisation updates.
5133 * Tweak error message for missing composer dependencies.
5135 == MediaWiki 1.37.0-rc.2 ==
5137 === Changes since MediaWiki 1.37.0-rc.1 ===
5138 * (T295173) Re-add wikimedia/normalized-exception to vendor.
5139 * Remove wikimedia/testing-access-wrapper, psr/simple-cache, psr/http-factory
5141 * (T295191) ApiQuerySiteinfo: Fix "rightsinfo"/"url" when $wgRightsPage is set.
5142 * (T212428) Allow populateContentTables to continue when there are bad blobs.
5144 == MediaWiki 1.37.0-rc.1 ==
5146 === Changes since MediaWiki 1.37.0-rc.0 ===
5147 * (T294043) checkStorage: pass no parameters to WikiRevision::getContent().
5148 * (T292763, CVE-2021-44854) SECURITY: Do not cache private wiki completion
5150 * (T293783) ApiQueryImageInfo: don't show empty comments as deleted.
5151 * (T294316) Revert "Mark ApiClientLogin/ApiLogin as requiring write mode".
5152 * (T294796) JobQueueRedis: Replace deprecated zSize with zCard.
5153 * Remove duplicate settings from DefaultSettings.
5154 * (T278037) NoLocalSettings: Pass an EmptyBagOStuff to TemplateParser.
5156 == MediaWiki 1.37.0-rc.0 ==
5158 == Upgrading notes for 1.37 ==
5159 Don't forget to always back up your database before upgrading!
5161 See the file UPGRADE for more detailed per-version upgrade instructions from the
5162 oldest supported upgrading version, MediaWiki 1.27.
5164 Some specific notes for MediaWiki 1.37 upgrades are below:
5165 * (T280806) Deprecated methods of fetching API tokens have been removed. This
5166 may cause older bots and scripts to fail. Most queries are trivially
5167 updateable to using new methods. See the Action API changes section below
5168 for more information.
5170 For notes on 1.36.x and older releases, see HISTORY.
5172 === Configuration changes for system administrators in 1.37 ===
5173 * (T242768) The PasswordCannotMatchUsername password policy has been removed,
5174 please use PasswordCannotBeSubstringInUsername instead. If you have not
5175 customised your password policies, there will be nothing to do here.
5177 ==== New configuration ====
5178 * $wgBrowserFormatDetection - This setting allows the enabling or disabling
5179 of automatic detection of possible phone numbers in a webpage in iOS Safari.
5180 * $wgParserEnableLegacyMediaDOM - This setting defaults to true, and enables
5181 the legacy media HTML structure in the output from the Parser. The
5182 alternative modern HTML structure for media is described at
5183 https://www.mediawiki.org/wiki/Parsing/Media_structure
5184 In a future release of MediaWiki this option will default to false,
5185 so it's a good idea to test this setting on your wiki early and report
5188 ==== Changed configuration ====
5189 * $wgContentHandlerTextFallback - This migration setting, which defines how to
5190 react if a plain text version of a non-text Content object is requested using
5191 ContentHandler::getContentText(), is deprecated.
5192 * $wgActions – This setting lets sysadmins over-ride which actions can be used.
5193 It has been re-worked to support injecting dependencies into Action sub-
5194 classes as part of wider work on dependency injection. Previously, $wgActions
5195 was an array where the keys were the names of actions, and the values had the
5196 following impacts (for a given key 'Foo'):
5197 - `true`: use the class 'FooAction' unless for a specific page
5198 WikiPage::getActionOverrides() wants to override that action
5199 - a string: use the class with that name, and do not allow over-riding on a
5201 - `false`: the action is disabled
5202 - a callable: use the Action instance returned by invoking that callback, and
5203 do not allow overriding on a per-page basis
5204 - an object: use that specific Action instance, and do not allow overr-iding
5205 on a per-page basis.
5206 As part of T253078, values can now be arrays that are not callables, which are
5207 treated as ObjectFactory specs, allowing for services to be injected.
5208 Additionally, the distinction between values that allow per-page overrides and
5209 those that do not was removed - all actions can now be overridden on a per-
5210 page basis using WikiPage::getActionOverrides().
5211 * $wgShellboxUrl – This setting, new in 1.36 to configure the novel Shellbox
5212 encapsulation system, is now deprecated; use $wgShellboxUrls as a mapping of
5213 service => URL instead.
5214 * $wgIncludejQueryMigrate – This setting, introduced in 1.29 to on whether to
5215 provide a migration layer for jQuery, has now switched its default value from
5216 true to false. This may break gadgets that depended on methods that were
5217 removed in jQuery 3 in 2017. See T280944 for more information.
5218 * A number of settings have been renamed. The former configuration variable
5219 names are deprecated, but will be used as the fall back if they are still set,
5220 and remain temporarily available for extensions which might try to read them:
5221 - $wgFileBlacklist is now $wgProhibitedFileExtensions
5222 - $wgMimeTypeBlacklist is now $wgMimeTypeExclusions
5223 - $wgEnableUserEmailBlacklist is now $wgEnableUserEmailMuteList
5224 - $wgShortPagesNamespaceBlacklist is now $wgShortPagesNamespaceExclusions
5225 * $wgMimeTypeExclusions - As well as being renamed, this configuration array now
5226 also prohibits the RFC 4329 form of JavaScript, 'application/javascript', as
5227 well as previous MIME types.
5228 * $wgFragmentMode - This setting, which determines the encoding of section IDs,
5229 has now switched its default value from legacy-first to html5-first: both the
5230 HTML5 anchor and the legacy percent-encoding-style anchor will still be
5231 generated for section titles, but references to them will use the HTML5
5232 version, resulting in human-readable fragments.
5234 ==== Removed configuration ====
5235 * $wgLegacyJavaScriptGlobals, deprecated in 1.36.
5236 * (T274695) $wgAjaxEditStash, deprecated in 1.36.
5237 * $wgShowDBErrorBacktrace, deprecated and non-functional since 1.32.
5238 * $wgShowSQLErrors, deprecated and non-functional since 1.32.
5239 * $wgLangObjCacheSize, without deprecation; the LanguageFactory service now
5240 always retains at most 10 objects in its LRU-cache.
5241 * $wgDjvuToXML, without deprecation; the tool it enables is obsolete and
5242 abandoned upstream. Use $wgDjvuDump to use that tool instead.
5244 === New user-facing features in 1.37 ===
5245 * (T161934) MediaWiki now supports JPEG2000 files, to a limited extent.
5247 === External library changes in 1.37 ===
5249 ==== New external libraries ====
5250 * Added symfony/polyfill-php80 1.23.1.
5251 * Added whatwg-fetch 3.6.2.
5252 * Added wikimedia/normalized-exception 1.0.1.
5254 ==== Changed external libraries ====
5255 * Updated OOjs from v5.0.0 to v6.0.0
5256 * Updated OOjs-Router from v0.2.0 to v0.3.0
5257 * Updated OOUI from v0.41.3 to v0.42.0
5258 * Updated WVUI from v0.1.0 to v0.3.0
5259 * Updated cssjanus/cssjanus from v1.3.0 to v2.1.0.
5260 * Updated pear/mail_mime from 1.10.9 to 1.10.11.
5261 * Updated psr/container from v1.0.0 to v1.1.1.
5262 * Updated wikimedia/minify from v2.2.2 to v2.2.4.
5263 * Updated wikimedia/object-factory from v3.0.0 to v3.0.2.
5264 * Updated wikimedia/parsoid from v0.13.1 to v0.14.1.
5265 * Updated wikimedia/relpath from v2.1.1 to v3.0.0.
5266 * Updated wikimedia/remex-html from v2.3.1 to v2.3.2.
5267 * Updated wikimedia/shellbox from v1.0.4 to v2.1.1.
5268 * Updated wikimedia/wait-condition-loop from v2.0.1 to v2.0.2.
5269 * Updated zordius/lightncandy from v1.2.5 to v1.2.6.
5270 * Updated guzzlehttp/guzzle from 7.2.0 to 7.4.5.
5271 * Updated wikimedia/common-passwords from 0.3.0 to 0.4.0.
5273 ===== Changed development-only external libraries =====
5274 * Updated qunit from 2.10.0 to 2.16.0.
5276 ==== Removed external libraries ====
5277 * The pimple/pimple development-only library has been removed.
5279 === Action API changes in 1.37 ===
5280 * (T280806) The API methods for fetching tokens which were deprecated in
5281 MediaWiki 1.24 have been removed. action=query&meta=tokens&type= should be
5282 used instead. Please note some token types no longer exist, and you should
5283 just use type=csrf for those instead.
5284 - action=query&prop=info&intoken ->
5285 action=query&meta=tokens&type=csrf
5286 - action=tokens&type= ->
5287 action=query&meta=tokens&type=
5288 - action=query&list=recentchanges&rctoken ->
5289 action=query&meta=tokens&type=csrf
5290 - action=query&prop=revisions&rvtoken=rollback ->
5291 action=query&meta=tokens&type=rollback
5292 - action=query&meta=userinfo&uiprop=preferencestoken ->
5293 action=query&meta=tokens&type=csrf
5294 - action=query&list=users&ustoken=userrights ->
5295 action=query&meta=tokens&type=userrights
5297 === Languages updated in 1.37 ===
5298 MediaWiki supports over 350 languages. Many localisations are updated regularly.
5299 Below only new and removed languages are listed, as well as changes to languages
5300 because of Phabricator reports.
5302 * (T280435) LRM and RLM characters were removed from names of languages with
5303 parentheses in Names.php
5304 * (T283422) Add namespace name translations and change the autonym of
5305 the Kinyarwanda language to "Ikinyarwanda".
5306 * (T283423) Change the autonym of the Lombard language from "lumbaart"
5308 * (T279619) Added language support for Dagbani (dag).
5309 * (T282085) Added language support for Malay in Arabic (Jawi) script (ms-arab).
5310 * (T283053) Added language support for Ojibwe (ojb).
5311 * (T283480) Added language support for Wallisian (wls, Fakaʻuvea).
5312 * (T284002) Added language support for Paiwan (pwn).
5313 * (T284044) Added language support for Carpathian Romani (rmc).
5314 * (T286460) Added language support for Gun (guw, Gungbe).
5315 * (T287345) Added language support for Baoulé (bci).
5316 * (T290126) Added language support for Kildin Sami (sjd).
5317 * (T290408) Added language support for Pite Sami (sje).
5318 * (T25216) Started the renaming of the language code for Norman from nrm to
5321 === Breaking changes in 1.37 ===
5322 * The Revision class, emitting deprecation warnings since 1.35, was removed
5323 entirely. As part of this, the following hooks that included a Revision object
5325 - ArticleRevisionUndeleted - use RevisionUndeleted
5326 - ArticleRollbackComplete - use RollbackComplete
5327 - DiffRevisionTools - use DiffTools
5328 - DiffViewHeader - use DifferenceEngineViewHeader
5329 - HistoryRevisionTools - use HistoryTools
5330 - NewRevisionFromEditComplete - use RevisionFromEditComplete
5331 - PageContentInsertComplete - use PageSaveComplete
5332 - PageContentSaveComplete - use PageSaveComplete
5333 - ParserFetchTemplate - use BeforeParserFetchTemplateRevisionRecord
5334 - RevisionInsertComplete - use RevisionRecordInserted
5335 - TitleMoveComplete - use PageMoveComplete
5336 - TitleMoveCompleting - use PageMoveCompleting
5337 - UndeleteShowRevision - no replacement
5338 - UserRetrieveNewTalks - no replacement
5339 … the following methods and variables have been removed:
5340 - Article::$mRevision
5341 - Article::getRevisionFetched()
5342 - ContribsPager::tryToCreateValidRevision()
5343 - EditPage::$mBaseRevision
5344 - EditPage::getBaseRevision()
5345 - LinksUpdate::getRevision()
5346 - LinksUpdate::setRevision()
5347 - PageArchive::getArchivedRevision()
5348 - PageArchive::getPreviousRevision()
5349 - PageArchive::getRevision()
5350 - Parser::$mRevisionObject
5351 - Parser::fetchCurrentRevisionOfTitle()
5352 - Parser::getRevisionObject()
5353 - Parser::statelessFetchRevision()
5354 - ParserOptions::getCurrentRevisionCallback()
5355 - ParserOptions::setCurrentRevisionCallback()
5356 - Title::countAuthorsBetween()
5357 - Title::getFirstRevision()
5358 - User::getNewMessageLinks()
5359 - User::getNewMessageRevisionId()
5360 - User::setNewtalk()
5361 - WikiPage::getOldestRevision()
5362 - WikiPage::getRevision()
5363 - WikiPage::getUndoContent()
5364 - WikiPage::updateIfNewerOn()
5365 … and the following methods no longer accept Revision objects as parameters:
5366 - CategoryMembershipChange::__construct()
5367 - ContentHandler::getUndoContent()
5368 - DerivedPageDataUpdater::prepareUpdate()
5369 - DifferenceEngine::getRevisionHeader()
5370 - Linker::buildRollbackLink()
5371 - Linker::generateRollback()
5372 - Linker::getRevDeleteLink()
5373 - Linker::getRollbackEditCount()
5374 - Linker::revComment()
5375 - Linker::revUserLink()
5376 - Linker::revUserTools()
5377 - WikiPage::doDeleteUpdates()
5378 - WikiPage::doEditUpdates()
5379 - WikiPage::hasDifferencesOutsideMainSlot()
5380 - WikiPage::onArticleEdit()
5381 - WikiPage::prepareContentForEdit()
5382 - WikiPage::updateRevisionOn()
5383 The following methods return arrays that formerly included a 'revision'
5384 key that would emit deprecation warnings when accessed and return a
5385 Revision object. The Revision object has been removed from the arrays,
5386 and the 'revision-record' key should be used to get the relevant
5387 RevisionRecord instead:
5388 - PageUpdater::doCreate()
5389 - PageUpdater::doModify()
5390 - Parser::statelessFetchTemplate()
5391 - WikiPage::doEditContent()
5392 Finally, the ParserOptions `templateCallback` option is a callback that is
5393 called in Parser::fetchTemplateAndTitle() and should return an array - the
5394 'revision' key to that array used to be a Revision object and was used if
5395 no 'revision-record' was returned - is now ignored.
5396 * Previously, the classes RevisionTestModifyableContent and
5397 RevisionTestModifyableContentHandler were loaded for use in tests, but were
5398 only used within the tests for the since-removed Revision class. This content
5399 and content handler class were removed without deprecation.
5400 * WANObjectCache::HOLDOFF_NONE, deprecated since 1.35, was removed. Use
5401 WANObjectCache::HOLDOFF_TTL_NONE instead.
5402 * Calling ResourceLoader::makeVersionQuery() without $modules parameter,
5403 deprecated since MediaWiki 1.34, is no longer supported.
5404 * LocalFile::recordUpload2(), deprecated since 1.35, was removed.
5405 * The following methods and fields in the Language class, deprecated since 1.35,
5410 - ::findVariantLink()
5412 - ::updateConversionTable()
5413 * The following methods in the Parser class have been removed after having been
5417 * (T273354) When an edit is prevented by an 'EditFilterMergedContent' hook
5418 handler without changing the status, the edit form will now be displayed.
5419 * User::clearNotification() which had been deprecated in 1.35 has been removed.
5420 Use WatchlistManager::clearTitleUserNotification() instead.
5421 * User::getNewtalk() which had been deprecated in 1.35 has been removed. Use
5422 TalkPageNotificationManager::userHasNewMessages() instead.
5423 * The Autopromote class, deprecated since 1.35, was removed. Use
5424 UserGroupManager instead.
5425 * The CachedAction, SpecialCachedPage, CacheHelper, and ICacheHelper classes,
5426 all emitting deprecation warnings since 1.36, have been removed.
5427 * The hooks BeforeHttpsRedirect, CanIPUseHTTPS and UserRequiresHTTPS, deprecated
5428 in 1.35, were removed.
5429 * The TitleArrayFromResult hook, deprecated in 1.36, was removed.
5430 * The deprecated "es6-promise" alias ResourceLoader module has been removed. Use
5431 the "es6-polyfills" module directly intead.
5432 * The deprecated "mediawiki.legacy.protect" ResourceLoader module, deprecated
5433 since 1.36, has been removed. Use "mediawiki.action.protect" instead.
5434 * The JavaScript alias $j for references to jQuery, deprecated since 1.23, has
5435 been removed. Use $ instead.
5436 * The AuthenticationProvider interface and the SessionProvider class no longer
5437 extend the PSR LoggerAwareInterface concept, so they can't be typehinted as
5438 LoggerAwareInterface.
5439 * User::getGrantName(), emitting deprecation warnings since 1.36, has been
5440 removed. Use MWGrants::grantName() instead.
5441 * The following ApiBase methods, deprecated since 1.35, have been removed:
5442 - ApiBase::explodeMultiValue
5443 - ApiBase::parseMultiValue
5444 - ApiBase::validateLimit
5445 - ApiBase::validateTimestamp
5446 * The User::idCacheByName() public static field was removed without deprecation.
5447 Instead of using it, get a UserIdentity by name from the UserIdentityLookup
5449 * IDatabase::upsert() and IDatabase::replace() now only accept a single unique
5450 key. Previously, a warning was issued if there were multiple unique keys
5452 * The MediaWiki:Autoblock_whitelist block exemption control was moved in 1.36 to
5453 MediaWiki:Block-autoblock-exemptionlist. The backward-compatibility of reading
5454 the old MediaWiki:Autoblock_whitelist page has now been dropped.
5455 * The following overridable methods in File hierarchy have changed signatures:
5456 - File::deleteFile() - now accepts UserIdentity instead of User
5457 - File::getDescription() - now accepts Authority instead of User
5458 - File::userCan() - now accepts Authority instead of User
5459 - LocalFile::deleteOldFile() - now accepts UserIdentity instead of User
5460 * The following global methods, each deprecated since 1.36, have been removed:
5461 - wfAppendToArrayIfNotDefault()
5463 - wfConfiguredReadOnlyReason()
5465 - wfGetPrecompiledData()
5467 * The following deprecated methods of the Title class have been removed:
5468 - ::nameOf(), deprecated in 1.36
5469 - ::getPreviousRevisionID(), deprecated in 1.34
5470 - ::getNextRevisionID(), deprecated in 1.34
5471 - ::getEarliestRevTime(), deprecated in 1.35
5472 * UploadBase::stashFile(), deprecated since 1.28, was removed.
5473 * wfGetRusage(), deprecated since 1.35, has been removed.
5474 * The following CLI options were removed from tests/phpunit.php:
5478 The following options (inherited from Maintenance) were also removed:
5487 The following options were changed to environment variables:
5488 - wiki => PHPUNIT_WIKI
5489 - use-normal-tables => PHPUNIT_USE_NORMAL_TABLES
5490 - use-filebackend => PHPUNIT_USE_FILEBACKEND
5491 - use-bagostuff => PHPUNIT_USE_BAGOSTUFF
5492 - use-jobqueue => PHPUNIT_USE_JOBQUEUE
5493 This is so that we can use the default PHPUnit entry point (T90875).
5494 * The PHPUNIT_REUSE_DB / --reuse-db option was removed from the phpunit.php
5495 runner. It had been broken for at least three years already. The original use
5496 case was speeding up tests on Oracle, but Oracle support was dropped several
5498 * The MediaWikiPHPUnitTest__endTestHook and MediaWikiPHPUnitTest__startTestHook
5499 PHPUnit hooks were removed. MediaWikiHooksPHPUnitExtension was also removed.
5500 * EntryPoint::getTextFormatters() was made private without a deprecation period;
5501 it had no known external callers.
5502 * DatabaseBlock::chooseBlock(), deprecated since 1.35, was removed.
5503 * SpecialPageFactory::getRestrictedPages(), deprecated since 1.36, was removed.
5504 * SpecialBlock::validateTarget(), deprecated since 1.36, was removed.
5505 * The PatchFileLocation trait was removed without deprecation.
5506 * ActorMigrationBase::getExistingActorId() and ::getNewActorId(), emitting
5507 deprecation warnings since 1.36, were removed.
5508 * Hook handlers implementing the MediaWikiServicesHook hook are now prohibited
5509 from having services injected. This is because by definition, this hook runs
5510 before the service container is fully initialized.
5511 * The protected property LocalFile::$metadata was removed without deprecation.
5512 * WatchedItem::getUser(), emitting deprecation warnings since 1.36, has been
5514 * AuthManager::singleton(), emitting deprecation warnings since 1.36, has been
5516 * The AugmentPageProps class was removed without deprecation. It had no known
5518 * Html::infobox(), deprecated since 1.36, was removed.
5519 * ParserOptions::__construct() now requires that the first parameter is a
5520 UserIdentity object - passing `null` used to fallback to the global
5521 $wgUser but was deprecated since 1.36.
5522 * ParserOptions::newCanonical() no longer supports the first parameter being
5523 null (or omitted entirely), which would fallback to the global $wgUser but
5524 was deprecated since 1.35.
5525 * The SkinTemplatePreventOtherActiveTabs hook, deprecated in 1.35, was removed
5527 * The SkinTemplateTabAction hook, deprecated in 1.35, was removed entirely.
5528 * The SkinTemplateBuildNavUrlsNav_urlsAfterPermalink hook, deprecated in 1.35,
5529 was removed entirely.
5530 * The SkinTemplateToolboxEndHook, deprecated in 1.35, was removed entirely.
5531 * The following methods of RevisionStore class, formerly emitting deprecation
5532 warnings, were removed:
5533 - ::newMutableRevisionFromArray()
5534 - ::loadRevisionFromPageId()
5535 - ::loadRevisionFromTitle()
5536 - ::loadRevisionFromTimestamp()
5537 - ::listRevisionSizes()
5538 * LogEntry::getPerformer(), deprecated since 1.36, was removed along with
5539 methods in sub-classes: DatabaseLogEntry, ManualLogEntry, RCDatabaseLogEntry.
5540 * Skin::getRelevantUser() now returns an instance of UserIdentity, and not
5541 necessarily a User object. There is no known usages in MediaWiki ecosystem
5542 that were not satisfied with UserIdentity.
5543 * Direct construction of MergeHistory class, deprecated since 1.35, is no longer
5544 supported. Use MergeHistoryFactory instead. MergeHistory::checkPermissions,
5545 deprecated since 1.36, was removed.
5546 * Skin::generateDebugHTML(), deprecated since 1.35, was removed. Call
5547 MWDebug::getHTMLDebugLog() directly.
5548 * The ApiTestCase class no longer interacts with the global $wgUser.
5549 Previously, the global variable was set at the start of each test, and in
5550 ApiTestCase::doApiRequest() if a performer was specified $wgUser was
5551 updated to match, and if no performer was specified $wgUser was used
5552 instead. Now, $wgUser is not updated, and if no performer is specified
5553 the reusable TestUser object for the sysop is relied on. Extensions
5554 or skins that rely on the global $wgUser variable (which has been
5555 deprecated since 1.35) should instead retrieve the acting user from the
5556 relevant context source.
5557 * SkinTemplate::makeArticleUrlDetails(), deprecated since 1.35, was removed.
5558 * Skin::makeNSUrl(), deprecated since 1.35, was removed.
5559 * Skin::getRevisionId(), deprecated since 1.34, was removed. Use
5560 OutputPage::getRevisionId() instead.
5561 * Skin::isRevisionCurrent(), deprecated since 1.34, was removed. Use
5562 OutputPage::isRevisionCurrent() instead.
5563 * AbstractBlock::parseTarget(), deprecated since 1.36, was removed.
5564 * The ArticleEditUpdates hook, deprecated since 1.35, was removed.
5565 * The `@stable to extend` class CentralIdLookup has following changes:
5566 - The protected ::checkAudience() method now returns an Authority instead of a
5568 - A number of its `@stable to override` methods now accept an Authority
5569 instead of a User instance as the $audience parameter.
5570 - A number of methods now accept a UserIdentity instead of their User
5572 - The ::localUserFromCentralId() method now returns UserIdentity and not
5573 necessarily a User object.
5574 All extensions that extend this class or use this method were updated to be
5575 ready to the new behavior.
5576 * WatchedItemStoreInterface::enqueueWatchlistExpiryJob(), deprecated since 1.36,
5578 * ResultWrapper is now abstract. It cannot be directly constructed (T286694).
5579 * The SecondaryDataUpdates hook, deprecated in 1.32, was removed entirely.
5580 * Content::getDeletionUpdates(), was removed. Use
5581 ContentHandler::getDeletionUpdates() instead.
5582 * Content::getSecondaryDataUpdates(), was removed. Use
5583 ContentHandler::getSecondaryDataUpdates() instead.
5584 * wfDiff(), deprecated since 1.25, has been removed.
5585 * Language::$mLangObjCache, deprecated since 1.35, was removed.
5586 * Language::$transformData, deprecated since 1.35, was removed.
5587 * Language::transformUsingPairFile() was marked @internal. Its deprecated
5588 parameters are no longer supported.
5589 * SpecialMute::getTarget(), unused outside of the SpecialMute class, was
5591 * The Skin::setupSkinUserCss() method, deprecated in 1.32, was removed. Please
5592 use skin registration instead.
5593 * The ResourceLoaderSkinModule `legacy`, `content` and `content-thumbnails`
5594 features were deprecated. Skins should instead select from the features
5595 listed on [[mw:Manual:ResourceLoaderSkinModule]].
5596 * ParserCache::getKey() and ::getEtag(), deprecated since 1.36, were removed.
5597 * The BaseTemplateToolbox hook, deprecated since 1.35, was removed.
5598 * Previously a capitalize-all-nouns class was added to the body element of
5599 languages where nouns must be capitalized. This class is no longer added to
5600 the body tag and must be provided by skins.
5601 * The SkinTemplateOutputPageBeforeExec hook, deprecated since 1.35, was removed.
5602 * Calling Message::toString() without a parameter, which triggered deprecation
5603 warnings since 1.36, is no longer supported. You can instead use the explicit
5604 formatting methods directly, such as Message::text() and Message::escaped().
5605 * Article::getContentObject(), deprecated since 1.32, was removed.
5606 * Article::delete(), Article::confirmDelete() and ImagePage::delete() were
5607 removed. The logic responsible for building the form is being
5608 moved to DeleteAction, while the actual deletion logic will be moved to a
5610 * WikiImporter::debugRevisionHandler(), unused and for debug only, was removed.
5611 * Content::preloadTransform() now emits deprecation warnings. Instead, please
5612 use ContentTransformer::preloadTransform(). Extensions defining a content
5613 model should override ContentHandler::preloadTransform().
5614 * Content::preSaveTransform() now emits deprecation warnings. Instead, please
5615 use ContentTransformer::preSaveTransform() instead. Extensions defining
5616 a content model should override ContentHandler::preSaveTransform().
5617 * Constructing WikiPage objects from Title instances that cannot exist, emitting
5618 deprecation warnings since 1.36, now throws an exception. Additionally,
5619 WikiPage now implements ProperPageIdentity, rather than just PageIdentity.
5620 * The Skin::bottomScripts() method is deprecated. Please instead use
5621 OutputPage::getBottomScripts().
5622 * LinksUpdate::getTriggeringUser() now returns ?UserIdentity instead of ?User.
5623 * The LESS mixin `.box-shadow()` (from mediawiki.mixins.less), deprecated since
5624 1.36, was removed. Use CSS property `box-shadow` unprefixed for all basic
5625 supported browsers instead.
5626 * The LESS mixin `.flex()` now no longer tries to support the 2009 version of
5627 the Flexbox specification; support for the 2012 and modern standard versions
5629 * The StorageAwareness::ATTR_SYNCWRITES, StorageAwareness::QOS_SYNCWRITES_*,
5630 StorageAwareness::ATTR_LOCALITY, and StorageAwareness::QOS_LOCALITY_*
5631 constants were removed.
5633 === Deprecations in 1.37 ===
5634 * JobQueue::getWiki(), deprecated in 1.33, now emits deprecation warnings.
5635 * AbstractBlock::getTargetAndType() and ::getTarget() now emit deprecation
5636 warnings. Use ::getTargetName() and ::getTargetUserIdentity() together with
5638 * Passing a UserIdentity to WatchlistManager::clearAllUserNotifications() and
5639 WatchlistManager::clearTitleUserNotifications() is now deprecated. Pass an
5641 * Passing LinkTarget to WatchlistManager::clearTitleUserNotifications() and
5642 WatchlistManager::getTitleNotificationTimestamp(). Pass PageIdentity instead.
5643 * The User class methods ::isWatched(), ::isTempWatched(), ::removeWatch(), and
5644 ::addWatch() have been deprecated. Use corresponding methods in
5645 WatchlistManager instead.
5646 * Multiple WatchAction methods have been deprecated in lieu of WatchlistManager:
5647 - ::doWatchOrUnwatch() use WatchlistManager::setWatch()
5648 - ::doWatch() -> WatchlistManager::addWatch()
5649 - ::doUnwatch() -> WatchlistManager::removeWatch()
5650 * WatchAction::getWatchToken() now emits deprecation warnings. Instead use
5651 CsrfTokenSet::getToken().
5652 * Action::getHookContainer() has been marked as internal. Actions that require
5653 access to a hook container should have one injected instead.
5654 * The ::getTitle() and ::setTitle() methods in Parser have been deprecated.
5655 Use ::getPage() and ::setPage() instead.
5656 * Title::isWatchable() has been deprecated. Use WatchlistManager::isWatchable()
5658 * Methods and classes related to the primary database, previously referred to as
5659 'master', have been deprecated, with the new ones replacing them as follows:
5660 - The DBMasterPos and MySQLMasterPos classes have been respectively renamed to
5661 DBPrimaryPos and MySQLPrimaryPos.
5662 - LocalRepo::getMasterDB() -> ::getPrimaryDB()
5663 - ForeignDBRepo::getMasterDB() -> ::getPrimaryDB()
5664 - JobQueueDB::getMasterDB() -> ::getPrimaryDB()
5665 - ForeignDBViaLBRepo::getMasterDB() -> ::getPrimaryDB()
5666 - DBFileJournal::getMasterDB() -> ::getPrimaryDB()
5667 - ILoadBalancer::getMasterPos() -> ::getPrimaryPos()
5668 - IDatabase::getMasterPos() -> ::getPrimaryPos()
5669 - ILoadBalancer::finalizeMasterChanges() -> ::finalizePrimaryChanges()
5670 - ILoadBalancer::approveMasterChanges() -> ::approvePrimaryChanges()
5671 - ILoadBalancer::beginMasterChanges() -> ::beginPrimaryChanges()
5672 - ILBFactory::beginMasterChanges() -> ::beginPrimaryChanges()
5673 - ILoadBalancer::commitMasterChanges() -> ::commitPrimaryChanges()
5674 - ILBFactory::commitMasterChanges() -> ::commitPrimaryChanges()
5675 - IDatabase::getTopologyRootMaster() -> ::getTopologyRootPrimary()
5676 - IDatabase::masterPosWait() -> ::primaryPosWait()
5677 - ILoadBalancer::runMasterTransactionIdleCallbacks() ->
5678 ::runPrimaryTransactionIdleCallbacks()
5679 - ILoadBalancer::runMasterTransactionListenerCallbacks() ->
5680 ::runPrimaryTransactionListenerCallbacks()
5681 - ILoadBalancer::rollbackMasterChanges() -> ::rollbackPrimaryChanges()
5682 - ILBFactory::rollbackMasterChanges() -> ::rollbackPrimaryChanges()
5683 - ILoadBalancer::flushMasterSnapshots() -> ::flushPrimarySnapshots()
5684 - ILoadBalancer::hasMasterConnection() -> ::hasPrimaryConnection()
5685 - ILoadBalancer::hasMasterChanges() -> ::hasPrimaryChanges()
5686 - ILBFactory::hasMasterChanges() -> ::hasPrimaryChanges()
5687 - ILoadBalancer::lastMasterChangeTimestamp() -> ::lastPrimaryChangeTimestamp()
5688 - ILoadBalancer::hasOrMadeRecentMasterChanges() ->
5689 ::hasOrMadeRecentPrimaryChanges()
5690 - ILBFactory::hasOrMadeRecentMasterChanges() ->
5691 ::hasOrMadeRecentPrimaryChanges()
5692 - ILoadBalancer::pendingMasterChangeCallers() ->
5693 ::pendingPrimaryChangeCallers()
5694 - ILoadBalancer::forEachOpenMasterConnection() ->
5695 ::forEachOpenPrimaryConnection()
5696 - ILoadBalancer::waitForMasterPos() -> ::waitForPrimaryPos()
5697 - Database::assertIsWritableMaster() -> ::assertIsWritablePrimary()
5698 - RevDelList::reloadFromMaster() -> ::reloadFromPrimary()
5699 - ExternalStoreDB::getMaster() -> ::getPrimary()
5700 - DatabaseMysqlBase::getMasterServerInfo() -> ::getPrimaryServerInfo()
5701 - MWExceptionHandler::rollbackMasterChangesAndLog() ->
5702 ::rollbackPrimaryChangesAndLog()
5703 * wfGetLB(), deprecated since 1.27, now emits deprecation warnings.
5704 * wfLocalFile(), deprecated since 1.34, now emits deprecation warnings.
5705 * wfFindFile(), deprecated since 1.34, now emits deprecation warnings.
5706 * wfIncrStats(), deprecated in 1.36, now emits deprecation warnings.
5707 * wfCanIPUseHTTPS() is now deprecated, and always returns true.
5708 * The UserLoadFromDatabase hook has been deprecated. It had no known uses.
5709 * The following methods in ApiPageSet have been deprecated:
5710 - ::getTitles(), use ::getTargets() instead.
5711 - ::getGoodTitles(), use ::getGoodPages() instead.
5712 - ::getMissingTitles(), use ::getMissingPages() instead.
5713 - ::getGoodAndMissingTitles(), use ::getGoodAndMissingPages() instead.
5714 - ::getRedirectTitles(), use ::getRedirectTargets() instead.
5715 - ::getSpecialTitles(), use ::getSpecialPages() instead.
5716 * The following methods from the User class, deprecated in 1.35, now each emit
5717 deprecation warnings:
5721 - ::isCreatableName()
5722 - ::getCanonicalName()
5723 - ::addAutopromoteOnceGroups()
5724 - ::getEffectiveGroups()
5725 - ::getAutomaticGroups()
5726 - ::getFormerGroups()
5729 * The following methods in User were deprecated:
5730 - ::idFromName() - use UserIdentityLookup::getUserIdentityByName() instead.
5731 - ::resetIdByNameCache() - in tests, reset service container. No replacement
5732 needed in production code.
5733 * Use of ActorMigration for any table except revision, deprecated in 1.34, now
5734 emits deprecation warnings. Instead of getInsertValues(), use
5735 ActorNormalization::acquireActorId(). Instead of getWhere() and getJoin(),
5736 do your own join on the actor table.
5737 * DatabasePostgres::remappedTableName() and its dependent constructor parameter
5738 'keywordTableMap' are deprecated. Reserved identifiers that are used as table
5739 names should be quoted where necessary.
5740 * LinkCache::singleton(), deprecated since 1.28, now emits deprecation warnings.
5741 * MessageCache::singleton(), deprecated since 1.34, now emits deprecation
5743 * LockManagerGroup::singleton() and ::destroySingletons(), deprecated since
5744 1.34, now emit deprecation warnings.
5745 * HtmlFileCacheUpdate::newFromTitles() is now deprecated and emitting warnings.
5746 Use newFromPages() instead.
5747 * SessionProvider ::setLogger(), ::setManager(), ::setConfig(), and
5748 ::setHookContainer() were deprecated. Use ::init() to inject dependencies, or
5749 override ::postInitSetup() to do any custom post-initialization configuration.
5750 * AbstractAuthenticationProvider ::setLogger(), ::setManager(), ::setConfig(),
5751 and ::setHookContainer() now emit deprecation warnings. Use ::init() to inject
5752 dependencies, or override ::postInitSetup() to do any custom post-
5753 initialization configuration.
5754 * User::isLoggedIn(), deprecated since 1.36, now emits deprecation warnings. Use
5755 the method it wraps, User::isRegistered(), instead.
5756 * FileBackendGroup::singleton() and ::destroySingletons(), deprecated since
5757 1.35, now emit deprecation warnings.
5758 * The first parameter of User::getBlock() should now be an integer using the
5759 Authority::FOR_XXX constants. Providing a boolean is deprecated.
5760 * ApiBase::addBlockInfoToStatus() is deprecated for use by extensions. It is now
5761 marked as @internal and may be deleted in the future.
5762 It should not be necessary to call this method, Authority should be providing
5763 all relevant information via a PermissionStatus object.
5764 * JobQueueGroup::singleton() was deprecated - use
5765 MediaWikiServices::getJobQueueGroup() instead.
5766 * JobQueueGroup::destroySingletons() was deprecated. JobQueueGroups are now
5767 automatically destroyed after tests.
5768 * LinkCache::addGoodLinkObj() has been deprecated, since it is prone to
5769 corrupting the cache with invalid information. Use addGoodLinkObjFromRow()
5770 instead. PHPUnit tests must use LinkCacheTestTrait::addGoodLinkObject().
5771 * ContentHandler::getContentText() is now deprecated. Use Content::getText()
5773 * LinkCache::addLinkObj() has been deprecated, use PageStore::getPageForLink()
5775 * MediaWiki\User\UserNamePrefixSearch::search() previously accepted as its first
5776 parameter either the string 'public' or a UserIdentity object, to filter
5777 results for. It now expects an Authority object instead of UserIdentity, and
5778 providing just a UserIdentity will now trigger a deprecation warning.
5779 * User::getRights(), deprecated since 1.34, now emits deprecation warnings.
5780 * User::changeableGroups() and ::changeableByGroup() now emit deprecation
5781 warnings, use corresponding methods in UserGroupManager instead.
5782 * User::incEditCount() was deprecated in favor of the new method
5783 UserEditTracker::incrementUserEditCount().
5784 * RepoGroup::singleton(), ::destroySingleton() and ::setSingleton(), deprecated
5785 since 1.34, now emit deprecation warnings.
5786 * RecentChange::getPerformer(), deprecated since 1.36, now emits deprecation
5787 warnings. Use ::getPerformerIdentity() instead.
5788 * ContentHandler::cleanupHandlersCache(), deprecated since 1.35, now emits
5789 deprecation warnings.
5790 * Category::getTitle() was deprecated in favor of Category::getPage()
5791 * File::getUser() method now emits deprecation warnings, along with its over-
5792 rides in LocalFile and ForeignApiFile in favor of ::getUploader().
5793 * SpecialBlock::checkUnblockSelf(), deprecated in 1.36, now emits deprecation
5795 * (T284179) The mediawiki.viewport ResourceLoader module is deprecated. You can
5796 now just use MutationObserver or InterSectionObserver directly, which are
5797 widely available in all supported JavaScript browsers.
5798 * The following constructor options of DatabaseBlock class will now trigger
5799 deprecation warnings:
5800 - the 'byText' property with blocker's name,
5801 - the 'by' property with blocker's ID,
5802 For both of these, use the 'by' property with UserIdentity value instead.
5803 * The BeforeResetNotificationTimestamp hook was deprecated.
5804 * ArchivedFile::getUser() ::getRawUser() ::getRawUserText() were deprecated in
5805 favor of ::getUploader.() ::getRawDescription() was deprecated in favor of
5806 ::getDescription() with RAW audience parameter.
5807 * When calling LocalFile::newFromRow() or LocalFile::loadFromRow(), passing
5808 extra fields not requested by ::getQueryInfo() will now trigger deprecation
5809 warnings. This is to warn callers that deprefixing and automatic assignment of
5810 such fields will not be done in a future version.
5811 * JobSpecification::getTitle() was deprecated without providing a replacement.
5812 It wasn't used and job given the purpose of JobSpecification class it is not
5814 * The protected method File::getImageSize() is now deprecated.
5815 * BacklinkCache::get() was deprecated, use
5816 BacklinkCacheFactory::getBacklinkCache() instead.
5817 * Title::getBacklinkCache() now emits deprecation warnings. Instead, use the
5818 ::getBacklinkCache() method in the BacklinkCacheFactory service.
5819 * MediaHandler::getImageSize(), ::getMetadata(), and ::isMetadataValid() were
5820 deprecated and should no longer be overridden. Instead, sub-classes should
5821 override getSizeAndMetadata().
5822 * Deprecated File::getMetadata(). Instead use ::getMetadataArray(),
5823 ::getMetadataItem() and ::getMetadataItems().
5824 * Message::title() has been deprecated; use Message::page() instead.
5825 * BaseTemplate::getAfterPortlet(), BaseTemplate::renderAfterPortlet(), and the
5826 BaseTemplateAfterPortlet hook, which were deprecated in 1.35,
5827 now emit deprecation warnings.
5828 * The LocalFile::getHistory() hook is deprecated.
5829 * Previously the Skin templateDirectory option inside skin.json had to be
5830 relative to MediaWiki core. This should now be relative to the skin.
5831 * Calling WikiPage::prepareContentForEdit() without a UserIdentity is now
5833 * User::getEditTokenObject(), ::getEditToken(), and ::matchEditToken() were each
5834 deprecated. Use CsrfTokenRepository, which is available via IContextSource,
5835 instead. ::matchEditTokenNoSuffix() was deprecated without replacement.
5836 It was introduced to be able to provide custom error message if the token
5837 was submitted, but ending slashes were stripped by some ASCII mangling proxy.
5838 Use ::matchToken() instead, such proxies are much less common now and there's
5839 not much benefit in customising the error message.
5840 * ContentHandler::getForTitle(), deprecated since 1.35, now emits deprecation
5842 * User::listOptionKinds(), deprecated since 1.35, now emits deprecation
5844 * WikiPage::doEditContent(), deprecated since 1.32, now emits deprecation
5846 * CentralIdLookup::factory() and ::factoryNonLocal() now emit deprecation
5847 warnings; obtain an instance from MediaWikiServices instead.
5848 * The class RandomPage was renamed to SpecialRandomPage. The class RandomPage
5850 * BotPassword::invalidateAllPasswordsForCentralId() was deprecated.
5851 * BotPassword::removeAllPasswordsForCentralId() was deprecated.
5852 * The Title class members: $mTextform, $mUrlform, $mDbkeyform, $mNamespace,
5853 $mInterwiki, and $mFragment have been deprecated to not be used directly.
5854 Instead, their corresponding accessor methods should be used.
5855 * IDatabase::fetchObject(), ::fetchRow(), ::numRows(), ::numFields(),
5856 ::fieldName(), ::freeResult() and ::dataSeek() are deprecated. Use the
5857 corresponding methods in IResultWrapper instead.
5858 * ResultWrapper::unwrap(), DatabaseMysqlBase::fieldType() and
5859 DatabasePostgres::fieldType() each now emit deprecation warnings.
5860 * Sub-classes implementing Database::doQuery() should return either boolean or
5861 an IResultWrapper. To do otherwise will now trigger a deprecation warning.
5862 * User::getOptionKinds() and ::resetOptions(), both deprecated since 1.35,
5863 now emit deprecation warnings.
5864 * The following methods in MWNamespace, all deprecated since 1.34, now emit
5865 deprecation warnings:
5873 - ::hasTalkNamespace()
5874 - ::wantSignatures()
5876 - ::getSubjectNamespaces()
5877 - ::getTalkNamespaces()
5879 - ::hasGenderDistinction()
5880 - ::isNonincludable()
5881 - ::getNamespaceContentModel()
5882 - ::getRestrictionLevels()
5883 - ::getCategoryLinkType()
5884 * LogFormatter::styleRestricedElement() has been deprecated in favor of
5885 LogFormatter::styleRestrictedElement()
5886 * The following hooks related to user preferences were deprecated:
5887 - UserLoadOptions: use LoadUserOptions instead.
5888 - UserSaveOptions: use SaveUserOptions instead.
5889 - UserResetAllOptions: no replacement was provided, the hook is not used.
5890 * Title::isNamespaceProtected(), deprecated in 1.34, now emits deprecation
5892 * UserSelectQueryBuilder::userIds(), ::userNames(), and ::userNamePrefix() has
5893 been deprecated in favor of ::whereUserIds(), ::whereUserNames(), and
5894 ::whereUserNamePrefix().
5895 * Manually constructing a MovePage object, deprecated in 1.34, now emits
5896 deprecation warnings. Use MovePageFactory instead.
5897 * The following deletion-related methods were deprecated:
5898 - WikiPage::doDeleteArticleReal() (soft) - use DeletePage
5899 - WikiPage::doDeleteArticleBatched() (soft) - no replacement
5900 - WikiPage::isBatchedDelete() (soft) - use DeletePage
5901 - WikiPage::doDeleteUpdates() (hard) - no replacement
5902 - WikiPage::getDeletionUpdates() (hard) - no replacement
5903 - Title::isBigDeletion (soft) - no replacement
5904 * Relying on PermissionManager or Authority to check for big deletions
5905 was deprecated. This is now automatically checked if you use
5906 DeletePage::deleteIfAllowed(). (T288759)
5907 * The userCan hook now emits deprecation warnings. Use the
5908 getUserPermissionsErrors or getUserPermissionsErrorsExpensive hooks instead.
5909 * Parser::$mUser public access, and the methods ParserOptions::getUser() and
5910 Parser::getUser() each now emit deprecation warnings.
5911 * The following methods in the Title class have been deprecated in favor of the
5912 corresponding methods in the new RestrictionStore service (with different
5913 names where indicated):
5914 - ::areCascadeProtectionSourcesLoaded()
5915 - ::areRestrictionsCascading()
5916 - ::areRestrictionsLoaded()
5917 - ::getAllRestrictions()
5918 - ::getCascadeProtectionSources()
5919 - ::getFilteredRestrictionTypes()
5920 -> ::listAllRestrictionTypes()
5921 - ::getRestrictionExpiry()
5922 - ::getRestrictionTypes()
5923 -> ::listApplicableRestrictionTypes()
5924 - ::getRestrictions()
5925 - ::isCascadeProtected()
5927 - ::isSemiProtected()
5928 - ::loadRestrictionsFromRows()
5929 * The following Title methods have been deprecated with no direct public
5931 - ::deleteTitleProtection()
5932 - ::getTitleProtection()
5933 - ::flushRestrictions()
5934 - ::loadRestrictions()
5935 * User::isAllowUsertalk() now emits deprecation warnings. Use User::getBlock()
5936 and AbstractBlock::isUsertalkEditAllowed() instead.
5937 * Classes used by Preprocessor_DOM have been merged with classes used by
5938 Preprocessor_Hash, as Preprocessor_DOM was removed in 1.35.
5939 - PPDPart has been merged into PPDPart_Hash
5940 - PPDStack has been merged into PPDStack_Hash
5941 - PPDStackElement has been merged into PPDStackElement_Hash
5942 * By default, the global variable $wgUser is now an instance of the new class
5943 StubGlobalUser rather than User, and the first time it is used it will emit
5944 deprecation warnings (the $wgUser variable was deprecated in 1.35). For
5945 extensions that read from this variable, please use a relevant ContextSource
5946 instead, falling back to RequestContext::getMain() if none is available.
5947 * Collation::singleton() and ::factory() were deprecated; obtain an instance of
5948 the CollationFactory from MediaWikiServices instead.
5949 * Title::getDefaultNamespace() has been deprecated to be removed because there
5950 are no known callers/consumers.
5951 * With removal of the stub threshold feature, the following methods now emit
5952 deprecation warnings:
5953 - LinkRenderer::setStubThreshold() and ::getStubThreshold() - no replacement.
5954 - LinkRendererFactory::createForUser() - calling ::create() is now sufficient
5955 - ParserOptions::setStubThreshold() and ::getStubThreshold() - no replacement.
5956 - User::getStubThreshold() - no replacement.
5957 * The ArticleDelete and ArticleDeleteComplete hooks were deprecated. Use
5958 PageDelete and PageDeleteComplete instead.
5959 * The ArticleUndeleteLogEntry hook was deprecated without replacement.
5960 * The following LESS mediawiki.mixins have been deprecated:
5963 - .transform-origin()
5965 - .transition-transform()
5966 * The `UndeleteForm::undelete` hook was deprecated. A new hook was
5967 introduced, `PageUndelete`, that provides handlers with more information and
5968 is also called for non-UI requests. The capability of replacing the
5969 PageArchive object has been removed, as that violates the laws of nature.
5971 === Other changes in 1.37 ===
5972 * WatchlistManager::addWatch() and WatchlistManager::addWatchIgnoringRights(),
5973 which replace User::addWatch(), now call the WatchArticle and
5974 WatchArticleComplete hooks.
5975 * WatchlistManager::removeWatch() and
5976 WatchlistManager::removeWatchIgnoringRights(), which replace
5977 User::removeWatch(), now call the UnwatchArticle and UnwatchArticleComplete
5979 * The overridable postInitSetup() method was added to the
5980 AbstractAuthenticationProvider class. A provider can override postInitSetup()
5981 to do any custom post-initialization configuration.
5982 * The overridable postInitSetup() method was added to the SessionProvider
5983 class. A provider can override postInitSetup() to do any custom
5984 post-initialization configuration.
5985 * The protected getConfig() method was added to the SessionProvider class.
5986 Use SessionProvider::getConfig() to get a config.
5987 * The DBAccessBase class is deprecated. Classes that used to extend it
5988 should get a load balancer (factory) injected in the constructor instead.
5989 * ActorNormalization::acquireActorId() now requires IDatabase parameter.
5990 Not providing one emitted deprecation warnings since 1.36.
5991 * Anti-lock constants ALF_PRELOAD_LINK, ALF_NO_BLOCK_LOCK, ALF_NO_LINK_LOCK
5992 and ALF_PRELOAD_EXISTENCE have been removed. They're unused since 1.25.
5993 * (T278036) CSS class 'mw-htmlform-field-autoinfuse' used by some forms has been
5994 renamed to 'mw-htmlform-autoinfuse'.
5995 * User::newFromRow() does not accept pre-loaded user preferences under
5996 $data['user_properties'] anymore. This optimization was not used.
5997 * The following files change the letter case of the file names:
5998 - SpecialRandompage.php -> SpecialRandomPage.php
5999 - SpecialRandomredirect.php -> SpecialRandomRedirect.php
6000 - SpecialRandomrootpage.php -> SpecialRandomRootPage.php
6001 * Media files which are uploaded server side using the importImages.php
6002 maintenance script will now have the "mw-server-side-upload" change tag.
6003 * (T284917) The stub threshold feature has been removed.
6004 * Skin::getPoweredBy() and Skin::getCopyrightIcon() have been deprecated as they
6005 are only designed for use by skins extended BaseTemplate. You can move calls
6006 to instead use BaseTemplate::getPoweredByHTML() and ::getCopyrightIconHTML()
6008 * The SkinGetPoweredBy hook is deprecated. No replacement is provided.
6009 * HTMLTitleTextField didn't support interwiki titles well previously.
6010 Starting with 1.37, HTMLTitleTextField has a new parameter, 'interwiki',
6011 which can be used to control acceptance of interwiki titles. To provide
6012 a transitional period, the default value ('interwiki' => null) ensures
6013 MW will have the same behavior as before (logging a deprecation warning).
6014 In 1.38, the default behavior will change to "interwiki links aren't allowed".
6018 MediaWiki 1.37 requires PHP 7.3.19 or later, or PHP 7.4.3 or later, and the
6019 following PHP extensions:
6030 Support for PHP 8.0 is not yet complete.
6032 MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
6033 but support for them is somewhat less mature.
6035 The supported versions are:
6037 * MySQL 5.5.8 or later
6038 * PostgreSQL 9.4 or later
6039 * SQLite 3.8.0 or later
6041 == Online documentation ==
6042 Documentation for both end-users and site administrators is available on
6043 MediaWiki.org, and is covered under the GNU Free Documentation License (except
6044 for pages that explicitly state that their contents are in the public domain):
6046 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
6049 A mailing list is available for MediaWiki user support and discussion:
6051 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
6053 A low-traffic announcements-only list is also available:
6055 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
6057 It's highly recommended that you sign up for one of these lists if you're
6058 going to run a public MediaWiki, so you can be notified of security fixes.
6061 There's usually someone online in #mediawiki on irc.libera.chat.
6065 == MediaWiki 1.36.4 ==
6067 This is a security and maintenance release of the MediaWiki 1.36 branch.
6069 === Changes since MediaWiki 1.36.3 ===
6070 * (T298261) Fix support for Composer 2.2.
6071 * (T298283) composer.json: Add wikimedia/composer-merge-plugin to allow-plugins.
6072 * Update doctrine/dbal (3.0.0 => 3.1.5).
6073 * (T296898) Add entry point name to disabled Session exception if possible.
6074 * (T298564) MemcachedClient: Add support for IPv6.
6075 * (T297543, CVE-2022-28202) SECURITY: properly escape output used within
6076 galleries and Special:RevisionDelete.
6077 * (T268847) Suppress deprecation warnings from libxml_disable_entity_loader().
6078 * (T283275) Fix PHP 8.0 failure of WikiExporterFactoryTest.
6079 * Fix the json schema and the extension processor for Parsoid extension modules.
6080 * (T299696) update.php: Avoid passing null to substr.
6081 * In PHP 8.1 don't throw exceptions from mysqli.
6082 * (T289926) SiteConfiguration: Don't pass null to str_replace().
6083 * (T264735) Fix deprecation warning from CURLPIPE_HTTP1.
6084 * (T260735) Stop using is_resource() where possible.
6085 * (T289879) Apply ReturnTypeWillChange to various implementations of built in
6087 * (T299312) Implement __serialize/__unserialize for PHP 8.1 support.
6088 * ExtensionRegistry: Add process cache for lazy attributes.
6089 * (T301041) ApiPageSet: Add "missing": true to missing revisions.
6090 * Allow ParsoidModules extension schema to register services.
6091 * (T297708) Allow setting max execution time to several special pages.
6092 * (T302540) composer.json: Add ext-calendar to require.
6093 * (T302540) composer.json: Add ext-simplexml to require-dev.
6094 * (T302540) composer.json: Add various PHP extensions to suggests.
6095 * Upgrading symfony/polyfill-php80 (v1.23.1 => v1.25.0).
6096 * (T304008) Don't re-check "Move subpages" on Special:MovePage after a warning.
6097 * (T293576) listFiles: Display file name instead of version.
6098 * (T303871) Fix @since of Title::getId().
6099 * (T303560) Installer: Check correct PCRE_CONFIG_NEWLINE value.
6100 * wrapOldPasswords: add \n to two output calls.
6101 * (T297571, CVE-2022-28201) Title::newMainPage() goes into an infinite recursion
6102 loop if it points to a local interwiki.
6103 * (T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with many file
6104 uploads with actor as a condition can result in a DoS.
6106 == MediaWiki 1.36.3 ==
6108 This is a security and maintenance release of the MediaWiki 1.36 branch.
6110 === Changes since MediaWiki 1.36.2 ===
6111 * (T280363) mediawiki.page.ready: Introduce wikipage.indicators hook.
6112 * (T290697) Add symfony/polyfill-php80.
6113 * IcuCollation: Add some more icu to unicode version mappings.
6114 * ApiBase: Annotate deprecated constants individually.
6115 * PHPVersionCheck: Mark PHP 7.4.0 - 7.4.2 as buggy.
6116 * (T293044) installer: Fix 5th param to sourceFile() in DatabaseUpdater.
6117 * (T291127) Always encode spaces in cookie values as "%20".
6118 * Use LocalFile::getHookRunner instead of LocalFile::hookRunner.
6119 * (T293564) mediawiki.page.ready: Fire hook 'wikipage.indicators' with
6121 * HistoryBlobStub: add getLocation() to get $mOldId.
6122 * Fix checkStorage.php.
6123 * checkStorage: pass no parameters to WikiRevision::getContent().
6124 * (T292763, CVE-2021-44854) SECURITY: Do not cache private wiki completion
6126 * (T294316) Revert "Mark ApiClientLogin/ApiLogin as requiring write mode".
6127 * (T294796) JobQueueRedis: Replace deprecated zSize with zCard.
6128 * (T278037) NoLocalSettings: Pass an EmptyBagOStuff to TemplateParser.
6129 * (T212428, T267468) Allow populateContentTables to continue when there are
6131 * (T295191) ApiQuerySiteinfo: Fix "rightsinfo"/"url" when $wgRightsPage is
6133 * Update pear/mail_mime to 1.10.11.
6134 * Update deprecated Guzzle Psr7 function calls.
6135 * (T281972) Follow-Up: I10fbd4b6a: Update @since tags as those were backported.
6136 * Tweak error message for missing composer dependencies.
6137 * (T296112) Allow inserting new sections named '0'.
6138 * nukeNS: don't run purgeRedundantText() after every change.
6139 * (T286779, T297031) installer: Fix Postgres mistakes in using changeField
6141 * (T225888) RollbackAction: fix missing pagetitle.
6142 * (T297322, CVE-2021-44858, CVE-2021-44857) SECURITY: Fix permissions checks in
6144 * (T297574, CVE-2021-45038) SECURITY: Fix permissions check in action=rollback.
6145 * (T34716, T297416) SECURITY: Require 'read' right for most actions.
6146 * (T271037, CVE-2021-44856) SECURITY: Fix use of EditFilterMergedContent hook
6147 when changing content model.
6149 == MediaWiki 1.36.2 ==
6151 This is a security and maintenance release of the MediaWiki 1.36 branch.
6153 === Changes since MediaWiki 1.36.1 ===
6154 * Don't access MWServices prematurely in Maintenence.php.
6155 * (T283394) Mark ApiClientLogin/ApiLogin as requiring write mode.
6156 * Installer: Fix foundation.wikimedia.org link in config-pingback-help.
6157 * (T283273) Make postgres IRC channel point to libera.chat.
6158 * composer.json: Promote and pin monolog/monolog to require from require-dev.
6159 * (T287526) JavaScriptMinifer: Recognize `...` as a single token.
6160 * (T287526) Update wikimedia/minify to 2.2.4.
6161 * (T289108) ExtensionProcessor: Remove loaderScripts from extension.json
6163 * (T281549) Installer: Fix mediawiki-announce auto subscription code.
6164 * FormatJson: Optimize encode() for supported PHP versions.
6165 * (T290398) renameRestrictions.php: Update protected_titles as well.
6166 * (T290489) objectcache: Fix PHP warning for ReplicatedBagOStuff::setMulti.
6167 * $wgMimeTypeBlacklist - This configuration array now prohibits the RFC 4329
6168 form of JavaScript, 'application/javascript', as well as previous MIME types.
6169 * (T51097, T290273) resourceloader: Call getStyleFiles from
6170 FileModule::getFileHashes.
6171 * (T277788) parser: Avoid calling ParserOptions::getOption() too many times.
6172 * (T291244) Unserialize objects in ParserCache->mExtensionData as objects.
6173 * MysqlUpdater: Add updatelog entries for dropDefault.
6174 * (T290776) Fix $phase check in OutputHandler.
6175 * The wikimedia/parsoid library has been upgraded from v0.13.0 to v0.13.1.
6176 * (T285515, CVE-2021-41798) SECURITY: XSS vulnerability in Special:Search.
6177 * (T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full
6179 * (T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of
6180 Special:Contributions.
6182 == MediaWiki 1.36.1 ==
6184 This is a security and maintenance release of the MediaWiki 1.36 branch.
6186 === Changes since MediaWiki 1.36.0 ===
6187 * (T283942) DatabaseInstaller.php: Only run core schema file if specified table
6188 doesn't already exist.
6189 * (T247223) Optimise MessageCache::isMainCacheable() for the single-message
6191 * (T283244) JavaScriptMinifer: Fix handling of "delete" as object property.
6192 * (T284391) Fix SkinModule to correctly prepend remote path on document root
6194 * (T235554) Disable DEFER_SET_LENGTH_AND_FLUSH headers to avoid HTTP errors.
6195 * (T278579) Don't send headers on ob_end_clean().
6196 * (T285287) MultiHttpClient: Replace PHP version check with defined().
6197 * (T280226, CVE-2021-35197) SECURITY: Prevent blocked users from purging pages.
6199 == MediaWiki 1.36.0 ==
6201 === Changes since MediaWiki 1.36.0-rc.0 ===
6202 * (T248481) rdbms: Use server time in
6203 DatabaseMysqlBase::getLagFromPtHeartbeat().
6204 * (T281549) WebInstaller: Don't show the announce-l subscribe checkbox for now.
6205 * (T264214) Follow-ups for UserGroupManager.
6206 * (T282280) resourceloader: Fix path-only URLs in wiki modules when script path
6208 * (T281972) UserIdentityValue: Introduce convenience static factory methods.
6209 * (T230428) Make page_is_redirect and page_is_new unsigned.
6210 * (T280292) Legacy feature should not load thumbnail style rules (only layout).
6211 * (T283247) Freenode -> Libera per wikimedia moving from freenode to libera.
6212 * (T280270) composer: Lock Parsoid version to specific 0.13.0 release.
6213 * (T142663) Add extension.json merge strategy "provide_default".
6214 * (T283540) HookContainer: Fix normalization of callback for static handler.
6215 * (T283464) registration: Fix array order for array_replace_recursive merge
6217 * (T283539) Interwiki: Fix calling "onInterwikiLoadPrefix" hook.
6218 * (T282594) Timeless: Re-branch to 40eb3dad1for REL1_36.
6220 == MediaWiki 1.36.0-rc.0 ==
6222 == Upgrading notes for 1.36 ==
6223 Don't forget to always back up your database before upgrading!
6225 See the file UPGRADE for more detailed per-version upgrade instructions from the
6226 oldest supported upgrading version, MediaWiki 1.27.
6228 Some specific notes for MediaWiki 1.36 upgrades are below:
6229 * MediaWiki 1.36 now requires the PHP internationalization extension (commonly
6230 referred to as Intl, ext-intl, or php-intl).
6231 * The MediaWiki:Autoblock_whitelist block exemption control has been moved to
6232 MediaWiki:Block-autoblock-exemptionlist. If you use this feature, please move
6233 the MediaWiki:Autoblock_whitelist page.
6234 * (T275334) $wgExtensionFunctions is sometimes used to change configuration
6235 settings. This is not safe; extension functions are run relatively late, some
6236 services are already initialized by that point and so they use the old
6237 configuration. Changes in 1.36 make this kind of breakage even more common.
6238 You can use the MediaWikiServices hook instead. (In the future there might be
6239 a dedicated hook for configuration changes.)
6241 For notes on 1.35.x and older releases, see HISTORY.
6243 === Configuration changes for system administrators in 1.36 ===
6244 The MediaWiki update script, maintenance/update.php, used to accept `--nopurge`
6245 as an option to prevent clearing caches stored in the database during upgrade.
6246 This is no longer encouraged, and the option has been removed.
6248 ==== New configuration ====
6249 * (T256001) $wgManualRevertSearchRadius – This setting controls a new feature
6250 that marks edits as reverts if they restore the page to an exact previous
6251 state. This configuration variable sets the maximum number of revisions of a
6252 page that will be checked against every new edit. Set this to 0 to disable the
6254 * (T244058) $wgOldRevisionParserCacheExpireTime — This setting was added to
6255 control caching of ParserOutput for old (non-current) revisions.
6256 * (T265263) $wgRememberMe - This setting configures the "remember me" checkbox
6257 on account log-in systems via RememberMeAuthenticationRequest.
6258 * (T157145) $wgSkinMetaTags – This setting lets sysadmins configure skins that
6259 support meta tags. These tags make sharing of MediaWiki pages on a variety of
6260 social platforms more contentful and thus useful.
6261 * (T280944) $wgIncludejQueryMigrate - This setting lets sysadmins disable the
6262 jQuery Migrate plugin. It has been enabled by default since MediaWiki 1.27.
6263 In future releases it will be disabled by default.
6265 ==== Changed configuration ====
6266 * $wgLogos – This setting selects the logo shown on the site. The default value
6267 for the site logo, which is shown in an install if you have not set one, will
6268 now be the new logo of MediaWiki.
6269 * (T274695) $wgAjaxEditStash — This setting, to disable the edit stashing
6270 feature when users start writing an edit summary, has been deprecated. In
6271 future releases, this feature will always be enabled.
6272 * $wgUploadStashScalerBaseUrl – This setting, to enable remote on-demand media
6273 scaling, was deprecated. Use the `thumbProxyUrl` setting in $wgLocalFileRepo
6275 * $wgSlaveLagWarning and $wgSlaveLagCritical – These settings have been renamed,
6276 to $wgDatabaseReplicaLagWarning & $wgDatabaseReplicaLagCritical respectively.
6277 The former configuration variable names are deprecated, but will be used as
6278 the fall back if they are still set, and remain temporarily available for
6279 extensions which try to read them.
6280 * $wgWANObjectCaches - The "coalesceKeys" option was removed without deprecation
6281 and replaced by a new "coalesceScheme" option, set to "hash_stop" by default.
6282 If you use Dynomite, then set the new "coalesceKeys" option to "hash_tag". The
6283 "cluster" and "mcrouterAware" options were also removed without deprecation.
6284 Use "broadcastRoutingPrefix" instead.
6286 ==== Removed configuration ====
6287 * $wgUseTwoButtonsSearchForm — This setting, deprecated in 1.35, has been
6289 * $wgAllowImageMoving — This setting, deprecated in 1.35, has been removed. Use
6290 group permission settings instead. For example, to prevent sysops from
6291 moving files, set `$wgGroupPermissions['sysop']['movefile'] = false;`
6292 * $wgExtNewTables, $wgExtNewFields, $wgExtNewIndexes, $wgExtPGNewFields,
6293 $wgExtPGAlteredFields, $wgExtModifiedFields — These settings were removed.
6294 They became obsolete after 1.17 overhauled the database updater, but were kept
6295 for backwards compatibility. The LoadExtensionSchemaUpdates hook should be
6297 * $wgParserConf - This setting, deprecated in 1.35, has been removed. The last
6298 use of this setting was for pre-processor configuration, which was deprecated
6299 in 1.34 and removed in 1.35.
6300 * $wgEnableRestAPI - This setting, ignored since 1.35, has been removed.
6301 * $wgPagePropsHaveSortkey – This temporary setting has been removed, along with
6302 the schema change upgrade path it controlled. If your site is still using it,
6303 meaning you have not yet applied the `pp_sortkey` schema change from 1.24, you
6304 must now apply it before upgrading.
6305 * The deprecated password policies PasswordCannotMatchBlacklist and
6306 PasswordNotInLargeBlacklist were removed. Please use
6307 PasswordCannotMatchDefaults and PasswordNotInCommonList respectively instead.
6309 === New user-facing features in 1.36 ===
6310 * The logo of MediaWiki has changed. This means that the "Powered By MediaWiki"
6311 button shown in the skin footer will be different.
6312 * All HTML5 named entities are now accepted in wikitext.
6313 * (T106263) The file description page's alternate sizes now include 2048px.
6315 === New developer features in 1.36 ===
6316 * Parser test files can now declare a dependency on a specific extension being
6317 loaded, not just on the presence of a certain extension tag hook. This is a
6318 better fit for extensions like TimedMediaHandler, which affect the output but
6319 don't register parser hooks. Use `extension:Foo` in the `!! hooks` section of
6320 your parser test file to declare a dependency on the `Foo` extension being
6322 * To expose code previously present in SpecialBlock/SpecialUnblock to other
6323 parts of the code, or to extensions, the new BlockUser and UnblockUser command
6324 objects were added. Use the BlockUserFactory and UnblockUserFactory services
6326 * The hook UsersPagerDoBatchLookupsHook takes now a \Wikimedia\Rdbms\IDatabase,
6327 instead of \Wikimedia\Rdbms\DBConnRef, as the first parameter.
6328 * MediaHandlers can now customize the formatting of the metadata they emit by
6329 over-riding MediaHandler::formatTag( $key, $value ). The default for unknown
6330 tags is numeric formatting; non-EXIF tags which are non-numeric should always
6331 use this method to specify the desired formatting.
6332 * The new 'title' type can be used to validate action API and REST API inputs.
6333 * The new ArticleParserOptions hook allows customizing the parser options used
6334 to parse wikitext for an article, based on user preferences, title, etc.
6335 * The new 'raw' type can be used to validate action API inputs. It bypasses the
6336 Unicode NFC normalization done on inputs of type 'string', so it more suitable
6337 when the input is binary or may contain deprecated Unicode sequences or
6338 characters (such as U+2001) that should be passed unmodified.
6339 * (T260330) A new abstraction for running shell commands has been introduced,
6340 called BoxedCommand. A BoxedCommand object can be obtained with
6341 MediaWikiServices::getInstance()->getCommandFactory()->createBoxed().
6342 * ResourceLoader modules can now mark themselves as ES6-only by setting
6343 `'es6' => true` in their module definition. ES6-only modules will not be
6344 executed in browsers that don't support ES6, such as IE11.
6346 === External library changes in 1.36 ===
6348 ==== New external libraries ====
6349 * Added wikimedia/minify 2.2.2.
6350 * Added wikimedia/request-timeout 1.1.0.
6351 * Added wikimedia/shellbox 1.0.4.
6353 * Added symfony/symfony/polyfill-php80 1.23.1.
6355 ==== Changed external libraries ====
6356 * Updated composer/semver from 1.5.1 to 3.2.4.
6357 * Updated guzzlehttp/guzzle from 6.5.4 to 7.2.0.
6358 * Updated jQuery from v3.4.1 to v3.6.0.
6359 * Updated jQuery Migrate from v3.1.0 to v3.3.2.
6360 * Updated jquery.client from 2.0.2 to 3.0.0.
6361 * Updated OOUI from 0.39.3 to 0.41.3.
6362 * Updated pear/mail_mime from 1.10.8 to 1.10.9.
6363 * Updated pear/net_smtp from 1.9.1 to 1.9.2.
6364 * Updated pimple/pimple from 3.3.0 to 3.3.1.
6365 * Updated wikimedia/at-ease from 2.0.0 to 2.1.0.
6366 * Updated wikimedia/cldr-plural-rule-parser from 1.0.0 to 2.0.0.
6367 * Updated wikimedia/common-passwords from 0.2.0 to 0.3.0.
6368 * Updated wikimedia/composer-merge-plugin from 1.4.1 to 2.0.1.
6369 * Updated wikimedia/html-formatter from 1.0.2 to 3.0.1.
6370 * Updated wikimedia/ip-set from 2.1.0 to 3.0.0.
6371 * Updated wikimedia/ip-utils from 1.0.0 to 3.0.2.
6372 * Updated wikimedia/less.php from 3.0.0 to 3.1.0.
6373 * Updated wikimedia/object-factory from 2.1.0 to 3.0.0.
6374 * Updated wikimedia/php-session-serializer from 1.0.7 to 2.0.0.
6375 * Updated wikimedia/remex-html from 2.2.0 to 2.2.2.
6376 * Updated wikimedia/utfnormal from 2.0.0 to 3.0.2.
6377 * Updated wikimedia/wait-condition-loop from 1.0.1 to 2.0.1.
6378 * Updated wikimedia/xmp-reader from 0.7.0 to 0.8.1.
6380 ===== Changed development-only external libraries =====
6381 * Updated composer/spdx-licenses from 1.5.3 to 1.5.4.
6382 * Updated doctrine/dbal from 2.10.2 to 3.0.0.
6383 * Updated doctrine/sql-formatter from 1.1.0 to 1.1.1.
6384 * Updated mediawiki/mediawiki-phan-config from 0.10.2 to 0.10.6.
6385 * Updated monolog/monolog from 1.25.3 to 2.2.0.
6386 * Updated nikic/php-parser from 4.4.0 to 4.10.2.
6387 * Updated psy/psysh from 0.10.4 to 0.10.5.
6388 * Updated seld/jsonlint from 1.7.1 to 1.8.3.
6389 * Updated symfony/yaml from ~3.4|~4.3|~5.0.5 to ~3.4|~5.1.
6390 * Updated wikimedia/testing-access-wrapper from 1.0.0 to 2.0.0.
6392 ==== Removed external libraries ====
6393 * The html5shiv library has been removed, as support for Internet Explorer 8 has
6395 * The wikimedia/avro suggested development-only library has been removed, as the
6396 support for logging in Avro format has been dropped.
6398 === Bug fixes in 1.36 ===
6399 * (T190285) ApiEditPage module used to switch 'undo' and 'undoafter' parameters,
6400 if it founds you reversed them (based on assumption that higher revision ID
6401 indicates a later revision). The assumption is not always true, and is
6402 hindering proper edit undoing in some cases, hence the logic has been removed.
6403 Reversing the parameters will now lead to edit conflict or undefined behavior.
6404 * (T263340) In history merging, pages with a content model that does not support
6405 redirects will now be recorded as deleted if no revision is being left in the
6406 source page (that's if all revisions of the page have been merged to another).
6408 === Action API changes in 1.36 ===
6409 * (T269636) `Access-Control-Max-Age` was added to the default list of headers
6410 allowed for cross-origin API requests ($wgAllowedCorsHeaders).
6411 * (T258108) Accounts with the 'bot' right no longer have pages automatically
6412 added to the watchlist when making API edits, regardless of their preferences.
6413 This is to reduce the size of the watchlist data in the database. To add API
6414 bot edits to the watchlist, explicitly set the 'watch' option.
6416 === Languages updated in 1.36 ===
6417 MediaWiki supports over 350 languages. Many localisations are updated regularly.
6418 Below only new and removed languages are listed, as well as changes to languages
6419 because of Phabricator reports.
6421 * (T258975) Added a Latin/Cyrillic script converter for the Talysh language.
6422 * (T245359) Split Bali script locale from "ban" (Balinese) (ban-bali).
6423 * (T264582) Added language support for Madurese (mad).
6424 * (T259330) Added language support for Mara (mrh).
6425 * (T263968) Added language support for Nias (nia).
6426 * (T270365) Added language support for Tyap (kcg).
6427 * (T276745) Added language support for Wayuu (guc).
6429 === Breaking changes in 1.36 ===
6430 * Grade C (non-JavaScript) support for Internet Explorer 8 has been dropped.
6431 * (T249459) wfIsBadImage(), deprecated in 1.34, has been removed.
6432 * (T176526) EditPage::getContextTitle() will now throw an exception if a context
6433 title was not set using setContextTitle(). Previously, this mis-use would only
6434 cause a deprecation warning to be emitted.
6435 * The DeferredStringifier class, deprecated since 1.31, was removed.
6436 * Multiple methods that fell back to the $wgUser global variable were
6437 individually hard deprecated previously. The following have now been removed:
6438 - ApiTestCase::doLogin
6439 - Article::doDeleteArticle
6440 - Article::doDeleteArticleReal
6441 - Article::getComment
6442 - Article::getCreator
6444 - Article::getUserText
6445 - Article::insertProtectNullRevision
6447 - File::recordUpload
6448 - ForeignDBFile::delete
6449 - ForeignDBFile::recordUpload
6451 - LocalFile::deleteOld
6452 - LocalFile::recordUpload
6453 - PageArchive::undelete
6454 - RecentChange::markPatrolled
6455 - Title::getUserPermissionsErrors
6456 - Title::quickUserCan
6458 - WebRequest::getLimitOffset
6459 - WikiPage::doDeleteArticle
6460 - WikiPage::insertProtectNullRevision
6461 * The SpecialPageFactory class, deprecated in 1.32, has been removed. Use the
6462 SpecialPageFactory service instead.
6463 * Multiple methods previously had optional User parameters, with fallbacks
6464 to the $wgUser global variable. Not passing a User to those methods was
6465 previously hard deprecated, and support for not passing a User has now
6467 - ArchivedFile::userCan
6469 - FileDeleteForm::__construct
6470 - FileDeleteForm::doDelete
6471 - LocalFileDeleteBatch::__construct
6472 - LogEventsList::getExcludeClause (only needed for the 'user' audience)
6473 - LogEventsList::userCan
6474 - LogEventsList::userCanBitfield
6475 - LogEventsList::userCanViewLogType
6476 - LogPage::addEntry (also accepts user id instead)
6477 - OldLocalFile::userCan
6479 - Title::getNotificationTimestamp (though the entire method is deprecated)
6480 - WikiPage::getComment (only needed for the FOR_THIS_USER audience)
6481 - WikiPage::getCreator (only needed for the FOR_THIS_USER audience)
6482 - WikiPage::getUser (only needed for the FOR_THIS_USER audience)
6483 - WikiPage::getUserText (only needed for the FOR_THIS_USER audience)
6484 * The following hooks have been removed:
6485 - APIQueryInfoTokens
6486 - APIQueryRecentChangesTokens
6487 - APIQueryRevisionsTokens
6488 - APIQueryUsersTokens
6489 - ApiTokensGetTokenTypes
6490 * LogEventsList::typeAction previously accepted an optional right parameter, and
6491 checked if the context user ($wgUser) had that right. Passing a right was hard
6492 deprecated in 1.35, and support for passing a right has now been removed.
6493 * WikiPage::doDeleteArticleReal previously accepted an optional user as its
6494 fifth parameter, and fell back to $wgUser if not user was provided. The
6495 signature changed to have the user as the second parameter, and the old
6496 signature was hard deprecated in 1.35. Support for the old signature has now
6498 * User::addNewUserLogEntry, deprecated since 1.27, was removed.
6499 * As part of refactoring the EditPage class, EditPage::setPreloadedContent,
6500 which had no known callers was removed entirely. Additionally, the following
6501 public methods were made private:
6502 - ::extractSectionTitle
6503 - ::getSummaryInputWidget
6504 - ::noSuchSectionPage
6506 * EditPage::matchSpamRegex and ::matchSummarySpamRegex, deprecated in 1.35,
6507 were removed. Use the SpamChecker service instead.
6508 * The global function `wfWaitForSlaves`, deprecated in 1.27 and hard-deprecated
6509 in 1.35, has been removed. Use LBFactory::waitForReplication() instead.
6510 * Calling Action::factory() with null as the first parameter, rather than a
6511 string, was deprecated in 1.35 and support was now removed.
6512 * Calling Action::factory() with an object that wasn't an Article as the second
6513 parameter was deprecated in 1.35 and support was now removed.
6514 * The global variable $wgMemc, deprecated since 1.35, has been removed. Usage
6515 should generally be migrated to WANObjectCache, or if you really need the
6516 internal object, use ObjectCache::getLocalClusterInstance instead.
6517 * The preprocessDump.php maintenance script was removed.
6518 * CategoryFinder, which was deprecated in 1.31 and hard-deprecated in 1.35,
6520 * GenderCache::singleton(), which was deprecated in 1.28 and hard-deprecated
6521 in 1.35, has been removed.
6522 * Sanitizer::escapeId(), deprecated in 1.30, has been removed.
6523 * Direct invocation of Parser::__construct() (instead of via a ParserFactory)
6524 now throws an exception; support has also been removed for several
6525 deprecated variants on the arguments passed to Parser::__construct.
6526 Direct invocation of Parser::__construct was deprecated in 1.34.
6527 * Parser::setFunctionTagHook(), deprecated in 1.35, has been removed.
6528 * The following properties of Parser, deprecated in 1.35, have been made
6530 - $mTagHooks - use Parser::getTags()
6531 - $mFunctionHooks - use Parser::getFunctionHooks()
6532 - $mOutput - use Parser::getOutput()
6533 - $mPreprocessor - use Parser::getPreprocessor()
6534 * The ParserBeforeTidy hook, deprecated in 1.35, has been removed.
6535 * The ParserBeforeTidy, ParserBeforeStrip, and ParserAfterStrip hooks,
6536 deprecated in 1.35, have been removed.
6537 * All methods of MWTidy except for MW::tidy() have been removed. These were each
6538 either marked as @internal or deprecated in 1.35.
6539 * (T248062) Mixins `.background-image-svg()` and `.background-image-svg-quick()`
6540 (provided by mediawiki.mixins.less), which have been deprecated since 1.35,
6541 have now been removed. MediaWiki no longer supports any browser which would
6542 require this SVG-fallback PNG support, so you can simply use the regular CSS
6543 `background-image:` declaration instead.
6544 * The ResourceLoader module `mediawiki.legacy.oldshared` and its file
6545 'oldshared.css', deprecated since 1.35 has been removed (T248357).
6546 * `ResourceLoader::__construct` now requires a Config parameter. The optional
6547 nature of this parameter was deprecated in 1.34.
6548 * The LinkBegin and LinkEnd hooks, deprecated in 1.28, have been removed. You
6549 can instead use the HtmlPageLinkRendererBegin and HtmlPageLinkRendererEnd
6550 hooks, respectively.
6551 * The EmailUser hook passes its fifth param, $error, by reference, to allow
6552 hook handlers to add error messages, indicate that they have sent the email
6553 instead of core, etc. Setting the parameter to something other than a
6554 Status object, true, false, an empty string, an array, or a MessageSpecifier,
6555 object, which had been deprecated in 1.29, is no longer supported, and now
6556 results in an MWException being thrown.
6557 * Skin::getDynamicStylesheetQuery(), deprecated in 1.32, has been removed. You
6558 should use action=raw&ctype=text/css directly.
6559 * Skin::makeI18nUrl(), deprecated in 1.35, has been removed.
6560 * The following User methods, deprecated and moved to BlockManager in 1.34, were
6562 - ::isDnsBlacklisted
6564 - ::isLocallyBlockedProxy
6565 - ::trackBlockWithCookie
6566 * Support for v1 of the parser tests file format has been removed; it was
6567 deprecated in 1.35. (T174199)
6568 * SpecialUnblockUser::processUIUnblock() now returns a Status object instead of
6569 an array of messages or a boolean value. This function was also marked as
6570 @internal and is no longer safe to call it publicly.
6571 * mw.Title.getDotExtension() from the 'mediawiki.Title' module was removed
6572 without deprecation. You should use mw.Title.getExtension() and prepend the
6574 * Profiler::getTemplated and Profiler::setTemplated, deprecated in 1.34, have
6576 * DatabaseMysqlBase now requires MySQL version 5.6.4+ when "lagDetectionMethod"
6577 is set to "pt-heartbeat".
6578 * Removed HookContainer::getOriginalHooksForTest() without deprecation. This
6579 method was introduced in 1.35 for internal use, and appears unused outside of
6581 * ParserCache::__construct() now requires three parameters.
6582 * Message->getFormat(), deprecated in 1.29, has been removed.
6583 * Support for passing Article to ParserCache::get, deprecated in 1.35, has been
6585 * ParserCache::singleton(), deprecated in 1.30, has been removed.
6586 * DatabaseBlock::deleteIfExpired and ::fromMaster, deprecated in 1.35, have been
6588 * Some deprecated AbstractBlock methods have been removed:
6589 - ::prevents, deprecated in 1.33
6590 - ::shouldTrackWithCookie, deprecated in 1.34
6591 - ::getBlocker, deprecated in 1.35
6592 - ::setBlocker, deprecated in 1.35
6593 - ::getBlockErrorParams, deprecated in 1.35
6594 * Multiple DatabaseBlock methods dealing with cookies, deprecated in 1.34,
6599 - ::getIdFromCookieValue
6600 - ::shouldTrackWithCookie
6601 * The public static callback function SpecialUnblock::processUIUnblock has been
6602 removed. This method was for internal use only, and appears unused outside of
6604 * ChangeTags::truncateTagDescription, deprecated in 1.35, has been removed.
6605 * Deprecated null fallbacks in PasswordReset constructor have been removed.
6606 * User::isEveryoneAllowed and User::getAllRights, deprecated in 1.34, has been
6608 * The following methods of the UserGroupMembership class, deprecated in 1.35,
6611 - ::newFromRow - use UserGroupManager::newGroupMembershipFromRow
6612 - ::selectFields - use UserGroupManager::getQueryInfo
6613 - ::delete - use UserGroupManager::removeUserFromGroup
6614 - ::insert - use UserGroupManager::addUserToGroup
6615 - ::purgeExpired - use UserGroupManager::purgeExpired
6616 - ::getMembershipsForUser - use UserGroupManager::getUserGroupMemberships
6617 - ::getMembership - use UserGroupManager::getUserGroupMemberships
6618 * The public static callback function SpecialBlock::validateTargetField has been
6619 removed. This method was for internal use only, and appears unused outside of
6621 * The public static callback function SpecialUploadStash::tryClearStashedUploads
6622 has been removed. This method was for internal use only, and appears unused
6623 outside of MediaWiki core.
6624 * SpecialComparePages::showDiff() ::revOrTitle(), ::checkExistingTitle(), and
6625 ::checkExistingRevision() were marked as @internal to allow for breaking
6626 changes. They are no longer safe to call. The methods were unused outside of
6628 * Each special page within core now uses service injection via it constructor.
6629 When extending these special pages, a call to the grandparent constructor
6630 (`SpecialPage::__construct()`) in the sub-class would now break the derived
6631 special page, as the fallback code in the parent constructor cannot set the
6632 services as needed. Be sure to call the parent constructor when extending
6633 core special pages. Extending core's special pages is not part of the stable
6634 interface, and should generally be avoided.
6635 * Language::getExtraUserToggles and ::viewPrevNext, deprecated in 1.34, have
6637 * StreamFile::send404Message and ::parseRange, deprecated in 1.34, have been
6639 * SVGMetadataExtractor class, deprecated in 1.34, has been removed.
6640 * ProcessCacheLRU class, deprecated in 1.32, has been removed.
6641 * wfForeignMemcKey(), deprecated in 1.35, has been removed.
6642 * LoadBalancer::safeWaitForMasterPos(), deprecated in 1.34, has been removed.
6643 * JobQueue::factory() now requires its `idGenerator` option. The optional
6644 nature of this option was deprecated in 1.35.
6645 * ApiFeedRecentChanges::getFeedObject has been changed to private, and appears
6646 unused outside of MediaWiki core.
6647 * Skin::subPageSubtitle() has been changed to private method. Callers should
6648 use Skin::prepareSubtitle().
6649 * RevisionDeleter::checkRevisionExistence was removed without deprecation.
6650 It had no known callers.
6651 * wfForeignMemcKey() and wfMemcKey(), deprecated in 1.35, have been removed.
6652 * MediaWiki now also requires the php-intl extension.
6653 * BotPassword::save() now returns a Status object for the result rather than
6655 * The methods in CoreTagHooks have been marked @internal and type hints have
6656 been added. The methods appeared to be unused outside of MediaWiki core.
6657 * SquidPurgeClient and SquidPurgeClientPool, deprecated since 1.35, have been
6659 * Several methods on WikiPage will now throw an exception when called on a
6660 WikiPage instance that where constructed on a title that does not refer to a
6661 proper page (but rather a special page or interwiki link). The behavior was
6662 previously undefined and could in some cases lead to data corruption. Affected
6663 methods are: getId(), insertOn(), newPageUpdater(), doUpdateRestrictions(),
6664 doDeleteArticleReal(), doRollback(), and doEditContent().
6665 * The ParserTestRunner no longer invokes the ParserTestTables hook. Instead, it
6666 clones all database tables before running tests, like MediaWikiIntegrationTest
6667 does. If an extension was mis-using the hook to *exclude* tables from the
6668 clone, that will no longer occur, and tests may fail.
6669 * The following classes, which were only loaded for tests and had no uses found
6670 in public MediaWiki-related git, were removed:
6673 * Passing Title as a second parameter to RevisionStore::getPreviousRevision and
6674 getNextRevision, hard deprecated since 1.31, was prohibited.
6675 * (T275619) Maintenance::hasOption and Maintenance::getOption now behave as
6676 documented and are not altered by previous calls to these methods.
6677 * The internal class FirejailCommand was removed.
6678 * Command::execute() now returns a Shellbox\Command\UnboxedResult instead of a
6679 MediaWiki\Shell\Result. Any type hints should be updated.
6680 * WikiPage::$mIsRedirect was removed.
6681 * ObjectCache::detectLocalServerCache(), deprecated in 1.35, was removed.
6682 * The following functions from the Title class have been removed:
6683 - countRevisionsBetween
6685 * The PageProps class was converted to a service. PageProps::overrideInstance
6686 was removed, and MediaWikiServices::redefineService should be used
6688 * Support for creating a MediaWikiTitleCodec object without the InterwikiLookup
6689 and NamespaceInfo services, deprecated in 1.34, was removed. Note that the
6690 MediaWikiTitleCodec class is not @newable or @stable to create, and should
6691 be retrieved from MediaWikiServices instead.
6692 * The $wgContLang variable, deprecated in 1.32, was removed. You can instead use
6693 MediaWikiServices::getInstance()->getContentLanguage().
6694 * User::clearAllNotifications(), hard deprecated in 1.35, was removed. Use
6695 WatchlistManager::clearAllUserNotifications() instead.
6696 * DatabaseBlock::getBlocker can return any UserIdentity instance, not just User.
6697 * MediaWiki::triggerJobs(), deprecated in 1.34, was removed.
6698 * The following Article methods, deprecated in 1.35, were removed:
6708 - getAutoDeleteReason
6713 - getDeletionUpdates
6714 - getHiddenCategories
6725 - hasViewableContent
6728 - insertRedirectEntry
6737 - prepareContentForEdit
6738 - protectDescription
6739 - protectDescriptionLog
6740 - replaceSectionAtRev
6741 - replaceSectionContent
6743 - shouldCheckParserCache
6745 - triggerOpportunisticLinksUpdate
6746 - updateCategoryCounts
6750 - doUpdateRestrictions
6751 - updateRestrictions
6755 * The monolog-based logging system has dropped the Avro format. Because of this,
6756 the AvroFormatter class and the AvroValidator utility class have been removed
6757 without deprecation.
6758 * AbstractBlock::$mReason, deprecated in 1.34, was removed.
6759 Use AbstractBlock::getReasonComment and AbstractBlock::setReason instead.
6761 === Deprecations in 1.36 ===
6762 * (T278026) The DB_MASTER constant has been deprecated in favour of DB_PRIMARY.
6763 * (T245963) User::getGrantName() is now hard deprecated and will be removed in
6764 a subsequent release. Use MWGrants::grantName() instead.
6765 * wfIncrStats() is now deprecated. Use MediaWikiServices::getInstance()
6766 ->getStatsdDataFactory()->updateCount() instead.
6767 * WikiPage::doEditContent() is now deprecated. Use
6768 WikiPage::doUserEditContent() instead. Note that doEditContent() was also
6769 deprecated in 1.32 for unrelated reasons and doUserEditContent() is
6770 deprecated for other reasons, however, using doUserEditContent() is
6771 recommended over using doEditContent().
6772 * WikiPage::doUserEditContent() is now deprecated. Use
6773 PageUpdater::saveRevision instead. Note that the new method expects callers
6774 to take care of checking EDIT_MINOR against the minoredit right, and to apply
6775 the autopatrol right as appropriate.
6776 * LocalFile::recordUpload2, soft deprecated in 1.35, now emits deprecation
6777 warnings. Use ::recordUpload3 instead.
6778 * Constructing a new instance of the ParserOptions class without providing
6779 a User object, which falls back to the global $wgUser, is now deprecated.
6780 * The User class, which was marked as @newable in 1.35, is no longer newable,
6781 meaning that it is no longer safe to manually call the constructor via
6782 `new User`. Instead, use the UserFactory service. Additionally, the
6783 following static constructor methods were deprecated in favor of using the
6784 UserFactory service:
6787 - User::newFromActorId
6788 - User::newFromIdentity
6789 - User::newFromAnyId
6790 - User::newFromConfirmationCode
6791 * The following User methods have been hard deprecated in favor of the new
6792 UserEditTracker service:
6793 - User::getFirstEditTimestamp
6794 - User::getLatestEditTimestamp
6795 * The confusingly-named User->isLoggedIn() method has been deprecated in favour
6796 of the method it wraps, User->isRegistered().
6797 * Use of the `preprocessor=Preprocessor_DOM` option in parser test files has
6798 been deprecated. Preprocessor_DOM was removed in 1.35.
6799 * ParserOptions::setTidy() has been deprecated. It has had no effect since
6801 * Sanitizer::escapeIdReferenceList() has been deprecated; it will eventually
6802 be made private to the class, as it appears to have no uses outside the
6804 * Sanitizer::hackDocType() is deprecated; it will eventually be made private.
6805 * Skin::getIndicatorsHTML() is deprecated. The functionality can be retained
6806 by reimplementing the method using the raw indicators data from
6807 OutputPage::getIndicators.
6808 * Skin::makeVariablesScript() has been deprecated. Use
6809 ResourceLoader::makeInlineScript() instead.
6810 * SpecialPageFactory::getRestrictedPages() has been deprecated.
6811 Use SpecialPageFactory::getUsablePages() instead.
6812 * Title::nameOf() is deprecated; use Title::newFromID()->getPrefixedDBkey()
6814 * DatabaseBlock::insert, DatabaseBlock::update, DatabaseBlock::purgeExpired and
6815 DatabaseBlock::delete are deprecated. Use DatabaseBlockStore::insertBlock,
6816 DatabaseBlockStore::updateBlock, DatabaseBlockStore::purgeExpiredBlocks and
6817 DatabaseBlockStore::deleteBlock instead.
6818 * SpecialBlock::getTargetAndType and AbstractBlock::parseTarget are deprecated.
6819 Call BlockUtils::parseBlockTarget instead.
6820 * SpecialUnblock::processUnblock was deprecated - use UnblockUserFactory
6822 * Deprecated MediaWikiIntegrationtestCase::removeTemporaryHook() in favor of
6823 MediaWikiIntegrationtestCase::clearHook().
6824 * Skin::getSearchLink(), also exposed as 'searchaction' option in SkinTemplate,
6825 has been deprecated. Use Title or SpecialPage methods directly.
6826 * Skin::getAllowedSkins and ::getSkinNames have been deprecated. Use their
6827 respective equivalents in SkinFactory instead.
6828 * The RollbackComplete hook has been deprecated, use the PageSaveComplete hook
6830 * Skin::makeUrl() has been deprecated. Title methods should be used instead.
6831 * Skin::privacyLink(), Skin::disclaimerLink() and Skin::aboutLink() have been
6832 deprecated. Please use Skin::footerLink() instead.
6833 * Skin::getLogo() has been deprecated. Use ResourceLoaderSkinModule instead.
6834 * The module `mediawiki.toc.styles` has been replaced by
6835 ResourceLoaderSkinModule. If you are having problems styling table of contents
6836 ensure you have an updated skin.
6837 * Skin::mainPageLink() has been deprecated. Use LinkRenderer service instead.
6838 * BaseTemplate::getToolbox() method has been hard deprecated. The toolbox data
6839 is now available in a sidebar data array which you can get from any class
6840 that's extending QuickTemplate class.
6841 * Constructing a DefaultPreferencesFactory, LinkHolderArray or PasswordReset
6842 without a $hookContainer parameter is deprecated.
6843 * Autopromote class, soft deprecated since 1.35, now emits deprecation warnings.
6844 Use UserGroupManager instead.
6845 * SpecialBlock::canBlockEmail has been deprecated. Please use
6846 BlockPermissionChecker::checkEmailPermissions instead.
6847 * SpecialBlock::checkUnblockSelf has been deprecated. Please use
6848 BlockPermissionChecker::checkBlockPermissions instead.
6849 * SpecialBlock::parseExpiryInput was deprecated - use
6850 BlockUser::parseExpiryInput instead.
6851 * SpecialBlock::validateTarget has been deprecated, use BlockUtils instead.
6852 * SpecialBlock::validateTargetField has been deprecated for external use,
6853 use BlockUtils instead.
6854 * SpecialPage::getLanguageConverter has been deprecated, use
6855 LanguageConverterFactory::getLanguageConverter() directly.
6856 * ParserCache::getKey has been deprecated. Use ParserCache::getMetadata and
6857 ParserCache::makeParserOutputKey instead.
6858 * The PHPUnit4And6Compat class, used to provide compatibility with PHPUnit 4,
6859 was removed. MediaWiki support for PHPUnit 4 ended with the removal of HHVM
6861 * The PHPUnit6And8Compat class, used to provide compatibility with PHPUnit 6,
6862 was removed without deprecation. This class was introduced during the
6863 upgrade to PHPUnit 8, but never used.
6864 * MediaWikiIntegrationTestCase::assertType, hard-deprecated in 1.35 due to
6865 incompatibility with PHPUnit 8, was removed.
6866 * ParserCache::getETag has been deprecated, instead build suitable etag
6868 * The following functions from the Language class have been hard deprecated
6869 and will be removed in a subsequent release:
6872 - updateConversionTable
6874 * The following functions from the Title class have been hard deprecated:
6875 - getPreviousRevisionID
6877 - getEarliestRevTime
6878 * The following functions from the User class have been hard deprecated:
6881 * The mw.language.commafy client-side method has been deprecated, to match
6882 the deprecation of Language::commafy. Use mw.language.convertNumber
6884 * The "es6-promise" module has been deprecated. Use "es6-polyfills" instead.
6885 * Title::isDeleted() and Title::isDeletedQuick() have been deprecated. Please
6886 use Title::getDeletedEditsCount() and Title::hasDeletedEdits() instead.
6887 * Article::getContentObject, soft-deprecated since 1.32, was hard-deprecated.
6888 * WikiRevision::importUpload, soft-deprecated since 1.31, was hard-deprecated.
6889 * Html::infoBox() has been deprecated. There's no replacement.
6890 * Message::toString() without a $format parameter, soft-deprecated since 1.28,
6891 was hard-deprecated. Use explicit formatting methods instead, such as
6892 Message::text() and Message::escaped().
6893 * BagOStuff::makeKeyInternal() usage outside of BagOStuff has been deprecated.
6894 * BagOStuff::setDebug() is deprecated and calls to it are ignored. Debug logs
6895 are now unconditionally enabled.
6896 * The following global functions have been hard deprecated:
6897 - wfAppendToArrayIfNotDefault
6899 - wfClearOutputBuffers
6900 - wfConfiguredReadOnlyReason
6902 - wfGetPrecompiledData
6904 * BeforeParserFetchTemplateAndtitleHook has been deprecated; replace
6905 with the new BeforeParserFetchTemplateRevisionRecord hook. (The
6906 similar ParserFetchTemplateHook was deprecated in 1.35; the new hook
6908 * The InterwikiLoadPrefix hook has been deprecated; it is not compatible
6909 with future wikitext parsers (which need to enumerate all interwiki
6910 prefixes). In test cases please use $wgInterwikiCache instead.
6911 * WikiPage instances should no longer be constructed for titles that do not
6912 represent editable pages (e.g. special pages). WikiPages were always
6913 documented to represent "MediaWiki article and history".
6914 * Skin::getSkinStylePath() has been deprecated. Please replace usages with
6915 the direct path to the resources.
6916 * The second argument of EnhancedChangesList::getDiffHistLinks, $query, has
6918 * The ParserTestTables hook has been deprecated; it is no longer necessary
6919 after a ParserTestRunner refactoring.
6920 * The following classes have been hard deprecated: CachedAction,
6921 SpecialCachedPage, CacheHelper, ICacheHelper. They were unused in MediaWiki
6922 ecosystem, so no replacement was provided.
6923 * The ProtectionForm::buildForm hook has been deprecated. Please use the
6924 ProtectionFormAddFormFields hook instead.
6925 * RevisionStore::newMutableRevisionFromArray has been hard deprecated. Instead,
6926 MutableRevisionRecord should be constructed directly via constructor.
6927 * UserIdentity::getActorId() is deprecated. The actor ID should not be exposed
6928 to application logic. Storage layer code should use the ActorNormalization
6929 service for normalizing and denormalizing user names.
6930 * Constructing a UserIdentityValue with an actor ID as the third parameter is
6931 deprecated. The parameter should be omitted. Storage layer code should use
6932 the ActorNormalization service for normalizing and denormalizing user names.
6933 * Command::cgroup() is deprecated and no longer functional. $wgShellCgroup is
6934 now implemented as an Executor option.
6935 * Command::restrict() is deprecated. Instead use the new separate accessors.
6936 * MWTidy::tidy() is deprecated. Use MediaWikiServices::getTidy()-tidy() instead.
6937 * TidyDriverBase::supportsValidate() is deprecated; it has always returned
6939 * WatchedItem::getUser hard-deprecated in favor of ::getUserIdentity.
6940 * WatchedItemStoreInterface::enqueueWatchlistExpiryJob was hard deprecated in
6941 favor of the new method maybeEnqueueWatchlistExpiryJob that takes care of
6942 relevant configuration checks.
6943 * LogEntry::getPerformer() and its implementations have been hard-deprecated, in
6944 favor of ::getPerformerIdentity().
6945 * AuthManager::singleton(), deprecated in 1.35, is hard deprecated. Use
6946 MediaWikiServices::getAuthManager() instead.
6947 * User::clearNotification(), deprecated in 1.35, is hard deprecated. Use
6948 WatchlistManager::clearTitleUserNotification() instead.
6949 * Passing string to DatabaseBlock::setBlocker was deprecated. Only UserIdentity
6951 * DatabaseBlock constructor 'byText' option was deprecated in favour of 'by'
6952 option, which now accepts UserIdentity. Passing user ID is deprecated.
6953 * Parser::getUser was deprecated. Use Parser::getUserIdentity instead.
6954 * DatabaseBlock::isWhitelistedFromAutoblocks was deprecated. Use
6955 DatabaseBlock::isExemptedFromAutoblocks instead.
6956 * User::isIPRange(), deprecated in 1.35, is hard deprecated.
6957 Use the UserNameUtils service or IPUtils directly.
6958 * BaseTemplate::getFooterIcons(), deprecated in 1.35, is hard deprecated. Read
6959 footer icons from template data requested via $this->get('footericons').
6960 * `box-shadow()` LESS mixin from mediawiki.mixins is deprecated due to updated
6961 basic browser support. Use unprefixed property `box-shadow:` instead.
6962 * MergeHistory::checkPermissions was deprecated. Use ::probablyCanMerge or
6963 ::authorizeMerge instead.
6964 * User::isValidUserName(), deprecated in 1.35, is hard deprecated.
6965 Use the UserNameUtils service instead.
6966 * The TitleArrayFromResult hook has been deprecated.
6967 * The EditPageBeforeEditToolbar hook has been deprecated; it has become
6968 defunct after the classic edit toolbar was removed. Use one of the many
6969 other EditPage hooks instead.
6970 * Deprecated the class name MediaWiki\User\WatchlistNotificationManager; use
6971 MediaWiki\Watchlist\WatchlistManager instead. Deprecated the method
6972 MediaWikiServices->getWatchlistNotificationManager(); use
6973 MediaWikiServices->getWatchlistManager() instead.
6974 * The "ArticleEditUpdatesDeleteFromRecentchanges" hook, deprecated in 1.35, has
6975 been removed. Other hooks like "RecentChange_save" can be used instead.
6977 === Other changes in 1.36 ===
6978 * The 'tidy' key in ParserOptions (used in the parser cache) has been removed.
6979 It has had no effect since 1.35.
6980 * A future release of MediaWiki will make `{{=}}` a built-in parser function,
6981 for use when automatically escaping the `=` character in template arguments.
6982 A tracking category and parser warning have been added to this release when
6983 `{{=}}` is used and it expands to something other than `=`.
6984 * The implementation of TestFileReader::read has been changed to use Parsoid's
6985 parser test file parser. This should be compatible with existing code, but it
6986 only supports version 2 of the test file specification and may be more strict
6987 when parsing invalid input, including duplicate tests.
6988 * BeforeParserFetchTemplateRevisionRecord, a new hook, unifies and replaces the
6989 old BeforeParserFetchTemplateAndtitleHook and ParserFetchTemplateHook.
6990 * The SkinLessImportPaths attribute was added, allowing skins to add a directory
6991 to the import path for LESS stylesheets. Skins can use this to provide a
6992 custom version of mediawiki.skin.variables.less, setting skin-specific values
6993 for certain LESS variables.
6994 * The interaction between ContentHandler::getParserOutputForIndexing() and
6995 ContentHandler::getDataForSearchIndex() has been clarified (the latter should
6996 only be called with the result of the former). Extensions may override
6997 getParserOutputForIndexing() to skip generating HTML, which may improve
6998 indexing performance. (The default implementation still generates HTML, and
6999 getDataForSearchIndex() implementations can still rely on it if they do not
7000 over-ride getParserOutputForIndexing().)
7001 * Article::fetchContentObject, ::mContentObject, ::mContentLoaded,
7002 ::mRevIdFetched, all deprecated since 1.32, were removed.
7003 * Article::mParserOptions and ::setParserOptions were removed.
7004 * Article and ImagePage::getEmptyPageParserOutput, unused, were removed.
7005 * ParserCache's default serialization format was changed from PHP serialization
7006 to JSON serialization. In case some installed extension do not support JSON
7007 yet, $wgParserCacheUseJson can be used to revert back to PHP serialization.
7008 * PermissionManager::groupHasPermission, ::getGroupPermissions and
7009 ::getGroupsWithPermission were deprecated, use GroupPermissionsLookup
7011 * WatchedItemStoreInterface now accepts PageIdentity where it accepted
7012 LinkTarget, calling with LinkTarget was deprecated.
7013 * 'movable' attribute has been added to the 'namespaces' property of
7014 extension.json schema. Extensions that define namespaces can set it to
7015 `false` to disallow moving pages in the specified namespace. Extensions
7016 should either use this or NamespaceIsMovableHook, but not both. The hook
7017 overrides the attribute.
7021 MediaWiki 1.36 requires PHP 7.3.19 or later and the following PHP extensions:
7032 MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
7033 but support for them is somewhat less mature.
7035 The supported versions are:
7037 * MySQL 5.5.8 or later
7038 * PostgreSQL 9.4 or later
7039 * SQLite 3.8.0 or later
7041 == Online documentation ==
7042 Documentation for both end-users and site administrators is available on
7043 MediaWiki.org, and is covered under the GNU Free Documentation License (except
7044 for pages that explicitly state that their contents are in the public domain):
7046 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
7049 A mailing list is available for MediaWiki user support and discussion:
7051 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
7053 A low-traffic announcements-only list is also available:
7055 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
7057 It's highly recommended that you sign up for one of these lists if you're
7058 going to run a public MediaWiki, so you can be notified of security fixes.
7061 There's usually someone online in #mediawiki on irc.libera.chat.
7065 MediaWiki 1.35 should mostly work on PHP 8.0/8.1, however it is not
7066 currently actively supported. Testing (on a development wiki!) is
7067 appreciated, and bugs with PHP 8.0/8.1 on MediaWiki 1.35 will be accepted.
7069 It is anticipated that in a later MediaWiki 1.35 point release, we can
7070 declare 1.35 as supporting PHP 8.0/8.1.
7072 PHP 8.0 workboard: https://phabricator.wikimedia.org/tag/php_8.0_support/
7073 PHP 8.1 workboard: https://phabricator.wikimedia.org/tag/php_8.1_support/
7074 PHP 8.2 workboard: https://phabricator.wikimedia.org/tag/php_8.2_support/
7075 PHP 8.3 workboard: https://phabricator.wikimedia.org/tag/php_8.3_support/
7077 == MediaWiki 1.35.14 ==
7079 This is a security and maintenance release of the MediaWiki 1.35 branch.
7081 === Changes since MediaWiki 1.35.13 ===
7082 * Localisation updates.
7083 * (T344912) mail: Encode period (ascii 46) if it appears in encoded email
7085 * (T347726, CVE-2023-51704) SECURITY: logging: Fix non-escaped messages
7088 == MediaWiki 1.35.13 ==
7090 This is a maintenance release of the MediaWiki 1.35 branch.
7092 === Changes since MediaWiki 1.35.12 ===
7093 * Tarball release to fix backport issues with patch for T341529.
7095 == MediaWiki 1.35.12 ==
7097 This is a security and maintenance release of the MediaWiki 1.35 branch.
7099 === Changes since MediaWiki 1.35.11 ===
7100 * Localisation updates.
7101 * (T333050, CVE-2023-45363) SECURITY: Fix infinite loop for
7102 self-redirects with variants conversion.
7103 * (T341434) WikiImporter: Improve error message output.
7104 * (T341737) ApiBase: Cast $id to string in filterIDs.
7105 * (T342632) ApiComparePages: Add help url.
7106 * (T347227) ImportReporter: Make callback functions public.
7107 * doc: Improve description of type in extension.schema.v1.json.
7108 * (T340221, CVE-2023-45360) SECURITY: XSS via
7109 'youhavenewmessagesmanyusers' and 'youhavenewmessages' messages.
7110 * (T341529, CVE-2023-45362) SECURITY: diff-multi-sameuser
7111 ("X intermediate revisions by the same user not shown") ignores username
7113 * (T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted XML
7114 file to Special:Upload (non-standard configuration).
7116 == MediaWiki 1.35.11 ==
7118 This is a security and maintenance release of the MediaWiki 1.35 branch.
7120 === Changes since MediaWiki 1.35.10 ===
7121 * Localisation updates.
7122 * (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1.
7123 * (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7
7125 * (T269636) Add Access-Control-Max-Age to $wgAllowedCorsHeaders.
7126 * (T322944) Add Authorization to default $wgAllowedCorsHeaders.
7127 * (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter.
7128 * (T297917) objectcache: avoid use of ctype_digit() in
7129 WANObjectCache::adaptiveTTL().
7130 * (T330464) Work around argument corruption bug in XMLReader::open.
7131 * (T313157) IndexPager: Also protect against $offset being 0.
7132 * (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.
7134 == MediaWiki 1.35.10 ==
7136 This is a security and maintenance release of the MediaWiki 1.35 branch.
7138 === Changes since MediaWiki 1.35.9 ===
7139 * Localisation updates.
7140 * (T324895) MWCallbackStream: Add explicit $stream property.
7141 * Remove /images .htaccess rules that are no longer relevent.
7142 * Disable php in .htaccess of images directory as a hardening measure.
7143 * (T322583) Include missing message parameter in message.
7144 * Fix phan error when Excimer is enabled.
7145 * (T274966) tests: Make pass on php8.0.
7146 * (T323373) Parser: Fix extractSections() behavior for PHP >= 8.0.
7147 * (T326021) Add matrix: to $wgUrlProtocols.
7148 * api/en.json: api-help-datatype-expiry add missing 'may'.
7149 * (T225218) Wait until the recent changes are updated.
7150 * (T328222) Pass empty string to strlen() if schema is null for
7152 * (T317329) OutputPage: Fix undefined ['host'] in ImagePreconnect code.
7153 * (T289926) SpecialRevisionDelete: Set default of '' for wpReason.
7154 * (T155582, T328503) Fix XML dumps for content types with non-string
7156 * (T295958, T278847) MediaWiki-Docker: Switch PHP images to PHP7.4.
7157 * (T314099) revisiondelete: Replace dynamic property Status::$itemStatuses.
7158 * (T329198) ParamValidator: Improve paramvalidator-help-multi-max message.
7159 * (T292348) WikiImporter: do not fail if upload entry in dump lacks 'text'
7161 * (T329484) API: Fix query+allimages user parameter description.
7162 * (T330529) SpecialEditTags: Set default of '' for wpReason.
7163 * (T330526) htmlform: Handle null from HTMLFormField::getDefault in
7165 * (T285159, CVE-2023-29141) SECURITY: Do not apply autoblocks to untrusted
7168 == MediaWiki 1.35.9 ==
7170 This is a security and maintenance release of the MediaWiki 1.35 branch.
7172 === Changes since MediaWiki 1.35.8 ===
7173 * Localisation updates.
7174 * (T319000) WebInstaller: Don't try and run trim() on null.
7175 * (T320864) When calling mail(), use an array for headers.
7176 * (T311567) In ManualLogEntry, cast the comment to string.
7177 * (T323082) Upgrading wikimedia/xmp-reader (0.7.0 => 0.8.5).
7178 * Language: Handle ronna and quetta.
7179 * (T304515) LCStoreStaticArray: atomically replace the cache file.
7180 * (T324890, T324891, T324901) Parser: Allow dynamic properties on PHP 8.2.
7181 * (T322637) SECURITY: sqlite should not create DB file world-readable.
7183 == MediaWiki 1.35.8 ==
7185 This is a security and maintenance release of the MediaWiki 1.35 branch.
7187 === Changes since MediaWiki 1.35.7 ===
7188 * Localisation updates.
7189 * (T311568) UploadBase::setTempFile() handle $tempPath being passed as null.
7190 * (T311559) SpecialListFiles: user parameter isn't always present.
7191 * (T311561) ImageListPager: Don't call htmlspecialchars() on null.
7192 * (T311920) SpecialBlockList: Prevent passing null to trim().
7193 * (T311921) SpecialUserrights: Don't pass null to str_replace.
7194 * (T311570) SpecialWithoutInterwiki: Don't pass null through to
7195 Title::capitalize().
7196 * (T311574, T311576) SpecialLinkSearch: Don't pass null through to the parser.
7197 * (T312519, T312520) Parser::extensionSubstitution() Don't run substr() on null.
7198 * (T287564) populateInterwiki: Include not null columns iw_api/iw_wikiid.
7199 * (T312302) SpecialRedirect: Don't pass null to explode.
7200 * RemoveInvalidEmails: Fix quoting for postgres.
7201 * (T312678) import: UploadSourceAdapter::stream_read() don't pass null to
7203 * (T312300) SpecialDiff: Don't pass null to explode().
7204 * (T312680) parser: Fix CoreParserFunctions::urlencode() null coalescence $arg.
7205 * (T289926) Handle null passed to wfShorthandToInteger() and Html::element().
7206 * (T289926) Ensure that strlen() does not get passed a (valid) null.
7207 * (T312301) SpecialDiff: Don't pass null to trim().
7208 * Hooks: Use more meaningful name for SkinAfterPortlet hook parameter.
7209 * (T289926) Ensure we don't pass null to mb_strlen.
7210 * (T312305, T311572, T311571, T311578) HtmlForm: Null coalescence in trim()
7212 * (T289926) site: Consistently return null from Site::getDomain().
7213 * (T307304, T289879) filebackend,jobqueue: Add signature for
7214 FilterIterator::accept().
7215 * (T312183) rdbms: Adapt hasOrMadeRecentPrimaryChanges test mock for PHP 8.1.
7216 * Add application/vnd.ms-opentype to MIME list.
7217 * Allow composer/installers plugin in composer.json.
7218 * (T313663) Make HandlerTestTrait compatible with php8.1.
7219 * (T313663) [php8.1] Change override of $wgResourceBasePath for CSP tests.
7220 * Change type hints for BatchRowIterator and NotRecursiveIterator for
7221 compatibility with PHP 8.1.
7222 * (T313663) [php8] Don't use strlen on potentially null string.
7223 * (T313663) [php8.1] Suppress test warning about providing null.
7224 * (T313663) Parser will use current timestamp instead of null if passed a
7225 RevisionRecord that does not have a timestamp.
7226 * (T313663) Add explicit null check for $sha in FileBackend [php8.1].
7227 * (T313663) LogFormatter: Cast argument of ctype_digit to string [php8.1].
7228 * (T289879, T289926) Get rid of warnings on PHP 8.1.
7229 * rdbms: fix some PHP 8 warnings in Database/LoadBalancer/LBFactory.
7230 * (T313663) Avoid testing strlen on null in ApiQuerySiteinfo [php 8.1 compat].
7231 * Fix a couple deprecation warnings in the installer under PHP 8.1.
7232 * (T313663) Use default timezone UTC for SpecialWatchlistTest [php 8.1].
7233 * (T314096) Migrate use of ${var}-style string interpolation.
7234 * (T313663, T313662) Make default value for optional args {{PAGESINCAT:..}} be
7236 * (T314225) SpecialCategories: Null coalescene $par.
7237 * (T314099) User: Allow dynamic properties on PHP 8.2.
7238 * (T314404) SpecialGoToInterwiki: Null coalescene $par.
7239 * (T314397) SpecialBlock: Better handle null in getTargetUserTitle.
7240 * (T314099) phpunit: Fix trivial dynamic property usages in tests.
7241 * (T314405) UploadStash: Check if us_prop is set in the fileMetadata.
7242 * (T314550) SpecialMergeHistory: Set timestamp to '' if no mergepoint.
7243 * (T314551) SpecialMergeHistory: Set defaults for target and dest parameters.
7244 * api: Add rel=nofollow to help examples.
7245 * (T314824) tests: Update parser test after i18n change.
7246 * (T263927) Add autocomplete HTML attribute to common auth form fields.
7247 * (T307613) Validate length of user email on Special:ChangeEmail/
7248 Special:CreateAccount.
7249 * (T314906, T314907) SpecialBlock: Set defaults for wpPageRestrictions and
7250 wpNamespaceRestrictions.
7251 * (T315309) ImportStreamSource::newFromURL() Prevent passing null to fwrite.
7252 * (T315892) composer.json: Pin phpunit to 8.5.28.
7253 * (T229092) MigrateActors.php: ignore duplicate creations of actors.
7254 * (T313049) Bump wikimedia/parsoid to v0.12.3.
7255 * (T317750) session: Fix broken SessionTest case due to PHPUnit dependency
7257 * (T318460) SpecialChangeEmail: Set default for returntoquery.
7258 * (T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results
7259 in an IP range check on Special:Contributions.
7260 * (T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence
7263 == MediaWiki 1.35.7 ==
7265 This is a security and maintenance release of the MediaWiki 1.35 branch.
7267 === Changes since MediaWiki 1.35.6 ===
7268 * Localisation updates.
7269 * (T289879) Type hints for ArrayAccess.
7270 * (T304783) TemplateParser: avoid warnings when called by NoLocalSettings.
7271 * Rebuilt vendor with composer 2.3.3.
7272 * (T289879) Address some deprecations for PHP 8.1.
7273 * Fix old_name in UserLogoutComplete hook.
7274 * (T286260, T307979) objectcache: normalize $exptime to a TTL in
7275 APCUBagOStuff/WinCacheBagOStuff.
7276 * MediaSearchWidget should declare an explicit dependency on mediawiki.user
7278 * (T288423) WikiImporter: Replace deprecated WikiRevision::setText.
7279 * (T309377, CVE-2022-29248, T311384, CVE-2022-27776) Updating guzzlehttp/guzzle
7281 * (T308471) SECURITY: Escape welcomeuser message passed to showSuccessPage().
7282 * (T311272) Call parent constructor of AddSite maintenance script first.
7283 * MediaWiki: Don't eagerly initialize action name.
7284 * (T289926) Avoid passing null to trim() in SkinTemplate.
7285 * (T307282) Avoid passing null to strcasecmp(), for PHP 8.1.
7286 * (T311552) ChangesListSpecialPage: Don't pass null to FormatJson::decode().
7287 * (T311569) FileBackend::isStoragePath() Handle being passed null.
7288 * (T311544) Pass int to ApiUsageException::newWithMessage()'s $httpCode param.
7289 * (T311678) SpecialEditWatchlist: Prevent passing null to strtolower().
7290 * (T281741) ChangeTags: Fix adding CSS classes for hidden tags.
7291 * (T296642) changetags: Fix management of a '0' tag.
7292 * (T311554) ChangeTags: Return early in formatSummaryRow() if $tags === null.
7293 * (T303033) Handle null in ChangeTags::modifyDisplayQuery.
7295 == MediaWiki 1.35.6 ==
7297 This is a security and maintenance release of the MediaWiki 1.35 branch.
7299 === Changes since MediaWiki 1.35.5 ===
7300 * (T298261) Fix support for Composer 2.2.
7301 * (T298283) composer.json: Add wikimedia/composer-merge-plugin to allow-plugins.
7302 * Update doctrine/dbal (3.0.0 => 3.1.5).
7303 * (T298564) MemcachedClient: Add support for IPv6.
7304 * (T297543, CVE-2022-28202) SECURITY: properly escape output used within
7305 galleries and Special:RevisionDelete.
7306 * (T268847) Suppress deprecation warnings from libxml_disable_entity_loader().
7307 * (T283275) Fix PHP 8.0 failure of WikiExporterFactoryTest.
7308 * (T274966) Upgrading wikimedia/html-formatter (1.0.2 => 2.0.1).
7309 * Fix the json schema and the extension processor for Parsoid extension modules.
7310 * (T299696) update.php: Avoid passing null to substr.
7311 * In PHP 8.1 don't throw exceptions from mysqli.
7312 * (T289926) SiteConfiguration: Don't pass null to str_replace().
7313 * (T264735) Fix deprecation warning from CURLPIPE_HTTP1.
7314 * (T260735) Stop using is_resource() where possible.
7315 * (T289879) Apply ReturnTypeWillChange to various implementations of built in
7317 * (T299312) Implement __serialize/__unserialize for PHP 8.1 support.
7318 * ExtensionRegistry: Add process cache for lazy attributes.
7319 * (T301041) ApiPageSet: Add "missing": true to missing revisions.
7320 * Allow ParsoidModules extension schema to register services.
7321 * (T297708) Allow setting max execution time to several special pages.
7322 * Upgrading wikimedia/object-factory (v2.1.0 => v2.2.0).
7323 * (T302540) composer.json: Add ext-calendar to require.
7324 * (T302540) composer.json: Add ext-simplexml to require-dev.
7325 * (T302540) composer.json: Add various PHP extensions to suggests.
7326 * Upgrading symfony/polyfill-php80 (v1.23.1 => v1.25.0).
7327 * (T303871) Add Title::getId() as an alias for ::getArticleId().
7328 * (T304008) Don't re-check "Move subpages" on Special:MovePage after a warning.
7329 * (T293576) listFiles: Display file name instead of version.
7330 * (T303560) Installer: Check correct PCRE_CONFIG_NEWLINE value.
7331 * wrapOldPasswords: add \n to two output calls.
7332 * (T304993) Make editcontentmodel a part of editpage grant.
7333 * (T297571, CVE-2022-28201) Title::newMainPage() goes into an infinite recursion
7334 loop if it points to a local interwiki.
7335 * (T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with many file
7336 uploads with actor as a condition can result in a DoS.
7338 == MediaWiki 1.35.5 ==
7340 This is a security and maintenance release of the MediaWiki 1.35 branch.
7342 === Changes since MediaWiki 1.35.4 ===
7343 * (T290697) Add symfony/polyfill-php80.
7344 * IcuCollation: Add some more icu to unicode version mappings.
7345 * ApiBase: Annotate deprecated constants individually.
7346 * PHPVersionCheck: Mark PHP 7.4.0 - 7.4.2 as buggy.
7347 * (T293044) installer: Fix 5th param to sourceFile() in DatabaseUpdater.
7348 * (T291127) Always encode spaces in cookie values as "%20".
7349 * Use LocalFile::getHookRunner instead of LocalFile::hookRunner.
7350 * HistoryBlobStub: add getLocation() to get $mOldId.
7351 * Fix checkStorage.php.
7352 * checkStorage: pass no parameters to WikiRevision::getContent().
7353 * (T292763, CVE-2021-44854) SECURITY: Do not cache private wiki completion
7355 * (T294316) Revert "Mark ApiClientLogin/ApiLogin as requiring write mode".
7356 * (T250068) resources: Upgrade jQuery from 3.4.1 to 3.6.0.
7357 * (T250068) resources: Upgrade jquery-migrate from 3.1.0 (patched) to 3.3.2
7359 * (T294796) JobQueueRedis: Replace deprecated zSize with zCard.
7360 * (T212428, T267468) Allow populateContentTables to continue when there are
7362 * (T295191) ApiQuerySiteinfo: Fix "rightsinfo"/"url" when $wgRightsPage is
7364 * Update pear/mail_mime to 1.10.11.
7365 * Update deprecated Guzzle Psr7 function calls.
7366 * Tweak error message for missing composer dependencies.
7367 * (T296112) Allow inserting new sections named '0'.
7368 * nukeNS: don't run purgeRedundantText() after every change.
7369 * (T225888) RollbackAction: fix missing pagetitle.
7370 * (T297322, CVE-2021-44858, CVE-2021-44857) SECURITY: Fix permissions checks in
7372 * (T297574, CVE-2021-45038) SECURITY: Fix permissions check in action=rollback.
7373 * (T34716, T297416) SECURITY: Require 'read' right for most actions.
7374 * (T271037, CVE-2021-44856) SECURITY: Fix use of EditFilterMergedContent hook
7375 when changing content model.
7377 == MediaWiki 1.35.4 ==
7379 This is a security and maintenance release of the MediaWiki 1.35 branch.
7381 === Changes since MediaWiki 1.35.3 ===
7382 * (T283394) Mark ApiClientLogin/ApiLogin as requiring write mode.
7383 * (T283273) Make postgres IRC channel point to libera.chat.
7384 * (T289108) ExtensionProcessor: Remove loaderScripts from extension.json
7386 * (T281549) Installer: Fix mediawiki-announce auto subscription code.
7387 * FormatJson: Optimize encode() for supported PHP versions.
7388 * (T290398) renameRestrictions.php: Update protected_titles as well.
7389 * $wgMimeTypeBlacklist - This configuration array now prohibits the RFC 4329
7390 form of JavaScript, 'application/javascript', as well as previous MIME types.
7391 * (T51097, T290273) resourceloader: Call getStyleFiles from
7392 FileModule::getFileHashes.
7393 * (T277788) parser: Avoid calling ParserOptions::getOption() too many times.
7394 * (T285515, CVE-2021-41798) SECURITY: XSS vulnerability in Special:Search.
7395 * (T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full
7397 * (T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of
7398 Special:Contributions.
7400 == MediaWiki 1.35.3 ==
7402 This is a security and maintenance release of the MediaWiki 1.35 branch.
7404 === Changes since MediaWiki 1.35.2 ===
7405 * (T259685) SQLite compatibility with ZeroConf VisualEditor was fixed in 1.35.2.
7406 * (T196906, T242751) Fix the test MonologSpiTest::testDefaultChannel.
7407 * (T279964) Parser: Trim trailing whitespace as the last step in pre-save
7409 * (T278026) rdbms: Add DB_PRIMARY to replace DB_MASTER.
7410 * (T252853) Update updateSearchIndex.php to 2006+ standards.
7411 * (T276945) Define a batch size in maintenance/manageJobs.php.
7412 * (T276945) Implement JobQueueDB::getAllAbandonedJobs.
7413 * (T269676) authevents: strval() variables passed to status when logging.
7414 * (T280944) $wgIncludejQueryMigrate - This setting allows the jQuery Migrate
7415 plugin to be disabled. It has been enabled by default since MediaWiki 1.27.
7416 * (T281584) apihelp-query+iwlinks-param-prop: s/interlanguage/interwiki/.
7417 * (T281635) Delete maintenance/cleanupAncientTables.php.
7418 * (T282133) RedisConnectionPool: Suppress phan issue.
7419 * (T281549) WebInstaller: Don't show the announce-l subscribe
7420 checkbox temporarily.
7421 * (T278266) Fix annoying E_NOTICE about undefined 'alt' index in
7422 Skin#makeFooterIcon.
7423 * (T264214) UserRightsProxy::addGroup has to be allowed to update the
7424 old group as well, which is used for granting interwiki rights.
7425 * (T269776, T278266) getFooterIcons should not return empty arrays.
7426 * (T274966) Skip AvroFormatterTest::testSchemaNotAvailable on PHP 8.0.
7427 * phpunit: fail on warnings.
7428 * (T283247) Freenode -> Libera per wikimedia moving from
7430 * (T243124) Make phpunit:unit accept extension*.json to populate the classes.
7431 * (T142663) Add extension.json merge strategy "provide_default".
7432 * (T283540) HookContainer: Fix normalization of callback for static handler.
7433 * (T283464) Fix array order for array_replace_recursive merge strategy.
7434 * (T247223) Optimise MessageCache::isMainCacheable() for the single-message
7436 * (T278579) Don't send headers on ob_end_clean().
7437 * (T280226, CVE-2021-35197) SECURITY: Prevent blocked users from purging
7440 == MediaWiki 1.35.2 ==
7442 This is a security and maintenance release of the MediaWiki 1.35 branch.
7444 MediaWiki 1.35.2 supports Composer 2.0. It is recommended to make sure your
7445 libraries are up to date on Composer 1.x, before running Composer 2.x.
7447 While normally running update.php isn't required for point releases,
7448 it is recommended to run it for 1.35.2 so that iwlinks.iwl_prefix is
7449 updated to take 32 characters.
7451 === Changes since MediaWiki 1.35.1 ===
7452 * (T270450) The confusingly-named User->isLoggedIn() method has been deprecated
7453 in favour of the method it wraps, User->isRegistered().
7454 * Upgrade pimple/pimple from 3.3.0 to 3.3.1 for PHP 8.0 support.
7455 * Upgrade seld/jsonlint from 1.7.1 to 1.8.3 for PHP 8.0 support.
7456 * Upgrade doctrine/dbal from 2.10.4 to 3.0.0 for PHP 8.0 support.
7457 * (T270734) Fix display of Special:Preferences URL in password reset email.
7458 * (T252774, T271441) resourceloader: Give SkinModule 'features' option an
7460 * (T271441) Unknown features shouldn't break style output.
7461 * (T264986) Make use of CURLMOPT_MAX_HOST_CONNECTIONS conditional on having
7463 * DefaultSettings.php: Update $wgPingback documentation.
7464 * Fix docs for LanguageConverter::translate.
7465 * (T272250) Don't rely on implicit string->int cast in comparison.
7466 * (T272327) Exif::isSlong: Cast input to float so PHP 8.0 abs() doesn't whine.
7467 * (T272328) UploadBase: Don't call MimeAnalyzer if mTempPath is null.
7468 * Remove nonfunctional default sampling for WANObjectCache metrics.
7469 * (T258851) Prevent service injection to LoadExtensionSchemaUpdates hook.
7470 * (T270852) Hooks: Map dash character to underscore when generating hook names.
7471 * (T271551, T270145) Fix fetching ipblock-exempt within
7472 BlockManager::getUserBlock.
7473 * PHPVersionCheck: The PHP Group only supports PHP >= 7.3.0.
7474 * (T248925) Set empty closures in DatabaseTest to fix PHP 8 tests.
7475 * (T34217) rdbms: Remove outdated MySQL 4 references and fix doc URLs.
7476 * (T248925) Special:Contributions reports negative namespace error on PHP 8.
7477 * (T248925) objectcache: Fix non-numeric string check in HashBagOStuff for
7479 * (T248925) Fix CacheTime::getCacheExpiry for PHP 8.
7480 * (T259685) Allow REST API POST handlers to opt out of mandatory SQLite locking.
7481 * (T91820, T259685) MWLBFactory: rename magic HTTP header for opting out of
7483 * (T272326) Fix DeprecationHelperTest on PHP 8.
7484 * Upgrade wikimedia/less.php from 3.0.0 to 3.1.0 for PHP 8.0 support.
7485 * (T236639) OutputPage: Make $wgDebugRedirects work again.
7486 * (T274648) registration: Allow reusing cached metadata between wikis.
7487 * CdnCacheUpdate: Send full URL instead of path to Curl for purge.
7488 * Upgrade monolog/monolog from 1.25.3 to 2.2.0 for PHP 8.0 support.
7489 * FileBackend: Do not use SOCKET_ENOENT on windows.
7490 * (T275441) ApiQueryUserInfo: Allow all uiprops to be requested at once.
7491 * (T275261) Escape wikitext in the title in invalid title error messages.
7492 * (T275242) Extend iwlinks.iwl_prefix to VARBINARY(32) on MySQL.
7493 * (T246594, T270228) PHPVersionCheck: Complain about known-bad versions above
7495 * (T275824) Upgrade wikimedia/composer-merge-plugin from 1.4.1 to 2.0.1 for
7496 Composer 2.0 support.
7497 * (T269293) Record all used options in metadata.
7498 * Allow usage of Composer 2.0 to install MediaWiki's dependencies.
7499 * (T259872) skins: Call headElement() after getTemplateData() in SkinMustache.
7500 * (T277009, CVE-2021-30158) SECURITY: Allow blocked users to access
7501 Special:ResetTokens.
7502 * (T272412) Add "Account data" section to user preferences.
7503 * (T268310) Add list of thumbnail urls to LocalFilePurgeThumbnails hook.
7504 * (T277520) registration: Allow specifying immovable namespaces in
7506 * (T275619) Maintenance::hasOption and Maintenance::getOption now behave as
7507 documented and are not altered by previous calls to these methods.
7508 * (T254688) Remove page inner join from subquery in SpecialWhatLinksHere.
7509 * (T122124) signup: added help message for security.
7510 * (T278014, CVE-2021-30154) SECURITY: Escape mediastatistics-header-* messages
7511 on Special:NewFiles.
7512 * (T278058, CVE-2021-30157) SECURITY: Escape rcfilters-filter-* messages on
7514 * (T277414) HTMLFormField: Use non namespaced class name rather than
7516 * (T268673) maintenance: Don't create SearchUpdate in rebuildtextindex.php
7517 for page_namespace below 0.
7518 * (T246594, T270228) Mark ParserOptionsTests skipped on PHP 7.4.0-7.4.8.
7519 * (T268230) Switch to new MediaWiki logo by Serhio Magpie.
7520 * (T271735) Expand config-pingback-help, link to privacy policy in
7522 * Fix documentation of user-global in $wgRateLimits.
7523 * BackupDumper: Add -o as shortcode for --output.
7524 * (T235554) Disable DEFER_SET_LENGTH_AND_FLUSH headers to avoid HTTP errors.
7525 * (T270713, CVE-2021-30152) SECURITY: Allow user to only apply protection they
7526 have right to do so via action=protect.
7527 * (T272386, CVE-2021-30159) SECURITY: Non-admin deleted enwiki page in fast
7529 * (T270988, CVE-2021-30155) SECURITY: ContentModelChange: Check that user can
7531 * (T279451, CVE-2021-30458) SECURITY: Parsoid comment fostering allows for
7532 inserting mostly arbitrary <meta> tags.
7534 == MediaWiki 1.35.1 ==
7536 This is a security and maintenance release of the MediaWiki 1.35 branch.
7538 While normally running update.php isn't required for point releases,
7539 it is recommended to run it for 1.35.1 so that sites.site_language is
7540 updated to take 35 characters.
7542 Watchlist Expiry is no longer considered experimental, but is off by default.
7543 To enable it, set $wgWatchlistExpiry = true; in your LocalSettings.php.
7545 === Changes since MediaWiki 1.35.0 ===
7546 * (T263929) purgeList.php Fix all-namespaces option to match one used in code.
7547 * (T248719) ParserCache::get - fix wfDeprecated call.
7548 * (T261430) WatchlistExpiryWidget: Move focus to expiry dropdown after hitting
7550 * Preload mediawiki.watchstar.widgets before api request.
7551 * (T261030) ApiEditPage: Show existing watchlist expiry if status is not being
7553 * (T264502) Fix PHP 8 compat with strcspn() $length parameter exceeding string.
7554 * (T248925) Remove final modifier on private function.
7555 * (T264683) Remove ipb_anon_only from ipb_address_unique index addition.
7556 * (T261415) Add days left messages to changes-lists' clock icons.
7557 * Fix order of wfDeprecated parameters in ExternalStoreDB::getSlave.
7558 * (T261260) Preload class used in HeaderCallback.
7559 * (T260868, T260009) Normalize WatchedItem expiry field.
7560 * (T264683) Remove doTable check from (Mysql|Sqlite)Updater::indexHasFields.
7561 * (T264534) ApiPageSet: Avoid infinite loop when merging redirects.
7562 * (T196906) Empty Monolog loggers are now real blackholes.
7563 * (T258649) WatchAction: avoid UPDATE when old and new watch period is
7565 * Parser: Adjust typehint to show that getTitle can return null.
7566 * (T263592) media: Fix case of FlashPixVersion in
7567 FormatMetadata::makeFormattedData().
7568 * (T265223) BaseTemplate: Guard against passing zero arg to array_merge().
7569 * (T264965) Fix base path handling for MessagePosterModule registration.
7570 * (T252183) Fix Database::getTempTableWrites for multi table DDLs.
7571 * (T182546) Fix switch/case indentation per mediawiki coding conventions.
7572 * Flip Yoda conditionals.
7573 * (T263213) Move SkinTemplate::getFooterLinks() to Skin.
7574 * build: Updating mediawiki/mediawiki-codesniffer to 33.0.0.
7575 * (T267105) Make ImageBuilder::checkMissingImage public.
7576 * Updating guzzlehttp/guzzle (6.5.4 => 6.5.5).
7577 * (T266681) Support new style hook registration on install and update.
7578 * (T266980) Fix unsetting of copyright icon in FooterIcons.
7579 * upload.js: Don't assume that warnings array will include 'code' key.
7580 * upload.js: Fix typo in upload API.
7581 * (T264333, T190988, T266903) Pass along ignorewarnings param to all
7582 individual chunks being uploaded.
7583 * (T267558) importTextFiles.php: Replace deprecated WikiRevision:setText().
7584 * (T266418) composer.json: add requirement for composer-plugin-api ^1.1.
7585 * (T261431) Add ARIA attributes to watchlink and its notification.
7586 * (T258877) Change invalid 'Content-Encoding: none' header.
7587 * Fix trailing ; in patch-sites-site_language-35.sql.
7588 * (T248852) wfAssembleUrl: Handle empty query field in URL bits.
7589 * (T268846) Updating wikimedia/testing-access-wrapper (1.0.0 => 2.0.0).
7590 * (T268887) migrateComments: Cast array keys back to string before passing
7592 * (T266619) Introduce new $wgThumbPath config.
7593 * (T269178) MemcachedClient: Cast Resource to integer.
7594 * (T263925) Use the old HookContainer to set up the post-reset services.
7595 * Change "site cache" to just "cache" in the right-purge message.
7596 * [UploadedFileStreamTest] Skip test with chmod.
7597 * (T269710) Updating composer/semver (1.5.1 => 1.7.2).
7598 * (T269710) Updating mediawiki/mediawiki-codesniffer (33.0.0 => 34.0.0).
7599 * (T260631, T260633), BotPassword::save() now returns a Status object for the
7600 result rather than a bool. The length of the bot password grants and
7601 restriction fields are now validated, and an error will be thrown if it
7602 would be truncated by the database.
7603 * (T265778) Fix English/*nix specific error messages in FSFileBackend.
7604 * (T267543) Split dropping of image.img_user_timestamp.
7605 * [FileTest] Do not assume /tmp exists on windows.
7606 * Clean up temp files correctly after unit tests.
7607 * Skip undo related phpunit tests when diff3 is missing.
7608 * (T269964) rdbms: Remove outer parentheses in insert query for Postgres.
7609 * (T263911) In MWExceptionHandler::report(), catch all throwables.
7610 * (T268894, CVE-2020-35474) SECURITY: Use Html::element in
7611 ChangeListSpecialPage for sanity.
7612 * (T268917) Use Xml::element in SpecialUserrights for sanity.
7613 * (T268938, CVE-2020-35478, CVE-2020-35479) SECURITY: Pass escaped html
7614 to LogFormatter::makePageLink for sanity.
7615 * (T268938) Fixed mixed escaping in Language::translateBlockExpiry.
7616 * (T263911) UserOptionsManager: don't differentiate anons caches.
7617 * (T261260) HeaderCallback: pre-cache request ID.
7618 * Parsoid updated to v0.12.1.
7619 * (T205908, CVE-2020-35477) SECURITY: Unable to change visibility of log
7620 entries when MediaWiki:Mainpage uses Special:MyLanguage.
7621 * (T120883, CVE-2020-35480) SECURITY: Divergent behavior for contributions
7622 and user pages of hidden users and missing users.
7623 * (T270145) Fix condition that can lead to using APCOND_BLOCKED in
7624 $wgAutopromote to cause an OOM in PHP.
7626 == MediaWiki 1.35.0 ==
7628 === Changes since MediaWiki 1.35.0-rc.3 ===
7629 * (T261258) Remove checks for ancient ImageMagick versions in BitmapHandler.
7630 * (T260232) Don't include null page ids in query list for category dumps.
7631 * (T260009) Check existing watchitem when saving action=watch.
7632 * (T259055) Correct success messages for action=watch.
7633 * mediawiki.page.ready: Simpler tablesorter/makeCollapsible call.
7634 * mediawiki.page.ready: Fix skin override config flags, wrong way round.
7635 * (T262175, T248512) Remove requirement for ApiWatchlistTrait to be in ApiBase.
7636 * (T259053, T260434) Watchlist: Fix updateWatchLink removing css class when
7638 * (T261901, T261476) mediawiki.notification: Don't close notif when clicking
7640 * (T251506) Sanitizer: Truncate IDs to a reasonable length.
7641 * (T259452) Parsoid updated to v0.12.0.
7642 * (T261970) watch.ajax: Add expiry support to watchpage.mw event.
7643 * (T262900) Fix failure of rebuildLocalisationCache.php due to ResourceLoader
7645 * (T263014) Hard deprecate File::userCan() with $user=null.
7646 * (T262547) Use localized success message after watching via action=watch.
7647 * (T201491) Fix typo 'Watchlst' in `apihelp-edit-param-watchlistexpiry`.
7648 * (T261081) Installer: consistently reset Language objects.
7649 * (T250449, T250450) Installer: consistently reset Language objects.
7650 * Explicitly wrap some XML calls in libxml_disable_entity_loader().
7651 * (T262934) Ensure dropdown label is always on its own line.
7652 * (T246855) resourceloader: Use a local HookRunner.
7653 * (T263604) Have findBadBlobs.php require Maintenance.php rather than
7655 * (T263606) Set fake time, to avoid flaky tests.
7656 * (T261325) Add FindMissingActors script.
7657 * (T262364) shell: Don't blacklist /run/firejail.
7658 * (T263655) NewPagesPager: Ignore nonexistent namespaces.
7659 * Update specialPageAliases and magicWords for Egyptian Arabic (arz).
7660 * (T261347) ParserOutput: don't throw on bad editsection.
7661 * (T232568, CVE-2020-25813) SpecialUserrights: If a viewer lacks `hideuser`,
7662 ignore hidden users.
7663 * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on
7664 Special:Contributions.
7665 * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within
7667 * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking
7668 firejail's --output functionality.
7669 * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and
7671 * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in
7672 mw.message( ... ).parse().
7673 * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct
7675 * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used.
7676 * Add Finnish special page aliases.
7677 * Fix GuzzleHttpRequest request headers.
7678 * Fix description for pruneFileCache.php.
7679 * emptyUserGroup.php: handle more than 5000 users.
7680 * Make ApiSandbox copyable URL absolute.
7681 * (T261087) Add a link from a deleted page to that page's logs.
7683 == MediaWiki 1.35.0-rc.3 ==
7685 === Changes since MediaWiki 1.35.0-rc.2 ===
7686 * (T258662) mediawiki.visibleTimeout: Update the nextVisibleTimeoutId value.
7687 * Ensure Parsoid doesn't throw when <ref> is used w/o Cite installed.
7688 * Remove maintenance/createCommonPasswordCdb.php.
7689 * (T260468) Increase "sites.site_global_key" to varbinary(64).
7690 * (T183759) Fix shell edge-cases in Windows.
7691 * (T257879) Drop PHP 7.2 support; require 7.3.19.
7692 * (T251661, CVE-2020-25827) SECURITY: User::pingLimiter: add user-global
7694 * (T246991) User: enforce pingLimiter() expiry time.
7695 * (T256831) Rest: Handle Uri constructor exception.
7696 * (T259094) Fix RequestFromGlobalsTest failing in Travis CI.
7697 * (T256831, T261344) Rest: Use try/catch to handle URIs with embedded colon.
7699 == MediaWiki 1.35.0-rc.2 ==
7701 === Changes since MediaWiki 1.35.0-rc.1 ===
7702 * (T259693) uuid: Fix filenames on Windows.
7703 * Remove Gruntfile.js and package-lock.json from the tarball.
7704 * firejail: Strengthen by copying from Wikimedia's profile.
7705 * (T260059) ResourceLoaderOOUIImageModule: loadOOUIDefinition() may return
7707 * (T30162, T245387) The installer supports using a Postgres server running
7708 on a custom port other than 5432.
7709 * (T260201) Support private wikis in Parsoid zero configuration mode.
7710 * Fix bad use of `|=` PHP bit operation where `= … ||` bool is intended.
7711 * (T259212) SpecialBlock: Show error if a block could not be inserted or found.
7712 * (T255842) UserOptionsManager: fix options reset.
7713 * (T258649) WatchAction: avoid unnecessary UPDATEs when expiry is unchanged.
7714 * (T250851) Allow skins to override mediawiki.page.ready initialisation.
7715 * (T250851) mediawiki.page.ready: Allow skins to disable search lazy load.
7716 * (T253135, T255632) Update language in watchlist expiry.
7717 * Use IPset in MWRestrictions::checkIP.
7718 * (T259564) Fix race condition on edit page.
7719 * (T260759) Hide watchlist expiry label in edit form.
7720 * mime: Fix docs of MIME_EXTENSIONS, they're arrays, not space-separated.
7721 * (T260031) Add application/font-sfnt to MimeMap for ttf files.
7722 * (T259379) WatchedItemStore: Cache single WatchedItems with preexisting expiry.
7723 * Add a maintenance script to create bot passwords.
7724 * (T201269) Add Traditional Chinese zh-hant as fallback for Amis (ami).
7725 * Improve wfParseUrl docs.
7726 * (T251038) Add multi index fields in ImageListPager for unique paginate.
7727 * (T259916) Guard against 'Widget not found' error.
7729 == MediaWiki 1.35.0-rc.1 ==
7731 === Changes since MediaWiki 1.35.0-rc.0 ===
7732 * (T252136) Fix RecentChanges watchlist filters when WatchlistExpiry is off.
7733 * (T258662) Update time period for watchlist expiry pop-up.
7734 * (T258443) Fix expiry dropdown not getting disabled on edit page.
7735 * (T259398) Add license information for promise-polyfill.
7736 * Remove executable bit from scripts without shebang.
7737 * (T256526) Fix bold of watched items on Special:RecentChangesLinked.
7738 * (T259060) Edit page expiry dropdown should keep state after
7740 * (T259009) Translate expiry period in pop-up message for watchlist expiry.
7741 * (T258310) Add watchlist clock icon to RecentChanges.
7742 * (T259362) Permit temporary table writes on replica DB connections.
7743 * (T250214) Add UI support in Special:EditWatchlist for watchlist expiry.
7744 * (T72470) Disable wgLegacyJavaScriptGlobals by default.
7745 * (T130906) Add Edge to MediaWiki:Clearyourcache.
7746 * (T257279) Add mediawiki.ui Less variable deprecation note.
7747 * (T249521) Fixed reassignEdits.php to work with anonymous users.
7748 * (T259448) Fix Circular dependency when creating service in
7749 DBLoadBalancerFactory.
7750 * (T257259) Default to using watchlist expiry of old page when moving pages.
7752 == MediaWiki 1.35.0-rc.0 ==
7754 == Upgrading notes for 1.35 ==
7755 1.35 requires PHP 7.3.19 or above (up from 7.2.9). (T257879)
7757 1.35 has several database changes since 1.34, and will not work without schema
7758 updates. Note that due to changes to some very large tables like the revision
7759 table, the schema update may take quite long (minutes on a medium sized site,
7760 many hours on a large site).
7762 Don't forget to always back up your database before upgrading!
7764 MediaWiki 1.35 is the next LTS after 1.31, and will be supported for around 3
7767 MediaWiki has a lot of both soft and hard deprecations, and code removed. As
7768 always, make sure your versions of extensions match the MediaWiki version,
7769 and updates may be required to any custom extensions.
7771 See the file UPGRADE for more detailed upgrade instructions, including
7772 important information when upgrading from versions prior to 1.11.
7774 Some specific notes for MediaWiki 1.35 upgrades are below:
7775 * (T259685) When using SQLite as the database backend for MediaWiki,
7776 Zeroconf (zero-configuration) VisualEditor/Parsoid only works with
7777 MediaWiki 1.35.2 and above. It is still recommended to use
7778 MySQL/MariaDB rather than SQLite when using VisualEditor.
7780 For notes on 1.34.x and older releases, see HISTORY.
7782 === Configuration changes for system administrators in 1.35 ===
7784 * (T72470) $wgLegacyJavaScriptGlobals is now false by default. This feature
7785 will be completely removed in a later MediaWiki release.
7787 ==== New configuration ====
7788 * $wgDiffEngine — This can be used to specify the difference engine to use,
7789 rather than MediaWiki choosing the first of $wgExternalDiffEngine, wikidiff2,
7790 or php that is usable.
7791 * $wgSearchMatchRedirectPreference — This configuration setting controls whether
7792 users can set a new preference, search-match-redirect, which decides if search
7793 should redirect them to exact matches is available. By default, this is set to
7794 false, which maintains the previous behaviour without preference bloat. Change
7795 your site's default by setting $wgDefaultUserOptions['search-match-redirect'].
7796 * $wgPoolCounterConf['SpecialContributions'] — Per-user concurrency in the use
7797 of SpecialContributions can now be limited by setting this appropriately.
7798 * $wgPasswordPolicy — PasswordCannotBeSubstringInUsername is a new password
7799 policy check. Similar to the existing PasswordCannotMatchUsername check, this
7800 check ensures that a user's (case-insensitive) password cannot be a part of
7801 their username. e.g. password = MyPass, username = ThisUsersPasswordIsMyPass.
7802 * $wgLogos — This new configuration setting combines the now-deprecated $wgLogo
7803 and $wgLogoHD settings into a single, associative array. It provides support
7804 for a new key, 'wordmark', for setting a horizontal wordmark to show next to
7805 the graphical logo. To do this, set 'wordmark' to an array with 'src' set to
7806 the path of the wordmark image, and 'width' and 'height' for its dimensions
7807 in pixels. $wgLogos inherits the existing support provided by its predecessor
7808 settings: '1x' mapping to the path of the logo as a 135x135px raster image
7809 (equivalent to $wgLogo), and '1.5x', '2x', and 'svg' operating as before for
7810 $wgLogoHD. If $wgLogos is unset, $wgLogo and $wgLogoHD values are read for
7811 temporary backwards compatibility. (T232140)
7812 * $wgWatchlistExpiry — (EXPERIMENTAL) This enables the new watchlist expiry
7813 feature. The database table (watchlist_expiry) for this is created regardless
7814 of this setting, but all other aspects of the expiry feature are controlled
7815 by it. Enabling in production is discouraged for the time being. A future
7816 MediaWiki 1.35 release will advertise this feature once it is stable.
7817 * $wgWatchlistPurgeRate — This sets the chance of expired watchlist items being
7818 purged on each page edit. Only has effect if $wgWatchlistExpiry is true.
7819 * $wgWatchlistExpiryMaxDuration — This is the maximum definite relative duration
7820 for watchlist expiries. Only has effect if $wgWatchlistExpiry is true.
7821 * $wgImgAuthPath – This can be used to override the path prefix used when
7822 handling img_auth.php requests. (T235357)
7823 * $wgAllowedCorsHeaders — This is a list of headers which can be used in a
7824 cross-site API request.
7825 * $wgHTTPMaxTimeout and $wgHTTPMaxConnectTimeout — These allow site
7826 administrators to limit the timeouts used by the HTTP client libraries.
7827 This only affects callers using HttpRequestFactory and the deprecated
7828 wrappers in the Http class.
7829 * $wgCdnMaxageStale — This controls the Cache-Control s-maxage header for page
7830 views when PoolCounter lock contention indicates that a stale cache entry
7832 * $wgForceHTTPS — This makes the HTTP to HTTPS redirect be unconditional and
7833 suppresses various hacks needed to support mixed HTTP/HTTPS wikis. We
7834 recommend this be set to true on pure HTTPS wikis.
7835 * $wgCookieSameSite — This setting allows login cookies to be sent with
7836 SameSite=None. This is required for cross-site CentralAuth auto-login after
7838 * $wgUseSameSiteLegacyCookies — This adds a compatibility hack to
7839 SameSite=None cookies for browsers which implemented an incompatible draft
7840 version of the specification.
7842 ==== Changed configuration ====
7843 * $wgResourceLoaderMaxage (T235314) — This configuration array controls the
7844 max-age for HTTP caching through the Cache-Control header. It has uses the
7845 "versioned" key for urls that do have a version parameter, and the
7846 "unversioned" key for urls without a version parameter. The sub keys for
7847 "client" and "server" are no longer supported in MediaWiki 1.35.
7848 * $wgEnableOpenSearchSuggest — This boolean variable is deprecated and no longer
7849 used. The OpenSearch API is now always enabled.
7850 * $wgAuthManagerConfig and $wgAuthManagerAutoConfig — These can now use the
7851 'services' option in provider specifications.
7852 * $wgVirtualRestConfig['modules']['parsoid'] —
7853 - The defaults have been updated. If you were relying on the default values,
7854 you may need to update your configuration.
7855 - The 'URL' parameter, previously allowed for backwards-compatibility, has
7856 been deprecated. Use 'url' instead.
7857 * $wgXmlDumpSchemaVersion — Default is now set to XML_DUMP_SCHEMA_VERSION_11, so
7858 dumps use the new dump format by default. Consumers of XML dumps should not
7859 be affected if they ignore any unknown tags they encounter. Also, the format
7860 is effectively unchanged for revisions that only contain the main slot. The
7861 --schema-version option can be used with the dumpBackup.php script to set the
7862 dump format. (T238921)
7863 * $wgParserConf — This configuration is now deprecated. It has been
7864 effectively constant since 2008, and is ignored by core code.
7865 Configure the ParserFactory service in order to customize the Parser used.
7866 * $wgAutoloadAttemptLowercase — This has been deprecated, and the default value
7868 * $wgAllowImageMoving — This configuration setting is now deprecated. Instead,
7869 use $wgGroupPermissions; e.g., to revoke sysops' ability to move images use
7870 $wgGroupPermissions['sysop']['movefile'] = false.
7871 * $wgAllowImageTag — This configuration is now deprecated; future parsers will
7872 not support direct use of the HTML <img> tag in wikitext.
7873 * $wgUseTwoButtonsSearchForm — This has been deprecated. If you maintain a skin
7874 that relies on this and wishes to let system administrators change it, you
7875 should convert it to a config variable specific to your skin. If you're using
7876 it to configure your wiki, you should check individual skins to see whether
7877 they have local skin config for the feature and use that.
7878 * $wgPasswordPolicy — The deprecated policy 'PasswordCannotBePopular' has been
7879 removed. Use PasswordNotInCommonList instead which covers many more passwords.
7880 * Backwards compatibility for using an associative array
7881 (e.g. [ '127.0.0.1' => 'bad-ip' ]) for $wgProxyList has been removed. This
7882 was deprecated since 1.30. Please convert these arrays to indexed/sequential
7883 ones (e.g. [ '127.0.0.1' ]).
7884 * $wgShellRestrictionMethod — This now defaults to 'autodetect', which will
7885 enable sandboxing for shell commands using firejail, if it's installed. To
7886 disable restrictions, set it to false.
7887 * $wgLegacyJavaScriptGlobals – This deprecated setting now default to false,
7888 instead of true, ahead of its planned removal.
7890 ==== Removed configuration ====
7891 * $wgSysopEmailBans — This setting, deprecated in 1.34, was removed. To let
7892 sysops block email access, use $wgGroupPermissions['sysop']['blockemail'].
7893 * $wgDBWindowsAuthentication — This setting had no effect anymore after support
7894 for SQL Server was removed in 1.34. (T230418)
7895 * $wgProfileOnly — This setting, deprecated in 1.23, was removed. The profiler
7896 output should instead be configured via $wgProfiler['output'].
7897 * $wgProfileLimit — This setting, deprecated in 1.25, was removed.
7898 Set $wgProfiler['threshold'] instead.
7899 * $wgDebugTimestamps — This setting was removed. It affected the text output
7900 produced via $wgDebugComments, if enabled.
7901 * $wgSkipSkin — This setting, deprecated in 1.23, was removed. To disable a
7902 skin from being shown, use $wgSkipSkins.
7903 * $wgUseSquid, $wgSquidServers, $wgSquidServersNoPurge, and $wgSquidMaxage —
7904 These, deprecated in 1.34, have been removed. Use $wgUseCdn, $wgCdnServers,
7905 $wgCdnServersNoPurge, or $wgCdnMaxAge instead.
7906 * $wgDisableCounters — This, deprecated in 1.25, was removed. The feature that
7907 it controlled was already removed in 1.26, but the variable remained existent
7908 with a value of `false` for backward-compatibility.
7909 * $wgMaxGeneratedPPNodeCount — This setting was removed. It only affected
7910 Preprocessor_DOM, which was deprecated in 1.34 and removed in this release.
7911 * $wgFixArabicUnicode and $wgFixMalayalamUnicode — These, deprecated in 1.33,
7912 were removed. The fixes are now always enabled for their respective languages.
7913 * $wgAllowTitlesInSVG — This, unused and deprecated since 1.34, was removed.
7914 * $wgEnablePartialBlocks — This setting, deprecated when it was added in 1.33,
7915 was removed. Partial blocks are now always enabled.
7916 * $wgLocalInterwiki — This setting, deprecated in 1.23, has been removed.
7917 * $wgContentHandlerUseDB — This setting, deprecated in 1.34, has been removed.
7918 * $wgMultiContentRevisionSchemaMigrationStage — This setting must no longer
7919 be set locally. If the migration stage was set to anything other than
7920 SCHEMA_COMPAT_NEW locally, update.php must be run after removing the setting.
7921 Usage of the setting in code is deprecated. The setting will be removed
7923 * $wgEnableRestAPI — This setting is no longer obeyed by MediaWiki core, and
7924 should not be set set locally. Usage of the setting in code is deprecated; it
7925 is now set true by default. The setting will be removed completely in 1.36.
7926 * $wgObjectCaches — The 'slaveOnly' option for SqlBagOStuff, deprecated in 1.34,
7927 was removed. Use 'replicaOnly' instead.
7929 === New user-facing features in 1.35 ===
7930 * (T204618) Whitelisted the aria-hidden HTML attribute for all elements in
7932 * (T13456) Special:EditPage, Special:PageHistory, Special:PageInfo, and
7933 Special:Purge have been created as shortcuts for each action.
7934 Special:EditPage/Foo redirects to title=foo&action=edit, with PageHistory,
7935 PageInfo, and Purge corresponding to action= history, info, and purge
7936 respectively. When linked to, its subpage is used as the target. Otherwise,
7937 it displays a basic interface to allow the end user to specify the target
7939 * (T139221) The generated table of contents is now a navigation landmark role
7940 for assistive technologies.
7941 * (T245931) interwiki map API doesn't report foreign language if
7942 $wgInterwikiMagic=false
7943 * The form at ?action=watch has a new dropdown list to support expiry dates for
7944 watchlist items (if $wgWatchlistExpiry is true).
7946 === New developer features in 1.35 ===
7947 * A Docker based local development develpoment environment configuration is
7948 included (T238224) and DEVELOPERS.md has been added with usage documentation
7949 and links to further help.
7950 * If CSP is enabled, extensions can now add additional sources using the
7951 ContentSecurityPolicy::addDefaultSource, ::addStyleSrc and ::addScriptSrc
7952 methods (e.g. $context->getOutput()->getCSP()->addDefaultSrc( 'example.com' ))
7953 * Extensions can now specify classes and namespaces to be autoloaded by the
7954 test autoloader, by setting the "TestAutoloadNamespaces" and
7955 "TestAutoloadClasses" properties in extension.json. (T196090)
7956 * (T250977) extension.json now allows "SearchMappings" which maps the canonical
7957 name of the search engine (used in wgSearchType and wgSearchTypeAlternatives)
7958 to a specification using the ObjectFactory specification. This allows
7959 extensions to register Search Engines using namespaced classes.
7960 * Added getters for OutputPage's robot, index and follow policies;
7961 getRobotPolicy() returns the entire policy as a string in the form
7962 <index policy>,<follow policy> while getIndexPolicy() and getFollowPolicy()
7963 return their respective policies as a string.
7964 * The ResourceLoaderSiteModulePages and ResourceLoaderSiteStylesModulePages
7965 hooks were added to allow changing which wiki pages these modules contain.
7966 * The SkinFactory now allows skins to be specified as an ObjectFactory spec,
7967 allowing the construction of skins with services injected.
7968 * ContentHandlerFactory for most ContentHandler static methods. It has been
7969 added to the constructors for many classes to improve SOLID / GRASP.
7970 * FileDeleteForm's constructor now accepts a user as the second parameter.
7971 Support for not passing a user has also been hard-deprecated and will be
7973 * The ParserPreSaveTransformComplete hook was added.
7974 * The ParserBeforePreprocess hook was added.
7975 * The ResourceLoaderSkinModule class now has a "legacy" feature that loads
7976 the stylesheets previously part of the "mediawiki.legacy.shared" and
7977 "mediawiki.legacy.commonPrint" module.
7978 Those modules are now deprecated and no longer loaded by skins.
7979 For skins needing to retain these styles, you will need to load these
7980 styles via a module using the ResourceLoaderSkinModule class.
7981 See Vector and Monobook for examples.
7982 * ParserOutput now has methods addExtraCSPStyleSrc, addExtraCSPDefaultSrc
7983 addExtraCSPScriptSrc for parser tags/functions to be able to add sources
7984 to the Content Security Policy.
7985 * The HtmlCacheUpdater service was added to unify the logic of purging CDN cache
7986 and HTML file cache to simplify callers and make them more consistent.
7987 * The MultiHttpClient code will fallover to non-curl if curl_multi* is blocked.
7988 * Preferences which use HTMLTitlesMultiselectField can make use of
7989 MultiTitleFilter class for saving title text to/from article IDs in user
7991 * OutputPage::addHtmlClasses() was added to allow injecting CSS classes on
7992 to the <html> element on page load.
7993 * The SkinAddFooterLinks hook is added to allow extensions to add items to skin
7994 footers. Previously this had to be done via SkinTemplateOutputPageBeforeExec.
7995 Doing so using that hook is now hard deprecated.
7996 * A new BlockPermissionChecker service was introduced for checking
7997 block-related permissions.
7998 * The support of 'database' type of extensions has been added to allow 3d party
7999 databases like Percona be used as storage. See T226857, T253248.
8000 * Three new return parameters have been added to the
8001 EditPageGetCheckboxesDefinition hook. Handlers of this hook are no longer
8002 restricted to defining checkboxes. See the documentation of
8003 EditPage::getCheckboxesDefinition() for more details.
8004 * New flag File::RENDER_TMP was added in order to allow
8005 File::generateAndSaveThumb and File::trasform to render a thumbnail without
8006 saving it to the storage.
8008 === External library changes in 1.35 ===
8010 ==== New external libraries ====
8011 * Added wikimedia/ip-utils 1.0.0.
8012 * Added wikimedia/parsoid 0.12.3.
8013 * Added wikimedia/services 2.0.1.
8014 * Added taylorhakes/promise-polyfill v8.1.3.
8015 * Added vuejs v2.6.11.
8016 * Added vuex v3.1.3.
8017 * Added symfony/symfony/polyfill-php80 1.25.0.
8019 ===== New development-only external libraries =====
8020 * Added doctrine/dbal 3.1.5.
8021 * Added doctrine/sql-formatter 1.1.0.
8022 * Added pimple/pimple 3.3.1.
8024 ==== Changed external libraries ====
8025 * pear/mail_mime was upgraded from 1.10.2 to 1.10.11.
8026 * wikimedia/less.php was upgraded from 1.8.0 to 3.1.0.
8027 * Updated oojs from 3.0.0 to 5.0.0.
8028 * Updated OOUI from 0.35.1 to 0.39.3.
8029 * zordius/lightncandy was upgraded from 0.23.0 to 1.2.5.
8030 * Updated jQuery from v3.3.1 to v3.6.0.
8031 * Updated jQuery Migrate from v3.0.1 to v3.3.2.
8032 * Updated wikimedia/assert from 0.2.2 to 0.5.0.
8033 * Updated pear/net_smtp from 1.8.1 from to 1.9.1.
8034 * Updated psr/log from 1.0.2 to 1.1.3.
8035 * Updated jquery.i18n from 1.0.5 to 1.0.7.
8036 * Updated guzzlehttp/guzzle from 6.3.3 to 6.5.8.
8037 * Updated wikimedia/xmp-reader from 0.6.3 to 0.8.5.
8038 Fixes error log spam with too-large XMP data, and adds support for GPano tags.
8039 * Updated wikimedia/base-convert from v2.0.0 to v2.0.1.
8040 * Updated composer/semver from 1.5.0 to 1.7.2.
8041 * Updated wikimedia/remex-html from 2.1.0 to 2.2.0.
8042 * Replaced wikimedia/password-blacklist 0.1.4 with wikimedia/common-passwords
8044 * Updated wikimedia/composer-merge-plugin from 1.4.1 to 2.0.1.
8045 * Updated wikimedia/html-formatter from 1.0.2 to 2.0.1.
8046 * Updated wikimedia/object-factory from 2.1.0 to 2.2.0.
8048 ===== Changed development-only external libraries =====
8049 * Updated symfony/yaml from 3.4.28 to 5.0.5.
8050 * Updated nikic/php-parser from 3.1.5 to 4.4.0.
8051 * Updated php-parallel-lint/php-console-highlighter from v0.3.2 to v0.5.
8052 * Updated php-parallel-lint/php-parallel-lint from v0.9.2 to v1.2.0.
8053 * Updated psy/psysh from 0.9.9 to 0.10.4.
8054 * Updated monolog/monolog from 1.24.0 to 2.2.0.
8055 * Upgrade mediawiki-codesniffer from 28.0.0 to 38.0.0.
8056 * Updated composer/spdx-licenses from 1.5.1 to 1.5.3.
8057 * Updated monolog/monolog from 1.25.2 to 1.25.3.
8058 * Updated qunit from 2.9.1 to 2.10.0.
8059 * Updating wikimedia/testing-access-wrapper from 1.0.0 to 2.0.0.
8060 * Updated seld/jsonlint from 1.7.1 to 1.8.3.
8062 ==== Removed external libraries ====
8063 * phpunit/php-invoker (dev-only).
8064 Removing this unbreaks development on Windows systems, in exchange for losing
8065 time limits in running unit tests.
8066 * The jquery.getAttrs module was removed.
8068 === Action API changes in 1.35 ===
8069 * The 'suggest' parameter of action=opensearch has been deprecated.
8070 The API behaves the same with and without this parameter.
8071 It was previously used by $wgEnableOpenSearchSuggest to partially
8072 disable the API if set to false. Specifically, it would deny internal
8073 frontend requests carrying this parameter, whilst accepting other requests.
8074 * Integer-type parameters are now validated for syntax rather than being
8075 interpreted in surprising ways. For example, the following will now return a
8077 - "1.9" (formerly interpreted as "1")
8078 - " 1" (formerly interpreted as "1")
8079 - "1e1" (formerly interpreted as "1" or "10", depending on the PHP version)
8080 - "1foobar" (formerly interpreted as "1")
8081 - "foobar" (formerly intepreted as "0")
8082 parameters. Ranges should be assumed to be enforced.
8083 * Many user-type parameters now accept a user ID, formatted like "#12345".
8084 * The 'assert' parameter used by all API modules now supports the value 'anon'.
8085 When specified, the API will return the 'assertanonfailed' error if the user
8087 * action=edit now supports the 'baserevid' parameter for edit conflict
8088 detection, as an alternative to 'basetimestamp'. Note that self-conflicts
8089 will continue to be ignored if 'basetimestamp' is set, but not if only
8091 * A new module was added to change the content model of existing pages.
8092 Use action=changecontentmodel. Unlike Special:ChangeContentModel, the api
8093 module does not work for pages that do not already exist.
8094 * If $wgWatchlistExpiry is true, the following API changes are made:
8095 - action=watch accepts a new 'expiry' parameter analagous to the expiry
8096 accepted by action=userrights, action=block, etc., except it must be no
8097 greater than $wgWatchlistExpiryMaxDuration, or an infinity value.
8098 - action=query&list=watchlistraw returns pages' watchlist expiry dates.
8099 * (T249526) action=login will now return Failed rather than NeedToken on
8102 === Action API internal changes in 1.35 ===
8103 * The Action API now uses the Wikimedia\ParamValidator library for parameter
8104 validation, which brings some new features and changes. For the most part
8105 existing module code should work as it did before, but see subsequent notes
8107 - The values for all ApiBase PARAM_* constants have changed. Code should have
8108 been using the constants rather than hard-coding the values.
8109 - Several ApiBase PARAM_* constants have been deprecated, see the in-class
8110 documentation for details. Use the equivalent ParamValidator constants
8112 - The value returned for 'upload'-type parameters has changed from
8113 WebRequestUpload to Psr\Http\Message\UploadedFileInterface.
8114 * Validation of 'user'-type parameters is more flexible. PARAM constants exist
8115 to specify the type of "user" allowed and to request UserIdentity objects
8116 rather than name strings. The default is to accept all types (name, IP,
8117 range, and interwiki) that were formerly accepted.
8118 * Maximum limits are no longer ignored in "internal mode".
8119 * The $paramName to ApiBase::handleParamNormalization() should now include the
8121 * (T245931) meta=siteinfo&siprop=interwikimap no longer reports language or
8122 extralanglink when $wgInterwikiMagic is false.
8124 === Languages updated in 1.35 ===
8125 MediaWiki supports over 350 languages. Many localisations are updated regularly.
8126 Below only new and removed languages are listed, as well as changes to languages
8127 because of Phabricator reports.
8129 * The default targets for the ISBN search from Special:BookSources in English
8130 have been updated for better international suppport. They will now be
8131 BetterWorldBooks.com, OpenLibrary.org and Worldcat.org.
8132 * (T237672) Changed the Moroccan Arabic language (ary) to the Arabic script.
8133 * (T201269) Added language support for Amis (ami).
8134 * (T248299) Added language support for Inari Sami (smn).
8135 * (T251369) Added language support for Ladin (lld).
8136 * (T251369) Added language support for Seediq (trv), also known as Taroko.
8137 * (T254854) Added language support for Southern Altay (alt).
8139 === Breaking changes in 1.35 ===
8140 * MediaWiki no longer supports PHP 7.2; use PHP 7.3.19+ (T228346, T257879).
8141 * ResourceLoader::getLessVars(), deprecated in 1.32, was removed.
8142 Use ResourceLoaderModule::getLessVars() instead.
8143 * The jquery.tabIndex module, deprecated in 1.34, has been removed.
8144 * The mediawiki.RegExp module alias, deprecated in 1.34, was removed.
8145 Use the mediawiki.util module instead.
8146 * The easy-deflate.inflate module, unused since 1.32, was removed.
8147 * The easy-deflate.deflate module was removed. Use the mediawiki.deflate
8149 * The mediawiki.notify module was removed. The mw.notify() shortcut is now
8150 available by default, without any dependency.
8151 * (T219604) The "jquery.ui.*" and "jquery.effects.*" module aliases,
8152 deprecated in 1.34, have been removed. Use "jquery.ui" instead.
8153 * (T235457) The "user.tokens" module has been removed.
8154 Use "user.options" instead.
8155 * (T251855) The mw.Map#exists method in JavaScript no longer supports checking
8156 multiple keys. This affects mw.config.exists() and mw.user.tokens.exists().
8157 * The internal variable $constructorOptions for the Parser & SpecialPageFactory,
8158 exposed only for integration purposes, are now each replaced by a const called
8159 CONSTRUCTOR_OPTIONS. This was a breaking change made without deprecation.
8160 * ObjectCache::getWANInstance, deprecated in 1.34, was removed.
8161 Use MediaWikiServices::getMainWANObjectCache instead.
8162 * ObjectCache::newWANCacheFromParams, deprecated in 1.34, was removed.
8163 Construct WANObjectCache directly instead, or use MediaWikiServices.
8164 * (T231366) The ProfilerOutputDb class and profileinfo.php entry point,
8165 deprecated in 1.34, was removed.
8166 * SiteConfiguration->localVHosts, deprecated in 1.25, was removed.
8167 Use $wgLocalVirtualHosts instead.
8168 * The $wgContLanguageCode read-only variable was removed.
8169 It has been a non-configurable copy of $wgLanguageCode since MW 1.8 (2006).
8170 Use $wgLanguageCode directly instead.
8171 * ApiQueryUserInfo::getBlockInfo, deprecated in 1.34, was removed. Use
8172 ApiBlockInfoTrait::getBlockDetails instead.
8173 * Password::equals(), deprecated in 1.33, was removed. Use Password::verify().
8174 * QuickTemplate::setRef(), deprecated in 1.31, was removed. Use set().
8175 * The mediawiki.ui.text module, deprecated in 1.28 and unused, was removed.
8176 * AbstractBlock::mReason, deprecated in 1.34, is no longer public.
8177 * The GetBlockedStatus and UserIsHidden, deprecated in 1.34, has been removed.
8178 Instead, use the GetUserBlock hook.
8179 * As part of work to replace the Parser, a large number of breaking changes have
8180 been made, principally in related methods and properties being removed or made
8182 - disableCache(), deprecated in 1.28.
8183 - serializeHalfParsedText() and the helpers unserializeHalfParsedText(),
8184 isValidHalfParsedText(), and StripState::getSubState() and
8185 StripState::merge(), all deprecated in 1.31. The helper functions
8186 LinkHolderArray::mergeForeign() and LinkHolderArray::getSubArray()
8188 - getConverterLanguage(), deprecated in 1.32. Use getTargetLanguage() instead.
8189 - A large set of methods exposed only for historical reasons, deprecated in
8190 1.34, have now been removed or made private:
8191 - areSubpagesAllowed()
8195 - doDoubleUnderscore()
8200 - getVariableValue()
8201 - initialiseVariables()
8202 - makeKnownLinkHolder()
8203 - maybeDoSubpageLink()
8204 - parseLinkParameter()
8205 - replaceExternalLinks()
8206 - replaceInternalLinks()
8207 - replaceInternalLinks2()
8208 - replaceLinkHoldersText().
8214 - incrementIncludeSize(), setTransparentTagHook(), replaceTransparentTags(),
8215 and $mTransparentTagHooks have been removed without deprecation.
8216 - The following constants have been made private without deprecation:
8220 - The following properties have been removed without deprecation:
8221 - ::$mDefaultStripList
8224 - The following properties have been made private without deprecation:
8225 - ::$mFunctionSynonyms
8226 - ::$mFunctionTagHooks
8230 - ::$mImageParamsMagicArray
8233 - ::$mConf (deprecated in 1.34)
8234 - ::$mExtLinkBracketedRegex
8240 - ::$mForceTocPosition
8243 - ::$mLangLinkLanguages
8244 - ::$currentRevisionCache
8247 - Parser::getTitle() will now throw a TypeError if $mTitle is uninitialized.
8248 This use pattern was deprecated in 1.34.
8249 - ContentHandler::makeParserOptions(), deprecated in 1.32, was removed. Use
8250 WikiPage::makeParserOptions() or ParserOptions::newCanonical() instead.
8251 - The ParserAfterUnstrip hook, believed to be unused, was removed without
8253 - Preprocessor_DOM and related classes, deprecated in 1.34, have been removed.
8254 Consequently, the related ParserOptions::getMaxGeneratedPPNodeCount() and
8255 ::setMaxGeneratedPPNodeCount() have been removed without deprecation.
8256 - The support for the old signature for ParserFactory::__construct, which was
8257 deprecated in 1.34, has been removed.
8258 - Parser::getDefaultPreprocessorClass(), deprecated in 1.34, has been removed.
8259 * MediaWikiTestCase::prepareServices(), deprecated in 1.32, has been removed
8260 * The method ContentHandler::getSlotDiffRendererInternal is replaced with
8261 ContentHandler::getSlotDiffRendererWithOptions. This breaks consumers which
8262 call parent::getSlotDiffRendererInternal (no instances of which are known).
8263 * TextContent::getHighlightHtml, deprecated since 1.24, has been removed. Use
8264 TextContent::getHtml instead.
8265 * ExtensionRegistry::load(), deprecated in 1.34, was removed. Instead, use
8266 ExtensionRegistry::queue().
8267 * MWMessagePack class, deprecated in 1.34, was removed.
8268 * The cdb.php maintenance script was removed. Use the 'cdb' command from the
8269 wikimedia/cdb library instead.
8270 * User::addNewUserLogEntryAutoCreate, deprecated in 1.27, was removed.
8271 * FileBasedSiteLookup class, deprecated in 1.33, was removed.
8272 * The wfGlobalCacheKey global function, deprecated in 1.30, was removed.
8273 * The APCBagOStuff class was removed. MediaWiki requires PHP 7.2+ (support
8274 for HHVM was dropped) and these versions of PHP only support apcu. The default
8275 "apc" entry in $wgObjectCaches now refers to APCUBagOStuff.
8276 * Database::bufferResults(), deprecated in 1.34, has been removed.
8277 * CannotReplaceActiveServiceException, ContainerDisabledException,
8278 DestructibleService, NoSuchServiceException, SalvageableService,
8279 ServiceAlreadyDefinedException, ServiceContainer and ServiceDisabledException
8280 in the global namespace, deprecated in 1.33, were removed. Use the classes in
8281 the MediaWiki\\Services namespace instead.
8282 * The following methods in the Interwiki class were removed: ::fetch(),
8283 ::isValidInterwiki(), ::invalidateCache(), and ::getAllPrefixes().
8284 * The UsersMultiselectWidget config 'allowArbitrary' is now false by default. To
8285 accept arbitrary entries, pass in true for this config.
8286 * OutputPage::parse() and OutputPage::parseInline(), deprecated in 1.32, have
8287 been removed. Use ::parseAsContent() or ::parseAsInterface(), as
8289 * WikiPage::selectFields, deprecated in 1.31, was removed. Use ::getQueryInfo.
8290 * The remaining static methods for MagicWord, deprecated in 1.32, were removed.
8291 These were MagicWord::get(), ::getSubstIDs(), ::getDoubleUnderscoreArray(),
8292 ::getVariableIDs(), and ::getCacheTTL(). Instead, use MagicWordFactory (via
8294 * ApiBase::checkTitleUserPermissions no longer accepts a User as the third
8295 parameter. Passing a user was deprecated in 1.33.
8296 * Sanitizer::setupAttributeWhitelist() and Sanitizer::attributeWhitelist(),
8297 deprecated in 1.34, have been removed. They should not have been public.
8298 * Passing a sequential array as the second parameter to
8299 Sanitizer::validateAttributes() has been deprecated; use an associative
8300 array where keys are the allowed attributes.
8301 * The $warnCallback parameter to Sanitizer::removeHTMLtags, deprecated since
8302 its introduction in 1.28, has been removed.
8303 * SpecialRecentChanges::filterByCategories(), deprecated in 1.31, was removed.
8304 * The `ArticleContentViewCustom` hook, deprecated in 1.32, was removed.
8305 * AuthManager::callLegacyAuthPlugin, deprecated in 1.33, was removed.
8306 * wfGetMessageCacheStorage was removed without deprecation.
8307 * Title::moveSubpages, deprecated in 1.34, was removed. Use the MovePage class
8308 and MovePage::moveSubpages instead.
8309 * Article::doEditContent, deprecated in 1.29, was removed. Instead, use
8310 WikiPage::doEditContent.
8311 * CommentStore::newKey, deprecated in 1.31, was removed.
8312 * EditPage::$hookError was changed from public to private.
8313 * Title::isValidMoveOperation, ::moveTo, and ::isValidMoveTarget, deprecated
8314 in 1.25, were removed. Use the MovePage class and its methods instead.
8315 * Title::getUserCaseDBKey(), deprecated in 1.33, was removed. Use ::getDBkey().
8316 * StringUtils::explodeMarkup() was removed without deprecation.
8317 * AjaxResponse methods that were unused have been removed without deprecation:
8323 * ApiDelete::delete and ::deleteFile, both of which were protected methods,
8324 have been made private to allow a signature change.
8325 * HistoryPager::revLink, ::curLink, ::lastLink, and ::diffButtons, which had
8326 no visibilities defined, have been made private to allow signature changes.
8327 * SpecialNewpages::revisionFromRcResult, which previously was protected, has
8328 been made private to allow a signature change.
8329 * DifferenceEngine::$mOldRev and $mNewRev, deprecated for public access in
8330 1.32, have been removed.
8331 * DifferenceEngine::revisionDeleteLink, which was previosuly protected, has
8332 been made private to allow a signature change.
8333 * DifferenceEngine::getParserOutput, which is protected, has had a breaking
8334 signature change: the second parameter must be a RevisionRecord object,
8335 rather than a Revision object.
8336 * WikiPage::setLastEdit, which was previously protected, has been made
8337 private to allow a signature change.
8338 * Skin::getSkinNameMessages() deprecated in 1.34, has been removed.
8339 * Skin::escapeSearchLink() deprecated in 1.34, has been removed, use
8340 Skin::getSearchLink() instead.
8341 * Skin::shouldPreloadLogo() deprecated in 1.32, has been removed.
8342 * Revision::loadFromId and RevisionStore::loadRevisionFromId have been
8344 * OutputPage::parserOptions doesn't accept an $options parameter anymore.
8345 * MessageCache::getParserOptions previously did not have a visibility set.
8346 It has been made private.
8347 * SpecialUndelete::showDiff previously did not have a visibilty set. It
8348 hav been made private to allow a signature change.
8349 * The Skin no longer loads the "mediawiki.legacy.shared" or
8350 "mediawiki.legacy.commonPrint" modules. The legacy shared styles must now
8351 be loaded by the skin explicitly, either inherited via the
8352 "mediawiki.skinning.*" modules, or by making your skin's main styles
8353 module use the ResourceLoaderSkinModule class with the "legacy" attribute.
8354 See Vector and Monobook for examples.
8355 * Passing an ApiMain to the constructor of ApiResult is no longer supported.
8356 This was deprecated in 1.25.
8357 * ResourceLoaderWikiModule::invalidateModuleCache has been declared to
8358 be @internal as part of a signature change. No known uses exist outside
8360 * The ArticleAfterFetchContentObject hook, deprecated in 1.32, was removed.
8361 Use ArticleRevisionViewCustom to control output.
8362 * DatabaseBlock::isValid, deprecated in 1.33, was removed.
8363 * HTMLUserTextField and HTMLUsersMultiselectField previously implied
8364 required=true when exists=true. Form fields that use exists=true should also
8365 set required=true if they are required.
8366 * In DatabaseUpdater, the following methods are no longer public: dropTable(),
8367 modifyTable(), modifyField(), runMaintenance(), copyFile(), appendLine().
8368 In PostgresUpdater, the following methods are no longer public:
8369 addPgEnumValue(), addPgIndex(), addPgExtIndex(). This change was made without
8370 deprecation due to immediate danger of data corruption and loss, see T157651.
8371 Extensions should instead use dropExtensionTable(),
8372 modifyExtensionExtensionTable(), modifyExtensionField(), addExtensionUpdate().
8373 The addExtensionUpdate() method can still be used to access any of the
8374 protected methods on DatabaseUpdater.
8375 * ResourceLoader no longer provides the (always-true) variables for wgEnableAPI
8376 and wgEnableWriteAPI; they were deprecated in MediaWiki 1.31 and removed from
8377 the PHP environment in MediaWiki 1.32.
8378 * The wfSetupSession global function, deprecated in 1.27, was removed. Use the
8379 persist() method of the right MediaWiki\Session\SessionManager object instead.
8380 * The wfIsHHVM global function, deprecated in 1.34, was removed.
8381 * GenderCache::doTitlesArray no longer accepts string values in its $titles
8382 array parameter. Use Title objects (or other LinkTarget) instead.
8383 * Unused CommentStore::MAX_COMMENT_LENGTH has been removed.
8384 * User::checkTemporaryPassword() and User::checkPassword(), deprecated in 1.27,
8385 were removed. Use AuthManager instead.
8386 * All constants and class functions now have explicit visibility modifiers. This
8387 means, per [[mw:Stable interface policy]], that these should now be considered
8388 stable. This also helps MW align with PSR 2 and PSR 12. This was done based on
8389 audits of the corpus of skins and extensions hosted in Gerrit. If you find any
8390 that you need to be less restrictive (i.e. public or protected), please report
8391 these so that we can re-evaluate or suggest workarounds.
8392 * BaseTemplate::msgWiki(), deprecated in 1.33, was removed. Use ->msg() or
8394 * QuickTemplate::msgWiki(), deprecated in 1.33, was removed. Use ->msg()
8396 * WebInstaller::getErrorBox() and ::getWarningBox(), deprecated in 1.34,
8397 were removed. Use Html::errorBox() or ::warningBox() instead.
8398 * SpecialVersion::getExtensionCredits() and SpecialVersion::getSkinCredits()
8399 have become private without deprecation.
8400 * As part of the migration to a new hook system (T240307), the following classes
8401 now require an additional HookContainer constructor parameter:
8405 - ClassicInterwikiLookup
8406 - ContentHandlerFactory
8407 - ContentSecurityPolicy
8408 - DefaultOptionsManager
8409 - DerivedPageDataUpdater
8410 - FullSearchResultWidget
8415 - LinkRendererFactory
8421 - PageHandlerFactory
8426 - RevisionStoreFactory
8428 - SearchEngineConfig
8429 - SearchEngineFactory
8433 - SpecialPageFactory
8435 - UserOptionsManager
8436 - WatchedItemQueryService
8438 * The following classes now require setHookContainer() to be called after
8440 - AuthenticationProvider
8441 - ResourceLoaderModule
8443 * The parameters to ChronologyProtector::getTouched() and
8444 ILBFactory::getChronologyProtectorTouched() were changed without backwards
8446 * The deprecated $blacklist parameter to wfIsBadImage() has been removed.
8447 * SpecialBlock::checkUnblockSelf no longer accepts an integer representing
8448 an user ID as part of ongoing refactoring of SpecialBlock class.
8449 * User::setInternalPassword() and User::setPassword(), deprecated in 1.27, have
8450 been removed. Use User::changeAuthenticationData() instead.
8451 * User::selectFields(), deprecated in 1.31, has been removed. Use
8452 User::getQueryInfo() instead.
8453 * The "legacy" serialization type in RESTBagOStuff, deprecated in 1.34,
8455 * The populateContentModel.php maintenance script was removed. It has
8456 been replaced by the populateContentTables.php script.
8457 * The findHooks.php maintenance script, for the old hooks system, was removed.
8458 * (T257278) Calling MediaWiki\Shell\Command::restrict() will now overwrite
8459 any previous restrictions rather than adding to them, making it possible to
8460 disable the default restrictions.
8462 === Deprecations in 1.35 ===
8463 * The PHPUnit4And6Compat class, used to provide compatibility with PHPUnit 4, is
8464 now deprecated. MediaWiki support for PHPUnit 4 ended with the removal of HHVM
8466 * LockManagerGroup::getDefault() and LockManagerGroup::getAny() are deprecated.
8467 They seem to be unused. Just use get() directly, and catch any exception.
8468 * AbstractBlock::getPermissionsError and AbstractBlock::getBlockErrorParams are
8469 deprecated. Use BlockErrorFormatter::getMessage instead.
8470 * The IP class is deprecated. Please instead use the Wikimedia\IPUtils class
8471 from the new wikimedia/ip-utils library instead. Additionally, the RE_IP_*
8472 constants are also deprecated. RE_IP_BYTE can be replaced with a class
8473 constant on the IPUtils class, while the others will eventually be made
8475 * The following Language methods are deprecated: getFallbackFor,
8476 getFallbacksFor, getFallbacksIncludingSiteLanguage. Use the corresponding new
8477 methods on the LanguageFallback class: getFirst, getAll, and
8478 getAllIncludingSiteLanguage.
8479 * FileJournal::factory is deprecated. Use the constructor directly instead.
8480 * AbstractBlock methods setBlocker(), getBlocker() are deprecated and will
8481 become internal implementation of DatabaseBlock.
8482 * Title::countRevisionsBetween has been deprecated and moved into RevisionStore.
8483 * FileBackendGroup::singleton() is deprecated. Use MediaWikiServices instead.
8484 * FileBackendGroup::destroySingleton() is deprecated. Test frameworks should
8485 instead reset MediaWikiServices between test runs.
8486 (MediaWikiIntegrationTestCase does this automatically.)
8487 * GenderCache::singleton(), deprecated in 1.28, is hard deprecated. Use
8488 MediaWikiServices::getGenderCache() instead.
8489 * MediaWikiIntegrationTest::setContentLang() has been deprecated. Use
8490 setMwGlobals( 'wgLanguageCode', 'xxx' ) to set a different site language
8491 code, or setService( 'ContentLanguage', $myObj ) to set a specific Language
8492 object. Service resets and $wgContLang will be handled automatically.
8493 * MediaWikiIntegrationTest::assertType() has been deprecated, as part of the
8494 work to move to PHPUnit 8; PHPUnit's assertInternalType() was deprecated, and
8495 will be removed in PHPUnit 9. MediaWikiIntegrationTest::assertTypeOrValue(),
8496 a wrapper for assertType(), has been removed immediately, without deprecation.
8497 * AbstractBlock::getReason is deprecated, since reasons are actually stored as
8498 CommentStoreComments, and getReason returns a string with no caller control
8499 over language or formatting. Instead use AbstractBlock::getReasonComment,
8500 which returns the CommentStoreComment.
8501 * The global function wfGetRusage() is deprecated and will now always call the
8502 getrusage() function without checking for its existence.
8503 * The properties User::mBlock, User::mBlockedby and User::mHideName are
8504 deprecated. Instead, use User::getBlock to get the block, then use
8505 AbstractBlock::getByName or AbstractBlock::getHideName.Use the GetUserBlock
8506 hook to set, unset or modify a block, including hiding or unhiding a user.
8507 * Directly calling the MergeHistory constructor is deprecated. Instead, use the
8508 new MergeHistoryFactory class.
8509 * Language::factory() and Language::getParentLanguage() are deprecated, and so
8510 is directly calling the Language constructor. Use the new LanguageFactory
8512 * Language::classFromCode() is deprecated. There is no reason it should be used
8513 outside the Language class itself.
8514 * Language::clearCaches() is deprecated. Instead, reset all services and set
8515 Language::$mLangObjCache = [].
8516 * The following functions from Language class are deprecated in favour of
8517 respective functions in LanguageConverter:
8519 - autoConvertToAllVariants
8526 - convertCategoryKey
8528 - getPreferredVariant
8531 - getExtraHashOptions
8532 - updateConversionTable
8533 * Language::classFromCode() is hard deprecated and should be removed in 1.36
8534 * Language::getConverter() is deprecated and should be removed in 1.36
8535 * Language::MESSAGES_FALLBACKS, Language::STRICT_FALLBACKS were deprecated.
8536 Use LanguageFallback::MESSAGES and LanguageFallback::STRICT respectively
8537 * Language::$mLangObjCache is deprecated and should be removed in 1.36. Use
8538 MediaWikiServices instead to get a LanguageFactory.
8539 * Language::getMessagesFor(), getMessageFor(), and getMessageKeysFor() are
8540 deprecated. Use LocalisationCache's getItem(), getSubitem(), and
8541 getSubitemList() methods directly.
8542 * OutputPage::getCSPNonce() is deprecated, use OutputPage::getCSP()->getNonce()
8544 * DerivedPageDataUpdater::prepareUpdate accepted as its second parameter an
8545 optional array of options. Specifying the value of the `oldrevision` key of
8546 the array to be a Revision object, rather than a RevisionRecord object, is
8547 hard deprecated. The same applies to the options parameter in
8548 WikiPage::doEditUpdates.
8549 * Skin::makeI18nUrl() and makeNSUrl() have been deprecated, no longer used.
8550 * Title::countAuthorsBetween and Title::getAuthorsBetween were hard deprecated.
8551 Use respective methods in RevisionStore instead.
8552 * Remove deprecated SkinCopyrightFooter &$forContent parameter
8553 * The following Language class static variables have been replaced with
8554 constants and deprecated: $mWeekdayMsgs, $mWeekdayAbbrevMsgs, $mMonthMsgs,
8555 $mMonthGenMsgs, $mMonthAbbrevMsgs, $mIranianCalendarMonthMsgs,
8556 $mHebrewCalendarMonthMsgs, $mHebrewCalendarMonthGenMsgs,
8557 $mHijriCalendarMonthMsgs and $durationIntervals.
8558 * As part of dropping security support for IE 6 and IE 7,
8559 WebRequest::checkUrlExtension() has been deprecated, and now always returns
8561 * The following ApiBase::PARAM_* constants have been deprecated in favor of
8562 equivalent ParamValidator constants: PARAM_DFLT, PARAM_ISMULTI, PARAM_TYPE,
8563 PARAM_MAX, PARAM_MAX2, PARAM_MIN, PARAM_ALLOW_DUPLICATES, PARAM_DEPRECATED,
8564 PARAM_REQUIRED, PARAM_SUBMODULE_MAP, PARAM_SUBMODULE_PARAM_PREFIX, PARAM_ALL,
8565 PARAM_EXTRA_NAMESPACES, PARAM_SENSITIVE, PARAM_DEPRECATED_VALUES,
8566 PARAM_ISMULTI_LIMIT1, PARAM_ISMULTI_LIMIT2, PARAM_MAX_BYTES, PARAM_MAX_CHARS.
8567 * ApiBase::explodeMultiValue() is deprecated. Use
8568 ParamValidator::explodeMultiValue() instead.
8569 * ApiBase::parseMultiValue() is deprecated. No replacement is provided;
8570 generally this sort of thing should be handled by fully validating the
8572 * ApiBase::validateLimit() and ApiBase::validateTimestamp() are deprecated.
8573 Use ApiParamValidator::validateValue() with an appropriate settings array
8575 * ContentHandler (use ContentHandlerFactory):
8580 - getAllContentFormats
8581 - protected $handler (not need anymore)
8582 - cleanupHandlersCache (not need anymore)
8583 * (T212738) The $wgVersion global is deprecated; instead, use MW_VERSION.
8584 * $wgMemc is deprecated, use MediaWikiServices::getLocalServerObjectCache()
8586 * ObjectCache::detectLocalServerCache() is deprecated, instead use
8587 MediaWikiServices::getLocalServerObjectCache() or
8588 ObjectCache::makeLocalServerCache().
8589 * ImagePage::getImageLimitsFromOptions() is deprecated. Use static function
8590 MediaFileTrait::getImageLimitsFromOptions() instead.
8591 * As part of work to replace the Parser, alongside the breaking changes listed
8592 above, a large number of deprecations changes been made, to simplify the API
8593 or because they will not be supported in replacement:
8594 - Parser::doBlockLevels() (and BlockLevelPass class has been marked @internal)
8595 - Parser::setFunctionTagHook()
8596 - Parser::attributeStripCallback()
8597 - Parser::fetchTemplate() - use Parser::fetchTemplateAndTitle() instead.
8598 - Parser::enableOOUI() - use $parser->getOutput()->enableOOUI() instead.
8599 - LinkHolderArray has been deprecated for public usage and will be
8600 internal part of parser.
8601 - The following parser-related hooks have been deprecated:
8602 - InternalParseBeforeSanitize
8603 Use an alternative hook which doesn't expose internal half-parsed state,
8604 like ParserBeforeInternalParse or ParserAfterTidy
8605 - ParserFetchTemplate
8606 Use BeforeParserFetchTemplateAndTitle
8607 - ParserSectionCreate
8608 No replacement; <section> tag wrapping will be done by core in future.
8609 - BeforeParserrenderImageGallery
8610 No replacement; MediaHandler provides for customizable media rendering
8612 Use ParserAfterTidy instead to avoid exposing internal half-parsed state
8614 No replacement; stripping is no longer supported.
8616 No replacement; stripping is no longer supported.
8617 - The accessor/mutator methods Parser::Options(), Parser::OutputType(), and
8618 Parser::Title() have been deprecated; use the appropriate Parser::get* or
8619 Parser::set* methods instead.
8620 - Parser::firstCallInit() has been deprecated. The parser is initialized
8621 fully on construction and so ::firstCallInit() no longer has any effect
8622 when manually invoked.
8623 - ParserOptions::setAllowExternalImages(), ::setAllowExternalImagesFrom(),
8624 and ::setEnableImageWhitelist() have been deprecated. Future parsers
8625 will not allow per-parser configuration of image filtering; use
8626 site configuration instead.
8627 - ParserOptions::getTidy() and ParserOptions::setTidy() have been deprecated.
8628 These options no longer have any effect.
8629 - Most methods of MWTidy, except for MWTidy::tidy(), have been deprecated;
8630 tidiness is always enabled and not configurable.
8631 - Version 1 of the parserTests file format has been deprecated. You'll need to
8632 update your parser tests to version 2, which uses Remex tidy on all test
8633 output by default. Support for parser tests with Remex tidy off will later
8634 be removed entirely.
8635 - $wgParser — This global variable, soft deprecated in 1.32, has now been hard
8636 deprecated. Use MediaWikiServices::getInstance()->getParser() instead.
8638 * The signature of DefaultPreferencesFactory::__construct has been changed:
8639 - LanguageConverter $languageConverter has been added.
8640 and its usage with old arguments is hard deprecated.
8641 * The public usage of the following properties of LanguageConverter have been
8642 deprecated as there is no reason they should be used outside the
8643 LanguageConverter class and will be changed from public to private:
8651 - mVarSeparatorPattern
8652 changed from public to protected:
8654 * The ArticleEditUpdatesDeleteFromRecentchanges hook has been deprecated. Please
8655 use the RecentChange_save hook or similar instead.
8656 * The ArticleEditUpdates hook has been deprecated. Please
8657 use the RevisionDataUpdates hook or similar instead.
8658 * The SkinTemplatePreventOtherActiveTabs and SkinTemplateTabAction hooks have
8659 been hard deprecated. Please use the SkinTemplateNavigation__Universal hook
8661 * ResourceLoaderFileModule::compileLessFile() has been deprecated, use
8662 ResourceLoaderFileModule::compileLessString() instead
8663 * The SquidPurgeClient and SquidPurgeClientPool classes have been deprecated.
8664 Use MultiHttpClient or HtmlCacheUpdater instead.
8665 * MimeAnalyzer::getExtensionsForType() and ::getTypesForExtensions() were
8666 deprecated in favor of MimeAnalyzer::getExtensionsFromMimeType() and
8667 ::getMimeTypesFromExtension(), respectively. The new methods return arrays
8668 rather than strings.
8669 * Calling Action::factory and Action constructor with WikiPage has been
8670 hard deprecated. Caller must provide an Article instance.
8671 * ApiTestCase::doLogin, soft deprecated in 1.31, was hard deprecated.
8672 * WebRequest::getLimitOffset is hard deprecated. Instead, use
8673 ::getLimitOffsetForUser and pass a User object.
8674 * PageArchive::getPreviousRevision is hard deprecated. Instead, use the new
8675 ::getPreviousRevisionRecord method.
8676 * PageArchive::getArchivedRevision is hard deprecated. Instead, use the new
8677 ::getArchivedRevisionRecord method.
8678 * PageArchive::undelete is hard deprecated. Instead, use ::undeleteAsUser
8679 and pass a User object.
8680 * PageArchive::getRevision is hard deprecated.
8681 * EditPage::getBaseRevision was hard deprecated. Instead, use the new
8682 ::getExpectedParentRevision method.
8683 * The public variable EditPage::$mBaseRevision was hard deprecated.
8684 * FileDeleteForm previously did not accept a user parameter in its constructor,
8685 instead relying on the global $wgUser. A user parameter has been added,
8686 and //not// providing a user is deprecated. There are no known callers
8687 outside of mediawiki core.
8688 * AuthManager::singleton() has been deprecated. Use
8689 MediaWikiServices::getInstance()->getAuthManager() instead.
8690 * ContribsPager::tryToCreateValidRevision is hard deprecated. Instead, use
8691 ContribsPager::tryCreatingRevisionRecord.
8692 * The following functions all accept an optional user parameter. Not passing a
8693 user is hard deprecated, and support for calling them without passing a user
8694 will be removed in 1.36:
8695 - Title::getNotificationTimestamp (note however that the method is deprecated
8696 in its entirely in favor of the new WatchlistNotificationManager service)
8698 - LogEventsList::userCan
8699 - LogEventsList::userCanBitfield
8700 - LogEventsList::userCanViewLogType
8702 - FileDeleteForm::doDelete
8703 - OldLocalFile::userCan
8704 - ArchivedFile::userCan
8706 * The following functions all accept an optional audience parameter and
8707 an optional user parameter. If the audience is FOR_THIS_USER and no
8708 user is passed, they fallback to $wgUser. Not passing a user when
8709 one is needed is deprecated
8710 - LogEventsList::getExcludeClause
8711 - WikiPage::getComment
8712 - WikiPage::getCreator
8714 - WikiPage::getUserText
8715 * UploadBase::checkWarnings now accepts a User parameter; not providing a
8716 user is soft deprecated.
8717 * Article::insertProtectNullRevision and WikiPage::insertProtectNullRevision
8718 were hard deprecated. Instead, use WikiPage::insertNullProtectionRevision.
8719 * Article::doDeleteArticle, Article::doDeleteArticleReal, and
8720 WikiPage::doDeleteArticle are all deprecated. Instead, use
8721 WikiPage::doDeleteArticleReal.
8722 * Article::getComment is deprecated. Instead, use WikiPage::getComment.
8723 * Article::getCreator is deprecated. Instead, use WikiPage::getCreator.
8724 * Article::updateRevisionOn() and ::updateIfNewerOn(), and
8725 WikiPage::updateIfNewerOn() are deprecated. Instead, use
8726 WikiPage::updateRevisionOn().
8727 * Article::getUser is deprecated. Instead, use WikiPage::getUser.
8728 * Article::getUserText is deprecated. Instead, use WikiPage::getUserText.
8729 * Article::prepareContentForEdit is hard deprecated. Instead, use
8730 WikiPage::prepareContentForEdit.
8731 * WikiPage::prepareContentForEdit previously accepted either a Revision or a
8732 RevisionRecord object as its optional second parameter. Passing a Revision
8733 is now hard deprecated.
8734 * Article::getUndoContent and WikiPage::getUndoContent are hard deprecated.
8735 Instead, use ContentHandler::getUndoContent.
8736 * Passing Revision objects to ContentHandler::getUndoContent is hard deprecated.
8737 Instead, pass the associated Content objects, as well as whether the undo is
8738 from the current revision.
8739 * Article::doDeleteUpdates and ::doEditUpdates are deprecated. Instead,
8740 use WikiPage::doDeleteUpdates and ::doEditUpdates.
8741 * WikiPage::doEditUpdates previously accepted a Revision object as its first
8742 parameter. It now accepts RevisionRecord objects, and passing Revision
8743 objects is deprecated.
8744 * Article::getRevisionFetched is deprecated. Instead, use the
8745 fetchRevisionRecord method, which has been converted from protected to
8747 * LocalFileDeleteBatch was migrated to a new constructor signature with the
8748 user as the second parameter. Support for the old signature is hard
8749 deprecated, and once removed the user parameter will be required. At the
8750 same time, a number of file-deletion related methods were updated
8751 - File::delete is hard deprecated in favor of the new ::deleteFile
8752 - LocalFile::delete is hard deprecated in favor of the new ::deleteFile
8753 - LocalFile::deleteOld is hard deprecated in favor of the new ::deleteOldFile
8754 - ForeignDBFile::delete is hard deprecated in favor of the new ::deleteFile
8755 * File::recordUpload (along with the respective methods in the LocalFile and
8756 ForeignDBFile classes) is hard deprecated, and LocalFile::recordUpload2 is
8757 soft deprecated. Use the new LocalFile::recordUpload3, which has a different
8758 signature and requires that a User parameter is passed.
8759 * The SpecialPageFactory class was moved from the MediaWiki\Special namespace
8760 to the MediaWiki\SpecialPage namespace. The old location remains as a
8762 * Title::userCan, ::quickUserCan, and ::getUserPermissionsErrors, which
8763 were deprecated in 1.33, were hard deprecated. Instead, use
8764 PermissionManager::userCan, ::quickUserCan, and ::getPermissionErrors.
8765 * All methods of the old SpecialPageFactory, deprecated in 1.32, were hard
8766 deprecated. Instead, get a SpecialPageFactory from MediaWikiServices and
8768 * User::updateNewtalk now accepts as its optional third parameter a
8769 RevisionRecord object; passing a Revision is hard deprecated.
8770 * User::getNewMessageRevisionId and ::getNewMessageLinks were hard deprecated.
8771 * DifferenceEngine::getRevisionHeader now accepts a RevisionRecord as its
8772 first parameter; passing a Revision is hard deprecated.
8773 * WikiPage::doDeleteUpdates now accepts as its optional third parameter
8774 a RevisionRecord object; passing a Revision is hard deprecated.
8775 * WikiPage::onArticleEdit now accepts as its optional second parameter
8776 a RevisionRecord object; passing a Revision is hard deprecated.
8777 * Global $wgUser variable was soft deprecated.
8778 * The Revision class was soft deprecated entirely in 1.31. All methods
8779 have now been individually hard deprecated:
8780 - ::__construct - create MutableRevisionRecord objects instead
8781 - ::newFromId - use RevisionLookup::getRevisionById instead
8782 - ::newFromTitle - use RevisionLookup::getRevisionByTitle instead
8783 - ::newFromPageId - use RevisionStore::getRevisionByPageId instead
8784 - ::newFromArchiveRow - use RevisionFactory::newRevisionFromArchiveRow
8785 - ::newFromRow - use RevisionStore::newRevisionFromRow instead
8786 - ::loadFromPageId - use RevisionStore::getRevisionByPageId instead
8787 - ::loadFromTitle - use RevisionStore::getRevisionByTitle instead
8788 - ::loadFromTimestamp - use RevisionStore::getRevisionByTimestamp instead
8789 - ::getQueryInfo - use RevisionStore::getQueryInfo instead
8790 - ::getArchiveQueryInfo - use RevisionStore::getArchiveQueryInfo instead
8791 - ::getParentLengths - use RevisionStore::getRevisionSizes instead
8792 - ::getRevisionRecord - no replacement
8793 - ::getId - use RevisionRecord::getId instead
8794 - ::setId - use MutableRevisionRecord::setId instead
8795 - ::setUserIdAndName - use MutableRevisionRecord::setUser instead
8796 - ::getTextId - use SlotRecord::getContentAddress for retrieving an actual
8797 content address, or RevisionRecord::hasSameContent to compare content
8798 - ::getParentId - use RevisionRecord::getParentId instead
8799 - ::getSize - use RevisionRecord::getSize instead
8800 - ::getSha1 - use RevisionRecord::getSha1 instead
8801 - ::getTitle - use RevisionRecord::getPageAsLinkTarget instead
8802 - ::setTitle - the method was previously a no-op
8803 - ::getPage - use RevisionRecord::getPageId instead
8804 - ::getUser - use RevisionRecord::getUser and then User::getId instead
8805 - ::getUserText - use RevisionRecord::getUser and then User::getName instead
8806 - ::getComment - use RevisionRecord::getComment instead
8807 - ::isMinor - use RevisionRecord::isMinor instead
8808 - ::isUnpatrolled - use RevisionStore::getRcIdIfUnpatrolled instead
8809 - ::getRecentChange - use RevisionStore::getRecentChange instead
8810 - ::isDeleted - use RevisionRecord::isDeleted instead
8811 - ::getVisibility - use RevisionRecord::getVisibility instead
8812 - ::getContent - use RevisionRecord::getContent instead
8813 - ::getSerializedData - use SlotRecord::getContent for retrieving a
8814 content object, and Content::serialize for the serialized form
8815 - ::getContentModel - use SlotRecord::getModel instead
8816 - ::getContentFormat - use SlotRecord::getFormat instead, with a fallback
8817 to ContentHandler::getDefaultFormat
8818 - ::getContentHandler - use ContentHandlerFactory::getContentHandler instead
8819 - ::getTimestamp - use RevisionRecord::getTimestamp instead
8820 - ::isCurrent - use RevisionRecord::isCurrent instead
8821 - ::getPrevious - use RevisionLookup::getPreviousRevision instead
8822 - ::getNext - use RevisionLookup::getNextRevision instead
8823 - ::getRevisionText - use RevisionRecord::getContent instead
8824 - ::compressRevisionText - use SqlBlobStore::compressData instead
8825 - ::decompressRevisionText - use SqlBlobStore::decompressData instead
8826 - ::insertOn - use RevisionStore::insertRevisionOn instead
8827 - ::base36Sha1 - use SlotRecord::base36Sha1 instead
8828 - ::newNullRevision - use RevisionStore::newNullRevision
8829 - ::userCan - use RevisionRecord::userCanBitfield instead
8830 - ::userCanBitfield - use RevisionRecord::userCanBitfield instead
8831 - ::getTimestampFromId - use RevisionStore::getTimestampFromId instead
8832 - ::countByPageId - use RevisionStore::countRevisionsByPageId instead
8833 - ::countByTitle - use RevisionStore::countRevisionsByTitle instead
8834 - ::userWasLastToEdit - use RevisionStore::userWasLastToEdit instead
8835 - ::newKnownCurrent - use RevisionStore::getKnownCurrentRevision instead
8836 * The Revision method had a few methods that were previously protected and
8837 have been made private. They were:
8838 - ::getRevisionStore
8839 - ::getRevisionLookup
8840 - ::getRevisionFactory
8842 The $mRecord variable was also changed from protected to private.
8843 * Multiple hooks that include Revision objects were deprecated. The hooks, as
8844 well as suitable replacements, are noted below:
8845 - ArticleRevisionUndeleted (hard deprecated, use the RevisionUndeleted hook)
8846 - ArticleRollbackComplete (hard deprecated, use the RollbackComplete hook)
8847 - DiffRevisionTools (hard deprecated, use the DiffTools hook)
8848 - DiffViewHeader (hard deprecated, use the DifferenceEngineViewHeader hook)
8849 - HistoryRevisionTools (hard deprecated, use the HistoryTools hook)
8850 - NewRevisionFromEditComplete (hard deprecated, use the
8851 RevisionFromEditComplete hook).
8852 - PageContentInsertComplete (hard deprecated, use the PageSaveComplete hook)
8853 - PageContentSaveComplete (hard deprecated, use the PageSaveComplete hook)
8854 - RevisionInsertComplete (soft deprecated in 1.31, now hard deprecated)
8855 - TitleMoveCompleting (hard deprecated, use the PageMoveCompleting hook)
8856 - TitleMoveComplete (hard deprecated, use the PageMoveComplete hook)
8857 - UndeleteShowRevision (hard deprecated)
8858 * The following RevisionStore methods were deprecated:
8859 - ::loadRevisionFromTitle
8860 - ::loadRevisionFromTimestamp
8861 - ::loadRevisionFromPageId
8862 - ::listRevisionSizes
8863 * WikiPage::$mLastRevision was changed from protected to private.
8864 * RecentChange::markPatrolled was deprecated. Use ::doMarkPatrolled instead.
8865 * The JobRunner class has been converted to a service class.
8866 Direct construction is deprecated, use MediaWikiServices::getJobRunner.
8867 * JobRunner::setLogger has been deprecated, thus using JobRunner as a
8868 LoggerAwareInterface is deprecated as well. Rely on the logger passed in the
8869 constructor instead.
8870 * LogEventsList::typeAction accepts an optional right to check against as
8871 the fourth parameter. Specifying such a right is deprecated.
8872 * SkinTemplate::makeArticleUrlDetails has been deprecated, no longer used.
8873 * Passing a Revision object into CategoryMembershipChange constructor is
8874 deprecated. Pass a RevisionRecord instead.
8875 * The "mediawiki.legacy.oldshared" module has been deprecated.
8876 Skins and extensions that are using this should copy its necessary CSS rules
8877 to their own styles module. CologneBlue and Nostalgia skins serve as examples.
8878 * The "mediawiki.legacy.shared" module has been deprecated.
8879 Use the "mediawiki.skinning.*" modules, or ResourceLoaderSkinModule instead.
8880 * The following hooks, soft deprecated in 1.24, have been hard deprecated:
8881 - APIQueryInfoTokens
8882 - APIQueryRecentChangesTokens
8883 - APIQueryRevisionsTokens
8884 - APIQueryUsersTokens
8885 - ApiTokensGetTokenTypes
8886 * Calling Action::factory and Action constructor with any Page implementations
8887 other than Article is deprecated.
8888 * Action::page property is deprecated for direct access.
8889 Use Action::getArticle or Action::getWikiPage instead.
8890 * LESS `.background-image-svg()` mixin from 'mediawiki.mixins.less' is
8891 deprecated and should be removed in 1.36.
8892 * LESS `.background-image-svg-quick()` mixin from 'mediawiki.mixins.less' is
8893 deprecated and should be removed in 1.36.
8894 * The following methods were deprecated:
8895 - Title::getFirstRevision (hard deprecated)
8896 - Title::getEarliestRevTime
8897 - WikiPage::getOldestRevision (hard deprecated)
8898 - Article::getOldestRevision (hard deprecated)
8899 Use RevisionStore::getFirstRevision instead.
8900 * WikiPage::commitRollback and ::doRollback are declared to be internal
8901 in preparation for breaking changes. Neither method has any known
8902 callers outside of MediaWiki core. Both methods modify an array passed
8903 by reference ($resultDetails) - accessing the Revision objects added to
8904 that array (using the keys `current` and `target`) is also deprecated.
8905 * The following Linker methods previously accepted Revision objects as
8906 parameters. They now accept either Revision or RevisionRecord objects.
8907 Passing a Revision object is hard deprecated.
8911 - ::generateRollback
8912 - ::getRollbackEditCount
8913 - ::buildRollbackLink
8914 - ::getRevDeleteLink
8915 * WikiPage::hasDifferencesOutsideMainSlot previously accepted Revision
8916 objects for its two parameters. It now accepts RevisionRecord objects,
8917 and passing Revision objects is hard deprecated.
8918 * WikiPage::updateRevisionOn previously accepted Revision objects for its
8919 second parameter. It now accepts RevisionRecord objects, and passing
8920 Revision objects is hard deprecated.
8921 * The ParserGetVariableValueVarCache hook has been deprecated.
8922 * When using the ParserGetVariableValueSwitch hook, the following unusual
8923 uses have been deprecated: modifying the passed $magicWordId or failing to
8924 cache the returned value in $variableCache. The related
8925 MagicWordwgVariableIDs hook has been deprecated and renamed; use
8926 the GetMagicVariableIDs hook instead.
8927 * The following Parser properties have been deprecated:
8938 - ::$mGeneratedPPNodeCount
8939 - ::$mHighestExpansionDepth
8940 - ::$mDoubleUnderscores
8941 - ::$mExpensiveFunctionCount
8947 - ::$mRevisionObject
8949 - ::$mRevisionTimestamp
8954 * LinksUpdate::getRevision and ::setRevision are hard deprecated in favor
8955 of the new ::getRevisionRecord and ::setRevisionRecord methods.
8956 * A large number of exposed variables and methods of Article were deprecated as
8957 part of its planned removal:
8958 - Article::$mContext is deprecated; use getContext()/setContext() instead.
8959 - Article::__get(), ::__set() are hard deprecated, use the WikiPage properties
8961 - These Article methods were hard deprecated; use their WikiPage equivalents:
8964 - ::clearPreparedEdit,
8966 - ::doDeleteArticleReal,
8970 - ::doUpdateRestrictions,
8974 - ::getContentHandler,
8975 - ::getContentModel,
8976 - ::getContributors,
8977 - ::getDeletionUpdates,
8978 - ::getHiddenCategories,
8981 - ::getLinksTimestamp,
8983 - ::getRedirectTarget,
8987 - ::hasViewableContent,
8990 - ::insertRedirectEntry,
8995 - ::lockAndGetLatest,
8996 - ::makeParserOptions,
8998 - ::pageDataFromTitle,
8999 - ::prepareContentForEdit,
9000 - ::protectDescription,
9001 - ::protectDescriptionLog,
9002 - ::replaceSectionAtRev,
9004 - ::shouldCheckParserCache,
9005 - ::supportsSections,
9006 - ::triggerOpportunisticLinksUpdate,
9007 - ::updateCategoryCounts, and
9008 - ::updateRedirectOn.
9009 - Article::generateReason() was hard deprecated; instead, please use
9010 WikiPage::getAutoDeleteReason().
9011 - Article::replaceSectionContent() was hard deprecated, use
9012 Article::replaceSectionAtRev() instead.
9013 - Article::getRevision and WikiPage::getRevision were hard deprecated in favor
9014 of the new WikiPage::getRevisionRecord method.
9015 * A new UserNameUtils service was introduced. The following User methods
9016 were deprecated in favor of using the new service:
9023 * The signature of WikiPage::doDeleteArticleReal was changed to make the user
9024 the second parameter, and the suppression option the third parameter.
9025 Previously, the third parameter was unused. Using the old signature is
9027 * ApiQueryRevisions::getRollbackToken, which has been soft deprecated since
9028 1.24, accepted as its third parameter a Revision object. It now accepts
9029 a RevisionRecord, and passing a Revision is hard deprecated.
9030 * Passing Article to ParserCache::get() was deprecated
9031 * ParserOptions::newCanonical() with no first parameter, or null as the first
9032 parameter, which falls back to using global $wgUser, is hard deprecated.
9033 * Parser::fetchCurrentRevisionOfTitle, ::statelessFetchRevision, and
9034 ::getRevisionObject were hard deprecated in favor of the new
9035 ::fetchCurrentRevisionRecordOfTitle, ::statelessFetchRevisionRecord,
9036 and ::getRevisionRecordObject methods respectively.
9037 * ParserOptions::getCurrentRevisionCallback and ::setCurrentRevisionCallback
9038 were hard deprecated in favor of the new ::getCurrentRevisionRecordCallback
9039 and ::setCurrentRevisionRecordCallback methods respectively.
9040 * Parser::statelessFetchTemplate returns an array; accessing the Revision
9041 object returned (via the `revision` key to the array) is deprecated. Instead,
9042 use `revision-record` to retrieve the equivalent RevisionRecord.
9043 * WikiPage::doEditContent returns an array, and PageUpdater::getStatus returns
9044 a Status object with an array value. For both of those arrays, accessing the
9045 Revision object returned (via the `revision` key to the array) is deprecated.
9046 Instead, use `revision-record` to retrieve the equivalent RevisionRecord.
9047 * Page interface was deprecated. Use Article or WikiPage instead.
9048 * The following DatabaseBlock methods are deprecated because they are no longer
9049 needed in core: chooseBlock, fromMaster, deleteIfExpired.
9050 * wfGetScriptUrl() was deprecated. The script URL should be configured rather
9051 than detected. wfScript() can be used to get a configured script URL.
9052 * Action::factory() with null $action argument is hard deprecated
9053 * The following methods of the User class were deprecated: getDefaultOptions,
9054 getDefaultOption, getOptions, getOption, getBoolOption, getIntOption,
9055 setOption, listOptionKinds, getOptionKinds, resetOptions. Use corresponding
9056 methods in UserOptionsLookup or UserOptionsManager service classes instead.
9057 * UserRetrieveNewTalks hook was deprecated without replacement.
9058 * User::getNewtalk and ::setNewtalk were hard deprecated. Use service
9059 TalkPageNotificationManager instead.
9060 * EditPage::matchSpamRegex and ::matchSummarySpamRegex were hard deprecated in
9061 favor of the new SpamChecker service.
9062 * Title::getNotificationTimestamp, User::clearNotification, and
9063 User::clearAllNotifications were deprecated in favor of the new
9064 WatchlistNotificationManager service.
9065 * SpecialPage::setListed() and SpecialPage::listed() were deprecated. Subclass
9066 UnlistedSpecialPage to set listed as false, and use SpecialPage::isListed()
9068 * CategoryPage::getCategoryViewerClass() and ::setCategoryViewerClass() were
9070 * MWHttpRequest and its subclasses PhpHttpRequest, CurlHttpRequest and
9071 GuzzleHttpRequest now require the timeout and connectTimeout options to
9072 always be specified, otherwise a deprecation warning will be raised. Most
9073 callers should use HttpRequestFactory which always sets these options.
9074 * Linker::normaliseSpecialPage() has been deprecated, instead make use of
9075 LinkRenderer::normalizeTarget().
9076 * SkinTemplate::getPersonalToolsList() was soft deprecated.
9077 * ChangeTags::truncateTagDescription() has been deprecated.
9078 * The following methods of the User class are deprecated: getGroups,
9079 getGroupMemberships, getEffectiveGroups, getAutomaticGroups,
9080 addGroup, removeGroup, getFormerGroups, getAllGroups, getImplicitGroups,
9081 addAutopromoteOnceGroups. Use the new UserGroupManager service instead.
9082 * The following methods of the UserGroupMembership class were deprecated:
9083 selectFields, getMembershipsForUser, getMembership, insert, delete,
9084 newFromRow, initFromRow, purgeExpired.
9085 Use the new UserGroupManager service instead.
9086 * wfWaitForSlaves() has been hard deprecated. Use LBFactory::waitForReplication
9087 instead. It was soft deprecated in 1.27.
9088 * BaseTemplate::getAfterPortlet and ::renderAfterPortlet have been deprecated in
9089 favor of the Skin::getAfterPortlet method. Skin::getAfterPortlet does not wrap
9090 the result in a div, callers are responsible for that.
9091 The hook BaseTemplateAfterPortlet, called by both methods has been deprecated
9092 as well and is replaced by SkinAfterPortlet.
9093 * Autopromote class has been soft deprecated and it's methods moved into
9095 * SkinTemplateBuildNavUrlsNav_urlsAfterPermalink hook has been deprecated.
9096 Use SidebarBeforeOutput hook and get the revision id from the OutputPage
9098 * BaseTemplate::getToolbox() method has been soft deprecated. The toolbox data
9099 is now available in a sidebar data array which you can get from any class
9100 that's extending QuickTemplate class. The hook associated with this method,
9101 BaseTemplateToolbox, has been hard deprecated. To add items to the toolbox,
9102 use SidebarBeforeOutput hook instead.
9103 * The SkinTemplateOutputPageBeforeExec hook is deprecated.
9104 The page [[mw:Manual:Hooks/SkinTemplateOutputPageBeforeExec]] and T60137
9105 for recommendations for alternative approaches based on how developers
9106 previously used this hook.
9107 * SkinTemplateToolboxEnd hook has been deprecated. Use SidebarBeforeOutput hook
9109 * Using Skin::addToBodyAttributes() method to add body attributes has been
9110 deprecated. Use OutputPageBodyAttributes hook instead.
9111 * Installer::getDBTypes has been hard deprecated in favor of
9112 InstallerDBSupport::getDatabases
9113 * The hooks BeforeHttpsRedirect, CanIPUseHTTPS and UserRequiresHTTPS were
9114 deprecated, as part of a long-term plan to remove support for mixed
9116 * Skin::generateDebugHTML() has been hard deprecated. Call
9117 MWDebug::getHTMLDebugLog() directly.
9118 * ExternalStoreDB::getSlave(), soft deprecated in 1.34, was hard deprecated.
9119 Use ExternalStoreDB::getReplica() instead.
9120 * Less variables in mediawiki.ui/variables.less file that don't follow the
9121 standard variable naming scheme (compare WikimediaUI Base) including
9122 `@colorGray* variables have been deprecated. New variables are in place and
9123 aliases have been set. Replace occurrences and use the new variables instead.
9125 === Other changes in 1.35 ===
9126 * A new maintenance script is added (purgeExpiredWatchlistItems.php) with which
9127 to delete expired watchlist items. These items will also be deleted during
9128 wiki editing if $wgWatchlistPurgeRate is > 0. This maintenance script only
9129 has effect if $wgWatchlistExpiry is true. It is recommended that a cronjob or
9130 similar be set up to run it at least daily.
9131 * Title::purgeSquid is deprecated. Use MediaWikiServices::getHtmlCacheUpdater.
9132 * SpecialVersion::getExtLicenseFileName() has been deprecated, use
9133 MediaWiki\ExtensionInfo::getLicenseFileNames() instead.
9134 * SpecialVersion::getExtAuthorsFileName() has been deprecated, use
9135 MediaWiki\ExtensionInfo::getAuthorsFileName() instead.
9136 * Migration to the new content storage schema is complete, all backwards
9137 compatibility code and duplication in the database have been removed.
9138 The old schema was a 1:1 relationship modeled by
9139 revision.text_id -> text.old_id. The new schema is a n:m relationship,
9140 revision.rev_id <- slots.slot_revision_id|slots.slot_content_id ->
9141 content.content_id|content.content_address -> text.old_id. The same applies
9142 to the archive table.
9143 The following fields were removed:
9144 - revision.rev_text_id, replaced by content.content_address
9145 - revision.rev_content_model, replaced by content.content_model,
9146 referencing content_models.model_id
9147 - revision.rev_content_format, replaced by automatic detecting in
9149 - archive.ar_text_id, replaced by content.content_address
9150 - archive.ar_content_model, replaced by content.content_model,
9151 referencing content_models.model_id
9152 - archive.ar_content_format, replaced by automatic detecting in
9154 * Migration to normalized storage of edit comments and user names is
9155 progressing. The following fields were unused and have been removed:
9156 - revision.rev_comment,
9157 replaced by rev_comment_id referencing comment.comment_id.
9158 - revision.rev_user and rev_user_text,
9159 replaced by rev_actor referencing actor.actor_id.
9160 Note that archive.ar_user, archive.ar_user_text, and archive.ar_comment
9161 had already been removed in previous releases.
9162 * The printableversion has been marked as deprecated per T167956.
9163 * (T30162, T245387) The installer supports using a Postgres server running
9164 on a custom port other than 5432.
9167 MediaWiki 1.35 requires PHP 7.3.19 or later, and the following PHP extensions:
9177 MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
9178 but support for them is somewhat less mature.
9180 The supported versions are:
9182 * MySQL 5.5.8 or later
9183 * PostgreSQL 9.2 or later
9184 * SQLite 3.8.0 or later
9186 == Online documentation ==
9187 Documentation for both end-users and site administrators is available on
9188 MediaWiki.org, and is covered under the GNU Free Documentation License (except
9189 for pages that explicitly state that their contents are in the public domain):
9191 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
9194 A mailing list is available for MediaWiki user support and discussion:
9196 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
9198 A low-traffic announcements-only list is also available:
9200 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
9202 It's highly recommended that you sign up for one of these lists if you're
9203 going to run a public MediaWiki, so you can be notified of security fixes.
9206 There's usually someone online in #mediawiki on irc.libera.chat.
9210 == MediaWiki 1.34.4 ==
9212 This is a maintenance release of the MediaWiki 1.34 branch.
9214 === Changes since MediaWiki 1.34.3 ===
9215 * Fixed issue relating to backporting of changes for T260485.
9217 == MediaWiki 1.34.3 ==
9219 This is a security and maintenance release of the MediaWiki 1.34 branch.
9221 === Changes since MediaWiki 1.34.2 ===
9222 * In the web installer, use secure session cookies.
9223 * Make UsersPager::requestedGroup public.
9224 * (T257407) Split patch-drop-user-fields.sql into patch per table.
9225 * (T257356) Split patch-drop-comment-fields.sql into patch per table.
9226 * (T257997) Undeprecate WebInstaller::getInfoBox().
9227 * Added $wgForceHTTPS, which makes the HTTP to HTTPS redirect be unconditional
9228 and suppresses various hacks needed to support mixed HTTP/HTTPS wikis. We
9229 recommend this be set to true on pure HTTPS wikis.
9230 * Added $wgCookieSameSite, which allows login cookies to be sent with
9231 SameSite=None. This is required for cross-site CentralAuth autologin after
9233 * Added $wgUseSameSiteLegacyCookies, which adds a compatibility hack to
9234 SameSite=None cookies for browsers which implemented an incompatible draft
9235 version of the specification.
9236 * (T257207) shell: Expand documentation in firejail.profile.
9237 * (T246135) Give the "remember me" checkbox a specific CSS class so skins
9238 like Minerva can only hide that checkbox.
9239 * (T256287) rdbms: improve DBConnRef domain selection exception message.
9240 * (T248191, T259123) phpunit: Acknowledge known dberror from
9241 SpecialPageFatalTest.
9242 * (T256394, T259123) Cleanup up excess commit() call in LocalRepoTest.
9243 * Fix runBatchedQuery.php for no result from select.
9244 * (T130906) Add Edge to MediaWiki:Clearyourcache.
9245 * (T249521) reassignEdits: Update script to use User::newFromName for anon
9247 * (T172060) GlobalFunctions: Use php_uname instead of posix_uname.
9248 * Use IPset in MWRestrictions::checkIP.
9249 * (T260031) Add application/font-sfnt to MimeMap for ttf files.
9250 * shell: Make ->restrict( RESTRICT_NONE ) actually work.
9251 * (T183759) Fixes shell edge-cases in Windows.
9252 * (T258390) Add CentralIdLookup::factoryNonLocal().
9253 * (T246991) User: Fix pingLimiter() to use makeGlobalKey() for global rate
9255 * (T232568, CVE-2020-25813) SECURITY: Special:UserRights exposes the existence
9257 * (T251661, CVE-2020-25827) SECURITY: User::pingLimiter: add user-global rate
9259 * (T246991) User: enforce pingLimiter() expiry time.
9260 * (T260232) don't include null page ids in query list for category dumps.
9261 * (T251506) Sanitizer: Truncate IDs to a reasonable length.
9262 * (T262900) Fix failure of rebuildLocalisationCache.php due to RL hook.
9263 * Explicitly wrap some XML calls in libxml_disable_entity_loader().
9264 * (T263455 T247285) Set EnableJavaScriptTest to true in
9265 includes/DevelopmentSettings.php.
9266 * (T232568, CVE-2020-25813) SECURITY: SpecialUserrights: If a viewer lacks
9267 `hideuser`, ignore hidden users.
9268 * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on
9269 Special:Contributions.
9270 * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within
9272 * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking
9273 firejail's --output functionality.
9274 * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and
9276 * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in
9277 mw.message( ... ).parse().
9278 * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct
9280 * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used.
9282 == MediaWiki 1.34.2 ==
9284 This is a security and maintenance release of the MediaWiki 1.34 branch.
9286 === Changes since MediaWiki 1.34.1 ===
9287 * (T247017) PasswordReset performance improvements.
9288 * The MultiHttpClient code will fallover to non-curl if curl_multi* is blocked.
9289 * (T250568) Work around change in SimpleXMLElement behavior introduced in PHP
9291 * (T251789) Let $wgResourceLoaderMaxQueryLength=-1 fallback to default.
9292 * Remove some rotten and out of date documentation.
9293 * (T252311) Improvements to some older SQLite update patches.
9294 * (T240307) Minor fixes to extension.schema.v2.json and
9295 extension.schema.v1.json.
9296 * (T238043) cleanupUsersWithNoId.php: Handle missing fields.
9297 * (T199474) Set rc_patrolled to 2 for autopatrolled changes in
9298 rebuildrecentchanges.php.
9299 * (T229461) Update the change_tag table in rebuildrecentchanges.php.
9300 * (T249730) Password Reset Updates.
9301 * (T234450) Per-user concurrency in SpecialContributions can now be limited by
9302 setting $wgPoolCounterConf['SpecialContributions'] appropriately.
9303 * (T248947) SECURITY: img_auth.php may leak private extension images into the
9306 == MediaWiki 1.34.1 ==
9308 This is a security and maintenance release of the MediaWiki 1.34 branch.
9310 === Changes since MediaWiki 1.34.0 ===
9311 * (T211450) User: better error message when getActorId fails.
9312 * (T241340) Don't redefine MW_ENTRY_POINT in thumb.php if already defined.
9313 * (T236444) User: Allow newSystemUser() to create over anonymous actors.
9314 * (T238483) Fix NewPagesPager "hide registered users" option.
9315 * (T245072) mediawiki.language: Rename languageData back to languageNames.
9316 * Use proper SemVer comparison in CheckComposerLockUpToDate.
9317 * (T212738) Add the MW_VERSION constant, global $wgVersion is soft deprecated.
9318 * (T246127) Fix error when initialising updateCollation.php.
9319 * Update comment about PHP versions supported by The PHP Group.
9320 * (T247215) Fix output of RecountCategories::doWork().
9321 * Add check for page existence to view.php maintenance script.
9322 * (T245149) Fix fetching login token from action=query&meta=tokens on private
9324 * (T236509) SECURITY: Fix HTML escaping in UserGroupMembership::getLink().
9325 * (T232932) SECURITY: User content can redirect the logout button to different
9327 * (T246602) SECURITY: jquery.makeCollapsible allows applying event handler to
9330 == MediaWiki 1.34.0 ==
9332 === Changes since MediaWiki 1.34.0-rc.1 ===
9333 * $wgDiffEngine (T237049) – This configuration can be used to specify which
9334 difference engine to use. MediaWiki continues to default to automatically
9335 choosing the first of $wgExternalDiffEngine, wikidiff2, or php that is
9337 * (T231866) SqlBlobStore no longer needs Language object.
9338 * (T236735) WikiExporter: Remove unnecessary check for SCHEMA_COMPAT_WRITE_OLD
9340 * (T231673) Set MCR migration stage to SCHEMA_COMPAT_NEW.
9341 * (T229601) Make sure DBLoadBalancerFactory service is not disabled.
9342 * (T232866) Fix support for HTTP/2 in MultiHttpClient.
9343 * (T231866) LocalisationCache: Don't instantiate ResourceLoader.
9344 * (T227461) Stop calling deprecated Redis delete functions.
9345 * (T239561) Mark options as requiring parameters in addSite.php.
9346 * (T232866) Mimic CURLOPT_POST in GuzzleHttpRequest.
9347 * (T239734) Replace deprecated lSize with lLen in Redis code.
9348 * (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset.
9349 * (T239428) ApiEditPage: Test for bad redirect targets.
9350 * (T233342) rdbms: Log debug message traces as 'exception.trace' instead of
9352 * (T226751) media: Log and fail gracefully on invalid EXIF coordinates.
9353 * (T240924) NewPagesPager: Fix namespace query conditions.
9354 * (T212067) Tests for an old PHP bug in parse_url.
9356 == MediaWiki 1.34.0-rc.1 ==
9358 === Changes since MediaWiki 1.34.0-rc.0 ===
9359 * (T231742) rdbms: Restore debug toolbar "Queries" feature.
9360 * (T231366) The ProfilerOutputDb class, 'profiling' table, and profileinfo.php
9361 entry point had been deprecated.
9362 * (T234361) localisation: Add debug message for backend of MessageCache.
9363 * (T234361) session: Add debug message for the used store class.
9364 * (T235559) Fix example Kask configuration in RESTBagOStuff class comment.
9365 * (T235137) Don't apply styling for Special:Contributions on other pages.
9366 * Upgrade mediawiki-codesniffer from 26.0.0 to 28.0.0 (dev-only).
9367 * (T219604) The "jquery.ui.*" and "jquery.effects.*" modules are now
9368 deprecated as aliases for the "jquery.ui" module.
9369 * (T235392) Deprecate setting Parser::mTitle to null.
9370 * Supporting commits for T235392 were also backported to prevent divergence
9371 from master (MediaWiki 1.35).
9372 * (T234581) The 'jquery.tabIndex' module is deprecated.
9373 * Fix docs for GetUserBlock hooks.
9374 * Parser: Hard deprecate getConverterLanguage.
9375 * (T236810) A number of public methods of Parser were exposed only for
9376 historical reasons and have been deprecated: doMagicLinks,
9377 doDoubleUnderscore, doHeadings, doAllQuotes, replaceExternalLinks,
9378 replaceInternalLinks, replaceInternalLinks2, getVariableValue,
9379 initialiseVariables, formatHeadings, testPst, testPreprocess, testSrvus,
9380 areSubpagesAllowed, maybeDoSubpageLink, splitWhitespace, createAssocArgs,
9381 armorLinks, makeKnownLinkHolder, getImageParams, parseLinkParameter,
9382 stripAltText, replaceLinkHolders, replaceLinkHoldersText, armorLinks,
9383 makeKnownLinkHolder, getImageParams, parseLinkParameter, stripAltText.
9384 * (T30798) $wgServer must now always be set in LocalSettings.php. This is most
9385 likely the case already for any wiki installed after 1.18. The autodetection
9386 system was informally deprecated since 1.18 and vulnerable to cache poisoning
9387 attacks. Older wikis may need to update their LocalSettings.php file.
9388 * (T232169) Hard deprecate $wgSysopEmailBans.
9389 * (T236628) Fix for ArticleRevisionViewCustom hook in DifferenceEngine.php.
9390 * (T181658) Do not insert page titles into querycache.qc_value.
9391 * ParamValidator has been flagged as unstable.
9392 * Hard deprecate Parser::disableCache().
9394 == MediaWiki 1.34.0-rc.0 ==
9396 == Upgrading notes for 1.34 ==
9397 1.34 has several database changes since 1.33, and will not work without schema
9398 updates. Note that due to changes to some very large tables like the revision
9399 table, the schema update may take quite long (minutes on a medium sized site,
9400 many hours on a large site).
9402 Don't forget to always back up your database before upgrading!
9404 See the file UPGRADE for more detailed upgrade instructions, including
9405 important information when upgrading from versions prior to 1.11.
9407 Some specific notes for MediaWiki 1.34 upgrades are below:
9409 * MediaWiki now requires PHP 7.2.9 or above.
9410 * MediaWiki no longer supports HHVM.
9412 For notes on 1.33.x and older releases, see HISTORY.
9414 === Configuration changes for system administrators in 1.34 ===
9416 In an effort to enforce best practices for passwords, MediaWiki will now warn
9417 users, and suggest that they change their password, if it is in the list of
9418 100,000 commonly used passwords that are considered bad passwords. If you want
9419 to disable this for your users, please add the following to your local settings:
9421 $wgPasswordPolicy['policies']['default']['PasswordNotInLargeBlacklist'] = false;
9423 ==== New configuration ====
9424 * $wgAllowExternalReqID (T201409) - This configuration setting controls whether
9425 MediaWiki accepts the request ID set by the incoming request via the
9426 `X-Request-Id` header. If set to `true`, that value will be used throughout
9427 the code as the request identificator. Otherwise, the sent header will be
9428 ignored and the request ID will either be taken from Apache's mod_unique
9429 module or will be generated by MediaWiki itself (depending on the set-up).
9430 * $wgEnableSpecialMute (T218265) - This configuration controls whether
9431 Special:Mute is available and whether to include a link to it on emails
9432 originating from Special:Email.
9433 * editmyuserjsredirect user right – users without this right now cannot edit JS
9434 redirects in their userspace unless the target of the redirect is also in
9435 their userspace. By default, this right is given to everyone.
9436 * (T226733) Add rate limiter to Special:ConfirmEmail.
9437 * $wgDiffEngine (T237049) – This configuration can be used to specify which
9438 difference engine to use. MediaWiki continues to default to automatically
9439 choosing the first of $wgExternalDiffEngine, wikidiff2, or php that is
9442 ==== Changed configuration ====
9443 * $wgUseCdn, $wgCdnServers, $wgCdnServersNoPurge, and $wgCdnMaxAge – These four
9444 CDN-related config variables have been renamed from being specific to Squid –
9445 they were previously $wgUseSquid, $wgSquidServers, $wgSquidServersNoPurge, and
9446 $wgSquidMaxage respectively. This aligns them with the related existing
9447 variable $wgCdnMaxageLagged. The previous configuration variable names are
9448 deprecated, but will be used as the fall back if they are still set.
9449 Note that wgSquidPurgeUseHostHeader has not been renamed, as it is deprecated.
9450 * (T27707) File type checks for image uploads have been relaxed to allow files
9451 containing some HTML markup in metadata. As a result, the $wgAllowTitlesInSVG
9452 setting is no longer applied and is now always true. Note that MSIE 7 may
9453 still be able to misinterpret certain malformed PNG files as HTML.
9454 * (T30798) $wgServer must now always be set in LocalSettings.php. This is most
9455 likely the case already for any wiki installed after 1.18. The autodetection
9456 system was informally deprecated since 1.18 and vulnerable to cache poisoning
9457 attacks. Older wikis may need to update their LocalSettings.php file.
9458 * Introduced $wgVerifyMimeTypeIE to allow disabling the MSIE 6/7 file type
9459 detection heuristic on upload, which is more conservative than the checks
9460 that were changed above.
9461 * $wgExternalDiffEngine — Setting this to a string value of 'wikidiff',
9462 'wikidiff2', or 'wikidiff3' will no longer work. This legacy behaviour was
9463 deprecated in MediaWiki 1.27, 1.32, and 1.27, respectively.
9464 * $wgSkipSkin — Setting this instead of $wgSkipSkins, deprecated in 1.23, is now
9466 * $wgLocalInterwiki — Setting this instead of $wgLocalInterwikis, deprecated in
9467 1.23, is now hard-deprecated.
9468 * $wgProfileOnly — Setting this, deprecated in 1.23, is now hard-deprecated.
9469 Instead, set the log file in $wgDebugLogGroups['profileoutput'].
9470 * $wgProxyList — Setting this to an array with IP addresses in the array keys,
9471 which was deprecated in 1.30, no longer works. Instead, $wgProxyList should be
9472 an array with IP addresses as the values, or a string path to a file
9473 containing one IP address per line.
9474 * $wgCookieSetOnAutoblock and $wgCookieSetOnIpBlock are now enabled by default.
9476 ==== Removed configuration ====
9477 * $wgWikiDiff2MovedParagraphDetectionCutoff — If you still want a custom change
9478 size threshold, please specify in php.ini, using the configuration variable
9479 wikidiff2.moved_paragraph_detection_cutoff.
9480 * $wgUseESI - This experimental setting, deprecated in 1.33, is now removed.
9481 * $wgDebugPrintHttpHeaders - The default of including HTTP headers in the
9482 debug log channel is no longer configurable. The debug log itself remains
9483 configurable via $wgDebugLogFile.
9484 * $wgMsgCacheExpiry - The MessageCache uses 24 hours as the expiry for values
9485 stored in WANObjectCache. This is no longer configurable.
9486 * $wgPasswordSalt – This setting, used for migrating exceptionally old, insecure
9487 password setups and deprecated since 1.24, is now removed.
9488 * $wgDBOracleDRCP - If you must use persistent connections, set DBO_PERSISTENT
9489 in the 'flags' field for servers in $wgDBServers (or $wgLBFactoryConf).
9490 * $wgMemCachedDebug - Set the cache "debug" field in $wgObjectCaches instead.
9491 * $wgActorTableSchemaMigrationStage has been removed. Extension code for
9492 MediaWiki 1.31+ finding it unset should treat it as being SCHEMA_COMPAT_NEW.
9494 === New user-facing features in 1.34 ===
9495 * Special:Mute has been added as a quick way for users to block unwanted emails
9496 from other users originating from Special:EmailUser.
9497 * (T207577) Special:NewSection has been created as a shortcut to creating a new
9498 section on a page. When linked to, its subpage is used as the target
9499 ([[Special:NewSection/Test]] redirects to creating a new section in "Test").
9500 Otherwise, it displays a basic interface to allow the end user to specify
9501 the target manually.
9502 * (T220447) Special:Contributions/newbies has been removed for performance and
9503 usefulness reasons. Use Special:RecentChanges?userExpLevel=newcomer instead.
9504 * Special:NewFiles/newbies has been removed for performance and usefulness
9505 reasons. Use Special:RecentChanges?userExpLevel=newcomer&namespace=6 instead.
9507 === New developer features in 1.34 ===
9508 * The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification
9509 of headers in private wikis.
9510 * Language::formatTimePeriod now supports the new 'avoidhours' option to output
9511 strings like "5 days ago" instead of "5 days 13 hours ago".
9512 * (T220163) Added SpecialMuteModifyFormFields hook to allow extensions
9513 to add fields to Special:Mute.
9514 * (T100896) Skin authors can define custom OOUI themes using OOUIThemePaths.
9515 See <https://www.mediawiki.org/wiki/OOUI/Themes> for details.
9516 * (T229035) The GetUserBlock hook was added. Use this instead of
9518 * ObjectFactory is available as a service. When used as a service, the object
9519 specs can now specify needed DI services.
9520 * (T222388) Special pages can now be specified as an ObjectFactory spec,
9521 allowing the construction of special pages that require services to be
9522 injected in their constructor.
9523 * (T222388) API modules can now be specified as an ObjectFactory spec,
9524 allowing the construction of modules that require services to be injected
9525 in their constructor.
9526 * (T117736) The function signature of SpecialContributions::getForm::filters
9527 has changed. It now expects definitions of additional filter fields as array
9530 === External library changes in 1.34 ===
9532 ==== Changed external libraries ====
9533 * Updated Mustache from 1.0.0 to v3.0.1.
9534 * Updated OOUI from v0.31.3 to v0.34.0.
9535 * Updated OOjs from v2.2.2 to v3.0.0.
9536 * Updated composer/semver from 1.4.2 to 1.5.0.
9537 * Updated composer/spdx-licenses from 1.4.0 to 1.5.1 (dev-only).
9538 * Updated mediawiki/codesniffer from 25.0.0 to 28.0.0 (dev-only).
9539 * Updated cssjanus/cssjanus from 1.2.1 to 1.3.0.
9540 * Updated wikimedia/at-ease from 1.2.0 to 2.0.0.
9541 * Updated wikimedia/remex-html from 2.0.1 to 2.1.0.
9542 * Updated monolog/monolog from 1.22.1 to 1.24.0 (dev-only).
9543 * Updated wikimedia/object-factory from 1.0.0 to 2.1.0.
9544 * Updated wikimedia/timestamp from 2.2.0 to 3.0.0.
9545 * Updated wikimedia/xmp-reader from 0.6.2 to 0.6.3.
9546 * Updated mediawiki/mediawiki-phan-config from 0.6.0 to 0.6.1 (dev-only).
9547 * Updated wikimedia/avro from 1.8.0 to 1.9.0 (dev-only).
9549 ==== Removed external libraries ====
9550 * The jquery.async module, deprecated in 1.33, was removed.
9552 === Bug fixes in 1.34 ===
9553 * (T222529) If a log entry or page revision is recorded in the database with an
9554 empty username, attempting to display it will log an error and return a "no
9555 username available" to the user instead of silently displaying nothing or
9558 === Action API changes in 1.34 ===
9559 * The 'recenteditcount' response property from action=query list=allusers,
9560 deprecated in 1.25, has been removed.
9561 * (T60993) action=query list=filearchive, list=alldeletedrevisions and
9562 prop=deletedrevisions no longer require the 'deletedhistory' user right.
9563 * In the response to queries that use 'prop=imageinfo', entries for
9564 non-existing files (indicated by the 'filemissing' field) now omit the
9565 following fields, since they are meaningless in this context:
9566 'timestamp', 'userhidden', 'user', 'userid', 'anon', 'size', 'width',
9567 'height', 'pagecount', 'duration', 'commenthidden', 'parsedcomment',
9568 'comment', 'thumburl', 'thumbwidth', 'thumbheight', 'thumbmime',
9569 'thumberror', 'url', 'sha1', 'metadata', 'extmetadata', 'commonmetadata',
9570 'mime', 'mediadtype', 'bitdepth'.
9571 Clients that process these fields should first check if 'filemissing' is
9572 set. Fields that are supported even if the file is missing include:
9573 'canonicaltitle', 'archivename' (deleted files only), 'descriptionurl',
9574 'descriptionshorturl'.
9575 * The 'blockexpiry' result property in list=users and list=allusers will now be
9576 returned in the same format used by the rest of the API: ISO 8601 for
9577 expiring blocks, and "infinite" for non-expiring blocks.
9579 === Action API internal changes in 1.34 ===
9580 * The exception thrown in ApiModuleManager::getModule has been changed
9581 from an MWException to an UnexpectedValueException, thrown by ObjectFactory.
9582 ApiModuleManager::getModule now also throws InvalidArgumentExceptions when
9583 ObjectFactory is presented with an invalid spec or incorrectly constructed
9585 * Added ApiQueryBlockInfoTrait.
9587 === Languages updated in 1.34 ===
9588 MediaWiki supports over 350 languages. Many localisations are updated regularly.
9589 Below only new and removed languages are listed, as well as changes to languages
9590 because of Phabricator reports.
9592 * (T152908) Added language support for N'Ko (nqo).
9594 === Breaking changes in 1.34 ===
9595 * The global functions wfSuppressWarnings and wfRestoreWarnings, deprecated in
9596 1.26, have been removed. Use Wikimedia\AtEase\AtEase::suppressWarnings() and
9597 Wikimedia\AtEase\AtEase::restoreWarnings() directly.
9598 * Preferences class, deprecated in 1.31, has been removed.
9599 * The following parts of code, deprecated in 1.32, were removed in favor of
9600 built-in PHP functions:
9603 * Functions of the MWCryptRand class: singleton(), wasStrong() and generate().
9604 * Various Special Page PHP Classes were renamed (mostly casing changes):
9605 * SpecialAncientpages => SpecialAncientPages
9606 * SpecialConfirmemail => SpecialConfirmEmail
9607 * SpecialDeadendpages => SpecialDeadendPages
9608 * SpecialFewestrevisions => SpecialFewestRevisions
9609 * SpecialListredirects => SpecialListRedirects
9610 * SpecialLonelypages => SpecialLonelyPages
9611 * SpecialLongpages => SpecialLongPages
9612 * SpecialMIMEsearch => SpecialMIMESearch
9613 * SpecialMostcategories => SpecialMostCategories
9614 * SpecialMostinterwikis => SpecialMostInterwikis
9615 * SpecialMostlinked => SpecialMostLinked
9616 * SpecialMostlinkedcategories => SpecialMostLinkedCategories
9617 * SpecialMostlinkedtemplates => SpecialMostLinkedTemplates
9618 * SpecialMostrevisions => SpecialMostRevisions
9619 * SpecialNewimages => SpecialNewFiles
9620 * SpecialShortpages => SpecialShortPages
9621 * SpecialUncategorizedcategories => SpecialUncategorizedCategories
9622 * SpecialUncategorizedimages => SpecialUncategorizedImages
9623 * SpecialUncategorizedpages => SpecialUncategorizedPages
9624 * SpecialUncategorizedtemplates => SpecialUncategorizedTemplates
9625 * SpecialUnusedcategories => SpecialUnusedCategories
9626 * SpecialUnusedimages => SpecialUnusedImages
9627 * SpecialUnusedtemplates => SpecialUnusedTemplates
9628 * SpecialUnwatchedpages => SpecialUnwatchedPages
9629 * SpecialWantedcategories => SpecialWantedCategories
9630 * SpecialWantedtemplates => SpecialWantedTemplates
9631 * SpecialWithoutinterwiki => SpecialWithoutInterwiki
9632 * Language::setCode, deprecated in 1.32, was removed. Use Language::factory to
9633 create a new Language object with a different language code.
9634 * MWNamespace::clearCaches() has been removed. So has the $rebuild parameter
9635 to MWNamespace::getCanonicalNamespaces(), which was deprecated since 1.31.
9636 Instead, reset services, such as by calling $this->overrideMwServices() (if
9637 your test extends MediaWikiTestCase). Services will generally not pick up
9638 configuration changes from after they were created, so you must reset
9639 services after any configuration change. Even if your code works now, it is
9640 likely to break in future versions as more code is moved to services.
9641 * The ill-defined "DatabaseOraclePostInit" hook has been removed.
9642 * PreferencesFormLegacy and PreferencesForm classes, deprecated in 1.32, have
9644 * ObjectFactory class, deprecated in 1.31, has been removed.
9645 * HWLDFWordAccumudlator class, deprecated in 1.28, has been removed.
9646 * XMPInfo, XMPReader and XMPValidate, deprecated in 1.32, have been removed.
9647 * The RedirectSpecialPage::execute method could sometimes return a Title object.
9648 This behavior was removed, and the method now matches the parent signature
9649 (SpecialPage::execute) which is to return HTML string or void.
9650 To obtain the destination title, use RedirectSpecialPage::getRedirect.
9651 * The 'recenteditcount' response property from action API action=query
9652 list=allusers, deprecated in 1.25, has been removed.
9653 * SearchEngine::userNamespaces(), SearchEngine::namespacesAsText(),
9654 SearchEngine::create(), SearchEngine::getSearchTypes() and
9655 SearchEngine::getNearMatch(), methods deprecated in 1.27, have been removed.
9656 * FileRepo::streamFile(), deprecated in 1.26, has been removed.
9657 * User::randomPassword() method, deprecated in 1.27, have been removed.
9658 * MWNamespace::canTalk(), deprecated in 1.30, have been removed.
9659 * Parser class property $mUniqPrefix, deprecated in 1.26, has been removed.
9660 * wfArrayFilter() and wfArrayFilterByKey(), deprecated in 1.32, have been
9662 * wfMakeUrlIndexes() function, deprecated in 1.33, have been removed.
9663 * Method signatures in WatchedItemQueryServiceExtension have changed from taking
9664 User objects to taking UserIdentity objects. Extensions implementing this
9665 interface need to be changed accordingly.
9666 * User::getGroupPage() and ::makeGroupLinkHTML(), deprecated in 1.29, have been
9667 removed. Use UserGroupMembership::getGroupPage and ::getLink instead.
9668 * User::makeGroupLinkWiki(), deprecated in 1.29, has been removed. Use
9669 UserGroupMembership::getLink() instead.
9670 * SavepointPostgres, deprecated in 1.31, has been removed.
9671 * OutputPage::enableSectionEditLinks(), OutputPage::sectionEditLinksEnabled(),
9672 ParserOptions::getEditSection(), ParserOptions::setEditSection(), and
9673 ParserOutput::getEditSectionTokens, ::getTOCEnabled, ::setEditSectionTokens,
9674 and ::setTOCEnabled, deprecated in 1.31, have been removed.
9675 * EditPage::safeUnicodeInput() and ::safeUnicodeOutput(), deprecated in 1.30,
9677 * Four methods in OutputPage, deprecated in 1.32, have been removed. You should
9678 use OutputPage::showFatalError or throw a FatalError instead. The methods are
9679 ::showFileCopyError(), ::showFileRenameError(), ::showFileDeleteError(), and
9680 ::showFileNotFoundError().
9681 * ApiBase::truncateArray(), deprecated in 1.32, has been removed.
9682 * IcuCollation::getICUVersion(), deprecated in 1.32, has been removed. Use PHP's
9683 INTL_ICU_VERSION constant directly.
9684 * HTMLForm::setSubmitProgressive(), deprecated in 1.32, has been removed.
9685 * ResourceLoaderStartUpModules::getStartupModules() and ::getLegacyModules(),
9686 both deprecated in 1.32, have been removed.
9687 * BaseTemplate::msgHtml() and QuickTemplate::msgHtml(), deprecated in 1.32, have
9688 been removed. Use ->msg() or ->getMsg() instead.
9689 * WatchAction::getUnwatchToken(), deprecated in 1.32, has been removed. Instead,
9690 use WatchAction::getWatchToken() with action 'unwatch' directly.
9691 * Language::initEncoding(), ::recodeForEdit(), and recodeInput(), deprecated in
9692 1.28, have been removed.
9693 * PageArchive::getTextFromRow(), ::listAllPages(), and ::getLastRevisionText(),
9694 deprecated in 1.32, have been removed.
9695 * OutputPage::getModuleScripts(), ParserOutput::getModuleScripts(), deprecated
9696 in 1.33, have been removed.
9697 * User::getPasswordValidity(), deprecated in 1.33, has been removed.
9698 * ApiQueryBase::prepareUrlQuerySearchString(), deprecated in 1.33, has been
9700 * ChangeTags::purgeTagUsageCache(), deprecated in 1.33, has been removed.
9701 * JobQueueGroup::pushLazyJobs(), deprecated in 1.33, has been removed.
9702 * MediaWikiTestCase::stashMwGlobals(), deprecated in 1.32, has been removed.
9703 * SearchEngine::transformSearchTerm(), deprecated in 1.32, has been removed.
9704 * The Block typehint only refers to blocks stored in the database. It should be
9705 updated to AbstractBlock in cases where any type of block could be expected.
9706 * FileRepoStatus, deprecated in 1.25, has been removed.
9707 * The LegacyHookPreAuthenticationProvider class, deprecated since its creation
9708 in 1.27, has been removed.
9709 * IP::isValidBlock(), deprecated in 1.30, has been removed.
9710 * WikiPage::prepareContentForEdit now doesn't accept an integer for $revision,
9711 was deprecated in 1.25.
9712 * The jquery.byteLength module, deprecated in 1.31, was removed.
9713 Use the mediawiki.String module instead.
9714 * mw.language.specialCharacters, deprecated in 1.33, has been removed.
9715 Use require( 'mediawiki.language.specialCharacters' ) instead.
9716 * The jquery.colorUtil module was removed. Use jquery.color instead.
9717 * The jquery.checkboxShiftClick module was removed. The functionality
9718 is provided by mediawiki.page.ready instead (T232688).
9719 * The 'jquery.accessKeyLabel' module has been removed. This jQuery
9720 plugin now ships as part of the 'mediawiki.util' module bundle.
9721 * EditPage::submit(), deprecated in 1.29, has been removed. Use $this->edit()
9723 * HTMLForm::getErrors(), deprecated in 1.28, has been removed. Use
9724 getErrorsOrWarnings() instead.
9725 * SpecialPage::getTitle(), deprecated in 1.23, has been removed. Use
9726 SpecialPage::getPageTitle() instead.
9727 * jquery.ui.effect-bounce, jquery.ui.effect-explode, jquery.ui.effect-fold
9728 jquery.ui.effect-pulsate, jquery.ui.effect-slide, jquery.ui.effect-transfer,
9729 which are no longer used, have now been removed.
9730 * SpecialEmailUser::validateTarget(), ::getTarget() without a sender/user
9731 specified, deprecated in 1.30, have been removed.
9732 * BufferingStatsdDataFactory::getBuffer(), deprecated in 1.30, has been removed.
9733 * The constant DB_SLAVE, deprecated in 1.28, has been removed. Use DB_REPLICA.
9734 * The constants NS_IMAGE and NS_IMAGE_TALK, deprecated in 1.14, have been
9735 removed. Use NS_FILE and NS_FILE_TALK respectively.
9736 * Replacer, DoubleReplacer, HashtableReplacer and RegexlikeReplacer
9737 (deprecated in 1.32) have been removed. Closures should be used instead.
9738 * OutputPage::addWikiText(), ::addWikiTextWithTitle(), ::addWikiTextTitleTidy(),
9739 ::addWikiTextTidy(), ::addWikiTextTitle(), deprecated in 1.32, have been
9741 * The $wgUseKeyHeader configuration option and the OutputPage::getKeyHeader()
9742 method, deprecated in 1.32, have been removed.
9743 * WebInstallerOutput::addWikiText(), deprecated in 1.32, has been removed.
9744 * Parser::fetchFile(), deprecated in 1.32, has been removed. Use the method
9745 Parser::fetchFileAndTitle() instead.
9746 * The global function wfBCP47, deprecated in 1.31, has been removed.
9747 * wfCountDown() function, deprecated in 1.31, has been removed. Use
9748 \Maintenance::countDown() method instead.
9749 * OutputPage::wrapWikiMsg() no longer accepts an options parameter. This was
9750 deprecated since 1.20.
9751 * Skin::outputPage() no longer accepts a context. This was deprecated in 1.20.
9752 * Linker::link() no longer accepts a string for the query array, as was
9754 * PrefixSearch::titleSearch(), deprecated in 1.23, has been removed. Use the
9755 SearchEngine::defaultPrefixSearch or ::completionSearch() methods instead.
9756 * The UserRights hook, deprecated in 1.26, has been removed. Instead, use the
9757 UserGroupsChanged hook.
9758 * Skin::getDefaultInstance(), deprecated in 1.27, has been removed. Get the
9759 instance from MediaWikiServices instead.
9760 * The UserLoadFromSession hook, deprecated in 1.27, has been removed.
9761 * The wfResetSessionID global function, deprecated in 1.27, has been removed.
9762 Use MediaWiki\Session\SessionManager instead.
9763 * The wfGetLBFactory global function, deprecated in 1.27, has been removed.
9764 Use MediaWikiServices::getInstance()->getDBLoadBalancerFactory().
9765 * The internal method OutputPage->addScriptFile() will no longer silently drop
9766 calls that use an invalid path (i.e., something other than an absolute path,
9767 protocol-relative URL, or full scheme URL), and will instead pass them to the
9768 client where they will likely 404. This usage was deprecated in 1.24.
9769 * Database::reportConnectionError, deprecated in 1.32, has been removed.
9770 * APIEditBeforeSave hook, deprecated in 1.28, has been removed. Please see
9771 EditFilterMergedContent hook for an alternative way to use this feature.
9772 * API module methods getDescription(), getParamDescription(), & getExamples(),
9773 all deprecated in 1.25 and ignored, have been removed.
9774 * The API module method getDescriptionMessage(), deprecated in 1.30, has been
9776 * The JavaScript global variable wgLoadScript has been removed. Use
9777 mw.util.wikiScript( 'load' ) instead.
9778 * ResourceLoader no longer creates the 'mw.legacy' placeholder object. It has
9779 been unused since 1.16 and was deprecated in 1.22. To deprecate a property
9780 in JavaScript, use mw.log.deprecate() instead.
9781 * The 'user.groups' module, deprecated in 1.28, was removed.
9782 Use the 'user' module instead.
9783 * The ResourceLoaderContext::expandModuleNames method, deprecated in 1.33, was
9784 removed. Use ResourceLoader::expandModuleNames instead.
9785 * The ability to override User::$mRights has been removed. Use
9786 PermissionManager::addTemporaryUserRights() instead.
9787 * Previously, when iterating ResultWrapper with foreach() or a similar
9788 construct, the range of the index was 1..numRows. This has been fixed to be
9790 * The ChangePasswordForm hook, deprecated in 1.27, has been removed. Use the
9791 AuthChangeFormFields hook or security levels instead.
9792 * WikiMap::getWikiIdFromDomain(), deprecated in 1.33, has been removed.
9793 Use WikiMap::getWikiIdFromDbDomain() instead.
9794 * The config variables $wgHtml5, $wgJsMimeType, and $wgXhtmlDefaultNamespace,
9795 which were deprecated and ignored by core since 1.22, are no longer set to any
9796 value, and SkinTemplate no longer emits a 'jsmimetype' key. Any extensions not
9797 updated since 2013 to cope with this deprecation may now break.
9798 * (T222637) Passing ResourceLoaderModule objects to ResourceLoader::register()
9799 or $wgResourceModules is no longer supported.
9800 Use the 'class' or 'factory' option of the array format instead.
9801 * The parameter $lang of the functions generateTOC and tocList in Linker and
9802 DummyLinker must be in type Language when present. Other types are
9803 deprecated since 1.33.
9804 * The static properties mw.Api.errors and mw.Api.warnings, deprecated in 1.29,
9806 * ParserOption::getSpeculativeRevIdCallback(), deprecated in 1.28, has been
9808 * The UploadVerification hook, deprecated in 1.28, has been removed. Instead,
9809 use the UploadVerifyFile hook.
9810 * UploadBase:: and UploadFromChunks::stashFileGetKey() and stashSession(),
9811 deprecated in 1.28, have been removed. Instead, please use the getFileKey()
9812 method on the response from doStashFile().
9813 * LBFactory::setDomainPrefix() and LoadBalancer::setDomainPrefix(), deprecated
9814 in 1.33, have been removed. Use setLocalDomainPrefix() instead.
9815 * IDatabase::implicitGroupby(), deprecated in 1.30, has been removed.
9816 * IDatabase::doneWrites(), deprecated in 1.31, has been removed.
9817 Use IDatabase::lastDoneWrites() instead.
9818 * Database::reportConnectionError(), deprecated in 1.32, has been removed.
9819 * LoadBalancer::laggedSlaveUsed(), deprecated in 1.28, has been removed.
9820 Use LoadBalancer::laggedReplicaUsed() instead.
9821 * Database::getProperty(), deprecated in 1.28, has been removed.
9822 * IDatabase::getWikiId(), deprecated in 1.30, has been removed.
9823 Use IDatabase::getDomainID() instead.
9824 * (T191231) Support for using Oracle or MSSQL as database backends has been
9826 * MessageCache::destroyInstance() has been removed. Instead, call
9827 MediaWikiTestCase::resetServices().
9828 * SearchResult protected field $searchEngine is removed and no longer
9829 initialized after calling SearchResult::initFromTitle().
9830 * The UserIsBlockedFrom hook is only called if a block is found first, and
9831 should only be used to unblock a blocked user.
9832 * Parameters for index.php from PATH_INFO, such as the title, are no longer
9834 * The selectFields() methods on classes LocalFile, ArchivedFile, OldLocalFile,
9835 DatabaseBlock, and RecentChange, deprecated in 1.31, have been removed. Use
9836 the corresponding getQueryInfo() methods instead.
9837 * The following methods on Revision, deprecated since 1.31, have been removed.
9838 Use RevisionStore::getQueryInfo() or RevisionStore::getArchiveQueryInfo()
9840 * Revision::userJoinCond()
9841 * Revision::pageJoinCond()
9842 * Revision::selectFields()
9843 * Revision::selectArchiveFields()
9844 * Revision::selectTextFields()
9845 * Revision::selectPageFields()
9846 * Revision::selectUserFields()
9847 * User::setNewpassword(), deprecated in 1.27 has been removed.
9848 * The ObjectCache::getMainWANInstance and ObjectCache::getMainStashInstance
9849 functions, deprecated since 1.28, have been removed.
9850 * Language::$dataCache has been removed (without prior deprecation, for
9851 practical reasons). Use MediaWikiServices instead to get a LocalisationCache.
9853 === Deprecations in 1.34 ===
9854 * The MWNamespace class is deprecated. Use NamespaceInfo.
9855 * ExtensionRegistry->load() is deprecated, as it breaks dependency checking.
9856 Instead, use ->queue().
9857 * User::isBlocked() is deprecated since it does not tell you if the user is
9858 blocked from editing a particular page. Use User::getBlock() or
9859 PermissionManager::isBlockedFrom() or PermissionManager::userCan() instead.
9860 * User::isLocallyBlockedProxy and User::inDnsBlacklist are deprecated and moved
9861 to the BlockManager as private helper methods.
9862 * User::isDnsBlacklisted is deprecated. Use BlockManager::isDnsBlacklisted
9864 * The Config argument to ChangesListSpecialPage::checkStructuredFilterUiEnabled
9865 is deprecated. Pass only the User argument.
9866 * WatchedItem::getUser is deprecated. Use getUserIdentity.
9867 * Passing a Title as the first parameter to the getTimestampById method of
9868 RevisionStore is deprecated. Omit it, passing only the remaining parameters.
9869 * Title::getPreviousRevisionId and Title::getNextRevisionId are deprecated. Use
9870 RevisionLookup::getPreviousRevision and RevisionLookup::getNextRevision.
9871 * The Title parameter to RevisionLookup::getPreviousRevision and
9872 RevisionLookup::getNextRevision is deprecated and should be omitted.
9873 * MWHttpRequest::factory is deprecated. Use HttpRequestFactory.
9874 * The Http class is deprecated. For the request, get, and post methods, use
9875 HttpRequestFactory. For isValidURI, use MWHttpRequest::isValidURI. For
9876 getProxy, use (string)$wgHTTPProxy. For createMultiClient, construct a
9877 MultiHttpClient directly.
9878 * Http::$httpEngine is deprecated and has no replacement. The default 'guzzle'
9879 engine will eventually be made the only engine for HTTP requests.
9880 * RepoGroup::singleton(), RepoGroup::destroySingleton(),
9881 RepoGroup::setSingleton(), wfFindFile(), and wfLocalFile() are all
9882 deprecated. Use MediaWikiServices instead.
9883 * The getSubjectPage, getTalkPage, and getOtherPage of Title are deprecated.
9884 Use NamespaceInfo's getSubjectPage, getTalkPage, and getAssociatedPage.
9885 * MWMessagePack class, no longer used, has been deprecated in 1.34.
9886 * The Block class is separated into DatabaseBlock (for blocks stored in the
9887 database), and SystemBlock (for temporary blocks created by the system).
9888 SystemBlock should be used when creating any temporary blocks. Block is
9889 a deprecated alias for DatabaseBlock.
9890 * Parser::$mConf is deprecated. It will be removed entirely in a later version.
9891 Some context can be found at T224165.
9892 * Constructing Parser directly is deprecated. Obtain one from ParserFactory.
9893 * Title::moveSubpages is deprecated. Use MovePage::moveSubpages or
9894 MovePage::moveSubpagesIfAllowed.
9895 * The MWNamespace class is deprecated. Use MediaWikiServices::getNamespaceInfo.
9896 * (T62260) Hard deprecate Language::getExtraUserToggles() method.
9897 * Language::viewPrevNext function is deprecated, use
9898 PrevNextNavigationRenderer::buildPrevNextNavigation instead
9899 * User::trackBlockWithCookie and DatabaseBlock::clearCookie are deprecated. Use
9900 BlockManager::trackBlockWithCookie and BlockManager::clearCookie instead.
9901 * DatabaseBlock::setCookie, DatabaseBlock::getCookieValue,
9902 DatabaseBlock::getIdFromCookieValue and AbstractBlock::shouldTrackWithCookie
9903 are moved to internal helper methods for BlockManager::trackBlockWithCookie.
9904 * ResourceLoaderContext::getConfig and ResourceLoaderContext::getLogger have
9905 been deprecated. Inside ResourceLoaderModule subclasses, use the local methods
9906 instead. Elsewhere, use the methods from the ResourceLoader class.
9907 * The Profiler::setTemplated and Profiler::getTemplated methods have been
9908 deprecated. Use Profiler::setAllowOutput and Profiler::getAllowOutput
9910 * The ProfilerOutputDb class, 'profiling' table, and profileinfo.php entry
9911 point had been deprecated (T231366).
9912 * The Preprocessor_DOM implementation has been deprecated. It will be
9913 removed in a future release. Use the Preprocessor_Hash implementation
9915 * Sanitizer::attributeWhitelist() and Sanitizer::setupAttributeWhitelist()
9916 have been deprecated; they will be made private in the future.
9917 * SearchResult::termMatches() method is deprecated. It was unreliable because
9918 only populated by few search engine implementations. Use
9919 SqlSearchResult::getTermMatches() if really needed.
9920 * SearchResult::getTextSnippet( $terms ) the $terms param is being deprecated
9921 and should no longer be passed. Search engine implemenations should be
9922 responsible for carrying relevant information needed for highlighting with
9923 their own SearchResultSet/SearchResult sub-classes.
9924 * SearchResultSet::free() method is deprecated.
9925 * SearchEngine::$searchTerms protected field is deprecated. Moved to
9927 * The use of the $terms param in the ShowSearchHit and ShowSearchHitTitle
9928 hooks is highly discouraged as it's only populated by SearchDatabase search
9930 * Skin::escapeSearchLink() is deprecated. Use Skin::getSearchLink() or the skin
9931 template option 'searchaction' instead.
9932 * Skin::getRevisionId() and Skin::isRevisionCurrent() have been deprecated.
9933 Use OutputPage::getRevisionId() and OutputPage::isRevisionCurrent() instead.
9934 * LoadBalancer::haveIndex() and LoadBalancer::isNonZeroLoad() have
9936 * FileBackend::getWikiId() has been deprecated.
9937 Use FileBackend::getDomainId() instead.
9938 * User::getRights() and User::$mRights have been deprecated. Use
9939 PermissionManager::getUserPermissions() instead.
9940 * The LocalisationCacheRecache hook no longer allows purging of message blobs
9941 to be prevented. Modifying the $purgeBlobs parameter now has no effect.
9942 * SVGMetadataExtractor::getMetadata has been deprecated. Instead, you should
9943 use SVGReader->getMetadata() directly.
9944 * The following public properties on AbstractBlock are deprecated: $mReason,
9945 $mTimestamp, $mExpiry, $mHideName. Use the getters/setters instead.
9946 * The following public properties on DatabaseBlock are deprecated: $mAuto,
9947 $mParentBlockId. To check for an autoblock use DatabaseBlock::getType; to
9948 check for the parent ID, use DatabaseBlock::getParentBlockId.
9949 * SearchEngine::userHighlightPrefs() is deprecated, simply stop passing
9950 $contextlines and $contextchars to the SearchHighlighter methods, they will
9951 use proper defaults defined in SearchHighlighter::DEFAULT_CONTEXT_LINES and
9952 DEFAULT_CONTEXT_CHARS.
9953 * SearchUpdate constructor: passing a string as the title param and or a boolean
9954 or a string as the content will produce a deprecation warning.
9955 * SearchEngine::getTextFromContent() is deprecated, use getTextForSearchIndex()
9956 directly from the Content object.
9957 * SearchEngine::textAlreadyUpdatedForIndex() is deprecated, given the
9958 deprecation above this method is no longer needed/called and should not be
9959 implemented by SearchEngine implementation.
9960 * IDatabase::bufferResults() has been deprecated. Use query batching instead.
9961 * MessageCache::singleton() is deprecated. Use
9962 MediaWikiServices::getMessageCache().
9963 * ObjectCache::getWANInstance() is deprecated. Use
9964 MediaWikiServices::getMainWANObjectCache() instead.
9965 * ObjectCache::newWANCacheFromParams() is deprecated. Use
9966 MediaWikiServices::getMainWANObjectCache() instead.
9967 * Constructing MovePage directly is deprecated. Use MovePageFactory.
9968 * TempFSFile::factory() has been deprecated. Use TempFSFileFactory instead.
9969 * wfIsBadImage() is deprecated. Use the BadFileLookup service instead.
9970 * Building a new SearchResult is hard-deprecated, always call
9971 SearchResult::newFromTitle(). This class is being refactored into an abstract
9972 class. If you extend this class please be sure to override all its methods
9973 or extend RevisionSearchResult.
9974 * Skin::getSkinNameMessages() is deprecated and no longer used.
9975 * The mediawiki.RegExp module is deprecated; use mw.util.escapeRegExp() instead.
9976 * Specifying a SpecialPage object for the list of special pages (either through
9977 the SpecialPage_initList hook or by adding to $wgSpecialPages) is now
9979 * The 'jquery.tabIndex' module is deprecated.
9980 * WebInstaller::getWarningBox() and getErrorBox() are deprecated.
9981 Use Html::errorBox() or Html::warningBox() instead.
9982 * Use of ActorMigration with 'ar_user', 'img_user', 'oi_user', 'fa_user',
9983 'rc_user', 'log_user', and 'ipb_by' is deprecated. Queries should be adjusted
9984 to use the corresponding actor fields directly. Note that use with
9985 'rev_user' is *not* deprecated at this time.
9986 * Specifying both the class and factory parameters for
9987 ApiModuleManager::addModule is now deprecated. The ObjectFactory spec should
9989 * The UserIsHidden hook is deprecated. Use GetUserBlock instead, and add a
9990 system block that hides the user.
9991 * The GetBlockedStatus hook is deprecated. Use GetUserBlock instead, to add or
9993 * $wgContentHandlerUseDB is deprecated and should always be true.
9994 * StreamFile::send404Message() and StreamFile::parseRange() are now deprecated.
9995 Use HTTPFileStreamer::send404Message() and HTTPFileStreamer::parseRange()
9996 respectively instead.
9997 * Global variable $wgSysopEmailBans is deprecated; to allow sysops to ban
9998 users from sending emails, use
9999 $wgGroupPermissions['sysop']['blockemail'] = true;
10000 * ApiQueryBase::showHiddenUsersAddBlockInfo() is deprecated. Use
10001 ApiQueryBlockInfoTrait instead.
10002 * PasswordReset is now a service, its direct instantiation is deprecated.
10003 * RESTBagOStuff users should specify either "JSON" or "PHP" serialization type.
10004 * The global function wfIsHHVM() is deprecated and will now always return false
10005 regardless of the runtime environment. This is part of the continuing work to
10006 remove HHVM support from MediaWiki, which started in MediaWiki 1.31.
10007 * Language::getLocalisationCache() is deprecated. Use MediaWikiServices
10009 * The following Language methods are deprecated: isSupportedLanguage,
10010 isValidCode, isValidBuiltInCode, isKnownLanguageTag, fetchLanguageNames,
10011 fetchLanguageName, getFileName, getMessagesFileName, getJsonMessagesFileName.
10012 Use the new LanguageNameUtils class instead. (Note that fetchLanguageName(s)
10013 are called getLanguageName(s) in the new class.)
10014 * Using the Parser without initializing its $mTitle property to non-null has
10015 been deprecated. In a future release Parser::getTitle() will throw a
10016 TypeError if $mTitle is uninitialized.
10017 * A number of public methods of Parser were exposed only for historical
10018 reasons and have been deprecated: doMagicLinks, doDoubleUnderscore,
10019 doHeadings, doAllQuotes, replaceExternalLinks, replaceInternalLinks,
10020 replaceInternalLinks2, getVariableValue, initialiseVariables, formatHeadings,
10021 testPst, testPreprocess, testSrvus, areSubpagesAllowed, maybeDoSubpageLink,
10022 splitWhitespace, createAssocArgs, armorLinks, makeKnownLinkHolder,
10023 getImageParams, parseLinkParameter, stripAltText, replaceLinkHolders,
10024 replaceLinkHoldersText, armorLinks, makeKnownLinkHolder, getImageParams,
10025 parseLinkParameter, stripAltText.
10027 === Other changes in 1.34 ===
10028 * Added option to specify "Various authors" as author in extension credits using
10029 "..." as the only author name. If the "author" array contains more than one
10030 entry and "..." is one of the entries in the array, "..." will be parsed as
10031 "others" (version-poweredby-others i18n message) like previously.
10032 * (T232563) Browser support ("Grade C") for Internet Explorer 6 and 7
10033 was discontinued. Basic content and security features may no longer
10034 work correctly in these browsers.
10038 == MediaWiki 1.33.4 ==
10040 This is a security and maintenance release of the MediaWiki 1.33 branch.
10042 === Changes since MediaWiki 1.33.3 ===
10043 * (T247017) PasswordReset performance improvements.
10044 * The MultiHttpClient code will fallover to non-curl if curl_multi* is blocked.
10045 * (T250568) Work around change in SimpleXMLElement behavior introduced in PHP
10047 * Remove some rotten and out of date documentation.
10048 * (T252311) Improvements to some older SQLite update patches.
10049 * (T240307) Minor fixes to extension.schema.v2.json and
10050 extension.schema.v1.json.
10051 * rdbms: Add callback for atomic section cancellation.
10052 * (T191668) NameTableStoreTest::getCallCheckingDb simplification.
10053 * Make NameTableStore use LoadBalancer::getConnectionRef().
10054 * (T224949) NameTableStore: ensure consistency upon rollback.
10055 * (T199474) Set rc_patrolled to 2 for autopatrolled changes in
10056 rebuildrecentchanges.php.
10057 * (T229461) Update the change_tag table in rebuildrecentchanges.php.
10058 * (T234450) Per-user concurrency in SpecialContributions can now be limited by
10059 setting $wgPoolCounterConf['SpecialContributions'] appropriately.
10060 * (T248947) SECURITY: img_auth.php may leak private extension images into the
10063 == MediaWiki 1.33.3 ==
10065 This is a security and maintenance release of the MediaWiki 1.33 branch.
10067 === Changes since MediaWiki 1.33.2 ===
10068 * (T245072) mediawiki.language: Rename languageData back to languageNames.
10069 * Use proper SemVer comparison in CheckComposerLockUpToDate.
10070 * (T212738) Add the MW_VERSION constant, global $wgVersion is soft deprecated.
10071 * Update comment about PHP versions supported by The PHP Group.
10072 * (T247215) Fix output of RecountCategories::doWork().
10073 * Add check for page existence to view.php maintenance script.
10074 * (T236509) SECURITY: Fix HTML escaping in UserGroupMembership::getLink().
10075 * (T246602) SECURITY: jquery.makeCollapsible allows applying event handler to
10078 == MediaWiki 1.33.2 ==
10080 This is a security and maintenance release of the MediaWiki 1.33 branch.
10082 === Changes since MediaWiki 1.33.1 ===
10083 * (T217831) (T200653) PopulateContentTables: compute sha1 and length if needed.
10084 * Fix extra newlines in the installer.
10085 * (T236628) Fix for ArticleRevisionViewCustom hook in DifferenceEngine.php.
10086 * (T181658) Do not insert page titles into querycache.qc_value.
10087 * (T206013) Suppress errors when reading invalid XML file properties.
10088 * (T237931) Remove references to pg_attrdef.adsrc in Postgres code.
10089 * Use correct value for 'sslmode' in DatabasePostgres.
10090 * (T232866) Fix support for HTTP/2 in MultiHttpClient.
10091 * (T227461) Stop calling deprecated Redis delete functions.
10092 * (T239561) Mark options as requiring parameters in addSite.php.
10093 * (T219440) Skip flaky rollback test.
10094 * (T232866) Mimic CURLOPT_POST in GuzzleHttpRequest.
10095 * (T239734) Replace deprecated lSize with lLen in Redis code.
10096 * (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset.
10097 * (T239428) ApiEditPage: Test for bad redirect targets.
10098 * (T233342) rdbms: Log debug message traces as 'exception.trace' instead of
10100 * (T226751) media: Log and fail gracefully on invalid EXIF coordinates.
10101 * (T212067) SECURITY: Work around PHP bug in parse_url.
10103 == MediaWiki 1.33.1 ==
10105 This is a security and maintenance release of the MediaWiki 1.33 branch.
10107 === Changes since MediaWiki 1.33.0 ===
10108 * A change that kept people with a database table prefix that didn't
10109 end with an underscore from updating was reverted.
10110 * (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3.
10111 * The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification
10112 of headers in private wikis.
10113 * (T230317) Allow upgrading from MediaWiki before 1.15 where the valid_tag table
10115 * (T208897) MessageCache: Restore 'loadedLanguages' tracking for load().
10116 * (T228555) MessageCache: Fix isMainCacheable() logic for non-content languages.
10117 * (T200088) Remove title protection correctly for undeletions and imports.
10118 * (T230402) SECURITY: Add permission check for suppressed account to
10120 * Add helper for HTTPFileStreamer header syntax.
10121 * (T227461) ObjectCache: avoid using deprecated phpredis::delete() alias.
10122 * (T231386) SpecialRedirect::dispatchUser() should use a 302 http status code.
10123 * (T118799) Fix XMP parser errors due to trailing nullchar.
10124 * (T230618) Fix GROUP BY in ActiveUsersPager and RecentChangesUpdateJob for
10126 * (T230487) Handle changed defaults in Argon2PasswordTest::testPartialConfig().
10127 * (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy.
10128 * (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into
10129 separate files to help allieviate potential migration problems.
10131 === Upgrading notes for 1.33 ===
10132 1.33 has several database changes since 1.32, and will not work without schema
10133 updates. Note that due to changes to some very large tables like the revision
10134 table, the schema update may take quite long (minutes on a medium sized site,
10135 many hours on a large site).
10137 Don't forget to always back up your database before upgrading!
10139 See the file UPGRADE for more detailed upgrade instructions, including
10140 important information when upgrading from versions prior to 1.11.
10142 Some specific notes for MediaWiki 1.33 upgrades are below:
10144 * Some external link searches will not work correctly until update.php (or
10145 refreshExternallinksIndex.php) is run. These include searches for links using
10146 IP addresses, internationalized domain names, and possibly mailto links.
10147 * If you ran migrateActors.php using an older version of MediaWiki and want to
10148 run your wiki with $wgActorTableSchemaMigrationStage SCHEMA_COMPAT_READ_OLD,
10149 note that log_search rows needed to find revision deletions by target user
10150 were incorrectly deleted. See T215464 for details.
10151 * If revision deletions were performed when the wiki was configured with
10152 $wgActorTableSchemaMigrationStage SCHEMA_COMPAT_WRITE_BOTH and without
10153 migrateActors.php having been run, the log_search table may contain rows with
10154 empty values for "target_author_actor" which will prevent log searches for
10155 revision deletions by target user from finding those log entries. These rows
10156 may be corrected by (re-)running migrateActors.php.
10158 For notes on 1.32.x and older releases, see HISTORY.
10160 == MediaWiki 1.33.0 ==
10162 === Changes since MediaWiki 1.33.0-rc.0 ===
10163 * (T225558) Update installer link to PHP intl.
10164 * (T225901) Only attempt to deduplicate if there is data in archive and revision
10166 * (T225564) Fetch tag ID before calling undefineTag().
10167 * (T225496) Detect APC for MainCacheType in CLI installer.
10168 * Call unpack() with correct parameters in MimeAnalyzer.php for PHP 7.0 support.
10169 * (T212613) Style change tags correctly on Special:Newpages.
10170 * (T202211) Fix SQLite patch-(page|template)links-fix-pk.sql column order.
10172 == MediaWiki 1.33.0-rc.0 ==
10174 === Configuration changes for system administrators in 1.33 ===
10175 ==== New configuration ====
10176 * $wgEnablePartialBlocks – This enables the Partial Blocks feature, which gives
10177 accounts with block permissions the ability to block users, IPs, and IP ranges
10178 from editing specific pages, while allowing them to edit the rest of the wiki.
10179 It is a temporary setting for gradual enablement, current default to `false`,
10180 and will be set to `true` and then removed once initial development completes.
10182 ==== Changed configuration ====
10183 * $wgChangeTagsSchemaMigrationStage (T193868) — This temporary setting, added in
10184 MediaWiki 1.32, now defaults to MIGRATION_NEW instead of MIGRATION_WRITE_BOTH.
10185 * $wgPasswordPolicy – There is a new password policy to check that the account's
10186 password is not in the large blacklist. This is enabled by default for the
10187 built-in user groups bureaucrat, sysop, interface-admin, and bot. To configure
10188 this for other user groups, set the `PasswordNotInLargeBlacklist` flag `true`.
10189 * $wgPasswordDefault – There is a new password type configuration using Argon2
10190 password hashing (which requires PHP 7.2 and above). It's designed to resist
10191 timing attacks, and (on systems with PHP 7.3+) GPU hacking; if you configure
10192 argon2 to be used, by default, it will automatically choose the best available
10193 algorithm depending on which version of PHP you have available. To use this,
10194 you can set `$wgPasswordDefault = 'argon2';`.
10195 * $wgActorTableSchemaMigrationStage now defaults to reading the new schema.
10196 update.php will back-populate the new database fields due to the changed
10197 setting, which may take some time on large wikis. You can avoid downtime by
10198 following a process like that described in T188327.
10200 ==== Removed configuration ====
10201 * $wgTagStatisticsNewTable (T199334) — This temporary setting, added in
10202 MediaWiki 1.32, has now been removed. When loading Special:Tags, MediaWiki
10203 will now always use the `change_tag_def` instead of the `change_tag` table.
10204 * $wgUseTidy, $wgTidyBin, $wgTidyConf, $wgTidyOpts, $wgTidyInternal, and
10205 $wgDebugTidy – These options, all deprecated since 1.26, have now all been
10206 removed, as MediaWiki now always tidies user output. The $wgTidyConfig setting
10207 remains only for experimental features and debugging, and should not be used.
10208 * $wgEnableParserCache – This setting has been deprecated since 1.26, has now
10209 been removed. If you still desire to disable the parser cache, instead you can
10210 set `$wgParserCacheType = CACHE_NONE;`.
10211 * $wgCommentTableSchemaMigrationStage – This temporary migration setting has now
10212 been removed. Code finding it unset should treat it as being MIGRATION_NEW.
10213 * $wgAuth – This old setting, deprecated in 1.27, has been removed as part of
10214 the removal of AuthPlugin.
10215 * $wgSitesCacheFile – This configuration was introduced in 1.25 with the intent
10216 to allow sites to configure a file in which to cache the SiteStore database
10217 table, but it was never used. SiteStore already caches its information by
10218 default using BagOStuff (e.g. Memcached or APC).
10219 * $wgClockSkewFudge – This setting was used by User.php to let sites adjust by
10220 how much MediaWiki would fudge when trying to minimize the chances of a
10221 user.user_touched database update to the "current" timestamp being before the
10222 value already there (e.g. due to clock skew between different servers). This
10223 is no longer a problem, because the code now ensures the timestamp is always
10224 higher than the previous one. The writes are guarded with CAS logic (check
10225 and set), which prevents updates that would overlap.
10226 * $wgDBmysql5 (T196185) - This experimental setting, deprecated in 1.31, has
10229 === New user-facing features in 1.33 ===
10230 * (T96041) __EXPECTUNUSEDCATEGORY__ on a category page causes the category
10231 to be hidden on Special:UnusedCategories.
10232 * (T210814) SVGs are now by default displayed in wiki language on image
10234 * Special:CreateAccount now warns the user if their chosen username has to be
10236 * (T205040) Multilingual images are now be displayed in the current parse
10237 language where available.
10238 * Special:ActiveUsers will no longer filter out users who became inactive since
10239 the last time the active users query cache was updated.
10240 * (T215675) RecentChange and ManualLogEntry implement new Taggable interface.
10241 * (T215675) Added a hook, ManualLogEntryBeforePublish, to allow extensions
10242 to modify (example: add tags) log entries.
10244 === New developer features in 1.33 ===
10245 * The AuthManagerLoginAuthenticateAudit hook has a new parameter for
10246 additional information about the authentication event.
10247 * TextContent::getText() was introduced as a replacement for
10248 Content::getNativeData() for text-based content models.
10249 * (T214706) LinksUpdate::getAddedExternalLinks() and
10250 LinksUpdate::getRemovedExternalLinks() were introduced.
10251 * (T213893) Added 'MaintenanceUpdateAddParams' hook
10252 * (T219655) The MarkPatrolled hook has a new parameter for the tags
10253 associated with this entry in the patrol log.
10254 * (T212472) Extensions can now specify platform abilities they require to work,
10255 limited to shell access for now.
10258 === External library changes in 1.33 ===
10259 ==== New external libraries ====
10260 * Added wikimedia/password-blacklist 0.1.4.
10261 * Added guzzlehttp/guzzle 6.3.3.
10263 ==== Changed external libraries ====
10264 * Updated OOUI from v0.29.2 to v0.31.3.
10265 * Updated OOjs Router from pre-release to v0.2.0.
10266 * Updated moment from v2.19.3 to v2.24.0.
10267 * Updated wikimedia/xmp-reader from 0.6.0 to 0.6.2.
10268 * Updated wikimedia/scoped-callback from 2.0.0 to 3.0.0.
10269 * Updated jquery-client from 2.0.1 to 2.0.2.
10270 * Updated pear/net_smtp from 1.8.0 to 1.8.1.
10271 * Updated cssjanus/cssjanus from 1.2.0 to 1.3.0.
10272 * Updated wikimedia/php-session-serializer from 1.0.6 to 1.0.7.
10274 ==== Removed external libraries ====
10275 * (T219403) jquery.ui.spinner, deprecated since 1.31, was removed.
10278 === Developer library changes in 1.33 ===
10279 ==== New developer libraries ====
10280 * Added jakub-onderka/php-console-highlighter 0.3.2 explicitly (dev-only).
10281 * Added mediawiki/mediawiki-phan-config 0.5.0 (dev-only).
10283 ==== Changed developer libraries ====
10284 * Updated wikimedia/ip-set from 1.3.0 to 2.0.1.
10285 * The deprecated IPSet\IPSet alias was removed, Wikimedia\IPSet must be
10287 * Updated psy/psysh from 0.9.6 to 0.9.9 (dev-only).
10288 * Updated nikic/php-parser from 3.1.3 to 3.1.5 (dev-only).
10289 * Updated mediawiki/mediawiki-codesniffer from 22.0.0 to 25.0.0 (dev-only).
10290 * Updated qunitjs from 2.6.2 to 2.9.1.
10292 ==== Removed developer libraries ====
10293 * The jetbrains/phpstorm-stubs repository was removed in favour of the minimal
10294 stubs we need, which are kept in the new `.phan/internal_stubs` directory
10298 === Bug fixes in 1.33 ===
10299 * (T164211) Special:UserRights could sometimes fail with a
10300 "conflict detected" error when there weren't any conflicts.
10301 * (T216029) Chrome redirects to Special:BadTitle after editing a section with
10302 a non-Latin name on a page with non-Latin characters in title.
10303 * (T222385) resourceloader: Use AND instead of OR for upsert conds in
10304 saveFileDependencies().
10306 === Action API changes in 1.33 ===
10307 * (T198913) Added 'ApiOptions' hook.
10308 * The JSON formatversion=2 is no longer experimental.
10309 * Internal API errors (those with code beginning "internal_api_error") will
10310 include the exception class name in a data field named "errorclass".
10311 * Class names are not guaranteed to remain stable, and in particular database
10312 exceptions will now include the "Wikimedia\Rdbms\" prefix in the class name.
10313 * The code including an exception class name is deprecated. In the future,
10314 all internal errors will use code "internal_api_error".
10315 * (T212356) When using action=delete on pages with many revisions, the module
10316 may return a boolean-true 'scheduled' and no 'logid'. This signifies that the
10317 deletion will be processed via the job queue.
10318 * action=setnotificationtimestamp will now update the watchlist asynchronously
10319 if entirewatchlist is set, so updates may not be visible immediately
10320 * Block info will be added to "blocked" errors from more modules.
10321 * (T216245) Autoblocks will now be spread by action=edit and action=move.
10322 * action=query&meta=userinfo has a new uiprop, 'latestcontrib', that returns
10323 the date of user's latest contribution.
10324 * (T25227) action=logout now requires to be posted and have a csrf token.
10326 === Action API internal changes in 1.33 ===
10327 * A number of deprecated methods for API documentation, intended for overriding
10328 by extensions, are no longer called by MediaWiki, and will emit deprecation
10329 notices if your extension attempts to use them:
10330 * ApiBase::getDescription() (deprecated in 1.25)
10331 * ApiBase::getParamDescription() (deprecated in 1.25)
10332 * ApiBase::getExamples() (deprecated in 1.25)
10333 * ApiBase::getDescriptionMessage() (deprecated in 1.30)
10334 Additionally, the 'APIGetDescription' and 'APIGetParamDescription' hooks have
10335 been removed, as their only use was to let extensions override values returned
10336 by getDescription() and getParamDescription(), respectively.
10337 * API error codes may only contain ASCII letters, numbers, underscore, and
10338 hyphen. Methods such as ApiBase::dieWithError() and
10339 ApiMessageTrait::setApiCode() will throw an InvalidArgumentException if
10341 * ApiBase::checkTitleUserPermissions() now takes an options array as its third
10342 parameter. Passing a User object or null is deprecated.
10343 * The api-feature-usage log channel now has log context. The text message is
10344 deprecated and will be removed in the future.
10346 === Languages updated in 1.33 ===
10347 MediaWiki supports over 350 languages. Many localisations are updated regularly.
10348 Below only new and removed languages are listed, as well as changes to languages
10349 because of Phabricator reports.
10351 * (T203908) Added language support for Eastern Pwo (kjp).
10352 * (T213717) Fixed a translation error on Goan Konkani (gom-deva) translations
10354 * (T212221) Added $digitTransformTable for Santali (sat).
10355 * (T216479) Added language support for Saisiyat (xsy).
10356 * (T219728) Added support for new Japanese era name "Reiwa"
10358 === Breaking changes in 1.33 ===
10359 * The parameteter $lang in DifferenceEngine::setTextLanguage must be of type
10360 Language. Other types are deprecated since 1.32.
10361 * Skin::doEditSectionLink requires type Language for the parameter $lang.
10362 The parameters $tooltip and $lang are mandatory. Omitting the parameters is
10363 deprecated since 1.32.
10364 * Language::truncate(), deprecated in 1.31, has been removed.
10365 * UtfNormal, deprecated in 1.25, was removed. Use UtfNormal\Validator directly
10367 * (T197179) In OOUI HTMLForm fields, the parameters 'notice', 'notice-messages',
10368 and 'notice-message', which were deprecated in 1.32, were removed. Instead,
10369 use 'help', 'help-message', and 'help-messages'.
10370 * (T197179) HTMLFormField::getNotices(), deprecated in 1.32, was removed.
10371 * The "Parsoid v1" compatibility mappings in ParsoidVirtualRESTService and
10372 RestbaseVirtualRESTService, deprecated since 1.26, have been removed.
10373 Use the RESTBase v1 or Parsoid v3 API instead.
10374 * ParserOptions defaults 'tidy' to true now, since the untidy modes of the
10375 parser are being deprecated and ParserOptions::getCanonicalOverrides()
10376 has always been true at any rate.
10377 * Support for disabling tidy and external tidy implementations has been removed.
10378 This was deprecated in 1.32. The pure PHP Remex tidy implementation is now
10379 used and no configuration is necessary.
10380 * A number of deprecated methods for API documentation, intended for overriding
10381 by extensions, are no longer called by MediaWiki, and will emit deprecation
10382 notices if your extension attempts to use them:
10383 * ApiBase::getDescription() (deprecated in 1.25)
10384 * ApiBase::getParamDescription() (deprecated in 1.25)
10385 * ApiBase::getExamples() (deprecated in 1.25)
10386 * ApiBase::getDescriptionMessage() (deprecated in 1.30)
10387 Additionally, the 'APIGetDescription' and 'APIGetParamDescription' hooks have
10388 been removed, as their only use was to let extensions override values returned
10389 by getDescription() and getParamDescription(), respectively.
10390 * The authentication hooks 'AbortAutoAccount' 'AbortNewAccount', 'AbortLogin',
10391 'LoginUserMigrated', 'UserCreateForm', and 'UserLoginForm', all deprecated by
10392 the creation of AuthManager in 1.27, have been removed. This also means that
10393 the FakeAuthTemplate and LoginForm classes are removed, that FakeAuthTemplate
10394 is no longer passed into LoginSignupSpecialPage->getFieldDefinitions(), and
10395 that LoginSignupSpecialPage->getBCFieldDefinitions() is removed.
10396 * The 'jquery.localize' module, deprecated in 1.32, has been removed. Instead,
10398 * The hooks LanguageGetSpecialPageAliases and LanguageGetMagic, deprecated since
10399 1.16, have now been removed. Instead, use $specialPageAliases or $magicWords
10400 respectively in a $wgExtensionMessagesFiles file.
10401 * The following methods of the Preferences class, deprecated in 1.31, have been
10403 * getSaveBlacklist()
10404 * loadPreferenceValues()
10405 * getOptionFromUser()
10406 * profilePreferences()
10407 * skinPreferences()
10408 * filesPreferences()
10409 * datetimePreferences()
10410 * renderingPreferences()
10411 * editingPreferences()
10413 * watchlistPreferences()
10414 * searchPreferences()
10415 * miscPreferences()
10416 * generateSkinOptions()
10420 * validateSignature()
10422 * getTimezoneOptions()
10424 * filterTimezoneInput()
10425 * getTimeZoneList()
10426 * mw.util.jsMessage(), deprecated in 1.20, was removed. Use mw.notify instead.
10427 * (T61113) User::EDIT_TOKEN_SUFFIX was removed. It was deprecated since 1.27.
10428 * The 'mediawiki.api' module aliases, deprecated in 1.32, have been removed.
10429 Specifically: mediawiki.api.category, mediawiki.api.edit,
10430 mediawiki.api.login, mediawiki.api.options, mediawiki.api.parse,
10431 mediawiki.api.upload, mediawiki.api.user, mediawiki.api.watch,
10432 mediawiki.api.messages, and mediawiki.api.rollback.
10433 * The 'jquery.byteLimit' module alias for 'jquery.lengthLimit',
10434 deprecated in 1.31, was removed.
10435 * Revision::fetchRevision(), deprecated in 1.28, was removed.
10436 * Class SquidUpdate, deprecated in 1.27, was removed.
10437 * Title->getSquidURLs(), deprecated in 1.27, was removed. Instead, use
10438 Title->getCdnUrls().
10439 * Title::escapeFragmentForURL(), deprecated in 1.30, was removed. Use
10440 Sanitizer::escapeIdForLink() or escapeIdForExternalInterwiki() instead.
10441 * Title->canTalk(), deprecated in 1.30, was removed. Instead, use
10442 Title->canHaveTalkPage().
10443 * Title's methods for site and user page related to CSS and JS, deprecated in
10444 1.31, were removed:
10445 * Title->isCssOrJsPage() — Use Title->isSiteConfigPage()
10446 * Title->isCssJsSubpage() – Use Title->isUserConfigPage()
10447 * Title->getSkinFromCssJsSubpage() – Use Title->getSkinFromConfigSubpage()
10448 * Title->isCssSubpage() – Use Title->isUserCssConfigPage()
10449 * Title->isJsSubpage() – Use Title->isUserJsConfigPage()
10450 * SiteSQLStore, deprecated in 1.27 and whose only method, ::newInstance(),
10451 would return the global SiteStore instance, has been removed. You can get to
10452 this via MediaWiki\MediaWikiServices::getInstance()->getSiteStore() directly.
10453 * Linker::formatSize, deprecated in 1.28, has been removed (with DummyLinker's).
10454 Instead, use Language->formatSize() with the relevant Language object.
10455 * Linker::formatTemplates, deprecated in 1.28, has been removed (along with the
10456 version in DummyLinker). You can use TemplatesOnThisPageFormatter directly.
10457 * EventRelayerGroup::singleton(), deprecated in 1.27, has been removed. You can
10458 use MediaWikiServices::getInstance()->getEventRelayerGroup() directly.
10459 * LinkCache->addLink(), deprecated in 1.27, has been removed. It is thought to
10460 be unused, and is distinct from OutputPage->addLink(), which remains.
10461 * JsonContent->getJsonData(), deprecated in 1.25, has been removed. Instead, use
10462 JsonContent->getData().
10463 * MWExceptionHandler::getLogId(), deprecated in 1.27, has been removed, as the
10464 exception ID is the same as the request ID, from WebRequest::getRequestId().
10465 * SearchEngine::getNearMatchResultSet(), deprecated in 1.27, has been removed.
10466 You can use SearchEngine::getNearMatcher() instead.
10467 * EmailNotification::updateWatchlistTimestamp, deprecated in 1.27, has been
10468 removed. Instead, use WatchedItemStore::updateNotificationTimestamp directly.
10469 * User::getGroupName() and ::getGroupMember(), both deprecated in 1.29, have
10470 been removed. Instead, please use UserGroupMembership::getGroupName() and
10471 UserGroupMembership::getGroupMemberName().
10472 * Backwards compatibility for setting wgSessionsInObjectCache to false or using
10473 wgSessionHandler, both of which were deprecated in 1.27 with the introduction
10474 of SessionManager, has been removed.
10475 * SessionManager::autoCreateUser, deprecated in 1.27, has been removed. Use
10476 MediaWiki\Auth\AuthManager::autoCreateUser instead.
10477 * The mw.libs.jpegmeta property, deprecated in 1.31, was removed.
10478 Use require( 'mediawiki.libs.jpegmeta' ) instead.
10479 * The mw.user.stickyRandomId() method, deprecated in 1.32, was removed.
10480 Use mw.user.getPageviewToken() instead.
10481 * Removed deprecated class property WikiRevision::$importer.
10482 * ResourceLoaderFileModule::readStyleFiles() now requires its $context
10484 * The ChangeList::insertArticleLink() method, that was deprecated in 1.27, has
10486 * MessageBlobStore::__construct() now requires its $rl parameter.
10487 * Second parameter to Sanitizer::escapeIdReferenceList() (deprecated in 1.31)
10489 * The 'jquery.xmldom' module has been removed.
10490 * The 'jquery.mockjax' module has been removed.
10491 * The 'jquery.hidpi' module, deprecated in 1.32, has been removed.
10492 * AuthPlugin and related code, deprecated in 1.27, has been removed. Extensions
10493 should instead use AuthManager. The following no longer exist:
10494 * The AuthPlugin class itself and the related AuthPluginUser class and i18n
10495 * The AuthPluginSetup and AuthPluginAutoCreate hooks
10496 * The transitional wrapper classes AuthPluginPrimaryAuthenticationProvider,
10497 AuthManagerAuthPlugin, and AuthManagerAuthPluginUser.
10498 * The $wgAuth configuration setting and its use in Setup.php and unit tests
10499 * (T217772) The 'wgAvailableSkins' mw.config key in JavaScript, was removed.
10500 * Language::markNoConversion, deprecated in 1.32, has been removed. Use
10501 LanguageConverter::markNoConversion instead.
10502 * BagOStuff::modifySimpleRelayEvent() method has been removed.
10503 * ParserOutput::getLegacyOptions, deprecated in 1.30, has been removed.
10504 Use ParserOutput::allCacheVaryingOptions instead.
10505 * CdnCacheUpdate::newSimplePurge, deprecated in 1.27, has been removed.
10506 Use CdnCacheUpdate::newFromTitles() instead.
10507 * Handling of multiple arguments by the Block constructor, deprecated in 1.26,
10509 * The translation of main page in Sardinian (sc) was changed from "Pàgina Base"
10510 to "Pàgina printzipale". Existing wikis using this content language need to
10511 move the main page or change the name through MediaWiki:Mainpage page.
10512 * wfSplitWikiID(), deprecated in 1.32, has been removed.
10513 * MessageBlobStore::getBlob(), deprecated in 1.27, has been removed.
10514 Use ::getBlobs() instead.
10515 * The .background-size() LESS mixin, deprecated in 1.27, has been removed.
10516 * ReadOnlyMode::clearCache() and ConfiguredReadOnlyMode::clearCache() have been
10517 removed. Use MediaWikiTestCase::overrideMwServices() instead.
10518 * Support for the 'aggregator' option of JobQueue (and thus $wgJobTypeConf) was
10519 removed. The JobQueueAggregator interface and JobQueueAggregatorRedis class
10520 have also been removed. They were experimentally developed for use by the
10521 Wikimedia Foundation, but were never used, with no known use cases. (Note that
10522 this does not affect JobQueueRedis which is still supported.)
10524 === Deprecations in 1.33 ===
10525 * The configuration option $wgUseESI has been deprecated, and is expected
10526 to be removed in a future release.
10527 * The configuration option $wgSquidPurgeUseHostHeader has been deprecated,
10528 and is expected to be removed in a future release.
10529 * The configuration options $wgFixArabicUnicode and $wgFixMalayalamUnicode,
10530 introduced in MW 1.17, have been deprecated. These fixes will always be
10531 applied for Arabic and Malayalam in the future. Please enable these on
10532 your local wiki (if you have them explicitly set to false) and run
10533 maintenance/cleanupTitles.php to fix any existing page titles.
10534 * The LegacyHookPreAuthenticationProvider class, deprecated since its creation
10535 in 1.27 as part of the AuthManager re-write, now emits deprecation warnings.
10536 This will help identify the issue if you added it to $wgAuthManagerConfig.
10537 * wfSplitWikiId() is now deprecated. Cache key generation should have the wiki
10538 domain ID as a key component and use makeGlobalKey().
10539 * (T202094) Title::getUserCaseDBKey() is deprecated; instead, please use
10540 Title::getDBkey(), which doesn't vary case.
10541 * User::getPasswordValidity() is now deprecated. User::checkPasswordValidity()
10542 returns the same information in a more useful format.
10543 * For Linker::generateTOC() and Linker::tocList(), passing strings or booleans
10544 as the $lang parameter was deprecated. The same applies to DummyLinker.
10545 * The PasswordPolicy 'PasswordCannotBePopular' has been deprecated. To
10546 follow best practices, it is reccommended to use 'PasswordNotInLargeBlacklist'
10547 instead which blacklists 100,000 commonly used passwords.
10548 * (T208862) Action::requiresUnblock() is now called from
10549 Title::getUserPermissionsErrors() and Title::userCan(). Previously, the method
10550 was only called in Action::checkCanExecute(). Actions should ensure that their
10551 requiresUnblock() returns the proper result (the default is `true`).
10552 * (T211608) The MediaWiki\Services namespace has been renamed to
10553 Wikimedia\Services. The old name is still supported, but deprecated.
10554 * (T155582) Content::getNativeData has been deprecated. Please use model-
10555 specific getters, such as TextContent::getText().
10556 * The class WebInstallerOutput is now marked as @private.
10557 * (T209699) The jquery.async module has been deprecated. JavaScript code that
10558 needs asynchronous behaviour should use Promises.
10559 * Password::equals() is deprecated, use verify().
10560 * BaseTemplate::msgWiki() and QuickTemplate::msgWiki() will be removed. Use
10561 other means to fetch a properly escaped message string or Message object.
10562 * (T126091) The 'ResourceLoaderTestModules' hook, which lets you declare QUnit
10563 testing code for your JavaScript modules, is deprecated. Instead, you can now
10564 use the new extension registration key 'QUnitTestModule'.
10565 * (T213426) The jquery.throttle-debounce module has been deprecated. JavaScript
10566 code that needs this behaviour should use OO.ui.debounce/throttle.
10567 * The mw.language.specialCharacters property from the
10568 'mediawiki.language.specialCharacters' module has been deprecated.
10569 Use require( 'mediawiki.language.specialCharacters' ) instead.
10570 * ChangeTags::purgeTagUsageCache() has been deprecated, and is expected to be
10571 removed in a future release.
10572 * Passing a User object or null as the third parameter to
10573 ApiBase::checkTitleUserPermissions() has been deprecated. Pass an array
10574 [ 'user' => $user ] instead.
10575 * (T211578) Block::prevents is deprecated. Use Block::isEmailBlocked,
10576 Block::isCreateAccountBlocked and Block::isUsertalkEditAllowed to get and set
10577 block properties; use Block::appliesToRight and Block::appliesToUsertalk to
10578 check block behaviour.
10579 * The api-feature-usage log channel now has log context. The text message is
10580 deprecated and will be removed in the future.
10581 * The FileBasedSiteLookup class has been deprecated. For a cacheable SiteLookup
10582 implementation, use CachingSiteStore instead.
10583 * Language::viewPrevNext function is deprecated, use
10584 SpecialPage::buildPrevNextNavigation instead
10585 * ManualLogEntry::setTags() is deprecated, use ManualLogEntry::addTags()
10586 instead. The setTags() method was overriding the tags, addTags() doesn't
10587 override, only adds new tags.
10588 * Block::isValid is deprecated, since it is no longer needed in core.
10589 * Calling Maintenance::hasArg() as well as Maintenance::getArg() with no
10590 parameter has been deprecated. Please pass the argument number 0.
10591 * ResourceLoaderContext::expandModuleNames has been deprecated.
10592 Use ResourceLoader::expandModuleNames instead.
10594 === Other changes in 1.33 ===
10595 * (T201747) Html::openElement() warns if given an element name with a space
10597 * The implementation of buildStringCast() in Wikimedia\Rdbms\Database has
10598 changed to explicitly cast. Subclasses relying on the base-class
10599 implementation should check whether they need to override it now.
10600 * BagOStuff::add is now abstract and must explicitly be defined in subclasses.
10601 * LinksDeletionUpdate is now a subclass of LinksUpdate. As a consequence,
10602 the following hooks will now be triggered upon page deletion in addition
10603 to page updates: LinksUpdateConstructed, LinksUpdate, LinksUpdateComplete.
10604 LinksUpdateAfterInsert is not triggered since deletions do not cause
10605 insertions into links tables.
10606 * Category::newFromID( $id )->getID() will now return $id without any
10607 validation, to avoid a mostly unnecessary DB query.
10608 * On Special:Version, the name for an extension can no longer be arbitrary
10609 html when no link is specified.
10613 == MediaWiki 1.32.6 ==
10615 This is a security and maintenance release of the MediaWiki 1.32 branch.
10617 === Changes since MediaWiki 1.32.5 ===
10618 * (T236628) Fix for ArticleRevisionViewCustom hook in DifferenceEngine.php.
10619 * (T181658) Do not insert page titles into querycache.qc_value.
10620 * (T206013) Suppress errors when reading invalid XML file properties.
10621 * (T237931) Remove references to pg_attrdef.adsrc in Postgres code.
10622 * Use correct value for 'sslmode' in DatabasePostgres.
10623 * (T232866) Fix support for HTTP/2 in MultiHttpClient.
10624 * (T227461) Stop calling deprecated Redis delete functions.
10625 * (T239561) Mark options as requiring parameters in addSite.php.
10626 * (T239734) Replace deprecated lSize with lLen in Redis code.
10627 * (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset.
10628 * (T239428) ApiEditPage: Test for bad redirect targets.
10629 * (T233342) rdbms: Log debug message traces as 'exception.trace' instead of
10631 * (T226751) media: Log and fail gracefully on invalid EXIF coordinates.
10632 * (T212067) SECURITY: Work around PHP bug in parse_url.
10634 == MediaWiki 1.32.5 ==
10636 This is a maintenance release of the MediaWiki 1.32 branch.
10638 === Changes since MediaWiki 1.32.4 ===
10639 * Compute sha1 and length if needed in maintenance/populateContentTables.php.
10640 * Fix extra newlines in the installer.
10641 * Followup T230402, PermissionManager doesn't exist until 1.33, so fix the
10642 backported patches to use User::isAllowed() instead.
10644 == MediaWiki 1.32.4 ==
10646 This is a security and maintenance release of the MediaWiki 1.32 branch.
10648 === Changes since MediaWiki 1.32.3 ===
10649 * (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3.
10650 * The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification
10651 of headers in private wikis.
10652 * (T230402) SECURITY: Add permission check for suppressed account to
10654 * (T208897) MessageCache: Restore 'loadedLanguages' tracking for load().
10655 * (T200088) Remove title protection correctly for undeletions and imports.
10656 * Add helper for HTTPFileStreamer header syntax.
10657 * (T118799) Fix XMP parser errors due to trailing nullchar.
10658 * (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy.
10659 * Cache redirects from Special:Redirect.
10660 * (T231386) dispatchUser() should use a 302 http status code.
10661 * (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into
10662 separate files to help allieviate potential migration problems.
10663 * Make SQLite's patch-add-3d.sql a no-op to prevent clobbering other database
10666 == MediaWiki 1.32.3 ==
10668 This is a maintenance release of the MediaWiki 1.32 branch.
10670 === Changes since MediaWiki 1.32.2 ===
10671 * (T225558) Update installer link to PHP intl.
10672 * (T225496) Detect APC for MainCacheType in CLI installer.
10673 * (T226766) Remove jetbrains/phpstorm-stubs from composer dev dependencies.
10674 * (T202211) Fix SQLite patch-(image|page|template)links-fix-pk.sql column order.
10676 == MediaWiki 1.32.2 ==
10678 This is a security and maintenance release of the MediaWiki 1.32 branch.
10680 === Changes since MediaWiki 1.32.1 ===
10681 * (T204423) Backport support for hyphenated DB names in JobQueueGroup.
10682 * (T216968) Return pageid as int in both list=iwbacklinks and
10683 list=langbacklinks.
10684 * (T215169) Fix for Database::update() with IGNORE option fails on PostgreSQL.
10685 * (T199474) Fix typo in rebuildrecentchanges.php resulting in rogue flags.
10686 * (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when
10687 $wgBlockDisablesLogin is true.
10688 * (T216029) Chrome redirects to Special:BadTitle after editing a section with
10689 a non-Latin name on a page with non-Latin characters in title.
10690 * Unbreak language related maintenance scripts that use StaticArrayWriter.
10691 * (T219728) Added support for new Japanese era name "Reiwa".
10692 * (T25227) SECURITY: action=logout now requires to be posted and have a csrf
10694 * Updated cssjanus/cssjanus from 1.2.0 to 1.3.0.
10695 * (T221045) Remove orphaned code from ConfigRepository.
10696 * (T222385) resourceloader: Use AND instead of OR for upsert conds in
10697 saveFileDependencies().
10698 * (T224374) Fix message parameters so that the message that says SQLite is
10699 out of date makes sense.
10700 * (T200471) Prevent LBFactorySimple breaking ExternalStorage, when trying to
10701 connect to external server with local database name.
10702 * (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
10703 * (T208881) SECURITY: blacklist CSS var().
10704 * (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
10705 * (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
10706 * (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
10707 * (T222036, T222038) SECURITY: Add permission check for user is permitted to
10709 * (T221739) SECURITY: resources: Patch jQuery 3.3.1 for CVE-2019-11358.
10711 == MediaWiki 1.32.1 ==
10713 === Changes since MediaWiki 1.32.0 ===
10714 * (T213577) rdbms: avoid transaction status errors from ping() in rollback().
10715 * rdbms: Pass required parameter.
10716 * rdbms: do not treat SAVEPOINT and RELEASE SAVEPOINT as write queries.
10717 * (T204531) rdbms: reduce LoadBalancer replication log spam.
10718 * (T213489) Avoid session double-start in Setup.php.
10719 * (T213717) Correct namespace 'Template' for gom-deva
10720 * (T198054) Fix login page crash caused by unknown language via ?uselang
10721 * (T215324) (T210937) list=users mistakenly reports user as missing.
10722 * (T209483) Add ILBFactory::redefineLocalDomain method. This is intended for
10723 use with scripts like addWiki.php to avoid mismatched domain errors.
10724 * (T208871) The hard-coded Google search form on the database error page was
10726 * (T204800) Fix Title::getFragmentForURL for bad interwiki prefix
10727 * (T215566) Fix installer being unable to determine if the database exists
10728 during a fresh installation.
10730 == MediaWiki 1.32.0 ==
10732 === Changes since MediaWiki 1.32.0-rc.2 ===
10733 * (T188327) Fix slow queries in migrateActors.php.
10734 * (T102320) Fix $magicWords for the Sanskrit language.
10736 === Changes since MediaWiki 1.32.0-rc.1 ===
10737 * Fix addition of ug_expiry column to user_groups table on MSSQL.
10738 * (T210307) Fix the cache timestamp for forced updates.
10739 * (T210621) User: Bypass repeatable-read when creating an actor_id.
10740 * (T197535) Extensions can now specify PHP versions and PHP extensions they
10742 * Updated wikimedia/ip-set from v1.2.0 to v1.3.0.
10743 * (T212356) When using action=delete on pages with many revisions, the module
10744 may return a boolean-true 'scheduled' and no 'logid'. This signifies that the
10745 deletion will be processed via the job queue.
10746 * (T64103) Dropped columns category.cat_hidden, site_stats.ss_admins, and
10747 recentchanges.rc_cur_time from the PostgreSQL schema.
10749 === Changes since MediaWiki 1.32.0-rc.0 ===
10750 * (T209885) Prevent populateSearchIndex.php from breaking once actor migration
10752 * (T210998) Properly set $wgLanguageCode in the generated LocalSettings.php
10753 if --lang is used with the command-line installer (install.php).
10755 === Configuration changes in 1.32 ===
10757 ==== New configuration ====
10758 * $wgJpegQuality – The quality of JPEG thumbnails is now configurable through
10759 this setting. The default is 80, which matches the quality of JPEG thumbnails
10760 previously generated by ImageMagick. The quality of JPEG thumbnails generated
10761 by GD was previously 95, but now uses the $wgJpegQuality setting as well.
10762 * $wgCookieSetOnIpBlock - This determines whether to set a cookie when an IP
10763 user is blocked. Doing so means that a blocked user, even after moving to a
10764 new IP address, will still be blocked.
10765 * $wgRawHtmlMessages – This new configuration setting is added for listing
10766 messages which are displayed as raw HTML.
10767 * $wgCSPHeader and $wgCSPReportOnlyHeader – You can now define a
10768 "Content Security Policy" for your wiki. This adds a defense-in-depth feature
10769 to stop an attacker who has found a bug in the parser allowing them to insert
10770 malicious attributes. Disabled by default. (T135963)
10771 * $wgGroupPermissions – A new user group, 'interface-admin', is added for
10772 controlling access to sitewide CSS/JS (and editing other users' CSS/JS). No
10773 other group has 'editsitecss', 'editusercss', 'editsitejs' or 'edituserjs'
10775 * $wgGrantPermissions – A new grant group, 'editsiteconfig', is added for
10776 granting the above rights.
10777 * $wgDBDefaultGroup – A default database group for use by maintenance scripts.
10778 * $wgResourceLoaderEnableJSProfiler – This new configuration setting lets you
10779 enable client-side profiling of JavaScript modules; it is off by default.
10780 * (T193868) $wgChangeTagsSchemaMigrationStage — This temporary configuration
10781 setting allows sysadmins to gradually migrate the database table schema for
10782 how change tags are stored.
10783 * (T199334) $wgTagStatisticsNewTable — This temporary configuration setting
10784 allows sysadmins to enable the caching of Special:Tags via the new
10785 change_tag_def table.
10787 ==== Changed configuration ====
10788 * $wgUseAjax – This setting, deprecated in 1.31, is now ignored.
10789 * $wgDefaultUserOptions – The default watchlist view time (watchlistdays) has
10790 been increased from 3 to 7 days. (T194414)
10791 * $wgGroupPermissions – The right to edit sitewide Javascript
10792 (e.g. MediaWiki:Common.js), CSS or JSON was separated from 'editinterface'
10793 and is available under 'editsitejs'/'editsitecss'/'editsitejson'. Having
10794 'editinterface' is still necessary to edit such pages.
10795 * $wgMultiContentRevisionSchemaMigrationStage now defaults to writing both the
10796 old and the new schema, but reading the new schema, so Multi-Content Revisions
10797 (MCR) are now functional by default. The new default value of the setting is
10798 SCHEMA_COMPAT_WRITE_BOTH | SCHEMA_COMPAT_READ_NEW.
10799 * $wgActorTableSchemaMigrationStage no longer accepts MIGRATION_WRITE_BOTH or
10800 MIGRATION_WRITE_NEW. It instead uses SCHEMA_COMPAT_WRITE_BOTH |
10801 SCHEMA_COMPAT_READ_OLD and SCHEMA_COMPAT_WRITE_BOTH | SCHEMA_COMPAT_READ_NEW
10802 for intermediate stages of migration.
10803 * $wgDBTableOptions – The default table options now use the binary charset. The
10804 default was already overridden in the installer-generated LocalSettings.php,
10805 and so is always set to binary after the installer UI option was removed. The
10806 default value is only used when the installer installs an extension.
10807 * $wgPopularPasswordFile — The location of the default popular passwords file
10808 has been moved to be in line with other non-PHP files used by libraries and
10810 * $wgEnableImageWhitelist is now disabled by default, as it opens up a hole for
10811 potential privacy leaks by administrators. You can check
10812 "MediaWiki:External image whitelist" on your wiki to see whether the feature
10813 was ever used, and whether it needs to be re-enabled.
10815 ==== Removed configuration ====
10816 * $wgEnableAPI and $wgEnableWriteAPI – These settings, deprecated in 1.31,
10817 have been removed. (T115414)
10818 * $wgSiteSupportPage – This setting, unused since 1.5, was removed.
10819 * $wgBrowserBlacklist – This setting, deprecated in 1.30, was removed.
10820 * $wgExperimentalHtmlIds – This setting, deprecated since 1.30, was removed.
10821 The 'html5-legacy' value for $wgFragmentMode is no longer accepted.
10822 * $wgPasswordSenderName - This setting, ignored since 1.23 by MediaWiki and
10823 most extensions, is no longer set. Instead, you can modify the system
10824 message `emailsender`.
10825 * $wgTidyConfig – The experimental Html5Internal and Html5Depurate tidy drivers
10826 were removed. RemexHtml, which is the default, should be used instead.
10827 * (T181318) The $wgStyleVersion setting and its appendage to various script and
10828 style URLs in OutputPage, deprecated in 1.31, was removed.
10829 * (T140807) The wgResourceLoaderLESSImportPaths configuration option was removed
10830 from ResourceLoader. Instead, use `@import` statements in LESS to import
10831 files directly from nearby directories within the same project.
10832 * (T140804) The wgResourceLoaderLESSVars configuration option, deprecated
10833 since 1.30, was removed. Instead, to expose variables from PHP to LESS, use
10834 the ResourceLoaderModule::getLessVars() method.
10835 * $wgResourceLoaderValidateStaticJS – This setting, unused since MediaWiki 1.18,
10837 * Two temporary variables for deploying the feature of filters on change lists,
10838 $wgStructuredChangeFiltersShowPreference introduced in MediaWiki 1.30 and
10839 $wgStructuredChangeFiltersOnWatchlist in 1.31, were removed.
10841 === New features in 1.32 ===
10842 * (T112474) Generalized the ResourceLoader mechanism for overriding modules
10843 using a particular page during edit previews.
10844 * (T12331) You can now log page creation events by setting $wgPageCreationLog
10846 * Added 'ApiParseMakeOutputPage' hook.
10847 * (T174313) Added checkbox on Special:ListUsers to display only users in
10848 temporary user groups.
10849 * (T152462) A cookie can now be set when an IP user is blocked to track that
10850 user if they move to a new IP address. This is disabled by default.
10851 * (T194950) Added 'ApiMaxLagInfo' hook.
10852 * SpecialPage::checkLoginSecurityLevel() will now preserve POST data when
10854 * FormSpecialPage::execute() will now call checkLoginSecurityLevel() if
10855 getLoginSecurityLevel() returns non-false.
10856 * The 'ImageBeforeProduceHTML' hook is now passed three new parameters, $parser,
10857 &$query and &$widthOption, allowing extensions even finer control over the
10858 resulting HTML code.
10859 * Added new 'ArticleShowPatrolFooter' hook, which allows extensions to determine
10860 if the [mark as patrolled] link should be shown at the footer of patrollable
10862 * The array of hidden options ($opts) passed to the 'SpecialSearchPowerBox' hook
10863 is now passed by reference, allowing extensions to modify or even unset it.
10864 * Added new 'OutputPageAfterGetHeadLinksArray' hook, allowing extensions to
10865 modify the return value of OutputPage#getHeadLinksArray in order to add,
10866 remove or otherwise alter the elements to be output in the page <head>.
10867 * (T28934) The 'HistoryPageToolLinks' hook allows extensions to append
10868 additional links to the subtitle of a history page.
10869 * The 'GetLinkColours' hook now receives an additional $title parameter,
10870 the Title object of the page being parsed, on which the links will be shown.
10871 * (T194731) DifferenceEngine supports multiple slots. Added SlotDiffRenderer to
10872 render diffs between two Content objects, and DifferenceEngine::setRevisions()
10873 to render diffs between two custom (potentially multi-content) revisions.
10874 Added GetSlotDiffRenderer hook which works like GetDifferenceEngine for slots.
10875 * Added a temporary action=mcrundo to the web UI, as the normal undo logic
10876 can't yet handle MCR and deadlines are forcing is to put off fixing that.
10877 This action should be considered deprecated and should not be used directly.
10878 * Extensions overriding ContentHandler::getUndoContent() will need to be
10879 updated for the changed method signature.
10880 * Added a new hook, 'UserGetRightsRemove', which can be used to remove rights
10881 from user. Unlike the 'UserGetRights' it will ensure that removed rights
10882 will not be reinserted.
10883 * (T197535) Extensions can now specify PHP versions and PHP extensions they
10886 === External library changes in 1.32 ===
10888 ==== New external libraries ====
10889 * Added pear/Net_SMTP v1.8.0.
10890 * Added wikimedia/xmp-reader v0.6.0.
10892 * Added cache/integration-tests v0.16.0 (dev-only).
10893 * Added giorgiosironi/eris v0.10.0 (dev-only).
10894 * Added seld/jsonlint v1.7.1 (dev-only).
10896 * Added EasyDeflate (unversioned).
10898 ==== Changed external libraries ====
10899 * Updated OOUI from v0.26.3 to v0.29.2.
10900 * Updated wikimedia/base-convert from v1.0.1 to v2.0.0.
10901 * Updated wikimedia/remex-html from v1.0.3 to v2.0.1.
10902 * Updated wikimedia/scoped-callback from v1.0.0 to v2.0.0.
10903 ** ScopedCallback objects can no longer be serialized.
10904 * Updated wikimedia/timestamp from v1.0.0 to v2.2.0.
10905 * Updated wikimedia/wrappedstring from v2.3.0 to v3.0.1.
10906 * oyejorge/less.php replaced with our fork wikimedia/less.php
10907 * Updated wikimedia/ip-set from v1.2.0 to v1.3.0.
10909 * Updated composer/spdx-licenses from v1.3.0 to v1.4.0 (dev-only).
10910 * Updated mediawiki/mediawiki-codesniffer from v18.0.0 to v22.0.0 (dev-only).
10911 * Updated psy/psysh from v0.8.11 to v0.9.6 (dev-only).
10913 * Updated CLDRPluralRuleParser from v0.1.0 to v1.3.2-pre.
10914 * Updated jquery from v3.2.1 to v3.3.1.
10915 * Updated jquery.client from v2.0.0 to v2.0.1.
10916 * Updated jquery.i18n from v1.0.4 to v1.0.5.
10917 * Updated mustache.js from v0.8.2-d9aa703 to v1.0.0.
10918 * Updated OOjs from v2.2.0 to v2.2.2.
10919 * Updated qunitjs from v2.4.0 to v2.6.2.
10920 * Updated sinonjs from v1.17.3 to v1.17.7.
10922 ==== Removed external libraries ====
10923 * pear/mail_mime-decode was removed.
10925 === Bug fixes in 1.32 ===
10926 * SpecialPage::execute() will now only call checkLoginSecurityLevel() if
10927 getLoginSecurityLevel() returns non-false.
10928 * (T43720, T46197) Improved page display title handling for category pages
10929 * (T65080) Fixed resetting options of some types via API action=options.
10931 === Action API changes in 1.32 ===
10932 * Added templated parameters.
10933 * A module can define a templated parameter like "{fruit}-quantity", where
10934 the actual parameters recognized correspond to the values of a multi-valued
10935 parameter. Then clients can make requests like
10936 "fruits=apples|bananas&apples-quantity=1&bananas-quantity=5".
10937 * action=paraminfo will return templated parameter definitions separately
10938 from normal parameters. All parameter definitions now include an "index"
10939 key to allow clients to maintain parameter ordering when merging normal and
10940 templated parameters.
10941 * It is now an error to submit too many values for a multi-valued parameter.
10942 This has generated a warning since MediaWiki 1.14.
10943 * Assertion failures from the 'assert' and 'assertuser' parameters will no
10944 longer use the action module's custom response format, for the few modules
10945 that use custom formatters that handle errors.
10946 * (T198935) User list preferences such as `email-blacklist` and similar
10947 extension preferences are no longer represented as arrays when returned by
10948 action=query&meta=userinfo&uiprop=options.
10949 * 'missingparam' errors will now use the prefixed parameter name in the code
10950 and error text, e.g. "noxxfoo" and "The 'xxfoo' parameter must be set" rather
10951 than "nofoo" and "The 'foo' parameter must be set".
10952 * action=query&prop=revisions now takes a 'rvslots' parameter to indicate the
10953 multi-content revision slots for which content should be returned. It also
10954 has a new rvprop, 'roles', to indicate which roles have slots. A deprecation
10955 warning will be issued if rvprop=content or rvprop=contentmodel are used
10957 * The rvcontentformat parameter to action=query&prop=revisions has been
10958 deprecated. Clients should be prepared to deal with the default format for
10960 * Use of the deprecated parameters rvexpandtemplates, rvgeneratexml, rvparse,
10961 rvdiffto, rvdifftotext, rvdifftotextpst, rvcontentformat, or the deprecated
10962 rvprop=parsetree is forbidden with the new 'rvslots' parameter.
10963 * action=query&prop=deletedrevisions, action=query&list=allrevisions, and
10964 action=query&list=alldeletedrevisions are changed similarly to
10965 &prop=revisions (see the three previous items).
10966 * (T174032) action=compare now supports multi-content revisions.
10967 * It has a 'slots' parameter to select diffing of individual slots. The
10968 default behavior is to return one combined diff.
10969 * The 'fromtext', 'fromsection', 'fromcontentmodel', 'fromcontentformat',
10970 'totext', 'tosection', 'tocontentmodel', and 'tocontentformat' parameters
10971 are deprecated. Specify the new 'fromslots' and 'toslots' to identify which
10972 slots have text supplied and the corresponding templated parameters for
10974 * The behavior of 'fromsection' and 'tosection' of extracting one section's
10975 content is not being preserved. 'fromsection-{slot}' and 'tosection-{slot}'
10976 instead expand the given text as if for a section edit. This effectively
10977 declines T183823 in favor of T185723.
10978 * (T198214) The 'disabletidy' parameter to action=parse has been
10979 deprecated; untidy output will not be supported by future wikitext
10981 * Added intestactionsdetail to action=query&prop=info to allow retrieving the
10982 reasons an action is not allowed.
10983 * Deprecated action=query&prop=info inprop=readable in favor of
10984 intestactions=read.
10985 * (T212356) When using action=delete on pages with many revisions, the module
10986 may return a boolean-true 'scheduled' and no 'logid'. This signifies that the
10987 deletion will be processed via the job queue.
10989 === Action API internal changes in 1.32 ===
10990 * Added 'ApiParseMakeOutputPage' hook.
10991 * Parameter names may no longer contain '{' or '}', as these are now used for
10992 templated parameters.
10993 * (T194950) Added 'ApiMaxLagInfo' hook.
10994 * The following methods now take a RevisionRecord rather than a Revision. No
10995 external callers are known.
10996 * ApiFeedContributions::feedItemAuthor()
10997 * ApiFeedContributions::feedItemDesc()
10998 * ApiQueryRevisionsBase::extractRevisionInfo()
10999 * The following deprecated methods have been removed:
11000 * ApiBase::profileIn() (deprecated in 1.25)
11001 * ApiBase::profileOut() (deprecated in 1.25)
11002 * ApiBase::safeProfileOut() (deprecated in 1.25)
11003 * ApiBase::profileDBIn() (deprecated in 1.25)
11004 * ApiBase::profileDBOut() (deprecated in 1.25)
11005 * ApiBase::dieUsage() (deprecated in 1.29)
11006 * ApiBase::dieUsageMsg() (deprecated in 1.29)
11007 * ApiBase::dieUsageMsgOrDebug() (deprecated in 1.29)
11008 * ApiBase::getErrorFromStatus() (deprecated in 1.29)
11009 * ApiBase::parseMsg() (deprecated in 1.29)
11010 * ApiBase::setWarning() (deprecated in 1.29)
11011 * ApiPageSet::getInvalidTitles() (deprecated in 1.26)
11012 * ApiQueryLogEvents::addLogParams() (deprecated in 1.25)
11013 * ApiUsageException::getCodeString() (deprecated in 1.29)
11014 * ApiUsageException::getMessageArray() (deprecated in 1.29)
11015 * Class UsageException, deprecated in 1.29, has been removed.
11016 * ApiErrorFormatter: Added getFormat() and newWithFormat(). In particular, you
11017 can now easily test $formatter->getFormat() === 'bc', and then call
11018 $formatter->newWithFormat( 'plaintext' ) to get a non-BC formatter.
11020 === Languages updated in 1.32 ===
11021 MediaWiki supports over 350 languages. Many localisations are updated regularly.
11022 Below only new and removed languages are listed, as well as changes to languages
11023 because of Phabricator reports.
11025 * (T193566) Added language support for Ambonese Malay (abs).
11026 * (T194047) Added language support for Shawiya, Latin script (shy-latn).
11027 * (T195940) Added language support for Batak Mandailing (btm).
11028 * (T137491) Added language support for Standard Moroccan Amazigh (zgh).
11029 * (T198132) Added language support for Manipuri (mni).
11030 * (T201276) Added language support for Western Armenian (hyw).
11031 * (T201583) Added language support for Mon (mnw).
11033 === Breaking changes in 1.32 ===
11034 * $wgRequestTime, deprecated in 1.25, was removed. Use
11035 $_SERVER['REQUEST_TIME_FLOAT'] or WebRequest::getElapsedTime() instead.
11036 * The MediaWikiI18N class, deprecated in 1.31, was removed.
11037 * QuickTemplate::setTranslator(), deprecated in 1.31, was removed. Use
11038 Skin::msg() instead.
11039 * wfInitShellLocale(), deprecated in 1.30, was removed.
11040 * wfShellExecDisabled(), deprecated in 1.30, was removed.
11041 * The type string for the parameter $lang of DateFormatter::getInstance,
11042 deprecated in 1.31, was removed.
11043 * The EDIT_TOKEN_SUFFIX constant deprecated in 1.27, was removed. Use
11044 MediaWiki\Session\Token::SUFFIX instead.
11045 * EditPage::isOouiEnabled() deprecated in 1.30, was removed.
11046 * mw.util.wikiGetlink(), deprecated in 1.23, was removed. Use mw.util.getUrl()
11048 * (T61113) The following methods and constants from the Revision class, which
11049 were deprecated in 1.25, have now been removed:
11050 * Revision::getRawUser()
11051 * Revision::getRawUserText()
11052 * Revision::getRawComment()
11053 * window.gM() from mediawiki.jqueryMsg, deprecated in 1.23, was removed. Use
11054 mw.msg() or mw.message() instead.
11055 * mw.util.escapeId(), deprecated in 1.30, was removed. Use
11056 mw.util.escapeIdForAttribute or mw.util.escapeIdForLink instead.
11057 * mw.util.updateTooltipAccessKeys(), deprecated in 1.24, was removed. Use
11058 jquery.accessKeyLabel instead.
11059 * The SqlDataUpdate class, deprecated in 1.28, has been removed.
11060 * The Html5Internal and Html5Depurate tidy driver classes were removed, along
11061 with the Balancer tidy implementation. Both implementations were experimental,
11062 and were replaced by RemexHtml.
11063 * (T179624) Job::insert() and ::batchInsert(), deprecated in 1.21, were both
11064 removed. Use JobQueueGroup::singleton()->push() instead.
11065 * The jquery.footHovzer module, for mediawiki.debug, was removed.
11066 * The es5-shim module, empty and deprecated since 1.29, was removed.
11067 * the dom-level2-shim module, empty and deprecated since 1.29, was removed.
11068 * the json module, empty and deprecated since 1.29, was removed.
11069 * The mediawiki.widgets.visibleByteLimit module alias, deprecated in 1.32, was
11070 removed. Use mediawiki.widgets.visibleLengthLimit instead.
11071 * The jquery.farbtastic module, unused since 1.18, was removed.
11072 * The 'jquery.expandableField' module, unused since 1.22, was removed.
11073 * The hooks 'PreferencesFormPreSave' and 'PreferencesGetLegend' may provide
11074 any HTMLForm object rather than PreferencesForm.
11075 * The non namespaced TimestampException class, deprecated in 1.29, was removed.
11076 Use Wikimedia\Timestamp\TimestampException instead.
11077 * The global functions codepointToUtf8, hexSequenceToUtf8, utf8ToHexSequence,
11078 utf8ToCodepoint, and escapeSingleString (deprecated in 1.25) were removed.
11079 The UtfNormal\Utils class from the utfnormal library should be used instead.
11080 * The deprecated UTF8_ and UNICODE_ constants were removed. The class constants
11081 from the UtfNormal\Constants class from the utfnormal library should be used
11082 * The protected methods PHPSessionHandler::returnSuccess() and returnFailure(),
11083 only needed for PHP5 compatibility, have been removed. It now uses the boolean
11084 values `true` and `false` respectively.
11085 * The $parserMemc global and wfGetParserCacheStorage(), deprecated since 1.30,
11086 were removed. Use the ParserCache class instead.
11087 * ScopedCallback (deprecated in 1.28) was removed. Use Wikimedia\ScopedCallback
11089 * Support for ResourceLoaderModule::getModifiedTime() and getModifiedHash(),
11090 deprecated since 1.26, was removed. Use getDefinitionSummary() instead.
11091 * (T195256) Skins are recommended not to rely on JavaScript for the "mw-jump"
11092 and "jump-to-nav" accessibility links. To this end, the "jquery.mw-jump"
11093 is no longer loaded by default. The Vector and MonoBook skins have made a
11094 minor change to implement the toggle feature with CSS instead. To restore
11095 prior functionality, either explicitly load "jquery.mw-jump" in your skin
11096 or refer to T195256 for details on how to make the same change.
11097 * Hook 'EditPageBeforeEditChecks' was removed;
11098 use 'EditPageGetCheckboxesDefinition' instead.
11099 * Linker::getLinkColour() and DummyLinker::getLinkColour(), deprecated since
11100 1.28, were removed. LinkRenderer::getLinkClasses() should be used instead.
11101 * Wikimedia\Rdbms\LoadBalancer::getLaggedSlaveMode(), deprecated in 1.28, has
11102 been removed. Use Wikimedia\Rdbms\LoadBalancer::getLaggedReplicaMode()
11104 * mw.widgets.CategoryMultiselectWidget now uses TagMultiselectWidget instead of
11105 CapsuleMultiselectWidget. The following methods may no longer be used:
11106 * setItemsFromData: Use setValue instead
11107 * getItemsData: Use getItems instead and get the data property
11108 * Two OutputPage methods, addMetadataLink() and getMetadataAttribute(), were
11109 removed. Use addLink() instead.
11110 * Another two OutputPage methods, setPageTitleActionText() and
11111 getPageTitleActionText(), were removed. They did nothing since 1.15 (almost
11112 ten years). Use setHTMLTitle() directly.
11113 * The return value of OutputPage::adaptCdnTTL() has been removed. The
11114 value returned was misleading and probably not what any caller would
11116 * All MagicWord static member variables have been removed. Use appropriate
11117 hooks or MagicWordFactory methods instead.
11118 * MagicWord::clearCache() has been removed. Instead, create a new
11119 MagicWordFactory, such as by calling
11120 resetServiceForTesting( 'MagicWordFactory' ) on a MediaWikiServices.
11121 * mw.util.init() has been removed. This function is not needed anymore and was
11122 a no-op function since 1.30.
11123 * SpecialPageFactory::resetList() is a no-op. Call overrideMwServices()
11125 * MediaWiki no longer supports a StartProfiler.php file. Instead, you can set
11126 $wgProfiler and $wgEnableProfileInfo.
11127 * The mw.loader.addSource() is now considered a private method, and no longer
11128 supports the `id, url` signature. Use the `Object` parameter instead.
11129 * The backwards-compatibility code in HTMLForm to add a drop-down control to an
11130 option that is not set to be a drop-down if the "mw-chosen" class is present,
11132 * Several collations were removed. They were workarounds for bugs in the ICU
11133 library and they are no longer needed (as of ICU 57.1):
11134 * 'uppercase-se' (NorthernSamiUppercaseCollation) - use 'uca-se' instead
11135 * 'xx-uca-et' (CollationEt) - use 'uca-et' instead
11136 * 'xx-uca-fa' (CollationFa) - use 'uca-fa' instead
11137 * LanguageCode::bcp47() now always returns a valid BCP 47 code. This means
11138 that some MediaWiki-specific language codes, such as `simple`, are mapped
11139 into valid BCP 47 codes (eg `en-simple`).
11140 * The hooks 'SpecialRecentChangesFilters' & 'SpecialWatchlistFilters' deprecated
11141 in 1.23 were removed. Instead, use 'ChangesListSpecialPageStructuredFilters'.
11142 The ChangesListSpecialPage code for these legacy hooks, and their use in
11143 SpecialRecentchanges.php and SpecialWatchlist, was also removed:
11144 * ChangesListSpecialPage->getCustomFilters()
11145 * ChangesListSpecialPage->getFilterGroupDefinitionFromLegacyCustomFilters()
11146 * ChangesListSpecialPage::customFilters
11147 * The global function wfUseMW, deprecated since 1.26, has now been removed. Use
11148 the "requires" property of static extension registration instead.
11149 * $wgSpecialPages no longer accepts array syntax, deprecated since 1.18.
11150 * The MailAddress constructor can no longer be called with a User object,
11151 behaviour which has been deprecated since 1.24.
11152 * LBFactory, deprecated since 1.28, has been removed. Instead, use
11153 Wikimedia\Rdbms\LBFactory.
11154 * The MimeMagic class, deprecated since 1.28 has been removed. Get a
11155 MimeAnalyzer instance from MediaWikiServices instead.
11156 * The '--tidy' option to maintenance/parse.php has been removed. Tidying
11157 the output is now the default. Use '--no-tidy' to bypass the tidy
11159 * The global function wfErrorLog, deprecated since 1.25, has now been removed.
11160 Use MWLoggerLegacyLogger::emit or UDPTransport.
11161 * The hooks 'SpecialRecentChangesQuery' & 'SpecialWatchlistQuery', deprecated in
11162 1.23, were removed. Instead, use ChangesListSpecialPageStructuredFilters or
11163 ChangesListSpecialPageQuery.
11164 * The global function wfUsePHP, deprecated since 1.30, has now been removed. To
11165 assert a newer version of PHP than MediaWiki does, use extension registration.
11166 * The hook 'ChangesListSpecialPageFilters', deprecated in 1.29, has now been
11167 removed. Use the 'ChangesListSpecialPageStructuredFilters' hook instead.
11168 * DeferredUpdates::setImmediateMode(), deprecated since 1.29, has been removed.
11169 * File / MediaHandler::getStreamHeaders(), deprecated since 1.30, was removed.
11170 * The hook 'DoEditSectionLink', deprecated since 1.25, has been removed. Use
11171 the hook 'SkinEditSectionLinks' instead.
11172 * The hook 'UserGetImplicitGroups', deprecated since 1.25, has been removed.
11173 * The global function wfRunHooks, deprecated since 1.25, has now been removed.
11175 * The hook 'UnknownAction', deprecated since 1.19, has now been removed.
11176 * The hook 'ParserLimitReport', deprecated since 1.22, has been removed. Use
11177 the hooks 'ParserLimitReportPrepare' and 'ParserLimitReportFormat' instead.
11178 * The following deprecated API methods have been removed:
11179 * ApiBase::profileIn() (deprecated in 1.25)
11180 * ApiBase::profileOut() (deprecated in 1.25)
11181 * ApiBase::safeProfileOut() (deprecated in 1.25)
11182 * ApiBase::profileDBIn() (deprecated in 1.25)
11183 * ApiBase::profileDBOut() (deprecated in 1.25)
11184 * ApiBase::dieUsage() (deprecated in 1.29)
11185 * ApiBase::dieUsageMsg() (deprecated in 1.29)
11186 * ApiBase::dieUsageMsgOrDebug() (deprecated in 1.29)
11187 * ApiBase::getErrorFromStatus() (deprecated in 1.29)
11188 * ApiBase::parseMsg() (deprecated in 1.29)
11189 * ApiBase::setWarning() (deprecated in 1.29)
11190 * ApiPageSet::getInvalidTitles() (deprecated in 1.26)
11191 * ApiQueryLogEvents::addLogParams() (deprecated in 1.25)
11192 * ApiUsageException::getCodeString() (deprecated in 1.29)
11193 * ApiUsageException::getMessageArray() (deprecated in 1.29)
11194 * Class UsageException, deprecated in 1.29, has been removed.
11195 * MediaWiki no longer has a 'JavaScript-powered' wikitext toolbar built in. The
11196 old "bulletin board style toolbar", known as "the 2006 wikitext editor", has
11197 been removed, and instead sysadmins will be required to choose one (or more)
11198 of the several extensions available for this purpose if they need the
11199 functionality. The MediaWiki "tarball" releases have included the replacement
11200 extension for this, the WikiEditor extension aka "the 2010 wikitext editor",
11201 for many years now. As part of this, several parts of MediaWiki have been
11202 removed or simplified:
11203 * The user option 'showtoolbar' (shown as "Show edit toolbar") is no longer
11204 available; if an extension adds a toolbar via the EditPageBeforeEditToolbar
11205 hook, it will be shown; extensions should provide a specific user preference
11206 to disable themselves as needed.
11207 * The public methods Language::getImageFile() and ::getImageFiles(), and the
11208 related specification of $imageFiles within individual languages' code file,
11209 as well as the referenced static media assets, all of which were only used
11210 inside MediaWiki itself for providing the icons for the old toolbar, have
11211 been removed without explicit deprecation.
11212 * The internal ResourceLoader module "mediawiki.toolbar", which is unused
11213 except by MediaWiki itself and back-compatibility code, has been removed.
11214 * The internal ResourceLoaderEditToolbarModule class has been removed.
11216 === Deprecations in 1.32 ===
11217 * HTMLForm::setSubmitProgressive() is deprecated. No need to call it. Submit
11218 button is already marked as progressive.
11219 * Skin::setupSkinUserCss() is deprecated. Adding of modules to load
11220 has been centralised to Skin::getDefaultModules(), which is now capable
11221 of queueing style modules as well.
11222 * OutputPage::addModuleScripts() and ParserOutput::addModuleScripts are
11223 deprecated. Use addModules() instead.
11224 * Overriding SearchEngine::{searchText,searchTitle,searchArchiveTitle}
11225 in extending classes is deprecated. Extend related doSearch* methods
11227 * The following 'mediawiki.api' plugin modules were merged into mediawiki.api
11228 and deprecated: mediawiki.api.category, mediawiki.api.edit,
11229 mediawiki.api.login, mediawiki.api.options, mediawiki.api.parse,
11230 mediawiki.api.upload, mediawiki.api.user, mediawiki.api.watch,
11231 mediawiki.api.messages, and mediawiki.api.rollback.
11232 * ApiBase::truncateArray() is deprecated. No replacement, as nothing is known
11234 * WatchAction::getUnwatchToken is deprecated. Use WatchAction::getWatchToken
11235 with the 'unwatch' action parameter instead.
11236 * IcuCollation::getICUVersion() is deprecated, as you can just use the PHP
11237 constant INTL_ICU_VERSION directly in all versions that MediaWiki supports.
11238 * Parser::fetchFile() is deprecated. Use ::fetchFileAndTitle() instead.
11239 * The ApiQueryContributions class has been renamed to ApiQueryUserContribs.
11240 * The XMPInfo, XMPReader, and XMPValidate classes have been deprecated in favor
11241 of the namespaced classes provided by the wikimedia/xmp-reader library.
11242 * SearchResultSet::{next,rewind} are deprecated. Calling code should
11243 use foreach on the SearchResultSet, or the extractResults method. Extending
11244 code should override extractResults.
11245 * Instantiating SearchResultSet directly is deprecated. SearchEngine
11246 implementations must subclass SearchResultSet for their purposes.
11247 * SearchResult::setExtensionData argument has been changed from accepting an
11248 array to accepting a Closure that returns the array when called.
11249 * Class CryptRand, everything in MWCryptRand except generateHex() and function
11250 MediaWikiServices::getInstance()->getCryptRand() are deprecated, use
11251 random_bytes() to generate cryptographically secure random byte sequences.
11252 * Parser::getConverterLanguage() is deprecated. Use ::getTargetLanguage()
11254 * Language::markNoConversion() is deprecated. It confused readers because
11255 it had unexpected behavior (only marking text if it looked like a URL)
11256 and was only used in a single place in the code. Use
11257 LanguageConverter::markNoConversion() instead.
11258 * (T197492) Language::truncate() was soft deprecated in 1.31 and is
11259 hard deprecated in this release. It has been split into two similar
11260 methods, Language::truncateForVisual() and Language::truncateForDatabase(),
11261 which measure length in characters and bytes, respectively. Use
11262 Language::truncateForVisual() when possible to provide equity to users
11263 of multibyte scripts.
11264 * (T176526) EditPage::getContextTitle() falling back to $wgTitle when the
11265 context title is unset is now deprecated; anything creating an EditPage
11266 instance should set the context title via ::setContextTitle().
11267 * The 'jquery.hidpi' module (polyfill for IMG srcset) is deprecated.
11268 * ResourceLoaderStartUpModule::getStartupModules() and ::getLegacyModules()
11269 are deprecated. These concepts are obsolete and have no replacement.
11270 * String type for $lang of DifferenceEngine::setTextLanguage is deprecated.
11271 * The following methods of OutputPage are now deprecated in favour
11272 of using showFatalError directly: OutputPage::showFileDeleteError()
11273 OutputPage::showFileNotFoundError(), OutputPage::showFileRenameError()
11274 OutputPage::showFileCopyError() and OutputPage::showUnexpectedValueError().
11275 * The Replacer, DoubleReplacer, HashtableReplacer, and RegexlikeReplacer
11276 classes are now deprecated. Use a Closure instead.
11277 * (T194263) ContentHandler::makeParserOptions() is deprecated. Use
11278 WikiPage::makeParserOptions() or ParserOptions::newCanonical() instead.
11279 * (T100681) Use of the Parsoid v1 API with the VirtualRESTService, deprecated in
11280 MediaWiki 1.26, is now hard-deprecated. All known clients were converted to
11281 the Parsoid v3 API in May 2015.
11282 * $input is deprecated in hook 'LogEventsListGetExtraInputs'. Use
11283 $formDescriptor instead.
11284 * SearchEngine::transformSearchTerm( $term ) should no longer be called prior
11285 to running searchText. This method was mainly implemented to support the
11286 'prefix' URI param in SpecialSearch, but there are no reasons to expose this
11287 logic as it should be handled internally by SearchEngine implementations
11288 supporting this feature. SearchEngine implementations should no longer
11289 override this methods.
11290 * SearchEngine::replacePrefixes( $query ) should no longer be called prior
11291 to running searchText/searchTitle.
11292 * (T199657) Messages for $wgFilterLogTypes labels should be no longer be in the
11293 'log-show-hide-[type]' format. Instead use 'logeventslist-[type]-log'.
11294 * Global functions wfArrayFilter() and wfArrayFilterByKey() are deprecated.
11295 use array_filter() directly.
11296 * The $wgShowSQLErrors global is deprecated and nonfunctional.
11297 Set $wgShowExceptionDetails and/or $wgShowHostnames instead.
11298 * The $wgShowDBErrorBacktrace global is deprecated and nonfunctional.
11299 Set $wgShowExceptionDetails instead.
11300 * Public access to the DifferenceEngine properties mOldid, mNewid, mOldRev,
11301 mNewRev, mOldPage, mNewPage, mOldContent, mNewContent, mRevisionsLoaded,
11302 mTextLoaded and mCacheHit is deprecated. Use getOldid() / getNewid() /
11303 getOldRevision() / getNewRevision() for the first four (note that the
11304 revision ones return a RevisionRecord, not a Revision), do your own lookup
11306 * The $wgExternalDiffEngine value 'wikidiff2' is deprecated. To use wikidiff2
11307 just enable the PHP extension, and it will be autodetected.
11308 * (T194731) DifferenceEngine properties mOldContent and mNewContent and methods
11309 setContent(), generateContentDiffBody(), generateTextDiffBody() and textDiff()
11310 are deprecated. To interact with a single slot, use a SlotDiffRenderer (and
11311 subclass it to customize diff rendering); to diff custom (e.g. unsaved)
11312 content, use setRevisions(). Subclassing DifferenceEngine should only be done
11313 to customize page-level diff properties (such as the navigation header).
11314 * The wfUseMW function, soft-deprecated in 1.26, is now hard deprecated.
11315 * All MagicWord static methods are now deprecated. Use the MagicWordFactory
11317 * PasswordFactory::init is deprecated. To get a password factory with the
11318 standard configuration, use
11319 MediaWikiServices::getInstance()->getPasswordFactory.
11320 * $wgContLang is deprecated, use
11321 MediaWikiServices::getInstance()->getContentLanguage() instead.
11322 * $wgParser is deprecated, use MediaWikiServices::getInstance()->getParser()
11324 * wfGetMainCache() is deprecated, use ObjectCache::getLocalClusterInstance()
11326 * wfGetCache() is deprecated, use ObjectCache::getInstance() instead.
11327 * All SpecialPageFactory static methods are deprecated. Instead, call the
11328 methods on a SpecialPageFactory instance, which may be obtained from
11330 * mw.user.stickyRandomId was renamed to the more explicit
11331 mw.user.getPageviewToken to better capture its function.
11332 * Passing Revision objects to ContentHandler::getUndoContent() is deprecated,
11333 Content object should be passed instead.
11334 * (T197179) Parameters 'notice', 'notice-messages', 'notice-message',
11335 previously used by OOUI HTMLForm fields, are now deprecated. Use
11336 'help', 'help-message', 'help-messages' instead.
11337 * (T197179) HTMLFormField::getNotices() is now deprecated.
11338 * The jquery.localize module is now deprecated. Use jquery.i18n instead.
11339 * The SecondaryDataUpdates hook was deprecated in favor of RevisionDataUpdates,
11340 or overriding ContentHandler::getSecondaryDataUpdates (T194038).
11341 * The WikiPageDeletionUpdates hook was deprecated in favor of
11342 PageDeletionDataUpdates, or overriding ContentHandler::getDeletionDataUpdates
11344 * Content::getSecondaryDataUpdates has been deprecated in favor of
11345 ContentHandler::getSecondaryDataUpdates() for overriding by extensions
11347 Application logic should call WikiPage::doSecondaryDataUpdates() (T194037).
11348 * Content::getDeletionUpdates has been deprecated in favor of
11349 ContentHandler::getDeletionUpdates() for overriding by extensions (T194038).
11350 Application logic should call WikiPage::doSecondaryDataUpdates() (T194037).
11351 * (T198214) Old Tidy-related configuration settings, which were soft-deprecated
11352 in MediaWiki 1.26, have now been hard deprecated. This affects $wgUseTidy,
11353 $wgTidyBin, $wgTidyConf, $wgTidyOpts, $wgTidyInternal, and $wgDebugTidy. Use
11354 $wgTidyConfig instead.
11355 * All Tidy configurations other than Remex have been hard deprecated;
11356 future parsers will not emit compatible output for these configurations.
11357 In particular, running MediaWiki with tidy disabled has been deprecated.
11358 * (T198214) OutputPage::addWikiText(), OutputPage::addWikiTextWithTitle(),
11359 and OutputPage::addWikiTextTitle() have been deprecated, since they
11360 can result in untidy output. In addition OutputPage::addWikiTextTidy()
11361 and OutputPage::addWikiTextTitleTidy() was deprecated to make naming new
11362 methods consistent. Use OutputPage::addWikiTextAsInterface() or
11363 OutputPage::addWikiTextAsContent() instead, which ensures the output is
11364 tidy and clarifies whether content-language specific postprocessing should
11365 be done on the text.
11366 * OutputPage::parse() and OutputPage::parseInline() have been deprecated
11367 due to untidy output and inconsistent handling of wrapper divs and
11368 interface/content language defaults. Use OutputPage::parseAsContent(),
11369 OutputPage::parseAsInterface(), or OutputPage::parseInlineAsInterface()
11371 * QuickTemplate::msgHtml() and BaseTemplate::msgHtml() have been deprecated
11372 as they promote bad practises. I18n messages should always be properly
11374 * Skin::getDynamicStylesheetQuery() has been deprecated. It always
11375 returns action=raw&ctype=text/css which callers should use directly.
11376 * Class LegacyFormatter is deprecated.
11377 * Use of CommentStore::insertWithTempTable() with 'img_description' is
11378 deprecated. Use CommentStore::insert() instead.
11379 * Language::setCode is deprecated as public function. Use Language::factory
11380 to create a new Language object with a different language code.
11381 * Several classes have been moved from the MediaWiki\Storage\ namespace to the
11382 MediaWiki\Revision\ namespace. The old class names are aliased for
11383 compatibility, but are deprecated. Classes are IncompleteRevisionException,
11384 MutableRevisionRecord, MutableRevisionSlots, RevisionAccessException,
11385 RevisionArchiveRecord, RevisionFactory, RevisionLookup, RevisionRecord,
11386 RevisionSlots, RevisionStore, RevisionStoreRecord, SlotRecord, and
11387 SuppressedDataException.
11388 * When using OOUI HTMLForm containing an 'info' field which uses the 'rawrow'
11389 option, it is now deprecated to give its contents (the 'default' option)
11390 as a string. They should be given as a OOUI\FieldLayout object instead.
11391 Notably, this affects fields defined in the 'GetPreferences' hook, because
11392 Special:Preferences uses an OOUI form now. (If possible, don't use 'rawrow'.)
11393 * In Skin::doEditSectionLink omitting the parameters $tooltip and $lang is
11394 deprecated. For the $lang parameter, types other than Language are
11396 * The $wgUseKeyHeader configuration option and the
11397 OutputPage::getKeyHeader() method have been deprecated; the relevant
11398 draft IETF spec expired without becoming a standard.
11399 * Deprecated API action=query&prop=info inprop=readable in favor of
11400 intestactions=read.
11402 === Other changes in 1.32 ===
11403 * (T198811) The following tables have had their UNIQUE indexes turned into
11404 proper PRIMARY KEYs for increased maintainability: interwiki, page_props,
11405 protected_titles and site_identifiers.
11406 * OOUI HTMLForm will now display help text inline after the input field,
11407 rather than in a popup. Previous behavior can be restored by using
11408 `'help-inline' => false`.
11409 * The archive table's ar_rev_id field is now unique.
11410 * Special:BotPasswords now requires reauthentication.
11411 * (T174023) Multi-Content Revision (MCR) capabilities were introduced into the
11412 storage layer and have basic support for display. No user interface exists
11413 yet for creating or managing content in slots beides the main slot. See
11414 <https://www.mediawiki.org/wiki/Multi-Content_Revisions> for more
11416 * The image_comment_temp database table has been removed. Since all access
11417 should be mediated by the CommentStore class, this change shouldn't affect
11419 * (T206147) Database::close() will no longer commit any open transactions.
11420 * (T64103) Dropped columns category.cat_hidden, site_stats.ss_admins, and
11421 recentchanges.rc_cur_time from the PostgreSQL schema.
11425 == MediaWiki 1.31.16 ==
11427 This is a security and maintenance release of the MediaWiki 1.31 branch.
11429 This is intended to be the final release of the MediaWiki 1.31 branch,
11430 and as such, 1.31 is now considered End of Life.
11432 === Changes since MediaWiki 1.31.15 ===
11433 * (T283273) Make postgres IRC channel point to libera.chat.
11434 * (T289108) ExtensionProcessor: Remove loaderScripts from
11435 extension.json schemas.
11436 * (T285515, CVE-2021-41798) SECURITY: XSS vulnerability in
11438 * (T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full
11440 * (T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of
11441 Special:Contributions.
11443 == MediaWiki 1.31.15 ==
11445 This is a security and maintenance release of the MediaWiki 1.31 branch.
11447 === Changes since MediaWiki 1.31.14 ===
11448 * (T270988) Fixup issues in SpecialChangeContentModel.php.
11449 * (T278026) rdbms: Add DB_PRIMARY to replace DB_MASTER.
11450 * (T276945) Define a batch size in maintenance/manageJobs.php.
11451 * (T276945) Implement JobQueueDB::getAllAbandonedJobs.
11452 * (T281549) WebInstaller: Don't show the announce-l subscribe
11453 checkbox temporarily.
11454 * (T283247) Freenode -> Libera per wikimedia moving from
11455 freenode to libera.
11456 * (T280226, CVE-2021-35197) SECURITY: Prevent blocked users from
11459 == MediaWiki 1.31.14 ==
11461 This is a maintenance release of the MediaWiki 1.31 branch.
11463 === Changes since MediaWiki 1.31.13 ===
11464 * Make Title implement IDBAccessObject.
11466 == MediaWiki 1.31.13 ==
11468 This is a security and maintenance release of the MediaWiki 1.31 branch.
11470 === Changes since MediaWiki 1.31.12 ===
11471 * (T115436) resourceloader: CSSMin::getLocalFileReferences now strips
11473 * Updating php-parallel-lint/php-parallel-lint (0.9.2 => 1.0.0).
11474 * Updating mediawiki/codesniffer (19.1.0 => 19.4.0).
11475 * DefaultSettings.php: Update $wgPingback documentation.
11476 * PHPVersionCheck: The PHP Group only supports PHP >= 7.3.0.
11477 * (T275261) Escape wikitext in the title in invalid title error messages.
11478 * (T277009, CVE-2021-30158) SECURITY: Allow blocked users to access
11479 Special:ResetTokens.
11480 * pageExist.php: Output trailing newlines.
11481 * (T278058, CVE-2021-30157) SECURITY: Escape rcfilters-filter-* messages
11482 on ChangesList pages.
11483 * (T277414) HTMLFormField: Use non namespaced class name rather than
11485 * (T268230) Switch to new MediaWiki logo by Serhio Magpie.
11486 * (T271735) Expand config-pingback-help, link to privacy policy in
11488 * Fix documentation of user-global in $wgRateLimits.
11489 * BackupDumper: Add -o as shortcode for --output.
11490 * (T278014, CVE-2021-30154) SECURITY: Escape mediastatistics-header-*
11491 messages on Special:NewFiles.
11492 * (T270713, CVE-2021-30152) SECURITY: Allow user to only apply protection
11493 they have right to do so via action=protect.
11494 * (T272386, CVE-2021-30159) SECURITY: Non-admin deleted enwiki page in
11496 * (T270988, CVE-2021-30155) SECURITY: ContentModelChange: Check that user
11498 * (T276843, CVE-2021-20270, CVE-2021-27291) SECURITY:
11499 SyntaxHighlight_GeSHi: Various lexers have been disabled due to DoS
11502 == MediaWiki 1.31.12 ==
11504 This is a maintenance release of the MediaWiki 1.31 branch.
11506 === Changes since MediaWiki 1.31.11 ===
11507 * Fixed issues relating to User::isRegistered() not existing in 1.31.
11509 == MediaWiki 1.31.11 ==
11511 This is a security and maintenance release of the MediaWiki 1.31 branch.
11513 === Changes since MediaWiki 1.31.10 ===
11514 * Fix undefined $wgRedirectOnLogin.
11515 * (T251661, T265313) CentralIdLookup::factoryNonLocal can return null.
11516 * (T263592) media: Fix case of FlashPixVersion in
11517 FormatMetadata::makeFormattedData().
11518 * (T265223) BaseTemplate: Guard against passing zero arg to array_merge().
11519 * (T266418) composer.json: add requirement for composer-plugin-api ^1.1.
11520 * (T260631, T260633), BotPassword::save() now returns a Status object for the
11521 result rather than a bool. The length of the bot password grants and
11522 restriction fields are now validated, and an error will be thrown if it
11523 would be truncated by the database.
11524 * (T264536, T233012) SectionProfiler: Do not attempt to use null values as
11526 * (T269178) MemcachedClient: Cast Resource to integer.
11527 * (T268917, CVE-2020-35475) SECURITY: Use Xml::element in SpecialUserrights for
11529 * (T268938, CVE-2020-35479) SECURITY: BlockLogFormatter can output raw html.
11530 * (T205908, CVE-2020-35477) SECURITY: Unable to change visibility of log entries
11531 when MediaWiki:Mainpage uses Special:MyLanguage.
11532 * (T120883, CVE-2020-35480) SECURITY: Divergent behavior for contributions and
11533 user pages of hidden users and missing users.
11535 == MediaWiki 1.31.10 ==
11537 This is a maintenance release of the MediaWiki 1.31 branch.
11539 === Changes since MediaWiki 1.31.9 ===
11540 * Fixed issues relating to backporting of changes for T260485.
11542 == MediaWiki 1.31.9 ==
11544 This is a security and maintenance release of the MediaWiki 1.31 branch.
11546 === Changes since MediaWiki 1.31.8 ===
11547 * In the web installer, use secure session cookies.
11548 * (T257207) shell: Expand documentation in firejail.profile.
11549 * Added $wgForceHTTPS, which makes the HTTP to HTTPS redirect be unconditional
11550 and suppresses various hacks needed to support mixed HTTP/HTTPS wikis. We
11551 recommend this be set to true on pure HTTPS wikis.
11552 * Added $wgCookieSameSite, which allows login cookies to be sent with
11553 SameSite=None. This is required for cross-site CentralAuth autologin after
11555 * Added $wgUseSameSiteLegacyCookies, which adds a compatibility hack to
11556 SameSite=None cookies for browsers which implemented an incompatible draft
11557 version of the specification.
11558 * (T191537) Disable WebResponse setters for post-send processing.
11559 * (T198525) WebReponse: Use values altered in 'WebResponseSetCookie' hook.
11560 * Fix runBatchedQuery.php for no result from select.
11561 * (T130906) Add Edge to MediaWiki:Clearyourcache.
11562 * Use IPset in MWRestrictions::checkIP.
11563 * (T260031) Add application/font-sfnt to MimeMap for ttf files.
11564 * shell: Make ->restrict( RESTRICT_NONE ) actually work.
11565 * (T183759) Fixes shell edge-cases in Windows.
11566 * (T258390) Add CentralIdLookup::factoryNonLocal().
11567 * (T246991) User: Fix pingLimiter() to use makeGlobalKey() for global rate
11569 * (T251661, CVE-2020-25827) SECURITY: User::pingLimiter: add user-global rate
11571 * (T246991) User: enforce pingLimiter() expiry time.
11572 * (T260232) don't include null page ids in query list for category dumps.
11573 * (T251506) Sanitizer: Truncate IDs to a reasonable length.
11574 * Explicitly wrap some XML calls in libxml_disable_entity_loader().
11575 * (T263455 T247285) Set EnableJavaScriptTest to true in
11576 includes/DevelopmentSettings.php.
11577 * (T232568, CVE-2020-25813) SECURITY: Special:UserRights exposes the existence
11579 * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking
11580 firejail's --output functionality.
11581 * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and
11583 * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in
11584 mw.message( ... ).parse().
11585 * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct
11587 * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used.
11589 == MediaWiki 1.31.8 ==
11591 This is a security and maintenance release of the MediaWiki 1.31 branch.
11593 === Changes since MediaWiki 1.31.7 ===
11594 * (T199809) Don't invalidate BotPasswords if a password reset email is sent.
11595 * (T247017) PasswordReset performance improvements.
11596 * (T250568) Work around change in SimpleXMLElement behavior introduced in PHP
11598 * Remove some rotten and out of date documentation.
11599 * (T252311) Improvements to some older SQLite update patches.
11600 * (T240307) Minor fixes to extension.schema.v2.json and
11601 extension.schema.v1.json.
11602 * (T199474) Set rc_patrolled to 2 for autopatrolled changes in
11603 rebuildrecentchanges.php.
11604 * (T229461) Update the change_tag table in rebuildrecentchanges.php.
11605 * (T206476) Call ob_start() before running tests.
11606 * (T234450) Per-user concurrency in SpecialContributions can now be limited by
11607 setting $wgPoolCounterConf['SpecialContributions'] appropriately.
11608 * (T248947) SECURITY: img_auth.php may leak private extension images into the
11611 == MediaWiki 1.31.7 ==
11613 This is a security and maintenance release of the MediaWiki 1.31 branch.
11615 === Changes since MediaWiki 1.31.6 ===
11616 * (T193565, T234022) Re-add DB domain sanity checks to LoadBalancer.
11617 * Use proper SemVer comparison in CheckComposerLockUpToDate.
11618 * (T212738) Add the MW_VERSION constant, global $wgVersion is soft deprecated.
11619 * Update comment about PHP versions supported by The PHP Group.
11620 * (T247215) Fix output of RecountCategories::doWork().
11621 * Add check for page existence to view.php maintenance script.
11622 * (T247580) Disable some broken Selenium tests.
11623 * (T236509) SECURITY: Fix HTML escaping in UserGroupMembership::getLink().
11624 * (T246602) SECURITY: jquery.makeCollapsible allows applying event handler to
11627 == MediaWiki 1.31.6 ==
11629 This is a security and maintenance release of the MediaWiki 1.31 branch.
11631 === Changes since MediaWiki 1.31.5 ===
11632 * (T181658) Do not insert page titles into querycache.qc_value.
11633 * (T206013) Suppress errors when reading invalid XML file properties.
11634 * (T237931) Remove references to pg_attrdef.adsrc in Postgres code.
11635 * Use correct value for 'sslmode' in DatabasePostgres.
11636 * (T232866) Fix support for HTTP/2 in MultiHttpClient.
11637 * (T227461) Stop calling deprecated Redis delete functions.
11638 * (T239561) Mark options as requiring parameters in addSite.php.
11639 * (T239734) Replace deprecated lSize with lLen in Redis code.
11640 * (T192134) SECURITY: Do not allow user scripts on Special:PasswordReset.
11641 * (T239428) ApiEditPage: Test for bad redirect targets.
11642 * (T233342) rdbms: Log debug message traces as 'exception.trace' instead of
11644 * (T226751) media: Log and fail gracefully on invalid EXIF coordinates.
11645 * (T212067) Work around PHP bug in parse_url.
11647 == MediaWiki 1.31.5 ==
11649 This is a maintenance release of the MediaWiki 1.31 branch.
11651 === Changes since MediaWiki 1.31.4 ===
11652 * Fix extra newlines in installer.
11653 * Followup T230402, PermissionManager doesn't exist until 1.33, so fix the
11654 backported patches to use User::isAllowed() instead.
11656 == MediaWiki 1.31.4 ==
11658 This is a security and maintenance release of the MediaWiki 1.31 branch.
11660 === Changes since MediaWiki 1.31.3 ===
11661 * (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3.
11662 * The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification
11663 of headers in private wikis.
11664 * (T230402) SECURITY: Add permission check for suppressed account to
11666 * Add helper for HTTPFileStreamer header syntax.
11667 * (T118799) Fix XMP parser errors due to trailing nullchar.
11668 * (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy.
11669 * (T202183) Give more specific error messages on Special:Redirect.
11670 * Cache redirects from Special:Redirect.
11671 * (T231386) dispatchUser() should use a 302 http status code.
11672 * (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into
11673 separate files to help allieviate potential migration problems.
11674 * Make SQLite's patch-add-3d.sql a no-op to prevent clobbering other database
11677 == MediaWiki 1.31.3 ==
11679 This is a maintenance release of the MediaWiki 1.31 branch.
11681 === Changes since MediaWiki 1.31.2 ===
11682 * (T225558) Update installer link to PHP intl.
11683 * (T225496) Detect APC for MainCacheType in CLI installer.
11684 * (T226766) Remove jetbrains/phpstorm-stubs from composer dev dependencies.
11685 * (T202211) Fix SQLite patch-(image|page|template)links-fix-pk.sql column order.
11687 == MediaWiki 1.31.2 ==
11689 This is a security and maintenance release of the MediaWiki 1.31 branch.
11691 Required PHP version has been increased from 7.0.0 to 7.0.13.
11693 === Changes since MediaWiki 1.31.1 ===
11694 * (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query
11695 all titles when asked for none.
11696 * (T205967) Fix syntax error typo in postgres database upgrade file.
11697 * (T200254) Add pear/Net_SMTP 1.7.3 to composer dependencies.
11698 * (T206765) Load installer i18n when running update.php.
11699 * (T109121) Remove deprecated pear/mail_mime-decode from composer suggested
11701 [Also in the bundled composer /vendor directory.]
11702 * Various PHP 7.2 and 7.3 compatibility fixes:
11703 * (T200595, T206974) Fix PHP 7.3 warnings of using "continue" in some
11704 scenarios instead of "break".
11705 * (T206976, T206977) Also in the bundled LocalisationUpdate and
11706 ParserFunctions extensions.
11707 * (T206979) Fix PHP 7.3 warnings of using "compact()" when some variables may
11709 * (T215632) FormatMetadata and UploadStash regexes fixed to be PHP
11711 * Fix PHP warnings "preg_replace(): [...] invalid range in character class.
11712 * Avoid PHP 7.2 warnings in DBConRefTest about count() on non-Countable.
11713 * Suppress "Headers already sent" in PHP 7.2 too.
11714 * (T206476) Output only to stderr in unit tests.
11715 * (T207112) Add session_write_close() calls to SessionManager tests.
11716 * oyejorge/less.php replaced with our fork wikimedia/less.php
11717 * (T209756) Updated wikimedia/ip-set from 1.2.0 to 1.3.0.
11718 * (T213489) Avoid session double-start in Setup.php.
11719 * (T206975) Switch to our fork of less.php.
11720 * (T207540) Include IP address in "Login for $1 succeeded" log entry.
11721 * (T201781) Database: Allow selectFieldValues() to accept SQL fragments.
11722 * (T205765) installer: Don't link to the obsolete "Extension Matrix" page.
11723 * (T206013) Update ImportableUploadRevisionImporter for interwiki usernames.
11724 * (T207541) Pass an email address, not a MailAddress, to mail().
11725 * (T207603) SECURITY: User JS may no longer be loaded with mime type
11726 text/javascript if there is no account associated with the username.
11727 * (T112937, T113042) SECURITY: Do not allow loading pages raw with a
11728 text/javascript MIME
11729 type if non-admins can edit the page.
11730 * (T17491) <ins>/<del> elements can be phrasing or flow.
11731 * (T200827) RemexCompatMunger: Don't call endTag() in case B/b
11732 * (T207088) Upgrade wikimedia/remex-html to 2.0.1.
11733 [Also in the bundled composer /vendor directory.]
11734 * (T194052) Updated wikimedia/base-convert from 1.0.1 to 2.0.0.
11735 [Also in the bundled composer /vendor directory.]
11736 * (T199494) Fix notices in maintenance/removeUnusuedAccounts.php.
11737 * Require ext-fileinfo in composer.json, per PHPVersionCheck.
11738 * (T176390) Bundled LocalisationUpdate extension: Handle exceptions from
11740 * (T208255) Completion search should not change the search query.
11741 * (T209870) Fix SQL syntax error in MS-SQL initialisation file for new wikis.
11742 * (T185049) LogFormatter: Fail softer when trying to link an invalid titles.
11743 * (T210998) Properly set $wgLanguageCode in the generated LocalSettings.php
11744 if --lang is used with the command-line installer (install.php).
11745 * (T211061) ImageListPager: Actor migration for buildQueryConds().
11746 * (T209335) Clarify the default sidebar 'Help' link is about MediaWiki itself.
11747 * Fix addition of ug_expiry column to user_groups table on MSSQL.
11748 * (T204767) Add join conditions to ActiveUsersPager.
11749 * (T210621) User: Bypass repeatable-read when creating an actor_id.
11750 * (T204531) rdbms: reduce LoadBalancer replication log spam.
11751 * (T195525) Fix db error outage page.
11752 * (T208871) The hard-coded Google search form on the database error page was
11754 * (T176097) Fix flaky MessageBlobStoreTest assertion failures.
11755 * (T209423) Update required PHP version to 7.0.13.
11756 * (T209885) Prevent populateSearchIndex.php from breaking once actor migration
11758 * (T216968) Return pageid as int in both list=iwbacklinks and
11759 list=langbacklinks.
11760 * (T215169) Fix for Database::update() with IGNORE option fails on PostgreSQL.
11761 * (T204423) Backport support for hyphenated DB names in JobQueueGroup.
11762 * (T199474) Fix typo in rebuildrecentchanges.php resulting in rogue flags.
11763 * (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when
11764 $wgBlockDisablesLogin is true.
11765 * (T216029) Chrome redirects to Special:BadTitle after editing a section with
11766 a non-Latin name on a page with non-Latin characters in title.
11767 * (T219728) Added support for new Japanese era name "Reiwa".
11768 * (T25227) SECURITY: action=logout now requires to be posted and have a csrf
11770 * Updated cssjanus/cssjanus from 1.2.0 to 1.3.0.
11771 * (T222385) resourceloader: Use AND instead of OR for upsert conds in
11772 saveFileDependencies().
11773 * (T224374) Fix message parameters so that the message that says SQLite is out
11774 of date makes sense.
11775 * SpecialPage::checkLoginSecurityLevel() will now preserve POST data when
11777 * FormSpecialPage::execute() will now call checkLoginSecurityLevel() if
11778 getLoginSecurityLevel() returns non-false.
11779 * (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
11780 * (T208881) SECURITY: blacklist CSS var().
11781 * (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
11782 * (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
11783 * (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
11784 * (T222036, T222038) SECURITY: Add permission check for user is permitted to
11786 * (T221739) SECURITY: resources: Patch jQuery 3.2.1 for CVE-2019-11358.
11788 == MediaWiki 1.31.1 ==
11790 This is a security and maintenance release of the MediaWiki 1.31 branch.
11792 === Changes since MediaWiki 1.31.0 ===
11793 * (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
11795 * (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's
11797 * (T199029, CVE-2018-13258) SECURITY: Tarball was missing .htaccess files.
11798 * (T197229) Bundle Nuke extension, it was accidentally omitted.
11799 * (T193995) Fix undefined patchPath() method call in parser tests.
11800 * (T198687) Fix various selectFields methods to use the string 'NULL', not null.
11801 * Special:BotPasswords now requires reauthentication.
11802 * (T191608, T187638) Add 'logid' parameter to Special:Log.
11803 * (T193829) Indicate when a Bot Password needs reset.
11804 * (T198037) GitInfo: Don't try shelling out if it's disabled.
11805 * (T151415) Log email changes.
11806 * (T197206) Fix performance regression when multiple DB used without caching.
11807 * (T197030) PHPSessionHandler: Suppress headers warnings in initialize().
11808 * (T182377, T196793) Exif: Guard against uncountable tag values.
11809 * (T200861) Fix total breakage of SQLite web upgrade.
11810 * (T200864) Fix pingback over-reporting on non-MySQL databases
11811 * (T202550) Unbreak SpecialListusersHeaderForm and SpecialListusersHeader
11814 == MediaWiki 1.31.0 ==
11816 === Changes since MediaWiki 1.31.0-rc.2 ===
11817 * (T195783) Initialize PSR-4 namespaces at same stage as normal autoloader.
11818 * (T196092) Hide MySQL binary/utf-8 charset option in the installer.
11819 * (T196185) Don't allow setting $wgDBmysql5 in the installer.
11820 * (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.
11821 * (T182366) UploadBase::checkXMLEncodingMissmatch() now works on PHP 7.1+
11822 * (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete
11824 * (T196672) The mtime of extension.json files is now able to be zero
11825 * (T180403) Validate $length in padleft/padright parser functions.
11826 * (T143790) Make $wgEmailConfirmToEdit only affect edit actions.
11828 === Changes since MediaWiki 1.31.0-rc.0 ===
11829 * (T33223) Drop archive.ar_text and ar_flags.
11830 * Add default edit rate limit of 90 edits/minute for all users.
11831 * (T187645) Use codepoint as tiebreaker when getting first-letters in
11833 * (T191947) Don't shell during the installer if shelling out is disabled.
11834 * (T194319) Improve duplicate config setting exception as part of extension
11836 * (T195211) Don't require trailing slash in PSR-4 autoloader directory.
11837 * (T186565) Fix PHP Notice from `ob_end_flush()` in `FileRepo::streamFile()`.
11838 * Do not incorrectly hide namespace input field in the installer.
11839 * (T186456) Refactor checks looking for PEAR maik libraries to be clearer.
11841 === Important pre-upgrade notes for 1.31 ===
11842 * If you're using MySQL, SQLite, or MSSQL, are not using update.php to apply
11843 schema changes, and cannot have downtime to run migrateArchiveText.php and
11844 apply patch-drop-ar_text.sql manually, you'll have to apply a default value
11845 to the ar_text and ar_flags columns of the archive table or make those
11846 columns nullable before upgrading to MediaWiki 1.31.
11847 maintenance/archives/patch-nullable-ar_text.sql shows how to do this for
11850 === Configuration changes in 1.31 ===
11851 * $wgEnableAPI and $wgEnableWriteAPI are now deprecated and will be removed in
11852 a future version. The API is now considered to be stable, secure and
11854 * $wgUsejQueryThree was removed, as it is now the default. This was documented
11855 as a temporary variable during the migration period, deprecated since 1.29.
11856 * $wgLogoHD has been updated to support svg images and uses $wgLogo where
11857 possible for fallback images such as png.
11858 * (T44246) $wgFilterLogTypes will no longer ignore 'patrol' when user does not
11859 have the right to mark things patrolled.
11860 * Wikis that contain imported revisions or CentralAuth global blocks should run
11861 maintenance/cleanupUsersWithNoId.php.
11862 * The configuration settings $wgResourceLoaderMinifierStatementsOnOwnLine and
11863 $wgResourceLoaderMinifierMaxLineLength, deprecated since 1.27, were removed.
11864 * (T180921) $wgReferrerPolicy now supports having fallbacks for browsers that
11865 are not using the latest version of the Referrer Policy specification.
11866 * $wgFragmentMode is now set to [ 'legacy', 'html5' ] by default. This is a
11867 first step of migration to human-readable section IDs that will later result
11868 in 'html5' being the default mode.
11869 * CACHE_ACCEL now only supports APC(u) or WinCache. XCache support was removed
11870 as upstream is inactive and has no plans to move to PHP 7.
11871 * The old CategorizedRecentChanges feature, including its related configuration
11872 option $wgAllowCategorizedRecentChanges, has been removed.
11873 * (T188472) The 'comma' value for $wgArticleCountMethod is no longer supported
11874 for performance reasons, and installations with this setting will now work as
11875 if it was configured with 'any'.
11876 * (T185753) MediaWiki now defaults to using RemexHtml to tidy up user input,
11877 rather than being off by default. If you wish to disable HTML tidying
11878 entirely, set $wgTidyConfig to null; if you wish to use the old, deprecated
11879 Tidy external binary, both set $wgTidyConfig to null and $wgUseTidy to true.
11880 * $wgLogAutopatrol now defaults to false instead of true.
11881 * $wgValidateAllHtml was removed and will be ignored.
11882 * $wgScriptExtension, deprecated and ignored since 1.25, was removed. See the
11883 1.25 release notes for more information.
11884 * $wgUseAjax is now marked as deprecated, just like the deprecated AJAX
11885 framework that it enables. Some extensions mistakenly used this to check
11886 whether any AJAX functionality at all should be enabled, further making this
11887 problematic to retain.
11888 * $wgDBmysql5 is now deprecated, and will be removed in a future version. It
11889 has been marked as experimental ever since it was introduced.
11891 === New features in 1.31 ===
11892 * (T76554) User sub-pages named ….json are now protected in the same way that
11893 ….js and ….css pages are, so that configuration options can safely be placed
11895 * Wikimedia\Rdbms\IDatabase->select() and similar methods now support joins
11896 with parentheses for grouping.
11897 * As a first pass in standardizing dialog boxes across the MediaWiki product,
11898 Html class now provides helper methods for messageBox, successBox, errorBox
11899 and warningBox generation.
11900 * (T9240) Imports will now record unknown (and, optionally, known) usernames in
11901 a format like "iw>Example".
11902 * (T20209) Linker (used on history pages, log pages, and so on) will display
11903 usernames formed like "iw>Example" as interwiki links, as if by wikitext like
11904 [[iw:User:Example|iw>Example]].
11905 * (T111605) The 'ImportHandleUnknownUser' hook allows extensions to auto-create
11906 users during an import.
11907 * Added a hook, ParserOutputPostCacheTransform, to allow extensions to affect
11908 the ParserOutput::getText() post-cache transformations.
11909 * Added a hook, UploadForm:getInitialPageText, to allow extensions to alter the
11910 initial page text for file uploads.
11911 * (T181651) The info page for File pages now displays the file's base-16 SHA1
11912 hash value in the table of basic information.
11913 * Style tags with a 'data-mw-deduplicate' attribute will be deduplicated as a
11914 ParserOutput::getText() post-cache transformation. This may be disabled by
11915 passing 'deduplicateStyles' => false to that method.
11916 * The identity of the logged-in or IP "actor" for logged actions is being moved
11917 into a new actor table, with the rows in tables such as revision and logging
11918 referring to the actor ID instead of storing the user ID and name/IP in
11920 * This is currently gated by $wgActorTableSchemaMigrationStage. Most wikis
11921 can set this to MIGRATION_NEW and run maintenance/migrateActors.php as
11922 soon as any necessary extensions are updated.
11923 * Most code accessing rows for logged actions from the database should use
11924 the relevant getQueryInfo() methods to get the information needed to build
11925 the SQL query. The ActorMigration class may also be used to get feature
11926 -flagged information needed to access actor-related fields during the
11928 * Added Wikimedia\Rdbms\IDatabase::cancelAtomic(), to roll back an atomic
11929 section without having to roll back the whole transaction.
11930 * Wikimedia\Rdbms\IDatabase::doAtomicSection(), non-native ::insertSelect(),
11931 and non-MySQL ::replace() and ::upsert() no longer roll back the whole
11932 transaction on failure.
11933 * (T189785) Added a monthly heartbeat ping to the pingback feature.
11934 * The CLI installer (maintenance/install.php) learned to detect and include
11935 extensions. Pass --with-extensions to enable that feature.
11936 * (T184791) rc_patrolled now has three states: "0" for unpatrolled,
11937 "1" for manually patrolled and "2" for autopatrolled actions.
11938 * Extensions can now set their type to "editor" if they provide an editor or
11939 enhance the editing experience.
11940 * Extensions can use a PSR-4 autoloader by setting an "AutoloadNamespaces"
11941 property in extension.json. See the documentation at
11942 <https://mediawiki.org/wiki/Manual:Extension.json/Schema#AutoloadNamespaces>
11943 for more details and an example.
11944 * (T19099) Tabs which link to pages that don't exist (like those to uncreated
11945 discussion pages) now have a tooltip to indicate state, not just colour.
11947 === External library changes in 1.31 ===
11948 * pear/mail, pear/mail_mime and pear/mail_mime-decode have been moved from
11949 suggested to required. These packages now must be installed via composer
11950 and not via PEAR itself.
11952 ==== Upgraded external libraries ====
11953 * Updated jquery.chosen from v0.9.14 to v1.8.2.
11954 * Updated composer/spdx-licenses from 1.1.4 to 1.3.0 (development dependency).
11955 * Updated nikic/php-parser from 2.1.0 to 3.1.3 (development dependency).
11956 * Updated wikimedia/ip-set from 1.1.0 to 1.2.0.
11957 * Updated wikimedia/relpath from 2.0.0 to 2.1.1.
11958 * Updated wikimedia/running-stat from 1.1.0 to 1.2.0.
11959 * Updated wikimedia/wrappedstring from 2.2.0 to 2.3.0.
11960 * Updated mediawiki/at-ease from 1.1.0 to 1.2.0.
11961 * Updated wikimedia/php-session-serializer from 1.0.4 to 1.0.6.
11962 * Updated wikimedia/remex-html from 1.0.2 to 1.0.3.
11963 * Updated wikimedia/html-formatter from 1.0.1 to 1.0.2.
11965 ==== New external libraries ====
11966 * Added wikimedia/object-factory 1.0.0
11968 ==== Removed and replaced external libraries ====
11969 * (T17845) The deprecated 'jquery.badge' module was removed.
11970 * The deprecated 'jquery.autoEllipsis' module was removed. Use the CSS
11971 text-overflow property instead.
11972 * The deprecated 'jquery.placeholder' module was removed.
11973 * The deprecated 'jquery.appear' module was removed. Use the
11974 'mediawiki.viewport' module instead.
11975 * mediawiki/at-ease was replaced with wikimedia/at-ease.
11977 === Bug fixes in 1.31 ===
11978 * (T90902) Non-breaking space in header ID breaks anchor.
11979 * (T189375) CSSMin now allows quoted urls in `url()` syntax to start with a
11981 * (T2087, T10897, T87753, T174639) Whitespace created by category and language
11982 links is now stripped rather than leaving blank lines in odd places.
11983 * (T3780) Uploads with UTF-8 names now work on PHP7.1+ on Windows servers.
11984 * (T182366) UploadBase::checkXMLEncodingMissmatch() now works on PHP 7.1+
11986 === Action API changes in 1.31 ===
11987 * (T185058) The 'name' value to tgprop for action=query&list=tags has been
11988 removed. It has never made a difference in the output, the name was always
11989 returned regardless.
11990 * The 'watch' and 'unwatch' parameters for action=move have been removed. They
11991 were deprecated and also accidentally nonfunctional since 1.17 in 2010. Use
11992 'watchlist' instead.
11994 === Action API internal changes in 1.31 ===
11995 * ApiBase::getProfileDBTime, deprecated since 1.25, was removed.
11996 * ApiBase::getModuleProfileName, deprecated since 1.25, was removed.
11997 * ApiBase::getProfileTime, deprecated since 1.25, was removed.
11999 === Languages updated in 1.31 ===
12000 MediaWiki supports over 350 languages. Many localisations are updated
12001 regularly. Below only new and removed languages are listed, as well as
12002 changes to languages because of Phabricator reports.
12004 * (T180052) Mirandese (mwl) now supports gendered NS_USER/NS_USER_TALK.
12005 * (T182305) New language support: Nyungar (nys).
12006 * (T186359) New language support: Siberian Tatar [себертатар] (sty).
12007 * (T186635) New language support: Guianan Creole (gcr).
12008 * (T186647) New language support: Kumyk [къумукъ] (kum).
12009 * (T187750) New language support: Spanish formal address (es-formal).
12010 * (T187824) New language support: Hungarian formal address (hu-formal).
12011 * (T189127) New language support: Gorontalo (gor).
12013 === Breaking changes in 1.31 ===
12014 * MessageBlobStore::insertMessageBlob(), deprecated in 1.27, was removed.
12015 * The OutputPage class constructor now requires a context parameter.
12016 Instantiating without context was deprecated in 1.18.
12017 * The mw.page JavaScript singleton, deprecated in 1.30, was removed.
12018 * Article::getLastPurgeTimestamp(), WikiPage::getLastPurgeTimestamp(), and the
12019 related WikiPage::PURGE_* constants, deprecated in 1.29, were removed.
12020 * The Article::selectFields(), ::onArticleCreate(), ::onArticleDelete(), and
12021 ::onArticleEdit() methods, deprecated in 1.24, were removed.
12022 * Installer::locateExecutable() and ::locateExecutableInDefaultPaths() were
12023 removed. Use ExecutableFinder::findInDefaultPaths() instead.
12024 * The deprecated MW_DIFF_VERSION constant was removed.
12025 DifferenceEngine::MW_DIFF_VERSION should be used instead.
12026 * Due to significant refactoring, method ContribsPager::getUserCond() that had
12027 no access restriction has been removed.
12028 * The Block class will no longer accept usable-but-missing usernames for
12029 'byText' or ->setBlocker(). Callers should either ensure the blocker exists
12030 locally or use a new interwiki-format username like "iw>Example".
12031 * The following methods and constants from the WatchedItem class, which were
12032 deprecated in 1.27, have been removed:
12033 * WatchedItem::getTitle()
12034 * WatchedItem::fromUserTitle()
12035 * WatchedItem::addWatch()
12036 * WatchedItem::removeWatch()
12037 * WatchedItem::isWatched()
12038 * WatchedItem::duplicateEntries()
12039 * WatchedItem::IGNORE_USER_RIGHTS
12040 * WatchedItem::CHECK_USER_RIGHTS
12041 * WatchedItem::DEPRECATED_USAGE_TIMESTAMP
12042 * The $statementsOnOwnLine parameter of JavaScriptMinifier::minify was removed.
12043 $wgResourceLoaderMinifierStatementsOnOwnLine, the corresponding configuration
12044 variable, has been deprecated since 1.27 and was removed as well.
12045 * The $maxLineLength parameter of JavaScriptMinifier::minify was removed.
12046 $wgResourceLoaderMinifierMaxLineLength, the corresponding configuration
12047 variable, has been deprecated since 1.27 and was removed as well.
12048 * The HtmlFormatter class, deprecated in 1.27, was removed. The namespaced
12049 HtmlFormatter\HtmlFormatter class should be used instead.
12050 * The driver 'mysql' for MySQL, deprecated in MediaWiki 1.30, has been removed.
12051 The driver has been deprecated since PHP 5.5 and was removed in PHP 7.0. The
12052 default driver for MySQL has been 'mysqli' since MediaWiki 1.22.
12053 * The following properties of PreparedEdit were deprecated in 1.21 and have
12055 * PreparedEdit->newText
12056 * PreparedEdit->oldText
12057 * PreparedEdit->pst
12058 * ParserOutput objects which are generated using a non-default value for
12059 ParserOptions::setWrapOutputClass() can no longer be added to the parser
12061 * The following deprecated methods from the OutputPage class have been removed:
12062 * OutputPage::addExtensionStyle(); deprecated in 1.27
12063 * OutputPage::getExtStyle(); deprecated in 1.27
12064 * OutputPage::setETag(); deprecated in 1.28 (obsolete no-op)
12065 * OutputPage::setSquidMaxage(); deprecated in 1.27
12066 * OutputPage::readOnlyPage(); deprecated in 1.25
12067 * OutputPage::rateLimited(); deprecated in 1.25
12068 * Additionally, the protected OutputPage::$mExtStyles array, only accessed
12069 through the above and with no known uses, was removed.
12070 * The no-op method Skin::showIPinHeader(), deprecated in 1.27, was removed.
12071 * The following variables and methods in EditPage, deprecated in MediaWiki 1.30,
12073 * $isCssJsSubpage — use ::isUserConfigPage()
12074 * $isCssSubpage — use ::isUserCssConfigPage()
12075 * $isJsSubpage — use ::isUserJsConfigPage()
12076 * $isWrongCaseCssJsPage – use ::isWrongCaseUserConfigPage()
12077 * ::getSummaryInput() – use ::getSummaryInputWidget()
12078 * ::getSummaryInputOOUI() – use ::getSummaryInputWidget()
12079 * ::getCheckboxes() – use ::getCheckboxesWidget() or
12080 ::getCheckboxesDefinition()
12081 * ::getCheckboxesOOUI() – use ::getCheckboxesWidget() or
12082 ::getCheckboxesDefinition()
12083 * ResourceLoaderModule::getPosition(), deprecated in 1.29, has been removed.
12084 * In User, the cookie-related methods which were wrappers for the functions on
12085 the response object, and were deprecated in 1.27, have been removed:
12088 * ::setExtendedLoginCookie()
12089 Note that User::setCookies() remains, and is not deprecated.
12090 * Also in User, some auth-related methods which were deprecated in 1.27 have
12092 * ::getEditTokenTimestamp() – use MediaWiki\Session\Token::getTimestamp()
12093 * ::getPasswordFactory() – create a PasswordFactory directly
12094 * ::passwordChangeInputAttribs()
12095 * The global functions wfProfileIn and wfProfileOut, deprecated in 1.25, have
12097 * SpecialPageFactory::getList(), deprecated in 1.24, has been removed. You can
12098 use ::getNames() instead.
12099 * OpenSearch::getOpenSearchTemplate(), deprecated in 1.25, has been removed. You
12100 can use ApiOpenSearch::getOpenSearchTemplate() instead.
12101 * The global function wfBaseConvert, deprecated in 1.27, has been removed. Use
12102 Wikimedia\base_convert() directly.
12103 * Calling Database::begin() explicitly during an implicit transaction or when
12104 DBO_TRX is set results in an exception. Calling Database::commit() explicitly
12105 for an implicit transaction also results in an exception. Previously these
12106 were logged as errors. The startAtomic() and endAtomic() methods, or
12107 AtomicSectionUpdate should be used instead.
12108 * The global function wfOutputHandler() was removed, use the its replacement
12109 MediaWiki\OutputHandler::handle() instead. The global function was only
12110 sometimes defined. Its replacement is always available via the autoloader.
12111 * ChangeTags::listExtensionActivatedTags and ::listExtensionDefinedTags,
12112 deprecated in 1.28, have been removed. Use ::listSoftwareActivatedTags() and
12113 ::listSoftwareDefinedTags() instead.
12114 * Title::getTitleInvalidRegex(), deprecated in 1.25, has been removed. You can
12115 use MediaWikiTitleCodec::getTitleInvalidRegex() instead.
12116 * HTMLForm & VFormHTMLForm::isVForm(), deprecated in 1.25, have been removed.
12117 * The ProfileSection class, deprecated in 1.25 and unused, has been removed.
12118 * The ResourceLoaderGetLessVars hook, deprecated in 1.30, has been removed. Use
12119 ResourceLoaderModule::getLessVars() to expose local variables instead of
12121 * As part of work to modernise user-generated content clean-up, a config option
12122 and some methods related to HTML validity were removed without deprecation.
12123 The public methods MWTidy::checkErrors() and the path through which it was
12124 called, TidyDriverBase::validate(), are removed, as are the testing methods
12125 MediaWikiTestCase::assertValidHtmlSnippet() and ::assertValidHtmlDocument().
12126 The $wgValidateAllHtml configuration option is removed and will be ignored.
12127 * Execution of external programs using MediaWiki\Shell\Command now applies
12128 the RESTRICT_DEFAULT Firejail restriction by default.
12129 * The ResourceLoaderModule::getHashMtime() and ::getDefinitionMtime() methods,
12130 deprecated in 1.26, were removed.
12131 * The deprecated 'mediawiki.widgets.CategorySelector' module alias was removed.
12132 Use the 'mediawiki.widgets.CategoryMultiselectWidget' module directly.
12134 === Deprecations in 1.31 ===
12135 * The Revision class was deprecated in favor of RevisionStore, BlobStore, and
12136 RevisionRecord and its subclasses.
12137 * The global function wfBCP47 is deprecated in favour of LanguageCode::bcp47.
12138 * The global function wfCountDown is now deprecated in favor of
12139 Maintenance::countDown.
12140 * Several methods for returning lists of fields to select from the database
12141 have been deprecated in favor of similar methods that also return the tables
12142 to select from and the join conditions for those tables.
12143 * Block::selectFields() → Block::getQueryInfo()
12144 * RecentChange::selectFields() → RecentChange::getQueryInfo()
12145 * ArchivedFile::selectFields() → ArchivedFile::getQueryInfo()
12146 * LocalFile::selectFields() → LocalFile::getQueryInfo()
12147 * LocalFile::getCacheFields() with a prefix no longer works
12148 * LocalFile::getLazyCacheFields() with a prefix no longer works
12149 * OldLocalFile::selectFields() → OldLocalFile::getQueryInfo()
12150 * RecentChange::selectFields() → RecentChange::getQueryInfo()
12151 * Revision::userJoinCond() → Revision::getQueryInfo( [ 'user' ] )
12152 * Revision::selectUserFields() → Revision::getQueryInfo( [ 'user' ] )
12153 * Revision::pageJoinCond() → Revision::getQueryInfo( [ 'page' ] )
12154 * Revision::selectPageFields() → Revision::getQueryInfo( [ 'page' ] )
12155 * Revision::selectTextFields() → Revision::getQueryInfo( [ 'text' ] )
12156 * Revision::selectFields() → Revision::getQueryInfo()
12157 * Revision::selectArchiveFields() → Revision::getArchiveQueryInfo()
12158 * User::selectFields() → User::getQueryInfo()
12159 * WikiPage::selectFields() → WikiPage::getQueryInfo()
12160 * Revision::setUserIdAndName() was deprecated.
12161 * Access to TitleValue class properties was deprecated, the relevant getters
12162 should be used instead.
12163 * DifferenceEngine::getDiffBodyCacheKey() is deprecated. Subclasses should
12164 override DifferenceEngine::getDiffBodyCacheKeyParams() instead.
12165 * Use of Maintenance::error( $err, $die ) to exit script was deprecated. Use
12166 Maintenance::fatalError() instead.
12167 * Passing a ParserOptions object to OutputPage::parserOptions() is deprecated.
12168 * The RevisionInsertComplete hook is now deprecated; use instead the hook
12169 RevisionRecordInserted. RevisionInsertComplete is still called, but the second
12170 and third parameter will always be null. Hard deprecation is scheduled for
12172 * The following methods that get and set ParserOutput state are deprecated.
12173 Callers should use the new stateless $options parameter to
12174 ParserOutput::getText() instead.
12175 * ParserOptions::getEditSection()
12176 * ParserOptions::setEditSection()
12177 * ParserOutput::getEditSectionTokens()
12178 * ParserOutput::setEditSectionTokens()
12179 * ParserOutput::getTOCEnabled()
12180 * ParserOutput::setTOCEnabled()
12181 * OutputPage::enableSectionEditLinks()
12182 * OutputPage::sectionEditLinksEnabled()
12183 * The public ParserOutput state fields $mTOCEnabled and $mEditSectionTokens
12184 are also deprecated.
12185 * License::getLicenses has been deprecated; use License::getLines instead.
12186 * QuickTemplate::setRef() was deprecated in favour of QuickTemplate::set().
12187 Setting template variables by reference allowed violating the principle of
12188 data being immutable once added to the skin template. In practice, this method
12189 was not being used for that. Rather, setRef() existed as memory optimisation
12191 * QuickTemplate::setTranslator() and MediaWikiI18N::set() were deprecated in
12192 favour of Skin::msg() parameters.
12193 * MediaWikiI18N::translate() was deprecated in favour of Skin::msg() or
12195 * Passing false to ParserOptions::setWrapOutputClass() is deprecated. Use the
12196 'unwrap' transform to ParserOutput::getText() instead.
12197 * \ObjectFactory (no namespace) is deprecated, the namespaced class
12198 \Wikimedia\ObjectFactory from the wikimedia/object-factory library should be
12200 * CommentStore::newKey is deprecated. Instead, get an instance from
12202 * The following CommentStore methods have had their signatures changed to
12203 introduce a $key parameter, usage of the methods on instances retrieved from
12204 CommentStore::newKey will remain unchanged but deprecated:
12205 * CommentStore::getFields
12206 * CommentStore::getJoin
12207 * CommentStore::getComment
12208 * CommentStore::getCommentLegacy
12209 * CommentStore::insert
12210 * CommentStore::insertWithTemplate
12211 * The following methods in Title have been renamed, and the old ones are
12213 * Title::getSkinFromCssJsSubpage – use ::getSkinFromConfigSubpage
12214 * Title::isCssOrJsPage – use ::isSiteConfigPage
12215 * Title::isCssJsSubpage – use ::isUserConfigPage
12216 * Title::isCssSubpage – use ::isUserCssConfigPage
12217 * Title::isJsSubpage – use ::isUserJsConfigPage
12218 * The following methods related to caching of half-parsed HTML were deprecated:
12219 * Parser::serializeHalfParsedText()
12220 * Parser::unserializeHalfParsedText()
12221 * Parser::isValidHalfParsedText()
12222 * StripState::getSubState()
12223 * StripState::merge()
12224 * The DeferredStringifier class is deprecated, use Message::listParam() instead.
12225 * The type string for the parameter $lang of DateFormatter::getInstance is
12227 * Wikimedia\Rdbms\SavepointPostgres is deprecated.
12228 * The DO_MAINTENANCE constant is deprecated. RUN_MAINTENANCE_IF_MAIN should be
12230 * The function wfShellWikiCmd() has been deprecated, use
12231 MediaWiki\Shell::makeScriptCommand().
12232 * In the future, the hooks 'PreferencesFormPreSave' and 'PreferencesGetLegend'
12233 will be allowed to provide any HTMLForm object rather than PreferencesForm.
12235 === Other changes in 1.31 ===
12236 * Browser support for Internet Explorer 10 was lowered from Grade A to Grade C.
12237 * Browser support for Opera 12 and older was dropped entirely. Opera 15+
12238 continues at Grade A.
12239 * Multi-content-revision capability was introduced into the storage layer. See
12240 <https://mediawiki.org/wiki/Requests_for_comment/Multi-Content_Revisions>.
12241 * The "free" CSS class is now only applied to unbracketed URLs in wikitext.
12242 Links written using square brackets will get the class "text" not "free".
12243 * RFC 157418: Whitespace is trimmed from wikitext headings, wikitext list items,
12244 wikitext table captions, wikitext table headings, wikitext table cells. HTML
12245 headings, HTML list items, HTML table captions, HTML table headings, HTML
12246 table cells will not have this trimming behavior.
12248 == Compatibility ==
12249 MediaWiki 1.31 requires PHP 7.0.0 or later. Although HHVM 3.18.5 or later is
12250 supported, it is generally advised to use PHP 7.0.0 or later for long term
12253 MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
12254 but support for them is somewhat less mature. There is experimental support for
12255 Oracle and Microsoft SQL Server.
12257 The supported versions are:
12259 * MySQL 5.5.8 or later
12260 * PostgreSQL 9.2 or later
12261 * SQLite 3.3.7 or later
12262 * Oracle 9.0.1 or later
12263 * Microsoft SQL Server 2005 (9.00.1399)
12266 1.31 has several database changes since 1.30, and will not work without schema
12267 updates. Note that due to changes to some very large tables like the revision
12268 table, the schema update may take quite long (minutes on a medium sized site,
12269 many hours on a large site).
12271 Don't forget to always back up your database before upgrading!
12273 See the file UPGRADE for more detailed upgrade instructions, including
12274 important information when upgrading from versions prior to 1.11.
12276 For notes on 1.30.x and older releases, see HISTORY.
12278 == Online documentation ==
12279 Documentation for both end-users and site administrators is available on
12280 MediaWiki.org, and is covered under the GNU Free Documentation License (except
12281 for pages that explicitly state that their contents are in the public domain):
12283 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
12286 A mailing list is available for MediaWiki user support and discussion:
12288 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
12290 A low-traffic announcements-only list is also available:
12292 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
12294 It's highly recommended that you sign up for one of these lists if you're
12295 going to run a public MediaWiki, so you can be notified of security fixes.
12298 There's usually someone online in #mediawiki on irc.freenode.net.
12303 == MediaWiki 1.30.2 ==
12305 This is a security and maintenance release of the MediaWiki 1.30 branch.
12307 === Changes since MediaWiki 1.30.1 ===
12308 * (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query
12309 all titles when asked for none.
12310 * (T109121) Remove deprecated pear/mail_mime-decode from composer suggested
12312 * (T207540) Include IP address in "Login for $1 succeeded" log entry.
12313 * (T205765) Don't link to the obsolete "Extension Matrix" page in installer.
12314 * (T207603) SECURITY: User JS may no longer be loaded with mime type
12315 text/javascript if there is no account associated with the username.
12316 * (T113042) SECURITY: Do not allow loading pages raw with a text/javascript MIME
12317 type if non-admins can edit the page.
12318 * (T207541) Pass email address to mail().
12319 * Fix addition of ug_expiry column to user_groups table on MSSQL.
12320 * (T204531) rdbms: reduce LoadBalancer replication log spam.
12321 * (T213489) Avoid session double-start in Setup.php.
12322 * (T195525) Fix db error outage page.
12323 * (T208871) The hard-coded Google search form on the database error page was
12325 * (T216968) Return pageid as int in both list=iwbacklinks and
12326 list=langbacklinks.
12327 * (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when
12328 $wgBlockDisablesLogin is true.
12329 * (T25227) SECURITY: action=logout now requires to be posted and have a csrf
12331 * (T222385) resourceloader: Use AND instead of OR for upsert conds in
12332 saveFileDependencies().
12333 * (T224374) Fix message parameters so that the message that says SQLite is out
12334 of date makes sense.
12335 * SpecialPage::checkLoginSecurityLevel() will now preserve POST data when
12337 * FormSpecialPage::execute() will now call checkLoginSecurityLevel() if
12338 getLoginSecurityLevel() returns non-false.
12339 * (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
12340 * (T208881) SECURITY: blacklist CSS var().
12341 * (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
12342 * (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
12343 * (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
12344 * (T222036, T222038) SECURITY: Add permission check for user is permitted to
12346 * (T221739) SECURITY: resources: Patch jQuery 1.11.3 for CVE-2019-11358.
12348 == MediaWiki 1.30.1 ==
12350 This is a security and maintenance release of the MediaWiki 1.30 branch.
12352 === Changes since MediaWiki 1.30.0 ===
12353 * (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
12355 * (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's
12357 * (T87572) Make FormatMetadata::flattenArrayReal() work for an associative
12359 * Updated composer/spdx-licenses from 1.1.4 to 1.3.0 (development dependency).
12360 * (T189567) the CLI installer (maintenance/install.php) learned to detect and
12361 include extensions. Pass --with-extensions to enable that feature.
12362 * (T190503) Let built-in web server (maintenance/dev) handle .php requests.
12363 * (T167507) selenium: Run Chrome headlessly.
12364 * selenium: Pass -no-sandbox to Chrome under Docker.
12365 * (T179190) selenium: Move logic for running tests from package.json to
12367 * (T192584) Stop incorrectly passing USE INDEX to RecentChange::newFromConds().
12368 * Add default edit rate limit of 90 edits/minute for all users.
12369 * (T186565) Fix PHP Notice from `ob_end_flush()` in `FileRepo::streamFile()`.
12370 * oojs/oojs-ui updated to remove an unnecessary dependancy.
12371 * (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.
12372 * (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete
12374 * (T196672) The mtime of extension.json files is now able to be zero
12375 * (T180403) Validate $length in padleft/padright parser functions.
12376 * (T143790) Make $wgEmailConfirmToEdit only affect edit actions.
12377 * (T193995) Fix undefined patchPath() method call in parser tests.
12378 * Special:BotPasswords now requires reauthentication.
12379 * (T191608, T187638) Add 'logid' parameter to Special:Log.
12380 * (T193829) Indicate when a Bot Password needs reset.
12381 * (T151415) Log email changes.
12382 * (T200861) Fix total breakage of SQLite web upgrade.
12383 * (T202550) Unbreak SpecialListusersHeaderForm and SpecialListusersHeader
12385 * (T190539) Explicitly require Postgres 9.1.
12386 * (T118420) Unbreak Oracle installer.
12388 == MediaWiki 1.30.0 ==
12390 === Changes since MediaWiki 1.30.0-rc.0 ===
12391 * Upgraded Moment.js from v2.15.0 to v2.19.3.
12392 * Add ip_changes to postgres/tables.sql.
12393 * Skip null shell parameters.
12394 * Add wfWaitForSlaves() to maintenance/migrateComments.php.
12395 * (T182245) Fix join conditions in ImageListPager.
12396 * (T178626) Revert #contentSub and #jump-to-nav margin changes.
12398 === MySQL version requirement in 1.30 ===
12399 As of 1.30, MediaWiki now requires MySQL 5.5.8 or higher (see Compatibility
12402 === Configuration changes in 1.30 ===
12403 * The "C.UTF-8" locale should be used for $wgShellLocale, if available, to avoid
12404 unexpected behavior when code uses locale-sensitive string comparisons. For
12405 example, the Scribunto extension considers "bar" < "Foo" in most locales
12406 since it ignores case.
12407 * $wgShellLocale now affects LC_ALL rather than only LC_CTYPE. See
12408 documentation of $wgShellLocale for details.
12409 * $wgShellLocale is now applied for all requests. wfInitShellLocale() is
12410 deprecated and a no-op, as it is no longer needed.
12411 * $wgJobClasses may now specify callback functions as an alternative to plain
12412 class names. This is intended for extensions that want control over the
12413 instantiation of their jobs, to allow for proper dependency injection.
12414 * $wgResourceModules may now specify callback functions as an alternative
12415 to plain class names, using the 'factory' key in the module description
12416 array. This allows dependency injection to be used for ResourceLoader modules.
12417 * $wgExceptionHooks has been removed.
12418 * (T163562) $wgRangeContributionsCIDRLimit was introduced to control the size
12419 of IP ranges that can be queried at Special:Contributions.
12420 * (T45547) $wgUsePigLatinVariant added (off by default).
12421 * (T152540) MediaWiki now supports a section ID escaping style that allows to
12422 display non-Latin characters verbatim on many modern browsers. This is
12423 controlled by the new configuration setting, $wgFragmentMode.
12424 * $wgExperimentalHtmlIds is now deprecated and will be removed in a future
12425 version, use $wgFragmentMode to migrate off it to a modern alternative.
12426 * $wgExternalInterwikiFragmentMode was introduced to control how fragments in
12427 sinterwikis going outside of current wiki farm are encoded.
12428 * (T120333) Soft-deprecated the use of PHP extension 'mysql' in favor of
12429 'mysqli'. This PHP extension was deprecated in PHP 5.5 and removed in PHP 7.0.
12430 MediaWiki auto-selects the 'mysqli' driver since MediaWiki 1.22, except if
12431 explicitly requested through the configuration parameter $wgDBservers.
12432 * $wgOOUIEditPage was removed, as it is now the default. This was documented as
12433 a temporary variable during the migration period.
12435 === New features in 1.30 ===
12436 * (T37247) Output from Parser::parse() will now be wrapped in a div with
12437 class="mw-parser-output" by default. This may be changed or disabled using
12438 ParserOptions::setWrapOutputClass().
12439 * (T163562) Added ability to search for contributions within an IP ranges
12440 at Special:Contributions.
12441 * Added 'ChangeTagsAllowedAdd' hook, enabling extensions to allow software-
12442 specific tags to be added by users.
12443 * Added a 'ParserOptionsRegister' hook to allow extensions to register
12444 additional parser options.
12445 * (T45547) Included Pig Latin, a language game in English, as a
12446 LanguageConverter variant. This allows English-speaking developers
12447 to develop and test LanguageConverter more easily. Pig Latin can be
12448 enabled by setting $wgUsePigLatinVariant to true.
12449 * Added RecentChangesPurgeRows hook to allow extensions to purge data that
12450 depends on the recentchanges table.
12451 * Added JS config values wgDiffOldId/wgDiffNewId to the output of diff pages.
12452 * (T2424) Added direct unwatch links to entries in Special:Watchlist (if the
12453 'watchlistunwatchlinks' preference option is enabled). With JavaScript
12454 enabled, these links toggle so the user can also re-watch pages that have
12455 just been unwatched.
12456 * Added $wgParserTestMediaHandlers, where mock media handlers can be passed to
12457 MediaHandlerFactory for parser tests.
12458 * Edit summaries, block reasons, and other "comments" are now stored in a
12459 separate database table. Use the CommentFormatter class to access them.
12460 ** This is currently gated by $wgCommentTableSchemaMigrationStage. Most wikis
12461 can set this to MIGRATION_NEW and run maintenance/migrateComments.php as
12462 soon as any necessary extensions are updated.
12463 * (T138166) Added ability for users to prohibit other users from sending them
12464 emails with Special:Emailuser. Can be enabled by setting
12465 $wgEnableUserEmailBlacklist to true.
12466 * (T67297) $wgBrowserBlacklist is deprecated, and changing it will have no
12467 effect. Instead, users using browsers that do not support Unicode will be
12468 unable to edit and should upgrade to a modern browser instead.
12470 === External library changes in 1.30 ===
12472 ==== Upgraded external libraries ====
12473 * Updated justinrainbow/json-schema from v3.0 to v5.2.
12474 * Updated mediawiki/mediawiki-codesniffer from v0.7.2 to v0.12.0.
12475 * Updated wikimedia/composer-merge-plugin from v1.4.0 to v1.4.1.
12476 * Updated wikimedia/relpath from v1.0.3 to v2.0.0.
12477 * Updated OOjs from v2.0.0 to v2.1.0.
12478 * Updated OOUI from v0.21.1 to v0.23.0.
12479 * Updated QUnit from v1.23.1 to v2.4.0.
12480 * Updated phpunit/phpunit from v4.8.35 to v4.8.36.
12481 * Upgraded Moment.js from v2.15.0 to v2.19.3.
12483 ==== New external libraries ====
12484 * The class \TestingAccessWrapper has been moved to the external library
12485 wikimedia/testing-access-wrapper and renamed \Wikimedia\TestingAccessWrapper.
12486 * Purtle, a fast, lightweight RDF generator.
12488 === Bug fixes in 1.30 ===
12489 * (T151633) Ordered list items use now Devanagari digits in Nepalese
12492 === Action API changes in 1.30 ===
12493 * (T37247) action=parse output will be wrapped in a div with
12494 class="mw-parser-output" by default. This may be changed or disabled using
12495 the new 'wrapoutputclass' parameter.
12496 * When errorformat is not 'bc', abort reasons from action=login will be
12497 formatted as specified by the error formatter parameters.
12498 * action=compare can now handle arbitrary text, deleted revisions, and
12499 returning users and edit comments.
12500 * (T164106) The 'rvdifftotext', 'rvdifftotextpst', 'rvdiffto',
12501 'rvexpandtemplates', 'rvgeneratexml', 'rvparse', and 'rvprop=parsetree'
12502 parameters to prop=revisions are deprecated, as are the similarly named
12503 parameters to prop=deletedrevisions, list=allrevisions, and
12504 list=alldeletedrevisions. Use action=compare, action=parse, or
12505 action=expandtemplates instead.
12507 === Action API internal changes in 1.30 ===
12508 * ApiBase::getDescriptionMessage() and the "apihelp-*-description" messages are
12509 deprecated. The existing message should be split between "apihelp-*-summary"
12510 and "apihelp-*-extended-description".
12511 * (T123931) Individual values of multi-valued parameters can now be marked as
12514 === Languages updated in 1.30 ===
12515 MediaWiki supports over 350 languages. Many localisations are updated
12516 regularly. Below only new and removed languages are listed, as well as
12517 changes to languages because of Phabricator reports.
12519 * Added: kbp (Kabɩyɛ / Kabiyè)
12520 * Added: skr (Saraiki, سرائیکی)
12521 * Added: tay (Tayal / Atayal)
12522 * Removed: tokipona (Toki Pona)
12524 ==== Pig Latin added ====
12525 * (T45547) Added Pig Latin, a made-up English variant (en-x-piglatin),
12526 for easier variant development and testing. Disabled by default. It can be
12527 enabled by setting $wgUsePigLatinVariant to true.
12529 === Other changes in 1.30 ===
12530 * The use of an associative array for $wgProxyList, where the IP address is in
12531 the key instead of the value, is deprecated (e.g. [ '127.0.0.1' => 'value' ]).
12532 Please convert these arrays to indexed/sequential ones (e.g. [ '127.0.0.1' ]).
12533 * mw.user.bucket (deprecated in 1.23) was removed.
12534 * LoadBalancer::getServerInfo() and LoadBalancer::setServerInfo() are
12535 deprecated. There are no known callers.
12536 * File::getStreamHeaders() was deprecated.
12537 * MediaHandler::getStreamHeaders() was deprecated.
12538 * Title::canTalk() was deprecated. The new Title::canHaveTalkPage() should be
12540 * MWNamespace::canTalk() was deprecated. The new MWNamespace::hasTalkNamespace()
12541 should be used instead.
12542 * The ExtractThumbParameters hook (deprecated in 1.21) was removed.
12543 * The OutputPage::addParserOutputNoText and ::getHeadLinks methods (both
12544 deprecated in 1.24) were removed.
12545 * wfMemcKey() and wfGlobalCacheKey() were deprecated. BagOStuff::makeKey() and
12546 BagOStuff::makeGlobalKey() should be used instead.
12547 * (T146304) Preprocessor handling of LanguageConverter markup has been improved.
12548 As a result of the new uniform handling, '-{' may need to be escaped
12549 (for example, as '-<nowiki/>{') where it occurs inside template arguments
12551 * (T163966) Page moves are now counted as edits for the purposes of
12552 autopromotion, i.e., they increment the user_editcount field in the database.
12553 * Two new hooks, LogEventsListLineEnding and NewPagesLineEnding, were added for
12554 manipulating Special:Log and Special:NewPages lines.
12555 * The OldChangesListRecentChangesLine, EnhancedChangesListModifyLineData,
12556 PageHistoryLineEnding, ContributionsLineEnding and
12557 DeletedContributionsLineEnding hooks have an additional parameter, for
12558 manipulating HTML data attributes of RC/history lines.
12559 EnhancedChangesListModifyBlockLineData can do that via the
12560 $data['attribs'] subarray.
12561 * (T130632) The OutputPage::enableTOC() method was removed.
12562 * WikiPage::getParserOutput() will now throw an exception if passed
12563 ParserOptions that would pollute the parser cache. Callers should use
12564 WikiPage::makeParserOptions() to create the ParserOptions object and only
12565 change options that affect the parser cache key.
12566 * Article::viewRedirect() is deprecated.
12567 * IP::isValidBlock() was deprecated. Use the equivalent IP::isValidRange().
12568 * DeprecatedGlobal no longer supports passing in a direct value, it requires a
12569 callable factory function or a class name.
12570 * The $parserMemc global, wfGetParserCacheStorage(), and
12571 ParserCache::singleton() are all deprecated. The main ParserCache instance
12572 should be obtained from MediaWikiServices instead. Access to the underlying
12573 BagOStuff is possible through the new ParserCache::getCacheStorage() method.
12574 * .mw-ui-constructive CSS class (deprecated in 1.27) was removed.
12575 * Sanitizer::escapeId() was deprecated, use escapeIdForAttribute(),
12576 escapeIdForLink() or escapeIdForExternalInterwiki() instead.
12577 * Title::escapeFragmentForURL() was deprecated, use one of the aforementioned
12578 Sanitizer functions or, if possible, Title::getFragmentForURL().
12579 * Second parameter to Sanitizer::escapeIdReferenceList() ($options) now does
12580 nothing and is deprecated.
12581 * mw.util.escapeId() was deprecated, use escapeIdForAttribute() or
12583 * MagicWord::replaceMultiple() (deprecated in 1.25) was removed.
12584 * WikiImporter now requires the second parameter to be an instance of the
12585 Config, class. Prior to that, the Config parameter was optional (a behavior
12586 deprecated in 1.25).
12587 * Removed 'jquery.mwExtension' module. (deprecated since 1.26)
12588 * mediawiki.ui: Deprecate greys, which are not part of WikimediaUI color palette
12590 * CdbReader, CdbWriter, CdbException classes (deprecated in 1.25) were removed.
12591 The namespaced classes in the Cdb namespace should be used instead.
12592 * IPSet class (deprecated in 1.26) was removed. The namespaced IPSet\IPSet
12593 should be used instead.
12594 * RunningStat class (deprecated in 1.27) was removed. The namespaced
12595 RunningStat\RunningStat should be used instead.
12596 * MWMemcached and MemCachedClientforWiki classes (deprecated in 1.27) were
12598 The MemcachedClient class should be used instead.
12599 * EditPage underwent some refactoring and deprecations:
12600 * EditPage::isOouiEnabled() is deprecated and will always return true.
12601 * EditPage::getSummaryInput() and ::getSummaryInputOOUI() are deprecated.
12602 Please use ::getSummaryInputWidget() instead.
12603 * EditPage::getCheckboxes() and ::getCheckboxesOOUI() are deprecated. Please
12604 use ::getCheckboxesWidget() instead.
12605 * Creating an EditPage instance without calling EditPage::setContextTitle()
12606 should be avoided and will be deprecated in a future release.
12607 * EditPage::safeUnicodeInput() and ::safeUnicodeOutput() are deprecated and
12609 * EditPage::$isCssJsSubpage, ::$isCssSubpage, and ::$isJsSubpage are
12610 deprecated. The corresponding methods from Title should be used instead.
12611 * EditPage::$isWrongCaseCssJsPage is deprecated. There is no replacement.
12612 * EditPage::$mArticle and ::$mTitle are deprecated for public usage. The
12613 getters ::getArticle() and ::getTitle() should be used instead.
12614 * Trying to control or fake EditPage context by overriding $wgUser,
12615 $wgRequest, $wgOut, and $wgLang is no longer supported and won't work. The
12616 IContextSource returned from EditPage::getContext() must be modified
12618 * Parser::getRandomString() (deprecated in 1.26) was removed.
12619 * Parser::uniqPrefix() (deprecated in 1.26) was removed.
12620 * Parser::extractTagsAndParams() now only accepts three arguments. The fourth,
12621 $uniq_prefix was deprecated in 1.26 and has now been removed.
12622 * (T172514) The following tables have had their UNIQUE indexes turned into
12623 proper PRIMARY KEYs for increased maintainability: categorylinks, imagelinks,
12624 iwlinks, langlinks, log_search, module_deps, objectcache, pagelinks,
12625 query_cache, site_stats, templatelinks, text, transcache, user_former_groups,
12627 * IDatabase::nextSequenceValue() is no longer needed by any database backends
12628 (formerly it was needed by PostgreSQL and Oracle), and is now deprecated.
12629 * (T146591) The lc_lang_key index on the l10n_cache table has been changed into
12631 * (T157227) bot_password.bp_user, change_tag.ct_log_id, change_tag.ct_rev_id,
12632 page_restrictions.pr_user, tag_summary.ts_log_id, tag_summary.ts_rev_id and
12633 user_properties.up_user have all been made unsigned on MySQL.
12634 * DB_SLAVE is deprecated. DB_REPLICA should be used instead.
12635 * wfUsePHP() is deprecated.
12636 * wfFixSessionID() was removed.
12637 * wfShellExec() and related functions are deprecated, use Shell::command(). This
12638 also slightly changes the behavior of how execution time limits are calculated
12639 when only some of defaults are overridden per-call. When in doubt, always
12640 override both wall clock and CPU time.
12641 * (T138166) SpecialEmailUser::getTarget() now requires a second argument, the
12642 sending user object. Using the method without the second argument is
12644 * (T67297) Browsers that don't support Unicode will have their edits rejected.
12645 * (T178450) The module 'jquery.badge' is deprecated and will be removed in a
12646 future release. For notifying the user of an event, the Notifications ("Echo")
12647 system should be used instead.
12648 * (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and
12649 browser sends non-standard url escaping.
12650 * (T165846) SECURITY: BotPassword login attempts weren't throttled.
12654 == MediaWiki 1.29.3 ==
12656 This is a security and maintenance release of the MediaWiki 1.29 branch.
12658 === Changes since 1.29.2 ===
12659 * (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
12661 * (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's
12663 * (T180551) Fix LanguageSrTest for language converter
12664 * (T180552) Fix language converter parser test with self-close tags
12665 * (T180537) Remove $wgAuth usage from wrapOldPasswords.php
12666 * (T180485) InputBox: Have inputbox langconvert certain attributes
12667 * (T161732, T181547) Upgraded Moment.js from v2.15.0 to v2.19.3.
12668 * (T172927) Drop vendor from MW release branch
12669 * (T87572) Make FormatMetadata::flattenArrayReal() work for an associative array
12670 * Updated composer/spdx-licenses from 1.1.4 to 1.3.0 (development dependency).
12671 * (T189567) the CLI installer (maintenance/install.php) learned to detect and
12672 include extensions. Pass --with-extensions to enable that feature.
12673 * (T182381) Mask deprecated call in WatchedItemUnitTest
12674 * (T190503) Let built-in web server (maintenance/dev) handle .php requests.
12675 * The karma qunit tests would fail on some configuration due to headers already
12676 sent. Check headers_sent() before sending cpPosTime headers
12677 * (T167507) selenium: Run Chrome headlessly.
12678 * selenium: Pass -no-sandbox to Chrome under Docker
12679 * (T191247) Use MediaWiki\SuppressWarnings around trigger_error('') instead @
12680 * (T75174, T161041) Unit test ChangesListSpecialPageTest::testFilterUserExpLevel
12681 fails under SQLite.
12682 * (T192584) Stop incorrectly passing USE INDEX to RecentChange::newFromConds().
12683 * (T179190) selenium: Move test running logic from package.json to selenium.sh.
12684 * (T117839, T193200) PDFHandler: Fix for pdfinfo changes in poppler-utils 0.48.
12685 * Add default edit rate limit of 90 edits/minute for all users.
12686 * (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.
12687 * (T196672) The mtime of extension.json files is now able to be zero
12688 * (T180403) Validate $length in padleft/padright parser functions.
12689 * (T143790) Make $wgEmailConfirmToEdit only affect edit actions.
12690 * (T194237) Special:BotPasswords now requires reauthentication.
12691 * (T191608, T187638) Add 'logid' parameter to Special:Log.
12692 * (T176097) resourceloader: Disable a flaky MessageBlobStoreTest case
12693 * (T193829) Indicate when a Bot Password needs reset.
12694 * (T151415) Log email changes.
12695 * (T118420) Unbreak Oracle installer.
12697 == MediaWiki 1.29.2 ==
12699 This is a security and maintenance release of the MediaWiki 1.29 branch.
12701 === Changes since 1.29.1 ===
12702 * (T166757) Avoid scoped lock errors in Category::refreshCounts() due to
12704 * (T175439) Unbreak Postgres Updater when setting defaults for a column.
12705 * (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
12706 * Fixed login button label to accept RawMessage.
12707 * Fixed case of SpecialRecentChanges class usage.
12708 * (T174255) Declare uploadCount property in importDump.php.
12709 * (T163646) Pass a string not an int to mysql_real_escape_string().
12710 * (T180143) Bump justinrainbow/json-schema development dependency to ~5.2.
12711 * Updated dev dependancy phpunit/phpunit from v4.8.35 to v4.8.36.
12712 * (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and
12713 browser sends non-standard url escaping.
12714 * (T165846) SECURITY: BotPassword login attempts weren't throttled.
12715 * (T128209) SECURITY: Reflected File Download from api.php.
12716 * (T134100) SECURITY: Do not reveal if user exists during login failure.
12717 * (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
12718 * (T125163) SECURITY: Make anchor for headlines escape > and <.
12719 * (T180237) SECURITY: Protect vendor folder with .htaccess.
12720 * (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in
12722 * (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit.
12723 * (T119158) SECURITY: Handle -{}- syntax in attributes safely.
12724 * (T180488) (T125177) "api.log contains passwords in plaintext" wasn't correctly
12725 fixed in all branches in the previous security release.
12727 == MediaWiki 1.29.1 ==
12729 This is a maintenance release of the MediaWiki 1.29 branch.
12731 The SpamBlacklist and PdfHandler extensions were missing from the generated
12734 === Changes since 1.29.1 ===
12735 * (T164999) Define mw.Upload.Dialog.static.name in mediawiki.Upload.Dialog.js.
12736 * (T172061) Fix fatal when passing a category to refreshLinks.php.
12738 == MediaWiki 1.29.0 ==
12740 === Configuration changes in 1.29 ===
12741 * Default cookie expiration time has been reduced to 30 days. Login cookie
12742 expiration time is kept at 180 days.
12743 * A new configuration variable has been added: $wgCookieSetOnAutoblock. This
12744 determines whether to set a cookie when a user is autoblocked. Doing so means
12745 that a blocked user, even after logging out and moving to a new IP address,
12746 will still be blocked.
12747 * The resetpassword right and associated password reset capture feature has
12749 * The $error parameter to the EmailUser hook should be set to a Status object
12750 or boolean false. This should be compatible with at least MediaWiki 1.23 if
12751 not earlier. Returning a raw HTML string is now deprecated.
12752 * The $message parameter to the ApiCheckCanExecute hook should be set to an
12753 ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a
12754 code for ApiBase::parseMsg() will no longer work.
12755 * ApiBase::$messageMap is no longer public. Code attempting to access it will
12756 result in a PHP fatal error.
12757 * $wgUserEmailUseReplyTo is now true by default to work around restrictive DMARC
12759 * Subpages are now enabled by default in the Template namespace. Set
12760 $wgNamespacesWithSubpages[NS_TEMPLATE] to false to keep the old behavior.
12761 * $wgRunJobsAsync is now false by default (T142751). This change only affects
12762 wikis with $wgJobRunRate > 0.
12763 * (T158474) "Unknown user" has been added to $wgReservedUsernames.
12764 * (T156983) $wgRateLimitsExcludedIPs now accepts CIDR ranges as well as single
12766 * $wgDummyLanguageCodes is deprecated. Additional language code mappings may be
12767 added to $wgExtraLanguageCodes instead.
12768 * (T161453) LocalisationCache will no longer use the temporary directory in it's
12769 fallback chain when trying to work out where to write the cache.
12770 * The user right 'editusercssjs' (deprecated in 1.16) was removed. Use
12771 'editusercss' and 'edituserjs' in $wgGroupPermissions and elsewhere instead.
12773 === New features in 1.29 ===
12774 * (T5233) A cookie can now be set when a user is autoblocked, to track that user
12775 if they move to a new IP address. This is disabled by default.
12776 * Added ILocalizedException interface to standardize the use of localized
12777 exceptions, largely so the API can handle them more sensibly.
12778 * Blocks created automatically by MediaWiki, such as for configured proxies or
12779 dnsbls, are now indicated as such and use a new i18n message when displayed.
12780 * Added new $wgHTTPImportTimeout setting. Sets timeout for
12781 downloading the XML dump during a transwiki import in seconds.
12782 * Parser limit report is now available in machine-readable format to JavaScript
12783 via mw.config.get('wgPageParseReport').
12784 * Added $wgSoftBlockRanges, to allow for automatically blocking anonymous edits
12785 from certain IP ranges (e.g. private IPs).
12786 * (T59603) Added new magic word {{PAGELANGUAGE}} which returns the language code
12787 of the page being parsed.
12788 * HTML5 form validation attributes will no longer be suppressed. Originally
12789 browsers had poor support for them, but modern browsers handle them fine.
12790 This might affect some forms that used them and only worked because the
12791 attributes were not actually being set.
12792 * Expiry times can now be specified when users are added to user groups.
12793 * Completely new user interface for the RecentChanges page, which
12794 structures filters into user-friendly groups. This has corresponding
12795 changes to how filters are registered by core and extensions.
12796 * The edit form now uses pretty OOjs UI buttons, checkboxes and summary input.
12797 Because this change can cause problems for extensions and on-wiki
12798 scripts depending on the exact HTML, the old version is still available
12799 and can be used by setting $wgOOUIEditPage = false; in LocalSettings.php.
12800 This will be removed later and OOjs UI will become the only option.
12801 To make testing easier, users can also force either mode by adding
12802 &ooui=true or &ooui=false to the action=edit URL.
12804 === External library changes in 1.29 ===
12806 ==== Upgraded external libraries ====
12807 * Updated QUnit from v1.22.0 to v1.23.1.
12808 * Updated cssjanus from v1.1.2 to v1.2.0.
12809 * Updated psr/log from v1.0.0 to v1.0.2.
12810 * Update Moment.js from v2.8.4 to v2.15.0.
12811 * Updated oyejorge/less.php from v1.7.0.10 to v1.7.0.14.
12812 * Updated monolog from v1.18.2 to 1.22.1.
12813 * Updated wikimedia/composer-merge-plugin from v1.3.1 to v1.4.0.
12814 * Updated OOjs from v1.1.10 to v2.0.0.
12815 * Updated jQuery from v1.11.3 to v3.2.1 (including jQuery Migrate v3.0.0).
12817 ==== New external libraries ====
12818 * Added wikimedia/timestamp v1.0.0.
12819 * Added wikimedia/remex-html v1.0.1.
12821 ==== Removed and replaced external libraries ====
12823 === Bug fixes in 1.29 ===
12824 * (T62604) Core parser functions returning a number now format the number
12825 according to the page content language, not wiki content language.
12826 * (T27187) Search suggestions based on jquery.suggestions will now correctly
12827 only highlight prefix matches in the results.
12828 * (T157035) "new mw.Uri()" was ignoring options when using default URI.
12829 * Special:Allpages can no longer be filtered by redirect in miser mode.
12830 * (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is
12832 * (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow
12833 redirect to interwiki links.
12834 * (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
12835 $wgAdvancedSearchHighlighting is true.
12836 * (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
12837 their values out of the logs.
12838 * (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a
12840 * (T156184) SECURITY: Escape content model/format url parameter in message.
12841 * (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
12843 * (T161453) SECURITY: LocalisationCache will no longer use the temporary
12844 directory in it's fallback chain when trying to work out where to write the
12846 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
12847 inclusion syntax's link parameter.
12848 * (T108138) SECURITY: Sysops can undelete pages, although the page is protected
12851 === Action API changes in 1.29 ===
12852 * Submitting sensitive authentication request parameters to action=login,
12853 action=clientlogin, action=createaccount, action=linkaccount, and
12854 action=changeauthenticationdata in the query string is now an error. They
12855 should be submitted in the POST body instead.
12856 * The capture option for action=resetpassword has been removed
12857 * action=clearhasmsg now requires a POST.
12858 * (T47843) API errors and warnings may be requested in non-English languages
12859 using the new 'errorformat', 'errorlang', and 'errorsuselocal' parameters.
12860 * API error codes may have changed. Most notably, errors from modules using
12861 parameter prefixes (e.g. all query submodules) will no longer be prefixed.
12862 * ApiPageSet-using modules will report the 'invalidreason' using the specified
12864 * action=emailuser may return a "Warnings" status, and now returns 'warnings'
12865 and 'errors' subelements (as applicable) instead of 'message'.
12866 * action=imagerotate returns an 'errors' subelement rather than 'errormessage'.
12867 * action=move now reports errors when moving the talk page as an array under
12868 key 'talkmove-errors', rather than using 'talkmove-error-code' and
12869 'talkmove-error-info'. The format for subpage move errors has also changed.
12870 * action=revisiondelete no longer includes a "rendered" property on warnings
12871 and errors for each item. Use errorformat=wikitext if you're wanting parsed
12873 * action=rollback no longer returns a "messageHtml" property. Use
12874 errorformat=html if you're wanting HTML formatting of error messages.
12875 * action=upload now reports optional stash failures as an array under key
12876 'stasherrors' rather than a 'stashfailed' text string.
12877 * action=watch reports 'errors' and 'warnings' instead of a single 'error', and
12878 no longer returns a 'message' on success.
12879 * Added action=validatepassword to validate passwords for the account creation
12880 and password change forms.
12881 * action=purge now requires a POST.
12882 * There is a new `languagevariants` siprop for action=query&meta=siteinfo,
12883 which returns a list of languages with active LanguageConverter instances.
12884 * action=query&query=allpages will no longer filter redirects using a database
12885 query in miser mode. This may result in less results being returned than were
12888 === Action API internal changes in 1.29 ===
12889 * New methods were added to ApiBase to handle errors and warnings using i18n
12890 keys. Methods for using hard-coded English messages were deprecated:
12891 * ApiBase::dieUsage() was deprecated
12892 * ApiBase::dieUsageMsg() was deprecated
12893 * ApiBase::dieUsageMsgOrDebug() was deprecated
12894 * ApiBase::getErrorFromStatus() was deprecated
12895 * ApiBase::parseMsg() was deprecated
12896 * ApiBase::setWarning() was deprecated
12897 * ApiBase::$messageMap is no longer public. Code attempting to access it will
12898 result in a PHP fatal error.
12899 * The $message parameter to the ApiCheckCanExecute hook should be set to an
12900 ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a
12901 code for ApiBase::parseMsg() will no longer work.
12902 * UsageException is deprecated in favor of ApiUsageException. For the time
12903 being ApiUsageException is a subclass of UsageException to allow things that
12904 catch only UsageException to still function properly.
12905 * If, for some strange reason, code was using an ApiErrorFormatter instead of
12906 ApiErrorFormatter_BackCompat, note that the result format has changed and
12907 various methods now take a module path rather than a module name.
12908 * ApiMessageTrait::getApiCode() now strips 'apierror-' and 'apiwarn-' prefixes
12909 from the message key, and maps some message keys for backwards compatibility.
12910 * API parameters may now be marked as "sensitive" to keep their values out of
12913 === Languages updated in 1.29 ===
12915 MediaWiki supports over 350 languages. Many localisations are updated
12916 regularly. Below only new and removed languages are listed, as well as
12917 changes to languages because of Phabricator reports.
12919 * Based as always on linguistic studies on intelligibility and language
12920 knowledge by geography, language fallbacks have been expanded. When a
12921 translation is missing in the user's preferred interface language, the
12922 corresponding translation for the fallback language will be used instead.
12923 English will only be used as last resort when there are no translations.
12924 Some configurations (such as date formats and gender namespaces) have also
12925 been updated when using the fallback language's configuration was inadequate.
12926 The new or reinstated language fallbacks are (after cs ↔ sk in 1.28):
12927 ca ↔ oc; hsb ↔ dsb; io → eo; mdf → ru; pnt → el; roa-tara → it; rup → ro;
12928 sh → bs, sr-el, hr.
12929 * (T137376) New language support: Atikamekw (atj).
12930 * (T163600) New language support: Dinka (din).
12931 * (T155957) Talk Namespaces for Javanese language (jv) have been updated.
12933 ==== No fallback for Ukrainian ====
12934 * (T39314) The fallback from Ukrainian to Russian was removed. The Ukrainian
12935 language will now use the default fallback language: English. When a
12936 translation to Ukrainian is not available, an English string will be shown.
12938 === Other changes in 1.29 ===
12939 * Database::getSearchEngine() (deprecated in 1.28) was removed. Use
12940 SearchEngineFactory::getSearchEngineClass() instead.
12941 * $wgSessionsInMemcached (deprecated in 1.20) was removed. No replacement is
12942 required as all sessions are stored in Object Cache now.
12943 * MWHttpRequest::execute() should be considered to return a StatusValue; the
12944 Status return type is deprecated.
12945 * User::edits() (deprecated in 1.21) was removed.
12946 * Xml::escapeJsString() (deprecated in 1.21) was removed.
12947 * Article::getText() and Article::prepareTextForEdit() (deprecated in 1.21)
12949 * Article::getAutosummary() and WikiPage::getAutosummary() (deprecated in 1.21)
12951 * Hook ArticleViewCustom (deprecated in 1.21) was removed. Use
12952 ArticleContentViewCustom instead.
12953 * Hooks EditPageGetDiffText and ShowRawCssJs (deprecated in 1.21) were removed.
12954 * Class RevisiondeleteAction (deprecated in 1.25) was removed.
12955 * WikiPage::prepareTextForEdit() (deprecated in 1.21) was removed.
12956 * WikiPage::getText() (deprecated in 1.21) was removed.
12957 * Article::fetchContent() (deprecated in 1.21) was removed.
12958 * User::getPassword() (deprecated in 1.27) was removed.
12959 * User::getTemporaryPassword() (deprecated in 1.27) was removed.
12960 * User::isPasswordReminderThrottled() (deprecated in 1.27) was removed.
12961 * Class FSRepo (deprecated in 1.19) was removed.
12962 * WebRequest::checkSessionCookie() (deprecated in 1.27) was removed. Use
12963 \MediaWiki\Session\SessionManager::singleton()->getPersistedSessionId()
12965 * Class ImageGallery (deprecated in 1.22) was removed.
12966 Use ImageGalleryBase::factory instead.
12967 * Title::moveNoAuth() (deprecated in 1.25) was removed. Use MovePage class
12969 * Hook UnknownAction (deprecated in 1.19) was actually deprecated (it will now
12970 emit warnings). Create a subclass of Action and add it to $wgActions instead.
12971 * WikiRevision::getText() (deprecated since 1.21) is no longer marked
12973 * Linker::getInterwikiLinkAttributes() (deprecated since 1.25) was removed.
12974 * Linker::getInternalLinkAttributes() (deprecated since 1.25) was removed.
12975 * Linker::getInternalLinkAttributesObj() (deprecated since 1.25) was removed.
12976 * Linker::getLinkAttributesInternal() (deprecated since 1.25) was removed.
12977 * RedisConnectionPool::handleException (deprecated since 1.23) was removed.
12978 * The static properties mw.Api.errors and mw.Api.warnings, containing incomplete
12979 and outdated lists of errors/warnings returned by the API, are now deprecated.
12980 * wiki.phtml entry point was removed. Refer to index.php instead. If you want
12981 "wiki.phtml" URLs to continue to work, set up redirects. In Apache, this can
12982 be done by enabling mod_rewrite and adding the following rules to your
12987 RewriteRule ^/w/wiki\.phtml$ /w/index.php [R=301,L]
12988 * Hook ArticleAfterFetchContent (deprecated in 1.21) was removed.
12989 Use ArticleAfterFetchContentObject instead.
12990 * Hook ArticleInsertComplete (deprecated in 1.21) was removed.
12991 Use PageContentInsertComplete instead.
12992 * Hook ArticleSave (deprecated in 1.21) was removed.
12993 Use PageContentSave instead.
12994 * Hook ArticleSaveComplete (deprecated in 1.21) was removed.
12995 Use PageContentSaveComplete instead.
12996 * Hook EditFilterMerged (deprecated in 1.21) was removed.
12997 Use EditFilterMergedContent instead.
12998 * Hook EditPageGetPreviewText (deprecated in 1.21) was removed.
12999 Use EditPageGetPreviewContent instead.
13000 * Hook TitleIsCssOrJsPage (deprecated in 1.21) was removed.
13001 Use ContentHandlerDefaultModelFor instead.
13002 * Hook TitleIsWikitextPage (deprecated in 1.21) was removed.
13003 Use ContentHandlerDefaultModelFor instead.
13004 * Article::getContent() (deprecated in 1.21) was removed.
13005 * Revision::getText() (deprecated in 1.21) was removed.
13006 * Article::doEdit() and WikiPage::doEdit() (deprecated in 1.21) were removed.
13007 * Parser::replaceUnusualEscapes() (deprecated in 1.24) was removed.
13008 * Article::doEditContent() was marked as deprecated, to be removed in 1.30
13010 * ContentHandler::runLegacyHooks() was removed.
13011 * refreshLinks.php now can be limited to a particular category with
13012 --category=... or a tracking category with --tracking-category=...
13013 * User-like objects that are passed to SpecialUserRights and its subclasses are
13014 now required to have a getGroupMemberships() method. See UserRightsProxy for
13016 * User::$mGroups (instance variable) was marked private. Use User::getGroups()
13018 * User::getGroupName(), User::getGroupMember(), User:getGroupPage(),
13019 User::makeGroupLinkHTML(), and User::makeGroupLinkWiki() were deprecated.
13020 Use equivalent methods on the UserGroupMembership class.
13021 * Maintenance scripts and tests that call User::addGroup() must now ensure that
13022 User objects have been added to the database prior to calling addGroup().
13023 * Protected function UsersPager::getGroups() was removed, and protected function
13024 UsersPager::buildGroupLink() was changed from a static to an instance method.
13025 * The third parameter ($cache) to the UsersPagerDoBatchLookups hook was changed;
13026 see docs/hooks.txt.
13027 * User::crypt() (deprecated in 1.24) was removed.
13028 * User::comparePasswords() (deprecated in 1.24) was removed.
13029 * ArchivedFile::getUserText() (deprecated in 1.23) was removed.
13030 * HTMLFileCache::newFromTitle() (deprecated in 1.24) was removed.
13031 * BREAKING CHANGE: Internal signature changes to ChangesListSpecialPage
13032 and subclasses. It should only break if you call buildMainQueryConds
13033 (changed to buildQuery with new signature) or doMainQuery (new
13034 signature). Subclasses are likely to call at least doMainQuery
13035 (possibly both), but other classes might too, because they were
13037 Also, some related hooks were deprecated, but this is not yet a
13039 * Removed 'jquery.arrowSteps' module. (deprecated since 1.28)
13040 * The 'jquery.autoEllipsis' ResourceLoader module is now deprecated.
13041 * WikiRevision::$fileIsTemp was deprecated.
13042 * WikiRevision::$importer was deprecated.
13043 * WikiRevision::$user was deprecated.
13044 * Article::getLastPurgeTimestamp(), WikiPage::getLastPurgeTimestamp(), and the
13045 WikiPage::PURGE_* constants are deprecated, and the functions will always
13046 return false. They were a hack for an issue that has since been fixed.
13047 * Hook 'EditPageBeforeEditChecks' is now deprecated. Instead use the new hook
13048 'EditPageGetCheckboxesDefinition', or 'EditPage::showStandardInputs:options'
13049 if you don't actually care about checkboxes and just want to add some HTML
13051 * Selflinks are now rendered as href-less <a> tags with the class mw-selflink
13052 rather than <strong> tags. The old class name, "selflink", was deprecated
13053 and will be removed in a future release. (T160480)
13054 * (T156184) $wgRawHtml will no longer apply to internationalization messages.
13055 * Browser support for non-ES5 JavaScript browsers, including Android 2,
13056 Opera <12.10, and Internet Explorer 9, was lowered from Grade A to Grade C.
13057 * Removed wikibits global methods deprecated since MediaWiki 1.17 (T122755):
13058 is_gecko, is_chrome_mac, is_chrome, webkit_version, is_safari_win, is_safari,
13059 webkit_match, is_ff2, ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs,
13060 opera7_bugs, opera6_bugs, is_opera_95, is_opera_preseven, is_opera,
13061 ie6_bugs, clientPC, changeText, killEvt, addHandler, hookEvent,
13062 addClickHandler, removeHandler, getElementsByClassName, getInnerText,
13063 setupCheckboxShiftClick, addCheckboxClickHandlers, mwEditButtons,
13064 mwCustomEditButtons, injectSpinner, removeSpinner, escapeQuotes,
13065 escapeQuotesHTML, jsMsg, addPortletLink, appendCSS, tooltipAccessKeyPrefix,
13066 tooltipAccessKeyRegexp, updateTooltipAccessKeys.
13067 * The ID of the <li> element containing the login link has changed from
13068 'pt-login' to 'pt-login-private' in private wikis.
13069 * The old, neglected "bulletin board style toolbar" in the edit form is now
13070 deprecated (T30856). This old code dates from 2006, and was replaced in the
13071 MediaWiki release tarball and in Wikimedia production by the WikiEditor
13072 extension in 2010. It is only shown to users if no other editor was
13073 installed, and leads to confusion.
13074 * (T92459) Loading ResourceLoader modules containing JavaScript through
13075 addModuleStyles() is deprecated and will log a warning server-side.
13079 == MediaWiki 1.28.3 ==
13081 This is a security and maintenance release of the MediaWiki 1.28 branch.
13083 === Changes since 1.28.2 ==
13084 * (T168856) Allow SVGs created by Dia to be uploaded.
13085 * (T157545) Add missing doUpdates() call to refreshLinks.php.
13086 * (T165714) (T100085) Better handling of jobs execution in post-connection
13088 * (T154425) (T154438) (T157679) Use AutoCommitUpdate instead of
13089 Database->onTransactionIdle.
13090 * (T154425) Make DeferredUpdates detect LBFactory transaction rounds.
13091 * (T149454) Restore erroneously removed realTableName call from
13093 * (T167798) Fix phrase search and highlighting for phrase queries.
13094 * (T151136) Provide credits information to callbacks in extension registration.
13095 * (T160462) Allow namespaces defined in extension.json to be overwritten
13097 * (T168337) Fix ErrorPageError to work from non-UI contexts.
13098 * (T143788) Backports for PHP 7.0 and 7.1 support.
13099 * (T175439) Unbreak Postgres Updater when setting defaults for a column.
13100 * (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
13101 * (T174255) Declare uploadCount property in importDump.php.
13102 * (T180231) SECURITY: Updated dev dependancy phpunit/phpunit from v4.8.24 to
13104 * (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and
13105 browser sends non-standard url escaping.
13106 * (T165846) SECURITY: BotPassword login attempts weren't throttled.
13107 * (T128209) SECURITY: Reflected File Download from api.php.
13108 * (T134100) SECURITY: Do not reveal if user exists during login failure.
13109 * (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
13110 * (T125163) SECURITY: Make anchor for headlines escape > and <.
13111 * (T180237) SECURITY: Protect vendor folder with .htaccess.
13112 * (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in
13114 * (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit.
13115 * (T119158) SECURITY: Handle -{}- syntax in attributes safely.
13117 == MediaWiki 1.28.2 ==
13119 Due to a packaging error, the wrong version of the SyntaxHighlight extension was
13120 included in the tarball version of MediaWiki 1.28.1. The version included had a
13121 serious security issue in it (T158689). There was also some minor code fixes in
13122 MediaWiki itself since 1.28.1, but none of them were security relevant.
13124 == MediaWiki 1.28.1 ==
13126 This is a security and maintenance release of the MediaWiki 1.28 branch.
13128 === Changes since 1.28.0 ===
13130 * $wgRunJobsAsync is now false by default (T142751). This change only affects
13131 wikis with $wgJobRunRate > 0.
13132 * Fix fatal from "WaitConditionLoop" not being found, experienced when a wiki
13133 has more than one database server setup.
13134 * (T152717) Better escaping for PHP mail() command,
13135 * (T154670) A missing method causing the MySQL installer to fatal in rare
13136 circumstances was restored.
13137 * (T154672) Un-deprecate ArticleAfterFetchContentObject hook.
13138 * (T158766) Avoid SQL error on MSSQL when using selectRowCount().
13139 * (T145635) Fix too long index error when installing with MSSQL.
13140 * (T156184) $wgRawHtml will no longer apply to internationalization messages.
13141 * (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is
13143 * (T154872) Fix incorrect ar_usertext_timestamp index names in new 1.28
13145 * (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow
13146 redirect to interwiki links.
13147 * (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
13148 $wgAdvancedSearchHighlighting is true.
13149 * (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
13150 their values out of the logs.
13151 * (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a
13153 * (T156184) SECURITY: Escape content model/format url parameter in message.
13154 * (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
13156 * (T161453) SECURITY: LocalisationCache will no longer use the temporary
13157 directory in it's fallback chain when trying to work out where to write the
13159 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
13160 inclusion syntax's link parameter.
13161 * (T108138) SECURITY: Sysops can undelete pages, although the page is protected
13164 == MediaWiki 1.28 ==
13166 === Changes since 1.28.0-rc1 ===
13167 * (T148957) Replace wgShowExceptionDetails with wgShowDBErrorBacktrace on db
13169 * (T148956) Only apply wgDBschema to postgres/mssql.
13170 * (T145991) Introduce separate log action for deleting pages on move.
13171 * (T141474) (T110464) Bypass login page if no user input is required.
13173 === Changes since 1.28.0-rc0 ===
13174 * (T142210) The changes to move the parser "NewPP limit report" from a HTML
13175 comment to a machine-readable JavaScript config option 'wgPageParseReport'
13176 have been undone. They caused the human-readable limit report to be shown
13177 incompletely or not at all. ParserOutput::setLimitReportData() and
13178 getLimitReportData() behave as they did in MediaWiki 1.27 again.
13179 * (T149510) Value of {{DISPLAYTITLE:}} parser function will not be used for
13180 the text of subheadings on a category page when creating it. This wasn't
13182 * (T106793) MediaWiki will no longer try to perform a HTTP redirect to the
13183 canonical pretty URL when a non-pretty URL is used. It resulted in redirect
13184 loops in some clients and in some server configurations. This undoes a change
13185 made in MediaWiki 1.26.
13186 * (T149759) manifest_version: 2 was removed.
13188 === Configuration changes in 1.28 ===
13189 * $wgSend404Code now affects status code of action=history if the page is not
13191 * BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
13192 made by MediaWiki via a proxy. Relying on the http_proxy environment
13193 variable is no longer supported.
13194 * The load.php entry point now enforces the existing policy of not allowing
13195 access to session data, which includes the session user and the session
13196 user's language. If such access is attempted, an exception will be thrown.
13197 * The number of internal PBKDF2 iterations used to derive the session secret
13198 is configurable via $wgSessionPbkdf2Iterations.
13199 * Upload dialog's file upload log comment can now be configured separately for
13200 local and foreign uploads.
13201 * $wgForeignUploadTargets now defaults to `[ 'local' ]`, where `'local'`
13202 signifies local uploads. A value of `[]` (empty array) now means that
13203 no upload targets are allowed, effectively disabling the upload dialog.
13204 * The deprecated $wgEditEncoding variable has been removed; it was only used
13205 for Esperanto language character conversion. You are now recommended to use
13206 input methods provided by the UniversalLanguageSelector extension.
13207 * When $wgPingback is true, MediaWiki will periodically ping
13208 https://www.mediawiki.org/beacon with basic information about the local
13209 MediaWiki installation. This data includes, for example, the type of system,
13210 PHP version, and chosen database backend. This behavior is off by default.
13211 * When $wgEditSubmitButtonLabelPublish is true, MediaWiki will label the button
13212 to store-to-database-and-show-to-others as "Publish page"/"Publish changes";
13213 if false, the default, they will be "Save page"/"Save changes".
13214 * The 'editcontentmodel' permission is now granted to all logged-in users
13216 instead of just administrators ('sysop'). Documentation for this feature is
13217 available at <https://www.mediawiki.org/wiki/Help:ChangeContentModel>.
13218 * $wgRevisionCacheExpiry is now set to one week by default instead of being
13220 * Magic links are now disabled by default, and can be re-enabled by modifying
13221 the value of $wgEnableMagicLinks. Their usage is discouraged, but if they are
13222 manually enabled, a tracking category will be added to help identify usage and
13223 make it easier to migrate away from. If you depend upon magic link
13224 functionality, it is requested that you comment on
13225 <https://www.mediawiki.org/wiki/Requests_for_comment/Future_of_magic_links>
13226 and explain your use case(s).
13227 * New config variable $wgCSPFalsePositiveUrls to control what URLs to ignore
13228 in upcoming Content-Security-Policy feature's reporting.
13230 === New features in 1.28 ===
13231 * User::isBot() method for checking if an account is a bot role account.
13232 * Added a new 'slideshow' mode for galleries.
13233 * Added a new hook, 'UserIsBot', to aid in determining if a user is a bot.
13234 * Added a new hook, 'ApiMakeParserOptions', to allow extensions to better
13235 interact with API parsing.
13236 * Added a new hook, 'UploadVerifyUpload', which can be used to reject a file
13237 upload. Unlike 'UploadVerifyFile' it provides information about upload comment
13238 and the file description page, but does not run for uploads to stash.
13239 * (T141604) Extensions can now provide a better error message when their
13240 maintenance scripts are run without the extension being installed.
13241 * (T8948) Numeric sorting in categories is now supported by setting
13242 $wgCategoryCollation to 'uca-default-u-kn' or 'uca-<langcode>-u-kn'. If you
13243 can't use UCA collations, a 'numeric' collation is also available. If
13244 migrating from another collation, you will need to run the updateCollation.php
13245 maintenance script.
13246 * Two new codes have been added to #time parser function: "xit" for days in
13247 current month, and "xiz" for days passed in the year, both in Iranian
13249 * mw.Api has a new option, useUS, to use U+001F (Unit Separator) when
13250 appropriate for sending multi-valued parameters. This defaults to true when
13251 the mw.Api instance seems to be for the local wiki.
13252 * After a client performs an action which alters a database that has replica
13253 databases, MediaWiki will wait for the replica databases to synchronize with
13254 the master database while it renders the HTML output. However, if the output
13255 is a redirect to another wiki on the wiki farm with a different domain,
13256 MediaWiki will instead alter the redirect URL to include a ?cpPosTime
13257 parameter that triggers the database synchronization when the URL is followed
13258 by the client. The same-domain case uses a new cpPosTime cookie.
13259 * Added new hooks, 'ApiQueryBaseBeforeQuery', 'ApiQueryBaseAfterQuery', and
13260 'ApiQueryBaseProcessRow', to make it easier for extensions to add 'prop' and
13261 'show' parameters to existing API query modules.
13263 === External library changes in 1.28 ===
13265 ==== Upgraded external libraries ====
13266 * Updated es5-shim from v4.1.5 to v4.5.8
13267 * Updated composer/semver from v1.4.1 to v1.4.2
13268 * Updated wikimedia/php-session-serializer from v1.0.3 to v1.0.4
13270 ==== New external libraries ====
13271 * Added wikimedia/scoped-callback v1.0.0
13272 * Added wikimedia/wait-condition-loop v1.0.1
13274 === Bug fixes in 1.28 ===
13275 * (T146496) action=history pages should return 404 HTTP error code if the page
13277 * (T137264) SECURITY: XSS in unclosed internal links
13278 * (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
13279 * (T133147) SECURITY: Require login to preview user CSS pages
13280 * (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
13282 * (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
13284 * (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
13285 * (T139670) Move 'UserGetRights' call before application of
13286 Session::getAllowedUserRights()
13288 === Action API changes in 1.28 ===
13289 * Added 'maxarticlesize' property to action=query&meta=siteinfo which contains
13290 the value of $wgMaxArticleSize.
13291 * Property 'modulemessages' from action=parse&prop=modules was removed
13292 (deprecated since 1.26).
13293 * The following response properties from action=login, deprecated in 1.27, are
13294 now removed: lgtoken, cookieprefix, sessionid. Clients should handle cookies
13295 to properly manage session state.
13296 * Submitting the lgtoken and lgpassword parameters in the query string to
13297 action=login is now deprecated and outputs a warning. They should be submitted
13298 in the POST body instead.
13299 * Submitting sensitive authentication request parameters to action=clientlogin,
13300 action=createaccount, action=linkaccount, and action=changeauthenticationdata
13301 in the query string is now deprecated and outputs a warning. They should be
13302 submitted in the POST body instead.
13303 * (T141960) Multi-valued parameters may now be separated using U+001F
13304 (Unit Separator) instead of the pipe character. This will be useful if some of
13305 the multiple values need to contain pipes, e.g. for action=options.
13306 * The API will now warn if input is not NFC-normalized Unicode or if it
13307 contains invalid characters.
13308 * The 'normalized' list output by action=query and other modules that use
13309 ApiPageSet may contain entries where the 'from' value is percent-encoded as
13310 the raw value cannot be represented in a valid API response. These are
13311 indicated by a 'fromencoded' boolean alongside the existing 'from' parameter.
13312 * (T28680) action=paraminfo can now return info about all submodules of a
13313 module without listing them all explicitly.
13314 * (T146770) It is now possible to assert that the current user is a specific
13315 named user, using the 'assertuser' parameter.
13316 * (T141963) Added a 'known' property when missing-but-known titles (e.g. from
13317 the 'TitleIsAlwaysKnown' hook) are output in various modules.
13319 === Action API internal changes in 1.28 ===
13320 * Added a new hook, 'ApiMakeParserOptions', to allow extensions to better
13321 interact with ApiParse and ApiExpandTemplates.
13322 * (T139565) SECURITY: API: Generate head items in the context of the given title
13323 * (T115333) SECURITY: Check read permission when loading page content in
13325 * ApiBase::getResultData() was removed (deprecated since 1.25)
13326 * ApiBase::makeHelpArrayToString() was removed (deprecated since 1.25)
13327 * ApiBase::makeHelpMsgParameters() was removed (deprecated since 1.25)
13328 * ApiBase::makeHelpMsg() was removed (deprecated since 1.25)
13329 * ApiFormatBase::formatHTML() was removed (deprecated since 1.25)
13330 * ApiFormatBase::getNeedsRawData() was removed (deprecated since 1.25)
13331 * ApiFormatBase::getWantsHelp() was removed (deprecated since 1.25)
13332 * ApiFormatBase::setBufferResult() was removed (deprecated since 1.25)
13333 * ApiFormatBase::setHelp() was removed (deprecated since 1.25)
13334 * ApiFormatBase::setUnescapeAmps() was removed (deprecated since 1.25)
13335 * ApiMain::makeHelpMsgHeader() was removed (deprecated since 1.25)
13336 * ApiMain::reallyMakeHelpMsg() was removed (deprecated since 1.25)
13337 * ApiMain::setHelp() was removed (deprecated since 1.25)
13338 * ApiResult::beginContinuation() was removed (deprecated since 1.25)
13339 * ApiResult::cleanUpUTF8() was removed (deprecated since 1.25)
13340 * ApiResult::convertStatusToArray() was removed (deprecated since 1.25)
13341 * ApiResult::disableSizeCheck() was removed (deprecated since 1.24)
13342 * ApiResult::enableSizeCheck() was removed (deprecated since 1.24)
13343 * ApiResult::endContinuation() was removed (deprecated since 1.25)
13344 * ApiResult::getData() was removed (deprecated since 1.25)
13345 * ApiResult::getIsRawMode() was removed (deprecated since 1.25)
13346 * ApiResult::setContent() was removed (deprecated since 1.25)
13347 * ApiResult::setContinueParam() was removed (deprecated since 1.25)
13348 * ApiResult::setElement() was removed (deprecated since 1.25)
13349 * ApiResult::setGeneratorContinueParam() was removed (deprecated since 1.25)
13350 * ApiResult::setIndexedTagName_internal() was removed (deprecated since 1.25)
13351 * ApiResult::setIndexedTagName_recursive() was removed (deprecated since 1.25)
13352 * ApiResult::setMainForContinuation() was removed (deprecated since 1.25)
13353 * ApiResult::setParsedLimit() was removed (deprecated since 1.25)
13354 * ApiResult::setRawMode() was removed (deprecated since 1.25)
13355 * ApiResult::size() was removed (deprecated since 1.25)
13356 * Added new hooks, 'ApiQueryBaseBeforeQuery', 'ApiQueryBaseAfterQuery', and
13357 'ApiQueryBaseProcessRow', to make it easier for extensions to add 'prop' and
13358 'show' parameters to existing API query modules. A query module can enable
13359 these hooks by passing an array for $hookData to ApiQueryBase::select() and
13360 by calling ApiQueryBase->processRow() before adding a row's data to the
13363 === Languages updated in 1.28 ===
13365 MediaWiki supports over 375 languages. Many localisations are updated
13366 regularly. Below only new and removed languages are listed, as well as
13367 changes to languages because of Phabricator reports.
13369 * (T137411) ban (Balinese), thanks to translators Adi Mayndra, Andru,
13370 BASAbali, M. Adiputra, Naval Scene, Nemo bis, NoiX180, and 아라.
13371 * (T135867) shn (Shan), thanks to translators Khun Sar, Piangpha,
13372 Saiddzone Saimawnkham, Saosukham, and Sengwan.
13373 * Czech (cs) and Slovak (sk) set as reciprocal fallbacks.
13374 * (T146744) Livvi-Karelian (olo) namespace messages created thanks to translator
13377 === Other changes in 1.28 ===
13378 * (T128697) Improved handling of large diffs.
13379 * [BREAKING CHANGE] $wgExtendedLoginCookies has been removed. You can
13380 use or update a custom session provider if needed.
13381 * Deprecated APIEditBeforeSave hook in favor of EditFilterMergedContent.
13382 * The 'UploadVerification' hook is deprecated. Use 'UploadVerifyFile' instead.
13383 * SiteConfiguration::isLocalVHost() was removed (deprecated since 1.25).
13384 * The 'UserLoginComplete' hook has a new parameter to differentiate between
13385 actual login and visiting the login page while already logged in.
13386 * ResourceLoader::makeLoaderURL() was removed (deprecated since 1.24).
13387 * $.fn.liveAndTestAtStart was removed (deprecated since 1.24).
13388 * mw.util.tooltipAccessKeyPrefix was removed (deprecated since 1.24).
13389 * mw.util.tooltipAccessKeyRegexp was removed (deprecated since 1.24).
13390 * Linker::link() and Linker::linkKnown() were deprecated; please instead use
13391 MediaWiki\Linker\LinkRenderer. In addition, the LinkBegin and LinkEnd hooks
13392 were replaced by HtmlPageLinkRendererBegin and HtmlPageLinkRendererEnd
13393 respectively. See docs/hooks.txt for the specific changes needed for those
13395 * Linker::formatSize() was deprecated. Use Language::formatSize() directly.
13396 * Aliases for Linker methods, deprecated since 1.21, were removed from Skin:
13397 * Skin::commentBlock() (use Linker::commentBlock() instead)
13398 * Skin::generateRollback() (use Linker::generateRollback() instead)
13399 * Skin::link() (use MediaWiki\Linker\LinkRenderer instead)
13400 * Skin::linkKnown() (use MediaWiki\Linker\LinkRenderer instead)
13401 * Skin::userLink() (use Linker::userLink() instead)
13402 * Skin::userToolLinks() (use Linker::userToolLinks() instead)
13403 * Disabled "bug 2702" HTML tidying of parsed UI messages on wikis where Tidy is
13405 * DifferenceEngine::generateDiffBody() was removed (deprecated since 1.21).
13406 * UploadBase::stashFileGetKey() and UploadBase::stashSession() were deprecated.
13407 Use ...->stashFile()->getFileKey() instead.
13408 * "Public domain" was removed as a wiki license option from the installer, in
13410 * AuthenticationRequest::$required is now changed from REQUIRED to
13411 PRIMARY_REQUIRED on requests needed by primary providers even if all primaries
13413 Primary providers are discouraged from returning multiple REQUIRED requests.
13414 * OOjs UI PHP widgets constructed with the `'infusable' => true` config option
13415 will no longer be automatically infused. You should call `OO.ui.infuse()`
13416 on them yourself from your JavaScript code.
13417 * parserTests.php has moved to tests/parser/parserTests.php
13418 * The command line options specific to parser tests have been removed from
13419 phpunit.php: --regex and --keep-uploads. Instead of --regex, use --filter.
13420 Instead of --keep-uploads, use the same option to parserTests.php, but you
13421 must specify a directory with --upload-dir.
13422 * The 'jquery.arrowSteps' ResourceLoader module is now deprecated.
13423 * IP::isConfiguredProxy() and IP::isTrustedProxy() were removed. Callers should
13424 migrate to using the same functions on a ProxyLookup instance, obtainable from
13426 * The ArticleAfterFetchContent, ArticleInsertComplete, ArticleSave,
13427 ArticleSaveComplete, ArticleViewCustom, EditFilterMerged, EditPageGetDiffText,
13428 EditPageGetPreviewText and ShowRawCssJs hooks will now emit deprecation
13430 * (T68404) CSS3 attr() function with url type is no longer allowed
13432 * Database::getSearchEngine() is deprecated, use
13433 SearchEngineFactory::getSearchEngineClass instead.
13435 == Compatibility ==
13437 MediaWiki 1.28 requires PHP 5.5.9 or later. There is experimental support for
13438 HHVM 3.6.5 or later.
13440 MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but
13441 support for them is somewhat less mature. There is experimental support for
13442 Oracle and Microsoft SQL Server.
13444 The supported versions are:
13446 * MySQL 5.0.3 or later
13447 * PostgreSQL 8.3 or later
13448 * SQLite 3.3.7 or later
13449 * Oracle 9.0.1 or later
13450 * Microsoft SQL Server 2005 (9.00.1399)
13454 1.28 has several database changes since 1.27, and will not work without schema
13455 updates. Note that due to changes to some very large tables like the revision
13456 table, the schema update may take quite long (minutes on a medium sized site,
13457 many hours on a large site).
13459 If upgrading from before 1.11, and you are using a wiki as a commons
13460 repository, make sure that it is updated as well. Otherwise, errors may arise
13461 due to database schema changes.
13463 If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
13464 new database fields are filled with data.
13466 If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to
13467 1.5 first. The upgrade script maintenance/upgrade1_5.php has been removed
13468 with MediaWiki 1.21.
13470 Don't forget to always back up your database before upgrading!
13472 See the file UPGRADE for more detailed upgrade instructions.
13474 For notes on 1.27.x and older releases, see HISTORY.
13476 == Online documentation ==
13478 Documentation for both end-users and site administrators is available on
13479 MediaWiki.org, and is covered under the GNU Free Documentation License (except
13480 for pages that explicitly state that their contents are in the public domain):
13482 https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
13486 A mailing list is available for MediaWiki user support and discussion:
13488 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
13490 A low-traffic announcements-only list is also available:
13492 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
13494 It's highly recommended that you sign up for one of these lists if you're
13495 going to run a public MediaWiki, so you can be notified of security fixes.
13499 There's usually someone online in #mediawiki on irc.freenode.net.
13503 == MediaWiki 1.27.7 ==
13505 This is a maintenance release of the MediaWiki 1.27 branch.
13507 === Changes since MediaWiki 1.27.6 ===
13508 * Add missing `use MediaWiki\MediaWikiServices;` to LogEventsList.php.
13509 * Remove broken tests from ApiBlockTest.php.
13511 == MediaWiki 1.27.6 ==
13513 This is a security and maintenance release of the MediaWiki 1.27 branch.
13515 === Changes since MediaWiki 1.27.5 ===
13516 * (T204729) WatchedItemStore::countVisitingWatchersMultiple() shouldn't query
13517 all titles when asked for none.
13518 * (T109121) Remove deprecated pear/mail_mime-decode from composer suggested
13520 * (T207241) Augment precision of updatelist time.
13521 * (T207540) Include IP address in "Login for $1 succeeded" log entry.
13522 * (T205765) Don't link to the obsolete "Extension Matrix" page in installer.
13523 * (T207603) SECURITY: User JS may no longer be loaded with mime type
13524 text/javascript if there is no account associated with the username.
13525 * (T113042) SECURITY: Do not allow loading pages raw with a text/javascript MIME
13526 type if non-admins can edit the page.
13527 * (T207541) Pass email address to mail().
13528 * (T209335) Clarify the default sidebar 'Help' link is about MediaWiki itself.
13529 * (T213359) Update mediawiki/mediawiki-codesniffer to 0.8.1.
13530 * (T208871) The hard-coded Google search form on the database error page was
13532 * (T216968) Return pageid as int in both list=iwbacklinks and
13533 list=langbacklinks.
13534 * (T218608) Fix an issue that prevents Extension:OAuth working when
13535 $wgBlockDisablesLogin is true.
13536 * (T219728) Added support for new Japanese era name "Reiwa".
13537 * (T25227) SECURITY: action=logout now requires to be posted and have a csrf
13539 * SpecialPage::checkLoginSecurityLevel() will now preserve POST data when
13541 * FormSpecialPage::execute() will now call checkLoginSecurityLevel() if
13542 getLoginSecurityLevel() returns non-false.
13543 * (T197279) SECURITY: Fix reauth in Special:ChangeEmail.
13544 * (T208881) SECURITY: blacklist CSS var().
13545 * (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
13546 * (T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
13547 * (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
13548 * (T222036, T222038) SECURITY: Add permission check for user is permitted to
13550 * (T221739) SECURITY: resources: Patch jQuery 1.11.3 for CVE-2019-11358.
13552 == MediaWiki 1.27.5 ==
13554 This is a security and maintenance release of the MediaWiki 1.27 branch.
13556 === Changes since 1.27.4 ===
13557 * (T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides
13559 * (T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's
13561 * Upgraded Moment.js from v2.8.4 to v2.19.3.
13562 * (T160298) Fixed Special:ActiveUsers due to bad backport.
13563 * (T87572) Make FormatMetadata::flattenArrayReal() work for an associative
13565 * Updated list of SPDX licenses for extensions.
13566 * (T189567) the CLI installer (maintenance/install.php) learned to detect and
13567 include extensions. Pass --with-extensions to enable that feature.
13568 * (T192584) Stop incorrectly passing USE INDEX to RecentChange::newFromConds().
13569 * Add default edit rate limit of 90 edits/minute for all users.
13570 * (T196125) php-memcached 3.0 (provided with PHP 7.0) is now supported.
13571 * (T196672) The mtime of extension.json files is now able to be zero.
13572 * (T118683) Fix exception from &$user deref on HHVM in the TitleMoveComplete
13574 * (T180403) Validate $length in padleft/padright parser functions.
13575 * (T143790) Make $wgEmailConfirmToEdit only affect edit actions.
13576 * Special:BotPasswords now requires reauthentication.
13577 * (T191608, T187638) Add 'logid' parameter to Special:Log.
13578 * (T193829) Indicate when a Bot Password needs reset.
13579 * (T151415) Log email changes.
13580 * (T118420) Unbreak Oracle installer.
13582 == MediaWiki 1.27.4 ==
13583 This is a security and maintenance release of the MediaWiki 1.27 branch.
13585 === Changes since 1.27.3 ===
13586 * (T100085) Better handling of jobs execution in post-connection shutdown.
13587 * (T141604) Support conditionally registered namespaces.
13588 * (T167798) Fix highlighting for phrase queries and phrase search.
13589 * (T151136) Provide credits information to callbacks.
13590 * (T160462) Allow namespaces defined in extension.json to be overwritten
13592 * (T168856) Allow SVGs created by Dia to be uploaded.
13593 * (T144705) (T148662) Password reset link is no longer shown when no reset
13594 options are available.
13595 * (T143788) (T174262) Various backports for PHP 7.0 and 7.1 support.
13596 * (T66795) $wgUserEmailUseReplyTo is now true by default to work around
13597 restrictive DMARC policies.
13598 * DB_REPLICA constant added from REL1_28+ to ease backports to extensions and
13600 * (T175439) Unbreak Postgres Updater when setting defaults for a column.
13601 * (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
13602 * (T142304) Allow putting the app ID in the password for bot passwords.
13603 * Updated dev dependancy phpunit/phpunit from v4.8.24 to v4.8.36.
13604 * (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and
13605 browser sends non-standard url escaping.
13606 * (T165846) SECURITY: BotPassword login attempts weren't throttled.
13607 * (T128209) SECURITY: Reflected File Download from api.php.
13608 * (T134100) SECURITY: Do not reveal if user exists during login failure.
13609 * (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
13610 * (T125163) SECURITY: Make anchor for headlines escape > and <.
13611 * (T180237) SECURITY: Protect vendor folder with .htaccess.
13612 * (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in
13614 * (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit.
13615 * (T119158) SECURITY: Handle -{}- syntax in attributes safely.
13617 == MediaWiki 1.27.3 ==
13618 Due to a packaging error, the wrong version of the SyntaxHighlight extension was
13619 included in the tarball version of MediaWiki 1.27.2. The version included had a
13620 serious security issue in it (T158689). There was also some minor code fixes in
13621 MediaWiki itself since 1.27.2, but none of them were security relevant.
13623 === Changes since 1.27.2 ===
13624 * (T145664) Fix broken wincache merge() implementation
13625 * (T163434) Add wikimedia/testing-access-wrapper for forwards compatibility
13626 * (T153505) Fix php warnings on php 7.1 due to use of &$this
13628 == MediaWiki 1.27.2 ==
13629 This is a security and maintenance release of the MediaWiki 1.27 branch.
13631 ApiCreateAccount was removed in 1.27.0. It was incorrectly still marked as
13632 deprecated (rather than already removed) in the RELEASE-NOTES at the point
13633 1.27.0 was released.
13635 === Changes since 1.27.1 ===
13637 * (T68404) CSS3 attr() function with url type argument is no longer allowed
13639 * $wgRunJobsAsync is now false by default (T142751). This change only affects
13640 wikis with $wgJobRunRate > 0.
13641 * (T152717) Better escaping for PHP mail() command
13642 * Submitting the lgtoken and lgpassword parameters in the query string to
13643 action=login is now deprecated and outputs a warning. They should be submitted
13644 in the POST body instead.
13645 * Submitting sensitive authentication request parameters to action=clientlogin,
13646 action=createaccount, action=linkaccount, and action=changeauthenticationdata
13647 in the query string is now deprecated and outputs a warning. They should be
13648 submitted in the POST body instead.
13649 * (T158766) Avoid SQL error on MSSQL when using selectRowCount()
13650 * (T145635) Fix too long index error when installing with MSSQL.
13651 * (T156184) $wgRawHtml will no longer apply to internationalization messages.
13652 * (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is
13654 * (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow
13655 redirect to interwiki links.
13656 * (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
13657 $wgAdvancedSearchHighlighting is true.
13658 * (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
13659 their values out of the logs.
13660 * (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a
13662 * (T156184) SECURITY: Escape content model/format url parameter in message.
13663 * (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
13665 * (T161453) SECURITY: LocalisationCache will no longer use the temporary
13666 directory in it's fallback chain when trying to work out where to write the
13668 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
13669 inclusion syntax's link parameter.
13670 * (T108138) SECURITY: Sysops can undelete pages, although the page is protected
13673 == MediaWiki 1.27.1 ==
13675 This is a maintenance release of the MediaWiki 1.27 branch.
13677 === Changes since 1.27.0 ===
13678 * BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
13679 made by MediaWiki via a proxy. Relying on the http_proxy environment
13680 variable is no longer supported.
13681 * (T139565) SECURITY: API: Generate head items in the context of the given title
13682 * (T137264) SECURITY: XSS in unclosed internal links
13683 * (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
13684 * (T133147) SECURITY: Require login to preview user CSS pages
13685 * (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
13687 * (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
13689 * (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
13690 * (T115333) SECURITY: Check read permission when loading page content in
13692 * (T57548) Remove support for $wgWellFormedXml = false, all output is now well
13694 * (T139670) Move 'UserGetRights' call before application of
13695 Session::getAllowedUserRights()
13697 == MediaWiki 1.27.0 ==
13699 === PHP version requirement in 1.27 ===
13700 As of 1.27, MediaWiki now requires PHP 5.5.9 or higher (see Compatibility
13701 section). Additionally, the following PHP extensions are required:
13705 * mbstring (new requirement in 1.27)
13707 The following PHP extensions are strongly recommended:
13710 === Configuration changes in 1.27 ===
13711 * $wgAllowMicrodataAttributes and $wgAllowRdfaAttributes were removed,
13712 now always enabled. If you use RDFa on your wiki, you now have to explicitly
13713 set $wgHtml5Version to 'HTML+RDFa 1.0' or 'XHTML+RDFa 1.0'.
13714 * $wgUseLinkNamespaceDBFields was removed.
13715 * Deprecated $wgResourceLoaderMinifierStatementsOnOwnLine and
13716 $wgResourceLoaderMinifierMaxLineLength, because there was little value in
13717 making the behavior configurable. The default values (`false` for the former,
13718 1000 for the latter) are now hard-coded.
13719 * $wgDebugDumpSqlLength was removed (deprecated in 1.24).
13720 * $wgDebugDBTransactions was removed (deprecated in 1.20).
13721 * $wgUseXVO has been removed, as it provides functionality only used by
13722 custom Wikimedia patches against Squid 2.x that probably noone uses in
13723 production anymore. There is now $wgUseKeyHeader that provides similar
13724 functionality but instead of the MediaWiki-specific X-Vary-Options header,
13725 uses the draft Key header standard.
13726 * $wgScriptExtension (and support for '.php5' entry points) was removed. See the
13727 deprecation notice in the release notes for version 1.25 for advice on how to
13728 preserve support for '.php5' entry points via URL rewriting.
13729 * Password handling via the User object has been deprecated and partially
13730 removed, pending the future introduction of AuthManager. In particular:
13731 ** expirePassword(), getPasswordExpireDate(), resetPasswordExpiration(), and
13732 getPasswordExpired() have been removed. They were unused outside of core.
13733 ** The mPassword, mNewpassword, mNewpassTime, and mPasswordExpires fields are
13734 now private and will be removed in the future.
13735 ** The getPassword() and getTemporaryPassword() methods now throw
13736 BadMethodCallException and will be removed in the future.
13737 ** The ability to pass 'password' and 'newpassword' to createNew() has been
13738 removed. The only users of it seem to have been using it to set invalid
13739 passwords, and so shouldn't be greatly affected.
13740 ** setPassword(), setInternalPassword(), and setNewpassword() have been
13741 deprecated, pending the introduction of AuthManager.
13742 ** User::randomPassword() is deprecated in favor of a new method
13743 PasswordFactory::generateRandomPasswordString()
13744 ** User::getPasswordFactory() is deprecated, callers should just create a
13745 PasswordFactory themselves.
13746 ** A new constructor, User::newSystemUser(), has been added to simplify the
13747 creation of passwordless "system" users for logged actions.
13748 * $wgMaxSquidPurgeTitles was removed.
13749 * $wgAjaxWatch was removed. This is now enabled by default.
13750 * $wgUseInstantCommons now hotlinks Commons images by default instead of
13751 downloading originals and thumbnailing them locally. This allows wikis to save
13752 on CPU and bandwidth while reducing time to first byte for pages, even without
13753 a thumbnail handler. See $wgForeignFileRepos documentation for tweaks.
13754 * (T27397) WebP is enabled by default as an uploadable filetype.
13755 * (T48998) $wgArticlePath must now be either a full url, or start with a "/".
13756 * $wgRateLimitLog was removed; use $wgDebugLogGroups['ratelimit'] instead.
13757 * Deprecated API formats dbg, txt, and yaml have been removed.
13758 * CLDRPluralRule* classes have been replaced with
13759 wikimedia/cldr-plural-rule-parser.
13760 * Removed $wgProfilePerHost, $wgUDPProfilerHost, $wgUDPProfilerPort,
13761 $wgUDPProfilerFormatString, $wgStatsMethod, $wgAggregateStatsID,
13762 $wgStatsFormatString, and $wgProfileCallTree (deprecated since 1.20).
13763 * For proper operation of LocalIdLookup with shared user tables, ensure that
13764 $wgSharedDB and $wgSharedTables are properly set even on the "central" wiki
13765 that all others are sharing from and that $wgLocalDatabases is set to the
13766 full list of sharing wikis on all those wikis.
13767 * Massive overhaul to session handling:
13768 ** $wgSessionsInObjectCache is no longer supported and must be true, due to
13769 MediaWiki\Session\SessionManager. $wgSessionHandler is similarly no longer
13771 ** ObjectCacheSessionHandler is removed, replaced with
13772 MediaWiki\Session\PhpSessionHandler.
13773 ** PHP session handling in general ($_SESSION, session_id(), and so on) is
13774 deprecated. Use MediaWiki\Session\SessionManager instead. A new config
13775 variable, $wgPHPSessionHandling, is available to cause use of $_SESSION to
13776 issue a deprecation warning or to cause most PHP session handling to throw
13778 ** Deprecated UserSetCookies hook. Session-handling extensions should generally
13779 be creating a custom subclass of CookieSessionProvider. Other extensions
13780 messing with cookies can no longer count on user data being saved in cookies
13781 versus other methods.
13782 ** Deprecated UserLoadFromSession hook, extensions should create a
13783 MediaWiki\Session\SessionProvider.
13784 ** The User cannot be loaded from session until after Setup.php completes.
13785 Attempts to do so will be ignored and the User will remain unloaded.
13786 ** CSRF tokens may be fetched from the MediaWiki\Session\Session, which uses
13787 the MediaWiki\Session\Token class.
13788 * MediaWiki will now auto-create users as necessary, removing the need for
13789 extensions to do so. An 'autocreateaccount' right is added to allow
13790 auto-creation when 'createaccount' is not granted to all users.
13791 * Deprecated AuthPluginAutoCreate hook in favor of LocalUserCreated.
13792 * Most cookie-handling methods in User are deprecated.
13793 * $wgAllowAsyncCopyUploads and $CopyUploadAsyncTimeout were removed. This was an
13794 experimental feature that has never worked.
13795 * Login and createaccount tokens now vary by timestamp.
13796 * LoginForm::getLoginToken() and LoginForm::getCreateaccountToken()
13797 return a MediaWiki\Session\Token, and tokens must be checked using that
13799 * $wgEnotifUseJobQ was removed and the job queue is always used.
13800 * The functionality of the ApiSandbox extension has been merged into core. The
13801 extension should no longer be used.
13802 * $wgPreloadJavaScriptMwUtil was removed (deprecated in 1.26).
13803 Extensions, skins, gadgets and scripts that use the mediawiki.util module must
13804 express a dependency on it.
13805 * $wgIncludeLegacyJavaScript, deprecated in MediaWiki 1.26, now defaults false.
13806 Extensions, skins, gadgets and scripts that need the mediawiki.legacy.wikibits
13807 module should express a dependency on it.
13808 * Removed configuration option $wgCopyrightIcon (deprecated since 1.18). Use
13809 $wgFooterIcons['copyright']['copyright'] instead.
13810 * If the openssl and mcrypt PHP extensions are both unavailable, secure
13811 session storage (used for login) will raise an exception. This exception may
13812 be bypassed by setting $wgSessionInsecureSecrets = true.
13813 * Massive overhaul to authentication:
13814 ** AuthPlugin and AuthPluginUser are deprecated.
13815 ** LoginForm and associated templates are deprecated. Extensions which called
13816 static LoginForm methods should be converted into authentication providers.
13817 ** The following hooks are deprecated:
13818 *** AbortAutoAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead)
13819 *** AbortLogin (create a MediaWiki\Auth\PreAuthenticationProvider instead)
13820 *** AbortNewAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead)
13821 *** AddNewAccount (use LocalUserCreated instead)
13822 *** AuthPluginSetup (create a MediaWiki\Auth\PrimaryAuthenticationProvider
13824 *** ChangePasswordForm (use AuthChangeFormFields instead, or security levels)
13825 *** LoginUserMigrated (create a MediaWiki\Auth\PreAuthenticationProvider
13827 *** UserCreateForm (create a MediaWiki\Auth\AuthenticationProvider of some type
13829 *** UserLoginForm (create a MediaWiki\Auth\AuthenticationProvider of some type
13831 ** The following hooks are removed:
13832 *** AbortChangePassword
13833 *** LoginPasswordResetMessage
13834 *** PrefsPasswordAudit
13835 ** The UserLoginComplete hook will no longer be called for all logins, only for
13836 those via the web UI. Use UserLoggedIn if you need to do something on all
13838 ** $wgRequirePasswordforEmailChange is removed.
13840 === New features in 1.27 ===
13841 * $wgDataCenterUpdateStickTTL was also added. This decides how long a user
13842 sticks to the primary DC (via cookies) after they make changes to the site.
13843 * Added a new hook, 'UserMailerTransformContent', to transform the contents
13844 of an email. This is similar to the EmailUser hook but applies to all mail
13845 sent via UserMailer.
13846 * Added a new hook, 'UserMailerTransformMessage', to transform the contents
13847 of an emai after MIME encoding.
13848 * Added a new hook, 'UserMailerSplitTo', to control which users have to be
13849 emailed separately (ie. there is a single address in the To: field) so
13850 user-specific changes to the email can be applied safely.
13851 * $wgCdnMaxageLagged was added, which limits the CDN cache TTL
13852 when any load balancer uses a DB that is lagged beyond the 'max lag'
13853 setting in the relevant section of $wgLBFactoryConf.
13854 * User::newSystemUser() may be used to simplify the creation of passwordless
13855 "system" users for logged actions from scripts and extensions.
13856 * Extensions can now return detailed error information via the API when
13857 preventing user actions using 'getUserPermissionsErrors' and similar hooks
13858 by using ApiMessage instances instead of strings for the $result value.
13859 * $wgAPIMaxLagThreshold was added to limit bot changes when databases lag
13861 * Skins and extensions can now use FlexBox mixins (.flex-display(@display: flex)
13862 and .flex(@grow: 1, @shrink: 1, @width: auto, @order: 1)) in Less to create
13863 cross-browser-compatible FlexBox rules. Users will still need to add fallback
13864 float rules or the like for compatibility with IE9- separately.
13865 * Added MWTimestamp::getTimezoneString() which returns the localized timezone
13866 string, if available. To localize this string, see the comments of
13867 $wgLocaltimezone in includes/DefaultSettings.php.
13868 * Added CentralIdLookup, a service that allows extensions needing a concept of
13869 "central" users to get that without having to know about specific central
13870 authentication extensions.
13871 * $wgMaxUserDBWriteDuration added to limit huge user-generated transactions.
13872 Regular web request transactions that takes longer than this are aborted.
13873 * Added a new hook, 'TitleMoveCompleting', which runs before a page move is
13875 * $wgCdnReboundPurgeDelay was added to provide secondary delayed purges of URLs
13876 from CDN to mitigate DB replication lag and WAN cache purge lag.
13877 * (T49162) Installer will default to setting CACHE_ACCEL as the main cache type
13878 if it is available.
13879 * It is now possible to patrol file uploads (both for new files and new versions
13880 of existing files). Special:NewFiles has gained an option to filter by patrol
13881 status. This functionality can be disabled using $wgUseFilePatrol.
13882 * MediaWiki\Session infrastructure allows for easier use of session mechanisms
13883 other than the usual cookies.
13884 ** SessionMetadata and SessionCheckInfo hooks allow for setting and checking
13885 custom session metadata.
13886 * Added MWGrants and associated configuration settings $wgGrantPermissions and
13887 $wgGrantPermissionGroups to hold configuration for authentication features
13888 such as OAuth that want to allow restricting the user rights a user may make
13890 ** If you're already using the OAuth extension, these new variables are
13891 identical to (and will replace) $wgMWOAuthGrantPermissions and
13892 $wgMWOAuthGrantPermissionGroups.
13893 * Added MWRestrictions as a class to check restrictions on a WebRequest, e.g.
13894 to assert that the request comes from a particular IP range.
13895 * Added bot passwords, a rights-restricted login mechanism for API-using bots.
13896 * Whitelisted the following HTML attributes for all elements in wikitext:
13897 aria-describedby, aria-flowto, aria-label, aria-labelledby, aria-owns.
13898 * Removed "presentation" restriction on the HTML role attribute in wikitext.
13899 All values are now allowed for the role attribute.
13900 * $wgContentHandlers now also supports callbacks to create an instance of the
13901 appropriate ContentHandler subclass.
13902 * Added $wgAuthenticationTokenVersion, which if non-null prevents the
13903 user_token database field from being exposed in cookies. Setting this would
13904 be a good idea, but will log out all current sessions.
13905 * $wgEventRelayerConfig was added, for managing PubSub event relay
13906 configuration, specifically for reliable CDN url purges.
13907 * Requests have unique IDs, equal to the UNIQUE_ID environment variable (when
13908 MediaWiki is behind Apache+mod_unique_id or something similar) or a randomly-
13909 generated 24-character string. This request ID is used to annotate log records
13910 and error messages. It is available client-side via
13911 mw.config.get( 'wgRequestId' ).
13912 The request ID supplants exception IDs. Accordingly,
13913 MWExceptionHandler::getLogId() is deprecated.
13914 * (T33313) Add a preference for watching uploads by default, also applies
13915 to API-based upload tools.
13916 * $wgJpegPixelFormat was added to override chroma subsampling for JPEG image
13917 thumbnails created via ImageMagick. Defaults to 'yuv420', providing bandwidth
13918 savings versus the previous behavior on many files.
13919 * MediaWiki\Auth infrastructure (called "AuthManager") allows for more flexible
13920 configuration of multiple authentication pieces that was possible with
13921 AuthPlugin. For example, it's now easy to plug in second-factor
13922 authentication, or add additional checks to the login process, or to support
13923 multiple login methods at once, or to support non-password-based login
13925 ** Providers are configured via the global setting $wgAuthManagerConfig.
13926 ** A global, $wgDisableAuthManager, is temporarily available to disable
13927 AuthManager until extensions are ready to support it.
13928 ** New hook, AuthChangeFormFields, to adjust the form fields on
13929 AuthManager-related special pages.
13930 ** New hook, AuthManagerLoginAuthenticateAudit, for additional logging of
13931 AuthManager-related authentication requests.
13932 ** New hook, ChangeAuthenticationDataAudit, for additional logging of
13933 AuthManager-related authentication data changes.
13934 ** New hook, SecuritySensitiveOperationStatus, to work with the new mechanism
13935 for requiring a recent login before taking security-sensitive operations
13936 like changing a password.
13937 ** Two new globals, $wgChangeCredentialsBlacklist and
13938 $wgRemoveCredentialsBlacklist can be used to prevent the web UI and the API
13939 changing certain authentication data.
13940 * The file upload dialog (available if you install WikiEditor or VisualEditor)
13941 can now be configured using $wgUploadDialog.
13943 === External library changes in 1.27 ===
13945 ==== Upgraded external libraries ====
13946 * Updated oojs/oojs-ui from v0.12.12 to v0.13.3.
13947 * Updated composer/semver from v1.0.0 to v1.2.0.
13948 * Updated liuggio/statsd-php-client to 1.0.18.
13949 * Updated QUnit from v1.18.0 to v1.22.0.
13951 ==== New external libraries ====
13952 * Added wikimedia/base-convert v1.0.1.
13953 * Added wikimedia/cldr-plural-rule-parser v1.0.0.
13954 * Added wikimedia/relpath v1.0.3.
13955 * Added wikimedia/running-stat v1.1.0.
13956 * Added wikimedia/php-session-serializer v1.0.3.
13958 ==== Removed and replaced external libraries ====
13960 === Bug fixes in 1.27 ===
13961 * Special:Upload will now display correct maximum allowed file size when running
13962 under HHVM (T116347).
13963 * (T54077) The APIEditBeforeSave hook will once again give only the content of
13964 the section being edited, rather than the whole revision. This reverts the
13965 change made in MediaWiki 1.22.
13967 === Action API changes in 1.27 ===
13968 * Added list=allrevisions.
13969 * generator=recentchanges now has the option to generate revids.
13970 * ApiPageSet::setRedirectMergePolicy() was added. This allows generator
13971 modules to define how generator data for a redirect source gets merged
13972 into the redirect destination.
13973 * prop=imageinfo&iiprop=uploadwarning will no longer include the possibility of
13974 "was-deleted" warning.
13975 * Added difftotextpst to query=revisions which preforms a pre-save transform on
13976 the text before diffing it.
13977 * Deprecated formats dbg, txt, and yaml have been removed.
13978 * (T47988) The protect log event details now use new-style formatting.
13979 * The following response properties from action=login are deprecated, and may
13980 be removed in the future: lgtoken, cookieprefix, sessionid. Clients should
13981 handle cookies to properly manage session state.
13982 * action=login transparently allows login using bot passwords. Clients should
13983 merely need to change the username and password used after setting up a bot
13985 * action=upload no longer understands statuskey, asyncdownload or leavemessage.
13986 * Several changes when $wgDisableAuthManager is false:
13987 ** action=login is deprecated for uses other than bot passwords.
13988 ** list=users can now indicate if a missing username is creatable.
13989 ** action=createaccount is changed in a non-backwards-compatible manner.
13990 ** Added action=query&meta=authmanagerinfo.
13991 ** Added action=clientlogin to be used to log into the main account instead of
13993 ** Added action=linkaccount.
13994 ** Added action=unlinkaccount.
13995 ** Added action=changeauthenticationdata.
13996 ** Added action=removeauthenticationdata.
13997 ** Added action=resetpassword.
13999 === Action API internal changes in 1.27 ===
14000 * ApiQueryORM removed.
14001 * The following classes have been removed:
14005 * ApiBase::addTokenProperties() was removed (deprecated since 1.24).
14006 * ApiBase::getFinalPossibleErrors() was removed (deprecated since 1.24).
14007 * ApiBase::getFinalResultProperties() was removed (deprecated since 1.24).
14008 * ApiBase::getRequireAtLeastOneParameterErrorMessages() was removed (deprecated
14010 * ApiBase::getPossibleErrors() was removed (deprecated since 1.24).
14011 * ApiBase::getRequireMaxOneParameterErrorMessages() was removed (deprecated
14013 * ApiBase::getRequireOnlyOneParameterErrorMessages() was removed (deprecated
14015 * ApiBase::getResultProperties() was removed (deprecated since 1.24).
14016 * ApiBase::getTitleOrPageIdErrorMessage() was removed (deprecated since 1.24).
14017 * ApiBase::parseErrors() was removed (deprecated since 1.24).
14018 * ApiQueryBase::titleToKey(), ApiQueryBase::keyToTitle() and
14019 ApiQueryBase::keyPartToTitle() all removed (deprecated since 1.24).
14020 * ApiQueryBase::checkRowCount() was removed (deprecated since 1.24).
14021 * ApiQueryBase::getDirectionDescription() was removed (deprecated since 1.25).
14022 * ApiQuery::getGenerators() was removed (deprecated since 1.21).
14023 * ApiQuery::getModules() was removed (deprecated since 1.21).
14024 * ApiQuery::getModuleType() was removed (deprecated since 1.21).
14025 * ApiQuery::setGeneratorContinue() was removed (deprecated since 1.24).
14026 * ApiMain::getModules() was removed (deprecated since 1.21).
14027 * ApiBase::getVersion() was removed (deprecated since 1.21).
14028 * ApiMain::getShowVersions() was removed (deprecated in 1.21).
14029 * ApiMain::addModule() was removed (deprecated in 1.21).
14030 * ApiMain::addFormat() was removed (deprecated in 1.21).
14031 * ApiMain::getFormats() was removed (deprecated in 1.21).
14032 * ApiPageSet::finishPageSetGeneration() was removed (deprecated in 1.21).
14033 * ApiCreateAccount was removed.
14035 === Languages updated in 1.27 ===
14037 MediaWiki supports over 350 languages. Many localisations are updated
14038 regularly. Below only new and removed languages are listed, as well as
14039 changes to languages because of Phabricator reports.
14041 * (T113688) Change default numerals from Gurmukhi to Arabic for Punjabi locale.
14042 * (T116020) Aliases of magic words in MessagesXx.php are sorted by usage.
14044 === Other changes in 1.27 ===
14045 * Added dependency injection (DI) infrastructure, see docs/injection.txt for
14047 It is planned to incrementally move MediaWiki code towards using DI, using the
14048 service locator (SL) pattern as a stepping stone.
14049 * ProfilerOutputUdp was removed. Note that there is a ProfilerOutputStats class.
14050 * WikiPage::doDeleteArticleReal() and WikiPage::doDeleteArticle() now
14051 ignore the 2nd and 3rd arguments (formerly $id and $commit).
14052 * Removed "loaderScripts" option from ResourceLoaderFileModule class.
14053 * Removed ORM-like wrapper added in 1.20.
14054 * LinkCache::getGoodLinks and LinkCache::getBadLinks were removed
14055 (deprecated in 1.26).
14056 * WikiPage::doQuickEdit() was removed (deprecated since 1.21).
14057 * Removed SiteObject and SiteArray classes (deprecated in 1.21).
14058 * MessageBlobStore::getInstance() was removed (deprecated since 1.25).
14059 * (T84937) Free external links ("autolinked" urls) will now be terminated
14060 by and HTML entity encodings of  , <, and >.
14061 * (T36948) The default file revert message's timestamp is now in
14062 $wgLocaltimezone, instead of UTC.
14063 * The default name of the 'suppress' group page has been changed from
14064 'Project:Oversight' to 'Project:Suppress'.
14065 * DatabaseBase::resultObject() is now protected (use outside Database classes
14066 not necessary since 1.11).
14067 * Calling ResourceLoaderFileModule::readStyleFiles() without a
14068 ResourceLoaderContext instance is deprecated.
14069 * ResourceLoader::getLessCompiler() now takes an optional parameter of
14070 additional LESS variables to set for the compiler.
14071 * wfBaseConvert() marked as deprecated, use Wikimedia\base_convert() directly
14073 * Obsolete maintenance scripts clearCacheStats.php and showCacheStats.php
14074 were removed. The underlying data is sent to StatsD (see $wgStatsdServer).
14075 * Removed msg_resource_links database table and associated code.
14076 * Removed msg_resource database table and associated code.
14077 * Skin::getNamespaceNotice() was removed.
14078 * wfIsConfiguredProxy() was removed (deprecated since 1.24).
14079 * wfDebugTimer() was removed (deprecated since 1.25).
14080 * wfIsTrustedProxy() was removed (deprecated since 1.24).
14081 * wfGetIP() was removed (deprecated since 1.19).
14082 * MWHookException was removed.
14083 * OutputPage::appendSubtitle() was removed (deprecated since 1.19).
14084 * OutputPage::loginToUse() was removed (deprecated since 1.19).
14085 * Article::loadContent() was removed (deprecated since 1.19).
14086 * User::editToken() was removed (deprecated since 1.19).
14087 * Removed --force-normal option of dumpBackup.php, as it no longer served
14088 any useful purpose since 1.22.
14089 * The functions processOption() and processArgs() on the BackupDumper and
14090 TextPassDumper classes have been removed.
14091 * The maintenance/backupTextPass.inc file was deleted. You should include
14092 maintenance/dumpTextPass.php instead.
14093 * WikiPage::getUsedTemplates() was removed (deprecated since 1.19).
14094 * wfEmptyMsg() was removed (deprecated since 1.18).
14095 * OutputPage::permissionRequired() was removed (deprecated since 1.18).
14096 * OutputPage::blockedPage() was removed (deprecated since 1.18).
14097 * User::getSkin() was removed (deprecated since 1.18).
14098 * OutputPage::includeJQuery() was removed (deprecated since 1.17).
14099 * WikiPage::updateRestrictions() was removed (deprecated since 1.19).
14100 * WikiPage::testPreSaveTransform() was removed (deprecated since 1.19).
14101 * LogPage::logName() was removed (deprecated since 1.19).
14102 * LogPage::logHeader() was removed (deprecated since 1.19).
14103 * wfCheckLimits() was removed (deprecated since 1.24).
14104 * Linker::makeKnownLinkObj() was removed (deprecated since 1.16).
14105 * Linker::makeLinkObj() was removed (deprecated since 1.16).
14106 * wfMsgForContentNoTrans() was removed (deprecated since 1.18).
14107 * ChangesList::usePatrol was removed (deprecated since 1.22).
14108 * wfMsgNoTrans() was removed (deprecated since 1.18).
14109 * Linker::makeImageLink2 was removed (deprecated since 1.20).
14110 * Title::userIsWatching() was removed (deprecated since 1.20).
14111 * Removed WaitForSlave maintenance script; use SELECT MASTER_POS_WAIT()
14112 database function directly instead.
14113 * wfMsg() was removed (deprecated since 1.18).
14114 * wfMsgForContent() was removed (deprecated since 1.18).
14115 * wfMsgReal() was removed (deprecated since 1.18).
14116 * wfMsgGetKey() was removed (deprecated since 1.18).
14117 * wfMsgHtml() was removed (deprecated since 1.18).
14118 * wfMsgWikiHtml() was removed (deprecated since 1.18).
14119 * wfMsgExt() was removed (deprecated since 1.18).
14120 * Language::armourMath() was removed (deprecated since 1.22).
14121 * LanguageConverter::armourMath() was removed (deprecated since 1.22).
14122 * FakeConverter::armourMath() was removed (deprecated since 1.22).
14123 * The unused jquery.validate ResourceLoader module was removed.
14124 * FileRepo::getRootUrl() was removed (deprecated since 1.20).
14125 * User::generateToken() was removed (deprecated since 1.20).
14126 * WikiPage::getRawText() was removed (deprecated since 1.21).
14127 * ParserOutput::hasCustomDataUpdates() was removed (deprecated since 1.25).
14128 * ParserOutput::addSecondaryDataUpdate() was removed (deprecated since 1.25).
14129 * ParserOutput::getSecondaryDataUpdates() was removed (deprecated since 1.25).
14130 * Gallery images with multiple caption pipes no longer concatenate them all
14131 together but instead pick the final one, similar to image syntax.
14132 * XML-like parser tags (such as <gallery>), when unclosed, will be left unparsed
14133 rather than consume everything until the end of the page.
14134 * New maintenance script resetUserEmail.php allows sysadmins to reset user
14135 emails in case a user forgot password/account was stolen.
14136 * wfCheckEntropy() was removed (deprecated in 1.27).
14137 * Browser support for Internet Explorer 8 lowered from Grade A to Grade C.
14138 * ContentHandler::supportsCategories method added. Default is true.
14139 CategoryMembershipChangeJob updates are skipped for content that
14140 does not support categories.
14141 * wikidiff difference engine is no longer supported, anyone still using it are
14142 encouraged to upgrade to wikidiff2 which is actively maintained and has better
14143 package availability.
14144 * Database logic was removed from WatchedItem and a WatchedItemStore was
14146 ** WatchedItem::IGNORE_USER_RIGHTS and WatchedItem::CHECK_USER_RIGHTS were
14147 deprecated. User::IGNORE_USER_RIGHTS and User::CHECK_USER_RIGHTS were
14149 ** WatchedItem::fromUserTitle was deprecated in favour of the constructor.
14150 ** WatchedItem::resetNotificationTimestamp was deprecated.
14151 ** WatchedItem::batchAddWatch was deprecated.
14152 ** WatchedItem::addWatch was deprecated.
14153 ** WatchedItem::removeWatch was deprecated.
14154 ** WatchedItem::isWatched was deprecated.
14155 ** WatchedItem::duplicateEntries was deprecated.
14156 ** EmailNotification::updateWatchlistTimestamp was deprecated.
14157 ** User::getWatchedItem was removed.
14158 * Unit tests don't work with external PHPUnit anymore, Composer is now the only
14159 supported way. Run `composer install` to install it and other dev dependencies
14161 * wl_id field added to the watchlist table.
14162 * Revision::getRawText() was removed (deprecated since 1.21).
14163 * WikiPage::replaceSection() was removed (deprecated since 1.21).
14164 * Article::replaceSection() was removed (deprecated since 1.21).
14165 * Language::getLangObj() was removed (deprecated since 1.24).
14166 * Language::getLanguageName() was removed (deprecated since 1.20).
14167 * Language::getLanguageNames() was removed (deprecated since 1.20).
14168 * Language::getTranslatedLanguageNames() was removed (deprecated since 1.20).
14169 * Language::specialPage() was removed (deprecated since 1.24).
14170 * MediaWikiTestCase::assertException() was removed (deprecated since 1.22).
14171 * OutputPage::getHeadItems() was removed (deprecated since 1.24).
14172 * OutputPage::getScript() was removed (deprecated since 1.24).
14173 * OutputPage::out() was removed (deprecated since 1.22).
14174 * OutputPage::setAllowedModules() was removed (deprecated since 1.24).
14175 * UserrightsPage::makeGroupNameListForLog() was removed (deprecated since 1.21).
14176 * MediaWikiSite::newFromGlobalId() was removed (deprecated since 1.21).
14177 * Title::newFromRedirect() was removed (deprecated since 1.21).
14178 * Skin::commonPrintStylesheet() was removed (deprecated since 1.22).
14179 * Skin::getCommonStylePath() was removed (deprecated since 1.24).
14180 * Skin::newFromKey() was removed (deprecated since 1.24).
14181 * Skin::getUsableSkins() was removed (deprecated since 1.23).
14182 * LoadBalancer::pickRandom() was removed (deprecated in 1.21).
14183 * Article::getUndoText() and WikiPage::getUndoText were removed (deprecated
14185 * DifferenceEngine::setText() was removed (deprecated in 1.21).
14186 * Title::newFromRedirectArray() was removed (deprecated in 1.21).
14187 * UserMailer::send() no longer accepts $replyto as the 5th argument and
14188 $contentType as the 6th. These must be passed in the options array now.
14189 * Title::newFromRedirectRecurse() was removed (deprecated in 1.21).
14190 * Skin::accesskey was removed (deprecated since 1.21).
14191 * Skin::blockLink was removed (deprecated since 1.21).
14192 * Skin::buildRollbackLink was removed (deprecated since 1.21).
14193 * Skin::emailLink was removed (deprecated since 1.21).
14194 * Skin::formatComment was removed (deprecated since 1.21).
14195 * Skin::formatHiddenCategories was removed (deprecated since 1.21).
14196 * Skin::formatLinksInComment was removed (deprecated since 1.21).
14197 * Skin::formatRevisionSize was removed (deprecated since 1.21).
14198 * Skin::formatSize was removed (deprecated since 1.21).
14199 * Skin::formatTemplates was removed (deprecated since 1.21).
14200 * Skin::generateTOC was removed (deprecated since 1.21).
14201 * Skin::getInternalLinkAttributes was removed (deprecated since 1.21).
14202 * Skin::getInternalLinkAttributesObj was removed (deprecated since 1.21).
14203 * Skin::getInterwikiLinkAttributes was removed (deprecated since 1.21).
14204 * Skin::getInvalidTitleDescription was removed (deprecated since 1.21).
14205 * Skin::getLinkColour was removed (deprecated since 1.21).
14206 * Skin::getRevDeleteLink was removed (deprecated since 1.21).
14207 * Skin::getRollbackEditCount was removed (deprecated since 1.21).
14208 * Skin::makeBrokenImageLinkObj was removed (deprecated since 1.21).
14209 * Skin::makeCommentLink was removed (deprecated since 1.21).
14210 * Skin::makeExternalImage was removed (deprecated since 1.21).
14211 * Skin::makeExternalLink was removed (deprecated since 1.21).
14212 * Skin::makeHeadline was removed (deprecated since 1.21).
14213 * Skin::makeImageLink was removed (deprecated since 1.21).
14214 * Skin::makeMediaLinkFile was removed (deprecated since 1.21).
14215 * Skin::makeMediaLinkObj was removed (deprecated since 1.21).
14216 * Skin::makeSelfLinkObj was removed (deprecated since 1.21).
14217 * Skin::makeThumbLink2 was removed (deprecated since 1.21).
14218 * Skin::makeThumbLinkObj was removed (deprecated since 1.21).
14219 * Skin::normaliseSpecialPage was removed (deprecated since 1.21).
14220 * Skin::normalizeSubpageLink was removed (deprecated since 1.21).
14221 * Skin::processResponsiveImages was removed (deprecated since 1.21).
14222 * Skin::revComment was removed (deprecated since 1.21).
14223 * Skin::revDeleteLink was removed (deprecated since 1.21).
14224 * Skin::revDeleteLinkDisabled was removed (deprecated since 1.21).
14225 * Skin::revUserLink was removed (deprecated since 1.21).
14226 * Skin::revUserTools was removed (deprecated since 1.21).
14227 * Skin::specialLink was removed (deprecated since 1.21).
14228 * Skin::splitTrail was removed (deprecated since 1.21).
14229 * Skin::titleAttrib was removed (deprecated since 1.21).
14230 * Skin::tocIndent was removed (deprecated since 1.21).
14231 * Skin::tocLine was removed (deprecated since 1.21).
14232 * Skin::tocLineEnd was removed (deprecated since 1.21).
14233 * Skin::tocList was removed (deprecated since 1.21).
14234 * Skin::tocUnindent was removed (deprecated since 1.21).
14235 * Skin::tooltip was removed (deprecated since 1.21).
14236 * Skin::tooltipAndAccesskeyAttribs was removed (deprecated since 1.21).
14237 * Skin::userTalkLink was removed (deprecated since 1.21).
14238 * Skin::userToolLinksRedContribs was removed (deprecated since 1.21).
14239 * wikidiff3 is now the default and only PHP diff engine. It provides improved
14240 diff performance on complex changes. $wgExternalDiffEngine = 'wikidiff3'
14241 therefore makes no difference now. Users are still recommended to use
14242 wikidiff2 if possible, though.
14243 * User::addNewUserLogEntry() was deprecated.
14244 * User::addNewUserLogEntryAutoCreate() was deprecated.
14245 * User::isPasswordReminderThrottled() was deprecated.
14246 * Bot-oriented parameters to Special:UserLogin (wpCookieCheck,
14247 wpSkipCookieCheck) were removed.
14248 * Installer can now be customized without patching MediaWiki code, see
14249 mw-config/overrides/README for details.
14251 === Compatibility ===
14253 MediaWiki 1.27 requires PHP 5.5.9 or later. There is experimental support for
14254 HHVM 3.6.5 or later.
14256 MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but
14257 support for them is somewhat less mature. There is experimental support for
14258 Oracle and Microsoft SQL Server.
14260 The supported versions are:
14262 * MySQL 5.0.3 or later
14263 * PostgreSQL 8.3 or later
14264 * SQLite 3.3.7 or later
14265 * Oracle 9.0.1 or later
14266 * Microsoft SQL Server 2005 (9.00.1399)
14270 1.27 has several database changes since 1.26, and will not work without schema
14271 updates. Note that due to changes to some very large tables like the revision
14272 table, the schema update may take quite long (minutes on a medium sized site,
14273 many hours on a large site).
14275 If upgrading from before 1.11, and you are using a wiki as a commons
14276 repository, make sure that it is updated as well. Otherwise, errors may arise
14277 due to database schema changes.
14279 If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
14280 new database fields are filled with data.
14282 If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to
14283 1.5 first. The upgrade script maintenance/upgrade1_5.php has been removed
14284 with MediaWiki 1.21.
14286 Don't forget to always back up your database before upgrading!
14288 See the file UPGRADE for more detailed upgrade instructions.
14290 For notes on 1.26.x and older releases, see HISTORY.
14295 == MediaWiki 1.26.4 ==
14297 This is a maintenance release of the MediaWiki 1.26 branch.
14299 === Changes since 1.26.3 ===
14300 * BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
14301 made by MediaWiki via a proxy. Relying on the http_proxy environment
14302 variable is no longer supported.
14303 * (T124163) Fixed fatal error in DifferenceEngine under HHVM.
14304 * (T139565) SECURITY: API: Generate head items in the context of the given title
14305 * (T137264) SECURITY: XSS in unclosed internal links
14306 * (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
14307 * (T133147) SECURITY: Require login to preview user CSS pages
14308 * (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
14310 * (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
14312 * (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
14313 * (T115333) SECURITY: Check read permission when loading page content in
14315 * Remove support for $wgWellFormedXml = false, all output is now well formed
14317 == MediaWiki 1.26.3 ==
14319 This is a maintenance release of the MediaWiki 1.26 branch.
14321 === Changes since 1.26.2 ===
14322 * (T116266) Fixed undefined property notices in DairikiDiff under HHVM.
14323 * (T123166) Fix fatal error when importing pages to titles which cannot be
14324 created, such as invalid titles or titles the user is not allowed to edit.
14325 * (T122056) Old tokens are remaining valid within a new session
14326 * (T127114) Login throttle can be tricked using non-canonicalized usernames
14327 * (T123653) Cross-domain policy regexp is too narrow
14328 * (T123071) Incorrectly identifying http link in a's href attributes, due to
14329 m modifier in regex
14330 * (T129506) MediaWiki:Gadget-popups.js isn't renderable
14331 * (T125283) Users occasionally logged in as different users after
14332 SessionManager deployment
14333 * (T103239) Patrol allows click catching and patrolling of any page
14334 * (T122807) [tracking] Check php crypto primatives
14335 * (T98313) Graphs can leak tokens, leading to CSRF
14336 * (T130947) Diff generation should use PoolCounter
14337 * (T133507) Careless use of $wgExternalLinkTarget is insecure
14338 * (T132874) API action=move is not rate limited
14339 * (T110143) strip markers can be used to get around html attribute escaping in
14340 (many?) parser tags
14341 * (T116030) Increase pbkdf2 parameter strengths
14342 * (T127420) Pbkdf2Password does not check if hash_pbkdf2() succeeded
14343 * (T126685) Globally throttle password attempts
14345 == MediaWiki 1.26.2 ==
14347 This is a maintenance release of the MediaWiki 1.26 branch.
14349 === Changes since 1.26.1 ===
14350 * (T121892) Fix fatal error on some Special pages, introduced in 1.26.1.
14352 == MediaWiki 1.26.1 ==
14354 This is a maintenance release of the MediaWiki 1.26 branch.
14356 === Changes since 1.26.0 ===
14357 * (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths
14358 that do not begin with a slash. This enabled trivial XSS attacks.
14359 Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are
14360 "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an
14362 * (T119309) SECURITY: Use hash_compare() for edit token comparison
14363 * (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting
14364 with '@' as file uploads
14365 * (T115522) SECURITY: Passwords generated by User::randomPassword() can no
14366 longer be shorter than $wgMinimalPasswordLength
14367 * (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could
14368 result in improper blocks being issued
14369 * (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions
14370 and related pages no longer use HTTP redirects and are now redirected by
14372 * Fixed ConfigException in ExpandTemplates due to AlwaysUseTidy.
14373 * Fixed stray literal \n in Special:Search.
14374 * Fix issue that breaks HHVM Repo Authorative mode.
14375 * (T120267) Work around APCu memory corruption bug
14377 == MediaWiki 1.26.0 ==
14379 === Configuration changes in 1.26 ===
14380 * $wgPasswordResetRoutes['email'] = true by default.
14381 * $wgEnableParserCache was deprecated, set $wgParserCacheType to CACHE_NONE
14382 instead if you want to disable the parser cache.
14383 * New-style continuation is now the default for API action=continue. Clients may
14384 use the 'rawcontinue' parameter to receive raw query-continue data, but the
14385 new style is encouraged as it's harder to implement incorrectly.
14386 * Deprecated API formats dump and wddx have been completely removed.
14387 * (T7645) The "Signature" button on the edit toolbar is now hidden by default
14388 in non-talk namespaces. A new configuration variable,
14389 $wgExtraSignatureNamespaces, controls in which subject (non-talk) namespaces
14390 the "Signature" button on the edit toolbar will be displayed.
14391 * $wgResourceLoaderUseESI was deprecated and removed. This was an experimental
14392 feature that was never enabled by default.
14393 * $wgResourceLoaderExperimentalAsyncLoading was deprecated and removed.
14394 This experimental feature was never enabled by default and is obsolete as of
14395 MediaWiki 1.26, in where ResourceLoader became fully asynchronous.
14396 * $wgMasterWaitTimeout was removed (deprecated in 1.24).
14397 * Fields in ParserOptions are now private. Use the accessors instead.
14398 * Custom LESS functions (defined via $wgResourceLoaderLESSFunctions or
14399 in extension.json) have been removed, after being deprecated in 1.24.
14400 * $wgAlwaysUseTidy has been removed.
14401 * ResetSessionID hook has been removed. Nothing seems to use it.
14402 * Certain AuthPlugin methods are deprecated in favor of new hooks:
14403 ** AuthPlugin::initUser() is replaced by LocalUserCreated.
14404 ** AuthPlugin::updateUser() is replaced by UserLoggedIn.
14405 ** AuthPlugin::updateExternalDB() is replaced by the existing UserSaveSettings.
14406 ** AuthPlugin::updateExternalDBGroups() is replaced by UserGroupsChanged.
14407 ** AuthPluginUser::isHidden() is replaced by UserIsHidden.
14408 ** AuthPluginUser::isLocked() is replaced by UserIsLocked.
14409 * The UserRights hook is deprecated in favor of the new UserGroupsChanged hook.
14410 * AuthPlugin::initUser() and AuthPlugin::updateUser() should no longer replace
14411 the passed User object.
14412 * $wgBlockAllowsUTEdit is now set to true by default. This allows
14413 blocked users to edit their talk pages unless explicitly disabled
14414 when they are being blocked.
14416 === New features in 1.26 ===
14417 * (T51506) Now action=info gives estimates of actual watchers for a page.
14418 See $wgRCMaxAge, $wgWatchersMaxAge and $wgUnwatchedPageSecret
14419 to learn how to configure if needed.
14420 * Change tags can now be hidden in the interface by disabling the associated
14421 "tag-<id>" interface message.
14422 * ':' (colon) is now invalid in usernames for new accounts. Existing accounts
14424 * Added a new hook, 'LogException', to log exceptions in nonstandard ways.
14425 * Revive the 'SpecialSearchResultsAppend' hook which occurs after the list of
14426 search results are rendered. The initial use case is to append a "give us
14427 feedback" link beneath the search results.
14428 * Added a new hook, 'RejectParserCacheValue', which allows extensions to
14429 reject an otherwise-successful parser cache lookup. The intent is to allow
14430 extensions to manage the eviction of archaic HTML output from the cache.
14431 * (T68699) The expiration of the UserID and Token login cookies
14432 ($wgExtendedLoginCookieExpiration) can be configured independently of the
14433 expiration of all other cookies ($wgCookieExpiration).
14434 * (T50519) Support for generating JPEG/PNG thumbnails from WebP images added
14435 if ImageMagick is used as image scaler ($wgUseImageMagick = true). Uploading
14436 of WebP images still disabled by default. Add $wgFileExtensions[] =
14437 'webp'; to LocalSettings.php to enable uploading of WebP images.
14438 * Added new hooks 'EnhancedChangesListModifyLineData' &
14439 'EnhancedChangesListModifyBlockLineData', to modify the data used to build
14440 lines in enhanced recentchanges and watchlist.
14441 * Caches that need purging ability now use the WANObjectCache interface.
14442 This corresponds to a new $wgMainWANCache setting, which defaults to using
14443 the $wgMainCacheType settings.
14444 * Callers needing fast light-weight data stores use $wgMainStash to select
14445 the store type from $wgObjectCaches. The default is the local database.
14446 * Interface message overrides in the MediaWiki namespace will now be cached in
14447 memcached and APC (if available), rather than memcached and local files.
14448 * Added a new hook, 'RandomPageQuery', to allow modification of the query used
14449 by Special:Random to select random pages.
14450 * $wgTransactionalTimeLimit was added, which controls the request time limit
14451 for potentially slow POST requests that need to be as atomic as possible.
14452 * ResourceLoader now loads all scripts asynchronously. The top-queue and
14453 startup modules are no longer synchronously loaded.
14454 * 'mediawiki.ui.button' styles are no longer unconditionally loaded on every
14455 page. During the deprecation period, the styles will only be loaded on pages
14456 which contain 'mw-ui-button' in their HTML. Starting in 1.28, the styles will
14457 only be loaded if explicitly required.
14458 * If search returns zero results and current search engine has a "did you mean"
14459 suggestion, results for suggestion will be shown. Can be disabled by setting
14460 $wgSearchRunSuggestedQuery to false.
14461 * Added several JavaScript libraries for uploading files to MediaWiki
14462 from the client-side. See documentation for mw.Upload and its
14463 subclasses for more information.
14464 * Added OOUI dialogs and layout for file upload interfaces. See
14465 documentation for mw.Upload.Dialog, mw.Upload.BookletLayout and its
14466 subclasses for more information.
14468 === extension.json changes in 1.26 ===
14469 * (T99344) The extension.json schema is now versioned. All extensions
14470 and skins should set a "manifest_version" property corresponding to
14471 the schema version they were written for. The only supported version
14473 * (T102523) The error message if a non-array attribute is set was improved.
14474 * (T107646) Configuration settings can now specify how they should be merged,
14475 which is necessary for arrays using integer keys.
14476 * (T110389) Adding namespaces through extension.json now actually works
14477 * $wgNamespaceProtection can now be set in extension.json.
14478 * $wgCapitalLinkOverrides can now be set in extension.json.
14479 * (T97186) Extensions using a custom prefix for their configuration settings
14480 can now set a "_prefix" key to override the default of "wg".
14481 * (T99084) Extensions can now specify what MediaWiki core versions they
14483 * (T105236) The extension.json schema now validates custom classes in
14484 the "ResourceModules" property properly.
14486 === External library changes in 1.26 ===
14487 ==== Upgraded external libraries ====
14488 * Updated es5-shim from v4.0.0 to v4.1.5.
14489 * Updated json2 from revision 2014-02-04 to 2015-05-03.
14490 * Updated Sinon.JS from 1.10.3 to 1.15.4.
14491 * Updated jQuery Client from v1.0.0 to v2.0.0.
14492 * Updated QUnit from v1.17.1 to v1.18.0.
14493 * Updated liuggio/statsd-php-client from v1.0.12 to v1.0.16.
14494 * Updated oojs/oojs-ui from v0.11.3 to v0.12.12.
14495 * Updated wikimedia/cdb from v1.0.1 to v1.3.0.
14496 * Updated wikimedia/utfnormal from v1.0.2 to v1.0.3.
14497 * Updated wikimedia/composer-merge-plugin from v1.0.0 to v1.3.0.
14498 * Updated zordius/lightncandy from v0.18 to v0.21.
14500 ==== New external libraries ====
14501 * Added composer/semver v1.0.0.
14502 * Added mediawiki/at-ease v1.1.0.
14503 * Added wikimedia/assert v0.2.2.
14504 * Added wikimedia/ip-set v1.0.1.
14505 * Added wikimedia/wrappedstring v2.0.0.
14507 ==== Removed and replaced external libraries ====
14508 * Replaced leafo/lessphp v0.5.0 with oyejorge/less.php v1.7.0.9.
14510 === Bug fixes in 1.26 ===
14511 * (T53283) load.php sometimes sends 304 response without full headers
14512 * (T65198) Talk page tabs now have a "rel=discussion" attribute
14513 * (T98841) {{msgnw:}} now preserves comments even when subst: is not used.
14514 * (T104142) $wgEmergencyContact and $wgPasswordSender now use their default
14515 value if set to an empty string.
14517 === Action API changes in 1.26 ===
14518 * New-style continuation is now the default for action=continue. Clients may
14519 use the 'rawcontinue' parameter to receive raw query-continue data, but the
14520 new style is encouraged as it's harder to implement incorrectly.
14521 * Deprecated API formats dump and wddx have been completely removed.
14522 * API action=query&list=tags: The displayname can now be boolean false if the
14523 tag is meant to be hidden from user interfaces.
14524 * action=import no longer allows both the namespace= and rootpage= parameters
14525 to be set. If they are both set, the value of rootpage= will be ignored.
14526 * prop=revision output in enum mode is now sorted by timestamp rather than
14527 revision ID. This usually won't make any difference.
14528 * (T102645) Namespace list from meta=siteinfo&siprop=namespaces is now an array
14529 with formatversion=2.
14530 * Various other output from meta=siteinfo will now always be arrays instead of
14531 sometimes being numerically-indexed objects with formatversion=2.
14532 * When errors about users being blocked are returned, they now include
14533 information about the relevant block.
14534 * (T99926) list=random has higher limits, in line with other API modules.
14535 * list=random's rnredirect parameter is deprecated in favor of a new
14536 rnfilterredir parameter that also allows for listing both redirects and
14538 * list=random now supports continuation.
14539 * API responses to GET requests may now include ETag and Last-Modified headers,
14540 and will honor corresponding If-None-Match and If-Modified-Since on such
14543 === Action API internal changes in 1.26 ===
14544 * New metadata item ApiResult::META_KVP_MERGE to allow for merging the KVP key
14545 into the value when the value is an assoc.
14546 * API action modules may now provide values for the RFC 7232 ETag and
14547 Last-Modified headers. The API will check these against If-None-Match and
14548 If-Modified-Since request headers on GET requests and avoid executing the
14549 module when appropriate.
14551 === Languages updated in 1.26 ===
14553 MediaWiki supports over 350 languages. Many localisations are updated
14554 regularly. Below only new and removed languages are listed, as well as
14555 changes to languages because of Phabricator reports.
14558 ** ase (American sign language), thanks to translator Icemandeaf
14559 ** dty (डोटेली/Doteli), thanks to translators जनक राज भट्ट, बिप्लब आनन्द,
14560 मेश सिंह बोहरा, and राम प्रसाद जोशी
14561 ** luz (لئری دوٙمینی / Southern Luri)
14562 ** olo (Livvinкarjala / Livvi-Karelian), thanks to translators Denö, Hiloin
14563 Natoi, Ilja.mos, and Mashoi7
14565 === Other changes in 1.26 ===
14566 * ChangeTags::tagDescription() will return false if the interface message
14567 for the tag is disabled.
14568 * Added PageHistoryPager::doBatchLookups hook.
14569 * Added $wikiId parameter to FormatAutocomments hook.
14570 * Added ParserCacheSaveComplete to ParserCache
14571 * supportsDirectEditing and supportsDirectApiEditing methods added to
14572 ContentHandler, to provide a way for ApiEditPage and EditPage to check
14573 if direct editing of content is allowed. These methods return false,
14574 by default for the ContentHandler base class and true for TextContentHandler
14575 and it's derivative classes (everything in core). For Content types that
14576 do not support direct editing, an alternative mechanism should be provided
14577 for editing, such as action overrides or specific api modules.
14578 * mediaWiki.confirmCloseWindow now returns an object of functions, instead of
14579 one function. The callback can't be called directly any more. The callback
14580 function is replaced with confirmCloseWindow.release().
14581 * BREAKING CHANGE: Added an optional ResouceLoaderContext parameter to
14582 ResourceLoaderModule::getDependencies(). Extension classes that override that
14583 method should be updated. If they aren't updated, PHP Strict standards
14584 warnings will appear when E_STRICT error reporting is enabled. Note: in the
14585 near future, this parameter will probably become non-optional.
14586 * Removed maintenance script deleteImageMemcached.php.
14587 * MWFunction::newObj() was removed (deprecated in 1.25).
14588 ObjectFactory::getObjectFromSpec() should be used instead.
14589 * The parser will no longer randomize the string it uses to mark the place of
14590 items that were stripped during parsing. It will use a fixed string instead.
14591 This causes the parser to re-use the regular expressions it uses to search
14592 and replace markers rather than generate novel expressions on each parse.
14593 Re-using regular expressions will improve performance on HHVM and the
14594 forthcoming PHP 7. The interfaces changes accompanying this change are:
14595 - Parser::getRandomString() and Parser::uniqPrefix() have been deprecated.
14596 - The $uniq_prefix argument for Parser::extractTagsAndParams() and the
14597 $prefix argument for StripState::_construct() are deprecated and their
14599 * wfSuppressWarnings() and wfRestoreWarnings() were split into a separate
14600 library, mediawiki/at-ease, and are now deprecated. Callers should use
14601 MediaWiki\suppressWarnings() and MediaWiki\restoreWarnings() directly.
14602 * The Block class constructor now takes an associative array of parameters
14603 instead of many optional positional arguments. Calling the constructor the old
14604 way will issue a deprecation warning.
14605 * The jquery.mwExtension module was deprecated.
14606 * $wgSpecialPageGroups was removed (deprecated in 1.21).
14607 * SpecialPageFactory::setGroup was removed (deprecated in 1.21).
14608 * SpecialPageFactory::getGroup was removed (deprecated in 1.21).
14609 * DatabaseBase::ignoreErrors() is now protected.
14610 * BREAKING CHANGE: mediawiki.legacy.ajax has been removed, following
14611 a lengthy deprecation period.
14612 * The ScopedPHPTimeout class was removed.
14613 * Removed maintenance script fixSlaveDesync.php.
14614 * Watchlist tokens, SpecialResetTokens, and User::getTokenFromOption()
14615 are deprecated. Applications using those can work via the OAuth
14616 extension instead. New tokens types should not be added.
14617 * DatabaseBase::errorCount() was removed (unused).
14618 * $wgDeferredUpdateList was removed.
14619 * DeferredUpdates::addHTMLCacheUpdate() was removed.
14623 == MediaWiki 1.25.6 ==
14625 This is a maintenance release of the MediaWiki 1.25 branch.
14627 === Changes since 1.25.5 ===
14628 * (T123166) Fix fatal error when importing pages to titles which cannot be
14629 created, such as invalid titles or titles the user is not allowed to edit.
14630 * (T122056) Old tokens are remaining valid within a new session
14631 * (T127114) Login throttle can be tricked using non-canonicalized usernames
14632 * (T123653) Cross-domain policy regexp is too narrow
14633 * (T123071) Incorrectly identifying http link in a's href attributes, due to
14634 m modifier in regex
14635 * (T129506) MediaWiki:Gadget-popups.js isn't renderable
14636 * (T125283) Users occasionally logged in as different users after
14637 SessionManager deployment
14638 * (T103239) Patrol allows click catching and patrolling of any page
14639 * (T122807) [tracking] Check php crypto primatives
14640 * (T98313) Graphs can leak tokens, leading to CSRF
14641 * (T130947) Diff generation should use PoolCounter
14642 * (T133507) Careless use of $wgExternalLinkTarget is insecure
14643 * (T132874) API action=move is not rate limited
14644 * (T110143) strip markers can be used to get around html attribute escaping in
14645 (many?) parser tags
14646 * (T116030) Increase pbkdf2 parameter strengths
14647 * (T127420) Pbkdf2Password does not check if hash_pbkdf2() succeeded
14648 * (T126685) Globally throttle password attempts
14650 == MediaWiki 1.25.5 ==
14652 This is a maintenance release of the MediaWiki 1.25 branch.
14654 === Changes since 1.25.4 ===
14655 * (T121892) Fix fatal error on some Special pages, introduced in 1.25.4.
14657 == MediaWiki 1.25.4 ==
14659 This is a security and maintenance release of the MediaWiki 1.25 branch.
14661 === Changes since 1.25.3 ===
14662 * (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths
14663 that do not begin with a slash. This enabled trivial XSS attacks.
14664 Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are
14665 "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an
14667 * (T119309) SECURITY: Use hash_compare() for edit token comparison
14668 * (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting
14669 with '@' as file uploads
14670 * (T115522) SECURITY: Passwords generated by User::randomPassword() can no
14671 longer be shorter than $wgMinimalPasswordLength
14672 * (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could
14673 result in improper blocks being issued
14674 * (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions
14675 and related pages no longer use HTTP redirects and are now redirected by
14677 * (T103237) $wgUseGzip had no effect when using file cache.
14678 * (T114606) mw.notify was not correctly fixed to the page if
14679 initialized while not at the top of the page.
14680 * Fix issue that breaks HHVM Repo Authorative mode.
14682 == MediaWiki 1.25.3 ==
14684 This is a security and maintenance release of the MediaWiki 1.25 branch.
14686 === Changes since 1.25.2 ===
14688 * (T98975) Fix having multiple callbacks for a single hook.
14689 * (T107632) maintenance/refreshLinks.php did not always remove all links
14690 pointing to nonexistent pages.
14691 * (T104142) $wgEmergencyContact and $wgPasswordSender now use their default
14692 value if set to an empty string.
14693 * (T62174) Provide fallbacks for use of mb_convert_encoding() in
14694 HtmlFormatter. It was causing an error when accessing the api help page
14695 if the mbstring PHP extension was not installed.
14696 * (T105896) Confirmation emails would sometimes contain invalid codes.
14697 * (T105597) Fixed edit stash inclusion queries.
14698 * (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload
14699 * (T91203, T91205) SECURITY: API: Improve validation in chunked uploading
14700 * (T95589) SECURITY: RevDel: Check all revisions for suppression, not just the
14702 * (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails
14704 == MediaWiki 1.25.2 ==
14706 This is a security and maintenance release of the MediaWiki 1.25 branch.
14708 === Changes since 1.25.1 ===
14710 * (T94116) SECURITY: Compare API watchlist token in constant time
14711 * (T97391) SECURITY: Escape error message strings in thumb.php
14712 * (T106893) SECURITY: Don't leak autoblocked IP addresses on
14713 Special:DeletedContributions
14714 * (T102562) Fix InstantCommons parameters to handle the new HTTPS-only
14715 policy of Wikimedia Commons.
14716 * (T100767) Setting a configuration setting for skin or extension to
14717 false in LocalSettings.php was not working.
14718 * (T100635) API action=opensearch json output no longer breaks when
14719 $wgDebugToolbar is enabled.
14720 * (T102522) Using an extension.json or skin.json file which has
14721 a "manifest_version" property for 1.26 compatability will no longer
14723 * (T86156) Running updateSearchIndex.php will not throw an error as
14724 page_restrictions has been added to the locked table list.
14725 * Special:Version would throw notices if using SVN due to an incorrectly
14726 named variable. Add an additional check that an index is defined.
14728 == MediaWiki 1.25.1 ==
14730 This is a bug fix release of the MediaWiki 1.25 branch.
14732 === Changes since 1.25 ===
14733 * (T100351) Fix syntax errors in extension.json of ConfirmEdit extension
14735 == MediaWiki 1.25.0 ==
14737 === Configuration changes in 1.25 ===
14738 * $wgPageShowWatchingUsers was removed.
14739 * $wgLocalVirtualHosts has been added to replace $wgConf->localVHosts.
14740 * $wgAntiLockFlags was removed.
14741 * $wgJavaScriptTestConfig was removed.
14742 * Edit tokens returned from User::getEditToken may change on every call. Token
14743 validity must be checked by passing the user-supplied token to
14744 User::matchEditToken rather than by testing for equality with a
14745 newly-generated token.
14746 * (T74951) The UserGetLanguageObject hook may be passed any IContextSource
14747 for its $context parameter. Formerly it was documented as receiving a
14748 RequestContext specifically.
14749 * Profiling was restructured and $wgProfiler now requires an 'output' parameter.
14750 See StartProfiler.sample for details.
14751 * $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that
14752 might be a flash policy directive configurable.
14753 * ApiOpenSearch now supports XML output. The OpenSearchXml extension should no
14754 longer be used. If extracts and page images are desired, the TextExtracts and
14755 PageImages extensions are required.
14756 * $wgOpenSearchTemplate is deprecated in favor of $wgOpenSearchTemplates.
14757 * Edits are now prepared via AJAX as users type edit summaries. This behavior
14758 can be disabled via $wgAjaxEditStash.
14759 * (T46740) The temporary option $wgIncludejQueryMigrate was removed, along
14760 with the jQuery Migrate library, as indicated when this option was provided in
14762 * ProfilerStandard and ProfilerSimpleTrace were removed. Make sure that any
14763 StartProfiler.php config is updated to reflect this. Xhprof is available
14764 for zend/hhvm. Also, for hhvm, one can consider using its xenon profiler.
14765 * Default value of $wgSVGConverters['rsvg'] now uses the 'rsvg-convert' binary
14766 rather than 'rsvg'.
14767 * Default value of $wgSVGConverters['ImageMagick'] now uses transparent
14768 background with white fallback color, rather than just white background.
14769 * MediaWikiBagOStuff class removed, make sure any object cache config
14770 uses SqlBagOStuff instead.
14771 * The 'daemonized' flag must be set to true in $wgJobTypeConf for any redis
14772 job queues. This means that mediawiki/services/jobrunner service has to
14773 be installed and running for any such queues to work.
14774 * $wgAutopromoteOnce no longer supports the 'view' event. For keeping some
14775 compatibility, any 'view' event triggers will still trigger on 'edit'.
14776 * $wgExtensionDirectory was added for when your extensions directory is
14777 somewhere other than $IP/extensions (as $wgStyleDirectory does with the skins
14780 === New features in 1.25 ===
14781 * (T64861) Updated plural rules to CLDR 26. Includes incompatible changes
14782 for plural forms in Russian, Prussian, Tagalog, Manx and several languages
14783 that fall back to Russian.
14784 * (T60139) ResourceLoaderFileModule now supports language fallback
14785 for 'languageScripts'.
14786 * Added a new hook, "ContentAlterParserOutput", to allow extensions to modify
14787 the parser output for a content object before links update.
14788 * (T37785) Enhanced recent changes and extended watchlist are now default.
14789 Documentation: https://meta.wikimedia.org/wiki/Help:Enhanced_recent_changes
14790 and https://www.mediawiki.org/wiki/Manual:$wgDefaultUserOptions
14791 * (T69341) SVG images will no longer be base64-encoded when being embedded
14792 in CSS. This results in slight size increase before gzip compression (due to
14793 percent-encoding), but up to 20% decrease after it.
14794 * Update jStorage to v0.4.12.
14795 * MediaWiki now natively supports page status indicators: icons (or short text
14796 snippets) usually displayed in the top-right corner of the page. They have
14797 been in use on Wikipedia for a long time, implemented using templates and CSS
14798 absolute positioning.
14799 - Basic wikitext syntax:
14800 <indicator name="foo">[[File:Foo.svg|20px]]</indicator>
14801 - Usage instructions:
14802 https://www.mediawiki.org/wiki/Help:Page_status_indicators
14803 - Adjusting custom skins to support indicators:
14804 https://www.mediawiki.org/wiki/Manual:Skinning#Page_status_indicators
14805 * Edit tokens may now be time-limited: passing a maximum age to
14806 User::matchEditToken will reject any older tokens.
14807 * The debug logging internals have been overhauled, and are now using the
14809 * Update CSSJanus to v1.1.1.
14810 * Update lessphp to v0.5.0.
14811 * Added a hook, "ApiOpenSearchSuggest", to allow extensions to provide extracts
14812 and images for ApiOpenSearch output. The semantics are identical to the
14813 "OpenSearchXml" hook provided by the OpenSearchXml extension.
14814 * PrefixSearchBackend hook now has an $offset parameter. Combined with $limit,
14815 this allows for pagination of prefix results. Extensions using this hook
14816 should implement supporting behavior. Not doing so can result in undefined
14817 behavior from API clients trying to continue through prefix results.
14818 * Update jQuery from v1.11.1 to v1.11.3.
14819 * External libraries installed via composer will now be displayed
14820 on Special:Version in their own section. Extensions or skins that are
14821 installed via composer will not be shown in this section as it is assumed
14822 they will add the proper credits to the skins or extensions section. They
14823 can also be accessed through the API via the new siprop=libraries to
14825 * Update QUnit from v1.14.0 to v1.16.0.
14826 * Update Moment.js from v2.8.3 to v2.8.4.
14827 * Special:Tags now allows for manipulating the list of user-modifiable change
14829 * Added 'managetags' user right and 'ChangeTagCanCreate', 'ChangeTagCanDelete',
14830 and 'ChangeTagCanCreate' hooks to allow for managing user-modifiable change
14832 * Added 'ChangeTagsListActive' hook, to separate the concepts of "defined" and
14833 "active" formerly conflated by the 'ListDefinedTags' hook.
14834 * Added TemplateParser class that provides a server-side interface to cachable
14835 dynamically-compiled Mustache templates (currently uses lightncandy library).
14836 * Clickable anchors for each section heading in the content are now generated
14837 and appear in the gutter on hovering over the heading.
14838 * Added 'CategoryViewer::doCategoryQuery' and 'CategoryViewer::generateLink'
14839 hooks to allow extensions to override how links to pages are rendered within
14841 * (T19665) Special:WantedPages only lists page which having at least one red
14842 link pointing to it.
14843 * New hooks 'ApiMain::moduleManager' and 'ApiQuery::moduleManager', can be
14844 used for conditional registration of API modules.
14845 * New hook 'EnhancedChangesList::getLogText' to alter, remove or add to the
14846 links of a group of changes in EnhancedChangesList.
14847 * A full interface for StatsD metric reporting has been added to the context
14848 interface, reachable via IContextSource::getStats().
14849 * Move the jQuery Client library from being mastered in MediaWiki as v0.1.0 to a
14850 proper, published library, which is now tagged as v1.0.0.
14851 * A new message (defaulting to blank), 'editnotice-notext', can be shown to
14852 users when they are editing if no edit notices apply to the page being edited.
14853 * (T94536) You can now make the sitenotice appear to logged-in users only by
14854 editing MediaWiki:Anonnotice and replacing its content with "". Setting it to
14855 "-" (default) will continue disable it and fallback to MediaWiki:Sitenotice.
14856 * Modifying the tagging of a revision or log entry is now available via
14857 Special:EditTags, generally accessed via the revision-deletion-like interface
14858 on history pages and Special:Log is likely to be more useful.
14859 * Added 'applychangetags' and 'changetags' user rights.
14860 * (T35235) LogFormatter subclasses are now responsible for formatting the
14861 parameters for API log event output. Extensions should implement the new
14862 getParametersForApi() method in their log formatters.
14864 ==== External libraries ====
14865 * MediaWiki now requires certain external libraries to be installed. In the past
14866 these were bundled inside the Git repository of MediaWiki core, but now they
14867 need to be installed separately. For users using the tarball, this will be
14868 taken care of and no action will be required. Users using Git will either need
14869 to use composer to fetch dependencies or use the mediawiki/vendor repository
14870 which includes all dependencies for MediaWiki core and ones used in Wikimedia
14871 deployment. Detailed instructions can be found at:
14872 https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries
14873 * The following libraries are now required:
14875 This library provides the interfaces set by the PSR-3 standard
14876 (http://www.php-fig.org/psr/psr-3/) which are used by MediaWiki internally
14877 via the MediaWiki\Logger\LoggerFactory class.
14878 See the structured logging RfC
14879 <https://www.mediawiki.org/wiki/Requests_for_comment/Structured_logging>
14880 for more background information.
14881 ** cssjanus/cssjanus
14882 This library was formerly bundled with MediaWiki core and has been removed.
14883 It automatically flips CSS for RTL support.
14885 This library was formerly bundled with MediaWiki core and has been removed.
14886 It compiles LESS files into CSS.
14888 This library was formerly a part of MediaWiki core, and has been moved into a
14889 separate library. It provides CDB functions which are used in the Interwiki
14890 and Localization caches. More information about the library can be found at
14891 https://www.mediawiki.org/wiki/CDB.
14892 ** liuggio/statsd-php-client
14893 This library provides a StatsD client API for logging application metrics to
14896 === Bug fixes in 1.25 ===
14897 * (T73003) No additional code will be generated to try to load CSS-embedded
14898 SVG images in Internet Explorer 6 and 7, as they don't support them anyway.
14899 * (T69021) On Special:BookSources, corrected validation of ISBNs (both
14900 10- and 13-digit forms) containing "X".
14901 * Page moving was refactored into a MovePage class. As part of that:
14902 ** The AbortMove hook was removed.
14903 ** MovePageIsValidMove is for extensions to specify whether a page
14904 cannot be moved for technical reasons, and should not be overridden.
14905 ** MovePageCheckPermissions is for checking whether the given user is
14906 allowed to make the move.
14907 ** Title::moveNoAuth() was deprecated. Use the MovePage class instead.
14908 ** Title::moveTo() was deprecated. Use the MovePage class instead.
14909 ** Title::isValidMoveOperation() broken down into MovePage::isValidMove()
14910 and MovePage::checkPermissions().
14911 * (T18530) Multiple autocomments are now formatted in an edit summary.
14912 * (T70361) Autocomments containing "/*" are parsed correctly.
14913 * The Special:WhatLinksHere page linked from 'Number of redirects to this page'
14914 on action=info about a file page does not list file links anymore.
14915 * (T78637) Search bar is not autofocused unless it is empty so that proper
14916 scrolling using arrow keys is possible.
14917 * (T50853) Database::makeList() modified to handle 'NULL' separately when
14919 * (T85192) Captcha position modified in Usercreate template. As a result:
14920 ** extrafields parameter added to Usercreate.php to insert additional data
14921 ** 'extend' method added to QuickTemplate to append additional values to any
14922 field of data array
14923 * (T86974) Several Title methods now load from the database when necessary
14924 (instead of returning incorrect results) even when the page ID is known.
14925 * (T74070) Duplicate search for archived files on file upload now omits the
14927 This requires the fa_sha1 field being populated.
14928 * Removed rel="archives" from the "View history" link, as it did not pass
14930 * $wgUseTidy is now set when parserTests are run with the tidy option to match
14932 * (T37472) update.php will purge ResourceLoader cache unless --nopurge is passed
14934 * (T72109) mediawiki.language should respect $wgTranslateNumerals in
14937 === Action API changes in 1.25 ===
14938 * (T67403) XML tag highlighting is now only performed for formats
14939 "xmlfm" and "wddxfm".
14940 * action=paraminfo supports generalized submodules (modules=query+value),
14941 querymodules and formatmodules are deprecated
14942 * action=paraminfo no longer outputs descriptions and other help text by
14943 default. If needed, it may be requested using the new 'helpformat' parameter.
14944 * action=help has been completely rewritten, and outputs help in HTML
14945 rather than plain text.
14946 * Hitting api.php without specifying an action now displays only the help for
14947 the main module, with links to submodule help.
14948 * API help is no longer displayed on errors.
14949 * 'uselang' is now a recognized API parameter; "uselang=user" may be used to
14950 explicitly select the language from the current user's preferences, and
14951 "uselang=content" may be used to select the wiki's content language.
14952 * Default output format for the API is now jsonfm.
14953 * Simplified continuation will return a "batchcomplete" property in the result
14954 when a batch of pages is complete.
14955 * Pretty-printed HTML output now has nicer formatting and (if available)
14956 better syntax highlighting.
14957 * Deprecated list=deletedrevs in favor of newly-added prop=deletedrevisions and
14958 list=alldeletedrevisions.
14959 * prop=revisions will gracefully continue when given too many revids or titles,
14960 rather than just ignoring the extras.
14961 * prop=revisions will no longer die if rvcontentformat doesn't match a
14962 revision's content model; it will instead warn and omit the content.
14963 * If the user has the 'deletedhistory' right, action=query's revids parameter
14964 will now recognize deleted revids.
14965 * prop=revisions may be used as a generator, generating revids.
14966 * (T68776) format=json results will no longer be corrupted when
14967 $wgMangleFlashPolicy is in effect. format=php results will cleanly return an
14968 error instead of returning invalid serialized data.
14969 * Generators may now return data for the generated pages when used with
14971 * Query page data for generator=search and generator=prefixsearch will now
14972 include an "index" field, which may be used by the client for sorting the
14974 * ApiOpenSearch now supports XML output.
14975 * ApiOpenSearch will now output descriptions and URLs as array indexes 2 and 3
14977 * (T76051) list=tags will now continue correctly.
14978 * (T76052) list=tags can now indicate whether a tag is defined.
14979 * (T75522) list=prefixsearch now supports continuation
14980 * (T78737) action=expandtemplates can now return page properties.
14981 * (T78690) list=allimages now accepts multiple pipe-separated values
14982 for the 'aimime' parameter.
14983 * prop=info with inprop=protections will now return applicable protection types
14984 with the 'restrictiontypes' key.
14985 * (T85417) When resolving redirects, ApiPageSet will now add the targets of
14986 interwiki redirects to the list of interwiki titles.
14987 * (T85417) When outputting the list of redirect titles, a 'tointerwiki'
14988 property (like the existing 'tofragment' property) will be set.
14989 * Added action=managetags to allow for managing the list of
14990 user-modifiable change tags. Actually modifying the tagging of a revision or
14991 log entry is not implemented yet.
14992 * list=tags has additional properties to indicate 'active' status and tag
14994 * siprop=libraries was added to ApiQuerySiteinfo to list installed external
14996 * (T88010) Added action=checktoken, to test a CSRF token's validity.
14997 * (T88010) Added intestactions to prop=info, to allow querying of
14998 Title::userCan() via the API.
14999 * Default type param for query list=watchlist and list=recentchanges has
15000 been changed from all types (e.g. including 'external') to 'edit|new|log'.
15001 * Added formatversion to format=json. Still "experimental" as further changes
15002 to the output formatting might still be made.
15003 * (T73020) Log event details are now always under a 'params' subkey for
15004 list=logevents, and a 'logparams' subkey for list=watchlist and
15005 list=recentchanges.
15006 * Log event details are changing formatting:
15007 * block events now report flags as an array rather than as a comma-separated
15009 * patrol events now report the 'auto' flag as a boolean (absent/empty string
15010 for BC formats) rather than as an integer.
15011 * rights events now report the old and new group lists as arrays rather than
15012 as comma-separated lists.
15013 * merge events use new-style formatting.
15014 * delete/event and delete/revision events use new-style formatting.
15015 * The root node and various other nodes will now always be an object in formats
15016 such as json that distinguish between arrays and objects.
15017 * Except for action=opensearch where the spec requires an array.
15019 === Action API internal changes in 1.25 ===
15020 * ApiHelp has been rewritten to support i18n and paginated HTML output.
15021 Most existing modules should continue working without changes, but should do
15023 * Add an i18n message "apihelp-{$moduleName}-description" to replace
15025 * Add i18n messages "apihelp-{$moduleName}-param-{$param}" for each parameter
15026 to replace getParamDescription(). If necessary, the settings array returned
15027 by getParams() can use the new ApiBase::PARAM_HELP_MSG key to override the
15029 * Implement getExamplesMessages() to replace getExamples().
15030 * Modules with submodules (like action=query) must have their submodules
15031 override ApiBase::getParent() to return the correct parent object.
15032 * The 'APIGetDescription' and 'APIGetParamDescription' hooks are deprecated,
15033 and will have no effect for modules using i18n messages. Use
15034 'APIGetDescriptionMessages' and 'APIGetParamDescriptionMessages' instead.
15035 * Api formatters will no longer be asked to display the help screen on errors.
15036 * ApiMain::getCredits() was removed. The credits are available in the
15037 'api-credits' i18n message.
15038 * ApiFormatBase has been changed to support i18n and syntax highlighting via
15039 extensions with the new 'ApiFormatHighlight' hook. Core syntax highlighting
15041 * ApiFormatBase now always buffers. Output is done when
15042 ApiFormatBase::closePrinter is called.
15043 * Much of the logic in ApiQueryRevisions has been split into
15044 ApiQueryRevisionsBase.
15045 * The 'revids' parameter supplied by ApiPageSet will now count deleted
15046 revisions as "good" if the user has the 'deletedhistory' right. New methods
15047 ApiPageSet::getLiveRevisionIDs() and ApiPageSet::getDeletedRevisionIDs() are
15048 provided to access just the live or just the deleted revids.
15049 * Added ApiPageSet::setGeneratorData() and ApiPageSet::populateGeneratorData()
15050 to allow generators to include data in the action=query result.
15051 * New hooks 'ApiMain::moduleManager' and 'ApiQuery::moduleManager', can be
15052 used for conditional registration of API modules.
15053 * Added ApiBase::lacksSameOriginSecurity() to allow modules to easily check if
15054 the current request was sent with the 'callback' parameter (or any future
15055 method that breaks the same-origin policy).
15056 * Profiling methods in ApiBase are deprecated and no longer need to be called.
15057 * ApiResult was greatly overhauled. See inline documentation for details.
15058 * ApiResult will automatically convert objects to strings or arrays (depending
15059 on whether a __toString() method exists on the object), and will refuse to
15060 add unsupported value types.
15061 * An informal interface, ApiSerializable, exists to override the default
15063 * ApiResult/ApiFormatBase "raw mode" is deprecated.
15064 * ApiFormatXml now assumes defaults and so on instead of throwing errors when
15065 metadata isn't set.
15066 * (T35235) LogFormatter subclasses are now responsible for formatting log event
15067 parameters for the API.
15068 * Many modules have changed result data formats. While this shouldn't affect
15069 clients not using the experimental formatversion=2, code using
15070 ApiResult::getResultData() without the transformations for backwards
15071 compatibility may need updating, as will code that wasn't following the old
15072 conventions for API boolean output.
15073 * The following methods have been deprecated and may be removed in a future
15075 * ApiBase::getDescription
15076 * ApiBase::getParamDescription
15077 * ApiBase::getExamples
15078 * ApiBase::makeHelpMsg
15079 * ApiBase::makeHelpArrayToString
15080 * ApiBase::makeHelpMsgParameters
15081 * ApiBase::getModuleProfileName
15082 * ApiBase::profileIn
15083 * ApiBase::profileOut
15084 * ApiBase::safeProfileOut
15085 * ApiBase::getProfileTime
15086 * ApiBase::profileDBIn
15087 * ApiBase::profileDBOut
15088 * ApiBase::getProfileDBTime
15089 * ApiBase::getResultData
15090 * ApiFormatBase::setUnescapeAmps
15091 * ApiFormatBase::getWantsHelp
15092 * ApiFormatBase::setHelp
15093 * ApiFormatBase::formatHTML
15094 * ApiFormatBase::setBufferResult
15095 * ApiFormatBase::getDescription
15096 * ApiFormatBase::getNeedsRawData
15098 * ApiMain::reallyMakeHelpMsg
15099 * ApiMain::makeHelpMsgHeader
15100 * ApiResult::setRawMode
15101 * ApiResult::getIsRawMode
15102 * ApiResult::getData
15103 * ApiResult::setElement
15104 * ApiResult::setContent
15105 * ApiResult::setIndexedTagName_recursive
15106 * ApiResult::setIndexedTagName_internal
15107 * ApiResult::setParsedLimit
15108 * ApiResult::beginContinuation
15109 * ApiResult::setContinueParam
15110 * ApiResult::setGeneratorContinueParam
15111 * ApiResult::endContinuation
15113 * ApiResult::convertStatusToArray
15114 * ApiQueryImageInfo::getPropertyDescriptions
15115 * ApiQueryLogEvents::addLogParams
15116 * The following classes have been deprecated and may be removed in a future
15118 * ApiQueryDeletedrevs
15120 === Languages updated in 1.25 ===
15122 MediaWiki supports over 350 languages. Many localisations are updated
15123 regularly. Below only new and removed languages are listed, as well as
15124 changes to languages because of Bugzilla reports.
15127 ** awa (अवधी / Awadhi), thanks to translator 1AnuraagPandey;
15128 ** bgn (بلوچی رخشانی / Western Balochi), thanks to translators
15129 Baloch Afghanistan, Ibrahim khashrowdi and Rachitrali;
15130 ** ses (Koyraboro Senni), thanks to translator Songhay.
15131 * (T66440) Kazakh (kk) wikis should no longer forcefully reset the user's
15132 interface language to kk where unexpected.
15133 * The Chinese conversion table was substantially updated to fix a lot of
15134 bugs and ensure better reading experience for different variants.
15136 === Other changes in 1.25 ===
15137 * (T45591) Links to MediaWiki.org translatable help were added to indicators,
15138 mostly in special pages. Local custom target titles can be placed in the
15139 relevant '(namespace-X|action name|special page name)-helppage' system
15140 message. Extensions can use the addHelpLink() function to do the same.
15141 * The skin autodiscovery mechanism, deprecated in MediaWiki 1.23, has been
15142 removed. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery for
15143 migration guide for creators and users of custom skins that relied on it.
15144 * Javascript variables 'wgFileCanRotate' and 'wgFileExtensions' now only
15145 available on Special:Upload.
15146 * (T58257) Set site logo from mediawiki.skinning.interface module instead of
15147 inline styles in the HTML.
15148 * Removed ApiQueryUsers::getAutoGroups(). (deprecated since 1.20)
15149 * Removed XmlDumpWriter::schemaVersion(). (deprecated since 1.20)
15150 * Removed LogEventsList::getDisplayTitle(). (deprecated since 1.20)
15151 * Removed Preferences::trySetUserEmail(). (deprecated since 1.20)
15152 * Removed mw.user.name() and mw.user.anonymous() methods. (deprecated since
15154 * Removed 'ok' and 'err' parameters in the mediawiki.api modules. (deprecated
15156 * Removed 'async' parameter from the mw.Api#getCategories() method. (deprecated
15158 * Removed 'jquery.json' module. (deprecated since 1.24)
15159 Use the 'json' module and global JSON object instead.
15160 * Deprecated OutputPage::readOnlyPage() and OutputPage::rateLimited().
15161 Also, the former will now throw an MWException if called with one or more
15163 * Removed hitcounters and associated code.
15164 * The "temp" zone of the upload respository is now considered private. If it
15165 already exists (such as under the images/ directory), please make sure that
15166 the directory is not web readable (e.g. via a .htaccess file).
15167 * BREAKING CHANGE: In the XML dump format used by Special:Export and
15168 dumpBackup.php, the <model> and <format> tags now apprear before the <text>
15169 tag, instead of after the <text> and <sha1> tags.
15170 The new schema version is 0.10, the new schema URI is:
15171 https://www.mediawiki.org/xml/export-0.10.xsd
15172 * MWFunction::call() and MWFunction::callArray() were removed, having being
15173 deprecated in 1.22.
15174 * Deprecated the getInternalLinkAttributes, getInternalLinkAttributesObj,
15175 and getInternalLinkAttributes methods in Linker, and removed
15176 getExternalLinkAttributes method, which was deprecated in MediaWiki 1.18.
15177 * Removed Sites class, which was deprecated in 1.21 and replaced by
15179 * Added wgRelevantArticleId to the client-side config, for use on special pages.
15180 * Deprecated the TitleIsCssOrJsPage hook. Superseded by the
15181 ContentHandlerDefaultModelFor hook since MediaWiki 1.21.
15182 * Deprecated the TitleIsWikitextPage hook. Superseded by the
15183 ContentHandlerDefaultModelFor hook since MediaWiki 1.21.
15184 * Changed parsing of variables in schema (.sql) files:
15185 ** The substituted values are no longer parsed. (Formerly, several passes
15186 were made for each variable, so depending on the order in which variables
15187 were defined, variables might have been found inside encoded values. This
15188 is no longer the case.)
15189 ** Variables are no longer string encoded when the /*$var*/ syntax is used.
15190 If string encoding is necessary, use the '{$var}' syntax instead.
15191 ** Variable names must only consist of one or more of the characters
15193 ** In source text of the form '{$A}'{$B}' or `{$A}`{$B}`, where variable A
15194 does not exist yet variable B does, the latter may not be replaced.
15195 However, this difference is unlikely to arise in practice.
15196 * (T67278) RFC, PMID, and ISBN "magic links" must be surrounded by non-word
15197 characters on both sides.
15198 * The FormatAutocomments hook will now receive $pre and $post as booleans,
15199 rather than as strings that must be prepended or appended to $comment.
15200 * (T30950, T31025) RFC, PMID, and ISBN "magic links" can no longer contain
15201 newlines; but they can contain and other non-newline whitespace.
15202 * The 'mediawiki.action.edit' ResourceLoader module no longer generates the edit
15203 toolbar, which has been moved to a separate 'mediawiki.toolbar' module. If you
15204 relied on this behavior, update your scripts' dependencies.
15205 * HTMLForm's 'vform' display style has been separated to a subclass. Therefore:
15206 * HTMLForm::isVForm() is now deprecated.
15207 * You can no longer do this:
15208 $form = new HTMLForm( … );
15209 $form->setDisplayFormat( 'vform' ); // throws exception
15211 $form = HTMLForm::factory( 'vform', … );
15212 * Deprecated Revision methods getRawUser(), getRawUserText() and
15214 * BREAKING CHANGE: mediawiki.user.generateRandomSessionId:
15215 The alphabet of the prior string returned was A-Za-z0-9 and now it is 0-9A-F
15216 * (T87504) Avoid serving SVG background-images in CSS for Opera 12, which
15217 renders them incorrectly when combined with border-radius or background-size.
15218 * Removed maintenance script dumpSisterSites.php.
15219 * DatabaseBase class constructors must be called using the array argument style.
15220 Ideally, DatabaseBase:factory() should be used instead in most cases.
15221 * Deprecated ParserOutput::addSecondaryDataUpdate and
15222 ParserOutput::getSecondaryDataUpdates.
15223 This is a hard deprecation, with getSecondaryDataUpdates returning an empty
15224 array and addSecondaryDataUpdate throwing an exception. These functions will
15225 be removed in 1.26, since they interfere with caching of ParserOutput objects.
15226 * Introduced new hook 'SecondaryDataUpdates' that allows extensions to inject
15228 * Introduced new hook 'OpportunisticLinksUpdate' that allows extensions to
15229 perform updates when a page is re-rendered.
15230 * EditPage::attemptSave has been modified not to call handleStatus itself and
15231 instead just returns the Status object. Extension calling it should be aware
15233 * Removed class DBObject. (unused since 1.10)
15234 * wfDiff() is deprecated.
15235 * The -m (maximum replication lag) option of refreshLinks.php was removed.
15236 It had no effect since MediaWiki 1.18 and should be removed from any cron
15237 jobs or similar scripts you may have set up.
15238 * (T85864) The following messages no longer support raw html: redirectto,
15239 thisisdeleted, viewdeleted, editlink, retrievedfrom, version-poweredby-others,
15240 retrievedfrom, thisisdeleted, viewsourcelink, lastmodifiedat, laggedslavemode,
15241 protect-summary-cascade
15242 * All BloomCache related code has been removed. This was largely experimental.
15243 * $wgResourceModuleSkinStyles no longer supports per-module local or remote
15244 paths. They can only be set for the entire skin.
15245 * Removed global function swap(). (deprecated since 1.24)
15246 * Deprecated the ".php5" file extension entry points and the $wgScriptExtension
15247 configuration variable. Refer to the ".php" files instead. If you want
15248 ".php5" URLs to continue to work, set up redirects. In Apache, this can be
15249 done by enabling mod_rewrite and adding the following rules to your
15254 RewriteRule ^(.*)\.php5 $1.php [R=301,L]
15256 * The global importScriptURI and importStylesheetURI functions, as well as the
15257 loadedScripts object, from wikibits.js (deprecated since 1.17) now emit
15258 warnings through mw.log.warn when accessed.
15262 == MediaWiki 1.24.6 ==
15264 This is a maintenance release of the MediaWiki 1.24 branch.
15266 === Changes since 1.24.5 ===
15267 * (T121892) Fix fatal error on some Special pages, introduced in 1.24.5.
15269 == MediaWiki 1.24.5 ==
15271 This is a security and maintenance release of the MediaWiki 1.23 branch.
15273 === Changes since 1.24.4 ===
15274 * (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths
15275 that do not begin with a slash. This enabled trivial XSS attacks.
15276 Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are
15277 "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an
15279 * (T119309) SECURITY: Use hash_compare() for edit token comparison
15280 * (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting
15281 with '@' as file uploads
15282 * (T115522) SECURITY: Passwords generated by User::randomPassword() can no
15283 longer be shorter than $wgMinimalPasswordLength
15284 * (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could
15285 result in improper blocks being issued
15286 * (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions
15287 and related pages no longer use HTTP redirects and are now redirected by
15289 * (T103237) $wgUseGzip had no effect when using file cache.
15291 == MediaWiki 1.24.4 ==
15293 This is a security and maintenance release of the MediaWiki 1.24 branch.
15295 === Changes since 1.24.3 ===
15297 * (T91653) Minimal PSR-3 debug logger to support backports from 1.25+.
15298 * (T68650) Fix indexing of moved pages with PostgreSQL. Requires running
15300 * (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload
15301 * (T91203, T91205) SECURITY: API: Improve validation in chunked uploading
15302 * (T95589) SECURITY: RevDel: Check all revisions for suppression, not just the
15304 * (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails
15306 == MediaWiki 1.24.3 ==
15308 This is a security and maintenance release of the MediaWiki 1.24 branch.
15310 === Changes since 1.24.2 ===
15312 * (T94116) SECURITY: Compare API watchlist token in constant time
15313 * (T97391) SECURITY: Escape error message strings in thumb.php
15314 * (T106893) SECURITY: Don't leak autoblocked IP addresses on
15315 Special:DeletedContributions
15316 * Update jQuery from v1.11.2 to v1.11.3.
15317 * (T102562) Fix InstantCommons parameters to handle the new HTTPS-only
15318 policy of Wikimedia Commons.
15320 == MediaWiki 1.24.2 ==
15322 This is a security and maintenance release of the MediaWiki 1.24 branch.
15324 === Changes since 1.24.1 ===
15326 * (T85848, T71210) SECURITY: Don't parse XMP blocks that contain XML entities,
15327 to prevent various DoS attacks.
15328 * (T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce
15330 * (T88310) SECURITY: Always expand xml entities when checking SVG's.
15331 * (T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS.
15332 * (T85855) SECURITY: Don't execute another user's CSS or JS on preview.
15333 * (T64685) SECURITY: Allow setting maximal password length to prevent DoS when
15335 * (T85349, T85850, T86711) SECURITY: Multiple issues fixed in SVG filtering to
15336 prevent XSS and protect viewer's privacy.
15337 * Fix case of SpecialAllPages/SpecialAllMessages in SpecialPageFactory to fix
15338 loading these special pages when $wgAutoloadAttemptLowercase is false.
15339 * (bug T70087) Fix Special:ActiveUsers page for installations using
15341 * (bug T76254) Fix deleting of pages with PostgreSQL. Requires a schema change
15342 and running update.php to fix.
15344 == MediaWiki 1.24.1 ==
15346 This is a security and maintenance release of the MediaWiki 1.24 branch.
15348 === Changes since 1.24.0 ===
15350 * (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
15351 could lead to xss. Permission to edit MediaWiki namespace is required to
15353 * (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in
15354 $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as
15356 * (bug T74222) The original patch for T74222 was reverted as unnecessary.
15357 * Fixed a couple of entries in RELEASE-NOTES-1.24.
15358 * (bug T76168) OutputPage: Add accessors for some protected properties.
15359 * (bug T74834) Make 1.24 branch directly installable under PostgreSQL.
15361 == MediaWiki 1.24.0 ==
15363 === Configuration changes in 1.24 ===
15364 * MediaWiki will no longer run if register_globals is enabled. It has been
15365 deprecated for 5 years now, and was removed in PHP 5.4. For more information
15366 about why, see <https://www.mediawiki.org/wiki/register_globals>.
15367 * MediaWiki now requires PHP's iconv extension. openSUSE users may need to
15368 install the php5-iconv package. Users of other systems may need to add
15369 extension=iconv.so to php.ini or recompile PHP without --without-iconv.
15370 * MediaWiki will no longer function if magic quotes are enabled. It has
15371 been deprecated for 5 years now, and was removed in PHP 5.4.
15372 * The server's canonical hostname is available as $wgServerName, which is
15373 exposed in both mw.config and ApiQuerySiteinfo.
15374 * Introduced $wgPagePropsHaveSortkey as a backwards-compatibility switch,
15375 for using the old schema of the page_props table, in case the respective
15376 schema update was not applied.
15377 * $wgSearchEverythingOnlyLoggedIn was removed as the 'searcheverything'
15378 user option was removed. Use $wgNamespacesToBeSearchedDefault instead or
15379 if you used to have $wgDefaultUserOptions['searcheverything'] = 1.
15380 * $wgMasterWaitTimeout has been deprecated.
15381 * $wgDBClusterTimeout has been removed.
15382 * $wgProxyKey has been removed. It is no longer used by MediaWiki core.
15383 Ensure $wgSecretKey is set in LocalSettings.php.
15384 * $wgExtraInterlanguageLinkPrefixes is a new configuration variable that
15385 contains an array of interwiki prefixes that should be treated as language
15386 prefixes (i.e. turned into interlanguage links when $wgInterwikiMagic is set
15388 * $wgParserTestRemote has been removed.
15389 * $wgCountTotalSearchHits has been removed. If you're concerned about efficiency
15390 of search, you should use something like CirrusSearch instead of built in
15392 * Users in the 'sysop' group have access to Special:MergeHistory by default.
15393 * $wgFileStore was removed after having been deprecated in 1.17. Alternative
15394 configurations are $wgDeletedDirectory and $wgHashedUploadDirectory.
15395 * The deprecated $wgUseCommaCount variable has been removed.
15396 * $wgEnableSorbs and $wgSorbsUrl have been removed.
15397 * The UserCryptPassword and UserComparePassword hooks are no longer called.
15398 Any extensions using them must be updated to use the Password Hashing API.
15399 * $wgCompiledFiles has been removed.
15400 * $wgSortSpecialPages was removed, the listing on Special:SpecialPages is
15402 * $wgSpecialPages may now use callback functions as an alternative to plain
15403 class names. This allows more control over constructor parameters.
15404 * $wgHTCPMulticastAddress, $wgHTCPMulticastRouting and $wgHTCPPort were removed.
15405 * $wgRC2UDPAddress, $wgRC2UDPInterwikiPrefix, $wgRC2UDPOmitBots, $wgRC2UDPPort
15406 and $wgRC2UDPPrefix have been removed.
15407 * The default password type for MediaWiki has been changed from MD5 to PBKDF2.
15408 Password hashes will automatically be updated as users log in. If necessary,
15409 the old MD5 hashing can be restored by changing $wgPasswordDefault to 'B'.
15410 In addition, there is a maintenance script wrapOldPassword.php that can wrap
15411 all passwords in PBKDF2 (or the hashing algorithm of your choice) if you don't
15412 want to wait for your users to log in.
15413 * $wgImportSources can now either be a regular array, or an associative map
15414 specifying subprojects on the interwiki map of the target wiki, or a mix of
15415 the two. Existing configurations will still work.
15416 * Users must be able to edit through a page's protection to be able to delete
15418 * The default thumb size ($wgDefaultUserOptions['thumbsize']) is now 300px, up
15419 from 180px. If you have altered the number of entries in $wgThumbLimits for
15420 your wiki, you may need to adjust your default user settings to compensate for
15422 * $wgDeferredUpdateList is now deprecated, you should use
15423 DeferredUpdates::addUpdate() instead.
15424 * $wgCanonicalLanguageLinks has been removed. Per Google recommendations, we
15425 will not send a rel=canonical pointing to a variant-neutral page, however
15426 we will send rel=alternate.
15427 * $wgResourceLoaderLESSFunctions has been deprecated and will be removed in the
15429 * $wgGoToEdit has been removed. Use the SpecialSearchNogomatch hook for similar
15432 === New features in 1.24 ===
15433 * Added new hook WatchlistEditorBeforeFormRender, allowing subscribers to
15434 manipulate the list of pages and/or preload lots of data at once.
15435 * Added new argument &$link in hook WatchlistEditorBuildRemoveLine, allowing the
15436 link to the title to be changed.
15437 * Added a new hook, "WhatLinksHereProps", to allow extensions to annotate
15438 WhatLinksHere entries.
15439 * Added a new hook, "ContentGetParserOutput", to customize parser output for
15440 a given content object.
15441 * Deprecated the hook "ShowRawCssJs", use "ContentGetParserOutput" instead.
15442 * HTMLForm's HTMLTextField now supports the 'url' type.
15443 * HTMLForm fields may now be dynamically hidden based on the values of other
15444 fields in the form.
15445 * HTMLForm now supports multiple copies of an input field or set of input
15446 fields, e.g. the form may request "one or more usernames" without having to
15447 have the user enter delimited list of names into a text field.
15448 * Added a new hook, "SidebarBeforeOutput", to allow to edit the structure of
15449 the sidebar just before its display.
15450 * (bug 49156) Added the mediawiki.cookie ResourceLoader module, which wraps
15451 jquery.cookie so that getting/setting a cookie is syntactically and
15452 functionally similar to using the WebRequest::getCookie() and
15453 WebResponse::setcookie() methods.
15454 * (bug 44740) jQuery upgraded from 1.8.3 to 1.11.1. A new configuration option,
15455 $wgIncludejQueryMigrate, also loads the jQuery Migrate hack to let extensions
15456 and gadgets use the long-deprecated functions that were removed in jQuery 1.9.
15457 This option is turned off by default, and will be removed in MediaWiki 1.25.
15458 * (bug 47076) jQuery UI upgraded from 1.8.24 to 1.9.2.
15459 * Changes to content typography (fonts, etc.). See
15460 https://www.mediawiki.org/wiki/Typography_refresh for further information.
15461 * WikitextContent will now render redirects with the expected "redirect"
15462 header, rather than as an ordered list. Code calling Article::viewRedirect
15463 can probably be changed to no longer special-case redirects.
15464 * Header font set to a serif font stack. See
15465 https://www.mediawiki.org/wiki/Typography_refresh for further information.
15466 * (bug 65567) Added a new hook, "BeforeHttpsRedirect", to allow cancellation of
15467 the HTTP to HTTPS redirect due to forceHTTPS cookie, userRequires, etc. This
15468 is only for page views, since this hook doesn't affect UserLogin, OAuth,
15469 CentralAuth, etc. ATTENTION: This hook is likely to be removed soon due to
15470 overall design of the system.
15471 * (bug 17367) It is now possible to add pages to your watchlist from
15472 Special:UnwatchedPages without reloading the special page.
15473 * New methods setVolatile and isVolatile are added to PPFrame, so that
15474 extensions such as Cite.php can mark that their output is volatile and
15475 shouldn't be cached.
15476 * (bug 52817) Advanced search options are now saved on the search page itself,
15477 rather than in a dedicated pane in the preferences panel.
15478 * (bug 44591) The dropdown actions menu (little triangle next to page tabs) in
15479 the Vector skin has gained a label that should make it more discoverable.
15480 * MWCryptHKDF added for fast, cryptographically secure random number generation
15481 that won't deplete openssl's entropy pool.
15482 * ResourceLoader: File modules can now provide a skip function that uses an
15483 inline feature test to bypass loading of the module.
15484 * (bug 20210) Special pages may now provide autocompletion of their subpage
15485 names in search suggestions. Right now the only useful implementation is in
15486 Special:Log, but more are to come.
15487 * Special:MostLinkedTemplates is no longer limited to transclusions from the
15488 Template namespace.
15489 * Skins can now use 'remoteSkinPath' when defining ResourceLoader modules.
15490 This works the same as 'remoteExtPath' but is relative to the skins/ folder
15491 instead of the extensions/ folder.
15492 * Added the json2.js polyfill for the ES5 JSON.stringify and JSON.parse methods.
15493 Exposed as module "json" with a skip function to optimise loading.
15494 * Extensions and skins may now use 'namemsg' in $wgExtensionCredits in addition
15495 to 'name', to allow for the name to be localizable. 'name' should still be
15496 specified for backwards-compatibility and to define the path Special:Version
15497 uses to find extension license information.
15498 * Browser tests are now included to verify basic wiki functionality in developer
15499 environments. For details on running tests, see
15500 tests/browser/README.mediawiki.
15501 * Upgrade jStorage to v0.4.10.
15502 * {{!}} is now a magic word that produces the | character. This removes the need
15503 for Template:! for purposes such as passing pipes inside of parameters.
15504 * (bug 20790) The block log snippet on Special:Contributions and while
15505 editing user and user talk pages now works for IP range blocks.
15506 * (bug 9360) Added ability to change the page language for MediaWiki pages using
15507 Special:PageLanguage. All pages are set to wiki language by default.
15508 The feature needs to be enabled with $wgPageLanguageUseDB=true and
15509 permission needs to be set for 'pagelang'.
15510 * Upgrade Moment.js to v2.8.3.
15511 * (bug 67042) Added support for the HTML5 <rtc> tag for East Asian typography.
15512 * Upgrade Sinon.JS to 1.10.3.
15513 * Added the es5-shim polyfill for older or non-compliant javascript engines.
15514 * Upgrade jQuery Cookie to v1.3.1.
15515 * (bug 20476) Add a "viewsuppressed" user right to be able to view
15516 suppressed content but not suppress it ("suppressrevision" right).
15517 * (bug 66440) The MediaWiki web installer will now allow you to choose the skins
15518 to enable (from the ones included in download tarball) and decide which one
15519 should be the default.
15520 * (bug 68085, 68802) Links like [[localInterwikiPrefix:languageCode:pageTitle]],
15521 where localInterwikiPrefix is a member of the $wgLocalInterwikis array, will
15522 no longer be displayed in the sidebar when $wgInterwikiMagic is true. In a
15523 similar way, links like [[localInterwikiPrefix:File:Image.png]] and
15524 [[localInterwikiPrefix:Category:Hello]] will now render as regular links, and
15525 will not include the file or add the page to the category.
15526 * New special page, MyLanguage, to redirect users to subpages with localised
15527 versions of a page. (Integrated from Extension:Translate)
15528 * MediaWiki now supports multiple password types, including bcrypt and PBKDF2.
15529 The default type can be changed with $wgPasswordDefault and the type
15530 configurations can be changed with $wgPasswordConfig.
15531 * Skins can now define custom styles for default ResourceLoader modules using
15532 the $wgResourceModuleSkinStyles global. See the Vector skin for examples.
15533 * (bug 4488) There is now a preference to watch pages where the user has
15534 rollbacked an edit by default.
15535 * (bug 15484) Users will now be redirected to the login page when they need to
15536 log in, rather than being shown a page asking them to log in and having to
15537 click another link to actually get to the login page.
15538 * A JsonContent and JsonContentHandler were added for extensions to extend.
15539 * (bug 35045) Redirects to sections will now update the URL in browser's address
15540 bar using the HTML5 History API. When [[Dog]] redirects to [[Animals#Dog]],
15541 the user will now see "Animals#Dog" in their browser instead of "Dog#Dog".
15542 * API token handling has been rewritten. Any API module using tokens will need
15543 to be updated. See the entry below under "Action API internal changes".
15544 * Added HTMLAutoCompleteSelectField.
15545 * Added a new hook, "SkinPreloadExistence", to allow extensions to add titles to
15546 link existence cache before the page is rendered.
15547 * Config::set() was moved to its own interface, MutableConfig.
15548 GlobalVarConfig::set() is now deprecated, does not implement MutableConfig.
15549 * A MutableConfig named HashConfig was added, that stores an array of
15550 configuration settings.
15551 * (bug 69418) A MultiConfig implementation was added that supports fallback
15552 to multiple Config instances.
15553 * Update CSSJanus to v1.1.0.
15554 * Added FormatJson::parse() returning status with result or localized error
15556 * Added DeletedContribsPager::reallyDoQuery hook allowing extensions to data to
15557 Special:DeletedContributions
15558 * Added DeletedContributionsLineEnding hook allowing extensions to format
15559 Special:DeletedContributions lines
15560 * (T69525) You can now make MediaWiki speed up its thumbnail rendering by using
15561 intermediary thumbnails. $wgThumbnailBuckets must be set to a list of target
15562 thumbnail widths; when a new thumbnail needs to be rendered, MediaWiki will
15563 find the smallest bucket smaller than the original but larger than the target
15564 width + $wgThumbnailMinimumBucketDistance, and it will scale that thumbnail,
15565 rather than the original, down to the target size at greater speed in return
15566 for minor loss of fidelity.
15568 === Bug fixes in 1.24 ===
15569 * (bug 50572) MediaWiki:Blockip should support gender
15570 * (bug 49116) Footer copyright notice is now always displayed in user language
15571 rather than content language (same as copyright notice for editing interface).
15572 * (bug 62258) A bug was fixed in File::getUnscaledThumb when a height
15573 restriction was present in the parameters. Images with both the "frame"
15574 option and a size specification set will now always ignore the provided
15575 size and display an unscaled image, as the documentation has always
15577 * (bug 39035) Improved Vector skin performance by removing collapsibleNav,
15578 which used to collapse some sidebar elements by default.
15579 This removes -list id suffixes like p-lang-list: instead of using things like
15580 #p-lang-list, you can do #p-lang .body ul.
15581 * (bug 890) Links in Special:RecentChanges and Special:Watchlist no longer
15582 follow redirects to their target pages.
15583 * Parser now dies early if called recursively, instead of producing subtle bugs.
15584 * (bug 14323) Redirect pages, when viewed with redirect=no, no longer hide the
15585 remaining page content.
15586 * (bug 52587) Maintenance script deleteBatch.php no longer follows redirects
15587 in the file namespace and delete the file on the target page. It will still
15588 however delete the redirect page.
15589 * (bug 22683) {{msgnw:}} and other uses of PPFrame::RECOVER_ORIG will correctly
15590 recover the original code of extension tags.
15591 * (bug 65757) MSSQL: Update script drops unnamed constraints to be prepared
15592 for future updates. Because it's doing so heuristically, it may fail or drop
15594 * (bug 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes.
15595 * $wgRunJobsAsync now works with private wikis (e.g. read requires login).
15596 * (bugs 57238, 65206) Blank pages can now be directly created.
15597 * (bug 69789) Title::getContentModel() now loads from the database when
15598 necessary instead of incorrectly returning the default content model.
15599 * (bug 69249) wfBaseConvert() now works around PHP Bug #50175 when using GMP.
15600 * (bug 57909) URLs in the externallinks table will no longer have certain
15601 characters decoded in the query string.
15602 * (bug 67368) LESS mixins like .background-image() correctly flip image
15603 references for RTL stylesheets now.
15605 === Action API changes in 1.24 ===
15606 * action=parse API now supports prop=modules, which provides the list of
15607 ResourceLoader modules that should be used to enhance the parsed content.
15608 * action=query&meta=siteinfo&siprop=interwikimap returns a new "protorel"
15609 field which is true if protocol-relative urls can be used to access
15610 a particular interwiki map entry.
15611 * list=logevents now provides logpage, which is the page ID from the
15612 logging table, if ids are requested and the user has the permissions.
15613 * action=edit now requires that appendtext, prependtext, or section=new be used
15614 when using the 'redirect' parameter, to prevent clients accidentally
15615 overwriting the target page with the content of the redirect.
15616 * list=logevents will now return an error if both letitle and leprefix are
15618 * list=logevents has a new parameter, lenamespace, to allow filtering by
15620 * action=expandtemplates has a new parameter, prop, and a new output format.
15621 The old format is still used if prop isn't provided, but this is deprecated.
15622 * meta=userinfo can now return the count of unread pages on the watchlist.
15623 * list=watchlist can now filter by unread status.
15624 * The deprecated action=parse&prop=languageshtml has been removed.
15625 * (bug 48071) action=setnotificationtimestamp no longer throws PHP or database
15626 errors when no pages are given.
15627 * (bug 60734) Actions that use ApiPageSet (e.g. purge, watch,
15628 setnotificationtimestamp) will now include continuation information when
15630 * Removed 'props' and 'errors' from action=paraminfo, as they have extremely
15631 limited use and are generally inaccurate, unmaintained, and impossible to
15633 * Formats dbg, dump, txt, wddx, and yaml are now deprecated.
15634 * action=paraminfo now indicates when a parameter is specifying a submodule.
15635 * The iwurl parameter to prop=iwlinks is deprecated in favor of iwprop=url, for
15636 parallelism with prop=langlinks.
15637 * All tokens should be fetched from action=query&meta=tokens; all other methods
15638 of fetching tokens are deprecated. The value needed for meta=tokens's 'type'
15639 parameter for each module is documented in the action=help output and is
15640 returned from action=paraminfo.
15641 * New action ClearHasMsg that can be used to clear HasMsg flag.
15642 * The cmstartsortkey and cmendsortkey parameters to list=categorymembers are
15643 deprecated in favor of cmstarthexsortkey and cmendhexsortkey.
15644 * (bug 63326) Add blockedtimestamp field to output of blockinfo property for
15645 the list=allusers and list=users modules.
15646 * prop=imageinfo no longer requires iiurlwidth to be set when using iiurlparam.
15647 * Added prop=linkshere, prop=fileusage, and prop=transcludedin, which are
15648 roughly equivalent to list=backlinks, list=imageusage, and list=embeddedin
15649 but can work on a list of titles (including titles from a generator).
15650 * prop=redirects can now filter returned redirects by namespace.
15652 === Action API internal changes in 1.24 ===
15653 * Methods for handling continuation are added to ApiResult, so actions other
15654 than query that use generators can easily support continuation.
15655 * $wgAPIModules (and the related $wgAPIFormatModules, $wgAPIMetaModules,
15656 $wgAPIPropModules, and $wgAPIListModules settings) now allow API modules
15657 to be specified using a "module spec" array instead of a plain class name.
15658 A "module spec" is an associative array containing at least the 'class' key
15659 for the module's class, and optionally a 'factory' key for the factory
15660 function to use for the module. This is intended for extensions that want
15661 control over the instantiation of their API modules, to allow for proper
15662 dependency injection.
15663 * A new param type 'submodule' is available. Parameters of this type will take
15664 the list of valid values from the module's ApiModuleManager for the group
15665 corresponding to the parameter name.
15666 * The 'APIGetPossibleErrors' and 'APIGetResultProperties' hooks are no longer
15668 * API token handling has been rewritten. Any API module using tokens will need
15670 * ApiBase::needsToken now returns a token type instead of boolean true when a
15671 token is needed. Returning true will throw an exception. See documentation
15672 of that method for details.
15673 * Information for the 'token' parameter is automatically set by ApiBase
15674 getFinalParams and getFinalParamDescription.
15675 * ApiBase::getTokenSalt has been removed.
15676 * The hooks APIQueryInfoTokens, APIQueryRevisionsTokens,
15677 APIQueryRecentChangesTokens, APIQueryUsersTokens, and
15678 ApiTokensGetTokenTypes are deprecated, but are still called to support
15679 backwards-compatible token access.
15680 * ApiBase::validateLimit and ApiBase::validateTimestamp are now protected.
15681 * ApiQueryRedirects was removed; prop=redirects is now implemented by
15682 ApiQueryBacklinksProp along with the newly-added prop modules.
15683 * The following methods have been deprecated and may be removed in a future
15685 * ApiBase::getResultProperties
15686 * ApiBase::getFinalResultProperties
15687 * ApiBase::addTokenProperties
15688 * ApiBase::getRequireOnlyOneParameterErrorMessages
15689 * ApiBase::getRequireMaxOneParameterErrorMessages
15690 * ApiBase::getRequireAtLeastOneParameterErrorMessages
15691 * ApiBase::getTitleOrPageIdErrorMessage
15692 * ApiBase::getPossibleErrors
15693 * ApiBase::getFinalPossibleErrors
15694 * ApiBase::parseErrors
15695 * ApiQuery::setGeneratorContinue
15696 * ApiQueryBase::checkRowCount
15697 * ApiQueryBase::titleToKey
15698 * ApiQueryBase::keyToTitle
15699 * ApiQueryBase::keyPartToTitle
15700 * ApiQueryInfo::getTokenFunctions
15701 * ApiQueryInfo::resetTokenCache
15702 * ApiQueryInfo::getEditToken
15703 * ApiQueryInfo::getDeleteToken
15704 * ApiQueryInfo::getProtectToken
15705 * ApiQueryInfo::getMoveToken
15706 * ApiQueryInfo::getBlockToken
15707 * ApiQueryInfo::getUnblockToken
15708 * ApiQueryInfo::getEmailToken
15709 * ApiQueryInfo::getImportToken
15710 * ApiQueryInfo::getWatchToken
15711 * ApiQueryInfo::getOptionsToken
15712 * ApiQueryRecentChanges::getTokenFunctions
15713 * ApiQueryRecentChanges::getPatrolToken
15714 * ApiQueryRevisions::getTokenFunctions
15715 * ApiQueryRevisions::getRollbackToken
15716 * ApiQueryUsers::getTokenFunctions
15717 * ApiQueryUsers::getUserrightsToken
15718 * The following classes have been deprecated and may be removed in a future
15726 * The following class constants have been deprecated and may be removed in a
15728 * ApiBase::PROP_ROOT
15729 * ApiBase::PROP_LIST
15730 * ApiBase::PROP_TYPE
15731 * ApiBase::PROP_NULLABLE
15733 === Languages updated in 1.24 ===
15735 MediaWiki supports over 350 languages. Many localisations are updated
15736 regularly. Below only new and removed languages are listed, as well as
15737 changes to languages because of Bugzilla reports.
15739 === Other changes in 1.24 ===
15740 * The deprecated jquery.delayedBind ResourceLoader module was removed.
15741 * The deprecated function mw.util.toggleToc was removed.
15742 * The Special:Search hooks SpecialSearchGo and SpecialSearchResultsAppend
15743 were removed as they were unused.
15744 * (bug 65477) User::pingLimiter() now has an additional profile point varying
15745 by action being used.
15746 * mediawiki.util.$content no longer supports old versions of the Vector,
15747 Monobook, Modern and CologneBlue skins that don't yet implement the "mw-body"
15748 and/or "mw-body-primary" class name in their html.
15749 * Added pp_sortkey column to page_props table, so pages can be efficiently
15750 queried and sorted by property value (bug 58032).
15751 See $wgPagePropsHaveSortkey if you want to postpone the schema change.
15752 * BREAKING CHANGE: All four built-in MediaWiki skins (Vector, MonoBook, Modern
15753 and Cologne Blue) were moved out of MediaWiki core to their own respective
15754 repositories. They will be installed with the release tarball, but you must
15755 install them separately if installing MediaWiki from source code. A warning
15756 message displayed until you do it should guide you through the process. See
15757 also <https://www.mediawiki.org/wiki/Manual:Skin_configuration>.
15758 * BREAKING CHANGE: Skins built for MediaWiki 1.15 and earlier that do not use
15759 the "headelement" template key are no longer supported. Setting
15760 $useHeadElement = false; is no longer supported and will not cause old keys
15761 like "headlinks", "skinnameclass", etc. to be defined.
15762 * BREAKING CHANGE: The files commonElements.css, commonContent.css and
15763 commonInterface.css (in skins/common/) have been removed. Skins may no longer
15764 rely on their presence and include them in their style modules. ResourceLoader
15765 modules introduced in MediaWiki 1.23 should be loaded instead:
15766 - skins/common/commonElements.css → 'mediawiki.skinning.elements' module
15767 - skins/common/commonContent.css → 'mediawiki.skinning.content' module
15768 - skins/common/commonInterface.css → 'mediawiki.skinning.interface' module
15769 * The deprecated 'SpecialVersionExtensionTypes' hook was removed.
15770 * (bug 63891) Add 'X-Robots-Tag: noindex' header in action=render pages.
15771 * SpecialPage no longer supports the syntax for invoking wfSpecial*() functions.
15772 Special pages should subclass SpecialPage and implement the execute() method.
15773 * (bug 63755) The deprecated constants RC_MOVE and RC_MOVE_OVER_REDIRECT were
15775 * Special:MostLinkedTemplates has been renamed to Special:MostTranscludedPages.
15776 * The skin autodiscovery mechanism has been deprecated and will be removed in
15777 MediaWiki 1.25. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery
15778 for migration guide for creators and users of custom skins that relied on it.
15779 * ResourceLoaderFileModule#getAllStyleFiles now returns all style files and all
15780 skin style files used by the module.
15781 * Removed getLang() from IContextSource and subclasses. (deprecated since 1.19)
15782 * Removed setLang() from subclasses of IContextSource. (deprecated since 1.19)
15783 * Removed WebRequest::escapeAppendQuery(). (deprecated since 1.20)
15784 * Removed info(), purge(), revert() and rollback() from the Article class; they
15785 have since become subclasses of the Action class. (deprecated since 1.19)
15786 * SearchEngineReplacePrefixesComplete hook was removed.
15787 * The "jquery.json" module has been deprecated. Use the "json" module instead.
15788 * Removed HTMLForm::addJS(). (deprecated since 1.18)
15789 * Removed LogEventsList::showHeader(). (deprecated since 1.19)
15790 * Removed ImageGalleryBase::useSkin(). (deprecated since 1.18)
15791 * Removed DatabaseMysqlBase::getLagFromProcesslist(). (deprecated since 1.19)
15792 * Removed LoadBalancer::closeConnecton(). (deprecated since 1.18)
15793 * Removed ApiBase::createContext(). (deprecated since 1.19)
15794 * BREAKING CHANGE: The undocumented Special{$this->getName()}BeforeFormDisplay
15795 set of hooks has been removed and replaced by a single new hook
15796 SpecialPageBeforeFormDisplay.
15797 * (bug 65781) Removed block warning on included {{Special:Contributions}}
15798 * Removed Skin::makeGlobalVariablesScript(). (deprecated since 1.19)
15799 * Removed MWNamespace::isMain(). (deprecated since 1.19)
15800 * Removed Preferences::loadOldSearchNs(). (deprecated since 1.19)
15801 * Removed OutputPage::getStatusMessage(). (deprecated since 1.18)
15802 * Removed OutputPage::isUserJsAllowed(). (deprecated since 1.18)
15803 * Removed Title::updateTitleProtection(). (deprecated since 1.19)
15804 * Removed ParserOptions::setSkin(). (deprecated since 1.19)
15805 * Removed Title::escapeCanonicalURL(). (deprecated since 1.19)
15806 * Removed Title::escapeLocalURL(). (deprecated since 1.19)
15807 * Removed Title::escapeFullURL(). (deprecated since 1.19)
15808 * Removed User::isValidEmailAddr(). (deprecated since 1.18)
15809 * Removed Title::getEscapedText(). (deprecated since 1.19)
15810 * Removed Language::getFallbackLanguageCode(). (deprecated since 1.19)
15811 * Removed WikiPage::isBigDeletion(). (deprecated since 1.19)
15812 * Removed MWInit class which contained functions related to a now discontinued
15813 PHP compiler called hphpc. (deprecated since 1.22)
15814 * ApiResult::enableSizeCheck() and disableSizeCheck() are now obsolete.
15815 * Removed ResourceLoaderGetStartupModules hook. (deprecated since 1.23)
15816 * Removed getFormFields(), onSubmit() and onSuccess() from FormlessAction, as
15817 these were meant specifically for FormAction instead.
15818 * Removed Action::execute().
15819 * Removed AjaxAddScript which has been obsolete since ResourceLoader and
15820 is unused by any modern extension.
15821 * Removed maintenance/nextJobDB.php; no longer in use.
15822 * Removed global function wfViewPrevNext(). (deprecated since 1.19)
15823 * Removed global function xmlsafe() from Export.php. (moved to OAIRepo
15825 * Removed Title::userCanRead(). (deprecated since 1.19)
15826 * Removed maintenance script importTextFile.php. Use edit.php script instead.
15827 * A _from_namespace field has been added to the templatelinks, pagelinks,
15828 and filelinks tables. Run update.php to apply this change to the schema.
15829 * Removed File::sha1Base36(). (deprecated since 1.19)
15830 * Removed File::getPropsFromPath(). (deprecated since 1.19)
15831 * Removed functions blockedPage(), noCreatePermission(), readOnlyPage() and
15832 userNotLoggedInPage() from EditPage.php. (deprecated since 1.19)
15833 * Removed functions getContent(), getPreloadedText(), mergeChangesInto() and
15834 setPreloadedText() from EditPage.php. (deprecated since 1.21)
15835 * Removed global functions wfArrayLookup(), wfArrayMerge(),
15836 wfDebugDieBacktrace() and wfTime(). (deprecated since 1.22)
15837 * Browser support for Internet Explorer 6 and 7 lowered from Grade A to Grade C,
15838 meaning that JavaScript is no longer executed in these browser versions.
15839 * Browser support for Opera 11 lowered from Grade A to Grade C.
15840 * Removed IEFixes module which existed purely to provide support for MSIE
15841 versions below 7 (conditionally loaded only for those browsers).
15842 * Deprecated SpecialPageFactory::getList() in favor of
15843 SpecialPageFactory::getNames()
15844 * Action::checkCanExecute() no longer has a return value.
15845 * Removed cleanupForIRC(), loadFromCurRow(), newFromCurRow(), notifyRC2UDP()
15846 and sendToUDP() from RecentChange.php. (deprecated since 1.22)
15847 * Removed EnhancedChangesList::arrow(), sideArrow(), downArrow(), spacerArrow().
15848 * Removed Xml::namespaceSelector(). (deprecated since 1.19)
15849 * Removed WikiPage::estimateRevisionCount(). (deprecated since 1.19)
15850 * MYSQL: Enum item added to "major MIME type" columns.
15851 Running update.php on MySQL < v5.1 may result in heavy processing.
15852 * RSS and Atom feeds generated by MediaWiki no longer include a fallback
15853 stylesheet. It was ignored by most browsers these days anyway.
15854 * SpecialSearchNoResults hook has been removed. SpecialSearchResults is now
15855 called unconditionally.
15856 * TablePager::getBody() is now 'final' and can't be overridden in subclasses.
15857 * TablePager::getBody() is deprecated, use getBodyOutput() or getFullOutput().
15858 * Added $outputPage parameter to the SkinTemplateGetLanguageLink hook.
15859 * log_page for move log entries store the original page ID, rather than that
15860 of the new redirect page. This is not retroactive.
15861 * LCStoreAccel was removed. $wgLocalisationCacheConf can no longer be set to
15862 use this store class.
15863 * Html::infoBox() no longer accepts paths relative to skins/common/images/.
15864 * Deprecated defunct Skin::getCommonStylePath().
15865 * Some extensions had their ResourceLoader modules depend on the "mediawiki"
15866 and "jquery" modules. In the past, this behavior was undefined, now it will
15868 * Removed BagOStuff::replace(). (deprecated since 1.23)
15869 * In Linker.php, link(), linkText() and makeBrokenImageLinkObj() now display
15870 warnings if their first parameter is not a Title object. Also makeImageLink()
15871 now requires a Parser as its first parameter.
15872 * (bug 67368) LESS functions embed() and embeddable(), added in MediaWiki 1.23
15873 and broken by design, have been removed. Use appropriate LESS mixins instead.
15874 * Removed cssjanus.py from maintenance directory as it was unused.
15875 * Removed maintenance/purgeOldText.inc and the PurgeRedundantText() function
15876 it contained (superseded by Maintenance::purgeRedundantText() in 1.16).
15877 The purgeOldText.php maintenance script has been retained.
15878 * PHPUnit tests can be found by directory discovery, by adding the directory
15879 path from your UnitTestsList callback. Older versions of MediaWiki core will
15880 barf at this usage.
15882 ==== Renamed classes ====
15883 * CLDRPluralRuleConverter_Expression to CLDRPluralRuleConverterExpression
15884 * CLDRPluralRuleConverter_Fragment to CLDRPluralRuleConverterFragment
15885 * CLDRPluralRuleConverter_Operator to CLDRPluralRuleConverterOperator
15886 * CLDRPluralRuleEvaluator_Range to CLDRPluralRuleEvaluatorRange
15887 * CSSJanus_Tokenizer to CSSJanusTokenizer
15888 * MediaWiki_I18N to MediaWikiI18N
15889 * Parser_DiffTest to ParserDiffTest
15890 * RevDel_ArchiveItem to RevDelArchiveItem
15891 * RevDel_ArchiveList to RevDelArchiveList
15892 * RevDel_ArchivedFileItem to RevDelArchivedFileItem
15893 * RevDel_ArchivedFileList to RevDelArchivedFileList
15894 * RevDel_ArchivedRevisionItem to RevDelArchivedRevisionItem
15895 * RevDel_FileItem to RevDelFileItem
15896 * RevDel_FileList to RevDelFileList
15897 * RevDel_Item to RevDelItem
15898 * RevDel_List to RevDelList
15899 * RevDel_LogItem to RevDelLogItem
15900 * RevDel_LogList to RevDelLogList
15901 * RevDel_RevisionItem to RevDelRevisionItem
15902 * RevDel_RevisionList to RevDelRevisionList
15903 * WebInstaller_Complete to WebInstallerComplete
15904 * WebInstaller_Copying to WebInstallerCopying
15905 * WebInstaller_DBConnect to WebInstallerDBConnect
15906 * WebInstaller_DBSettings to WebInstallerDBSettings
15907 * WebInstaller_Document to WebInstallerDocument
15908 * WebInstaller_ExistingWiki to WebInstallerExistingWiki
15909 * WebInstaller_Install to WebInstallerInstall
15910 * WebInstaller_Language to WebInstallerLanguage
15911 * WebInstaller_Name to WebInstallerName
15912 * WebInstaller_Options to WebInstallerOptions
15913 * WebInstaller_Readme to WebInstallerReadme
15914 * WebInstaller_ReleaseNotes to WebInstallerReleaseNotes
15915 * WebInstaller_Restart to WebInstallerRestart
15916 * WebInstaller_Upgrade to WebInstallerUpgrade
15917 * WebInstaller_UpgradeDoc to WebInstallerUpgradeDoc
15918 * WebInstaller_Welcome to WebInstallerWelcome
15920 ==== Removed classes ====
15921 * IPBlockForm - Use SpecialBlock directly
15922 * WatchlistEditor - Use SpecialEditWatchlist directly
15923 * FormatExif - Use FormatMetadata directly
15924 * RevertFileAction - Use RevertAction directly
15925 * HistoryPage - Use HistoryAction directly
15926 * RawPage - Use RawAction directly
15927 * StubContLang - Use Language::factory() instead
15928 * XMLReader2 - Use XMLReader directly
15929 * ResourceLoaderLESSFunctions - No longer in use, not intended for public usage
15931 ==== Removed files ====
15932 The skins/common/ directory, previously containing some assets intended to be
15933 used by skins and a number of legacy styles and scripts, has been removed. Its
15934 contents have been deleted or relocated into the resources/ directory. Full list
15935 of files that are no longer available follows.
15937 * skins/common/ajax.js
15938 * skins/common/commonContent.css
15939 * skins/common/commonElements.css
15940 * skins/common/commonInterface.css
15941 * skins/common/commonPrint.css
15942 * skins/common/config-cc.css
15943 * skins/common/config.css
15944 * skins/common/config.js
15945 * skins/common/feed.css
15946 * skins/common/IEFixes.js
15947 * skins/common/oldshared.css
15948 * skins/common/protect.js
15949 * skins/common/shared.css
15950 * skins/common/upload.js
15951 * skins/common/wikibits.js
15952 * skins/common/images/add.png
15953 * skins/common/images/ajax-loader.gif
15954 * skins/common/images/arrow_disabled_first_25.png
15955 * skins/common/images/arrow_disabled_last_25.png
15956 * skins/common/images/arrow_disabled_left_25.png
15957 * skins/common/images/arrow_disabled_right_25.png
15958 * skins/common/images/arrow_first_25.png
15959 * skins/common/images/arrow_last_25.png
15960 * skins/common/images/arrow_left_25.png
15961 * skins/common/images/arrow_right_25.png
15962 * skins/common/images/Arr_.png
15963 * skins/common/images/Arr_d.png
15964 * skins/common/images/Arr_l.png
15965 * skins/common/images/Arr_r.png
15966 * skins/common/images/Arr_u.png
15967 * skins/common/images/bullet.gif
15968 * skins/common/images/button_bold.png
15969 * skins/common/images/button_extlink.png
15970 * skins/common/images/button_headline.png
15971 * skins/common/images/button_hr.png
15972 * skins/common/images/button_image.png
15973 * skins/common/images/button_italic.png
15974 * skins/common/images/button_link.png
15975 * skins/common/images/button_media.png
15976 * skins/common/images/button_nowiki.png
15977 * skins/common/images/button_sig.png
15978 * skins/common/images/button_template.png
15979 * skins/common/images/cc-0.png
15980 * skins/common/images/cc-by-nc-sa.png
15981 * skins/common/images/cc-by-sa.png
15982 * skins/common/images/cc-by.png
15983 * skins/common/images/Checker-16x16.png
15984 * skins/common/images/closewindow.png
15985 * skins/common/images/closewindow19x19.png
15986 * skins/common/images/critical-32.png
15987 * skins/common/images/diffunderline.gif
15988 * skins/common/images/download-32.png
15989 * skins/common/images/feed-icon.png
15990 * skins/common/images/feed-icon.svg
15991 * skins/common/images/gnu-fdl.png
15992 * skins/common/images/help-question-hover.gif
15993 * skins/common/images/help-question.gif
15994 * skins/common/images/info-32.png
15995 * skins/common/images/link_icon.gif
15996 * skins/common/images/magnify-clip-rtl.png
15997 * skins/common/images/magnify-clip.png
15998 * skins/common/images/mediawiki.png
15999 * skins/common/images/nextredirectltr.png
16000 * skins/common/images/nextredirectrtl.png
16001 * skins/common/images/poweredby_mediawiki_88x31.png
16002 * skins/common/images/public-domain.png
16003 * skins/common/images/question-small.png
16004 * skins/common/images/question.svg
16005 * skins/common/images/redirectltr.png
16006 * skins/common/images/redirectrtl.png
16007 * skins/common/images/remove.png
16008 * skins/common/images/spinner.gif
16009 * skins/common/images/tick-32.png
16010 * skins/common/images/tipsy-arrow.gif
16011 * skins/common/images/tooltip_icon.png
16012 * skins/common/images/warning-32.png
16013 * skins/common/images/wiki.png
16014 * skins/common/images/Zoom_sans.gif
16015 * skins/common/images/ar/button_bold.png
16016 * skins/common/images/ar/button_headline.png
16017 * skins/common/images/ar/button_italic.png
16018 * skins/common/images/ar/button_link.png
16019 * skins/common/images/ar/button_nowiki.png
16020 * skins/common/images/be-tarask/button_bold.png
16021 * skins/common/images/be-tarask/button_italic.png
16022 * skins/common/images/be-tarask/button_link.png
16023 * skins/common/images/cyrl/button_bold.png
16024 * skins/common/images/cyrl/button_italic.png
16025 * skins/common/images/cyrl/button_link.png
16026 * skins/common/images/de/button_bold.png
16027 * skins/common/images/de/button_italic.png
16028 * skins/common/images/fa/button_bold.png
16029 * skins/common/images/fa/button_headline.png
16030 * skins/common/images/fa/button_italic.png
16031 * skins/common/images/fa/button_link.png
16032 * skins/common/images/fa/button_nowiki.png
16033 * skins/common/images/icons/fileicon-c.png
16034 * skins/common/images/icons/fileicon-cpp.png
16035 * skins/common/images/icons/fileicon-deb.png
16036 * skins/common/images/icons/fileicon-djvu.png
16037 * skins/common/images/icons/fileicon-djvu.xcf
16038 * skins/common/images/icons/fileicon-dvi.png
16039 * skins/common/images/icons/fileicon-exe.png
16040 * skins/common/images/icons/fileicon-h.png
16041 * skins/common/images/icons/fileicon-html.png
16042 * skins/common/images/icons/fileicon-iso.png
16043 * skins/common/images/icons/fileicon-java.png
16044 * skins/common/images/icons/fileicon-mid.png
16045 * skins/common/images/icons/fileicon-mov.png
16046 * skins/common/images/icons/fileicon-o.png
16047 * skins/common/images/icons/fileicon-ogg.png
16048 * skins/common/images/icons/fileicon-ogg.xcf
16049 * skins/common/images/icons/fileicon-pdf.png
16050 * skins/common/images/icons/fileicon-ps.png
16051 * skins/common/images/icons/fileicon-psd.png
16052 * skins/common/images/icons/fileicon-rm.png
16053 * skins/common/images/icons/fileicon-rpm.png
16054 * skins/common/images/icons/fileicon-svg.png
16055 * skins/common/images/icons/fileicon-tar.png
16056 * skins/common/images/icons/fileicon-tex.png
16057 * skins/common/images/icons/fileicon-ttf.png
16058 * skins/common/images/icons/fileicon-txt.png
16059 * skins/common/images/icons/fileicon.png
16060 * skins/common/images/ksh/button_S_italic.png
16064 == MediaWiki 1.23.17 ==
16066 === Changes since 1.23.16 === <!--T:69-->
16067 * Fix syntax errors introduced in 1.23.16 when running PHP 5.3.
16069 == MediaWiki 1.23.16 ==
16070 This is a security and maintenance release of the MediaWiki 1.23 branch.
16072 === Changes since 1.23.15 ===
16073 * (T68404) CSS3 attr() function with url type is no longer allowed
16075 * (T156184) $wgRawHtml will no longer apply to internationalization messages.
16076 * Submitting the lgtoken and lgpassword parameters in the query string to
16077 action=login is now deprecated and outputs a warning. They should be submitted
16078 in the POST body instead.
16079 * (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow
16080 redirect to interwiki links.
16081 * (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
16082 $wgAdvancedSearchHighlighting is true.
16083 * (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
16084 their values out of the logs.
16085 * (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a
16087 * (T156184) SECURITY: Escape content model/format url parameter in message.
16088 * (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
16090 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
16091 inclusion syntax's link parameter.
16092 * (T108138) SECURITY: Sysops can undelete pages, although the page is protected
16095 == MediaWiki 1.23.15 ==
16097 This is a maintenance release of the MediaWiki 1.23 branch.
16099 === Changes since 1.23.14 ===
16100 * BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
16101 made by MediaWiki via a proxy. Relying on the http_proxy environment
16102 variable is no longer supported.
16103 * (T139565) SECURITY: API: Generate head items in the context of the given title
16104 * (T137264) SECURITY: XSS in unclosed internal links
16105 * (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
16106 * (T133147) SECURITY: Require login to preview user CSS pages
16107 * (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
16109 * (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
16111 * (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
16112 * (T115333) SECURITY: Check read permission when loading page content in
16114 * Remove support for $wgWellFormedXml = false, all output is now well formed
16116 == MediaWiki 1.23.13 ==
16118 This is a maintenance release of the MediaWiki 1.23 branch.
16120 === Changes since 1.23.12 ===
16121 * (T121892) Fix fatal errors on some Special pages, introduced in 1.23.12.
16123 == MediaWiki 1.23.12 ==
16125 This is a security and maintenance release of the MediaWiki 1.23 branch.
16127 === Changes since 1.23.11 ===
16128 * (T117899) SECURITY: $wgArticlePath can no longer be set to relative paths
16129 that do not begin with a slash. This enabled trivial XSS attacks.
16130 Configuration values such as "http://my.wiki.com/wiki/$1" are fine, as are
16131 "/wiki/$1". A value such as "$1" or "wiki/$1" is not and will now throw an
16133 * (T119309) SECURITY: Use hash_compare() for edit token comparison
16134 * (T118032) SECURITY: Don't allow cURL to interpret POST parameters starting
16135 with '@' as file uploads
16136 * (T115522) SECURITY: Passwords generated by User::randomPassword() can no
16137 longer be shorter than $wgMinimalPasswordLength
16138 * (T97897) SECURITY: Improve IP parsing and trimming. Previous behavior could
16139 result in improper blocks being issued
16140 * (T109724) SECURITY: Special:MyPage, Special:MyTalk, Special:MyContributions
16141 and related pages no longer use HTTP redirects and are now redirected by
16144 == MediaWiki 1.23.11 ==
16146 This is a security and maintenance release of the MediaWiki 1.23 branch.
16148 === Changes since 1.23.10 ===
16150 * (T91850) SECURITY: Add throttle check in ApiUpload and SpecialUpload
16151 * (T91203, T91205) SECURITY: API: Improve validation in chunked uploading
16152 * (T108616) SECURITY: Avoid exposure of local path in PNG thumbnails
16154 == MediaWiki 1.23.10 ==
16156 This is a security and maintenance release of the MediaWiki 1.23 branch.
16158 === Changes since 1.23.9 ===
16160 * (T94116) SECURITY: Compare API watchlist token in constant time
16161 * (T97391) SECURITY: Escape error message strings in thumb.php
16162 * (T106893) SECURITY: Don't leak autoblocked IP addresses on
16163 Special:DeletedContributions
16164 * (bug 67644) Make AutoLoaderTest handle namespaces
16165 * (T91653) Minimal PSR-3 debug logger to support backports from 1.25+.
16166 * (T102562) Fix InstantCommons parameters to handle the new HTTPS-only
16167 policy of Wikimedia Commons.
16169 == MediaWiki 1.23.9 ==
16171 This is a security and maintenance release of the MediaWiki 1.23 branch.
16173 === Changes since 1.23.8 ===
16175 * (T85848, T71210) SECURITY: Don't parse XMP blocks that contain XML entities,
16176 to prevent various DoS attacks.
16177 * (T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce
16179 * (T88310) SECURITY: Always expand xml entities when checking SVG's.
16180 * (T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS.
16181 * (T85855) SECURITY: Don't execute another user's CSS or JS on preview.
16182 * (T85349, T85850, T86711) SECURITY: Multiple issues fixed in SVG filtering to
16183 prevent XSS and protect viewer's privacy.
16184 * (bug T68650) Fix indexing of moved pages with PostgreSQL. Requires running
16186 * (bug T70087) Fix Special:ActiveUsers page for installations using
16189 == MediaWiki 1.23.8 ==
16191 This is a security and maintenance release of the MediaWiki 1.23 branch.
16193 === Changes since 1.23.7 ===
16195 * (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
16196 could lead to xss. Permission to edit MediaWiki namespace is required to
16198 * (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in
16199 $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as
16201 * (bug T74222) The original patch for T74222 was reverted as unnecessary.
16203 == MediaWiki 1.23.7 ==
16205 This is a security and maintenance release of the MediaWiki 1.23 branch.
16207 === Changes since 1.23.6 ===
16209 * (bugs 66776, 71478) SECURITY: User PleaseStand reported a way to inject code
16210 into API clients that used format=php to process pages that underwent flash
16211 policy mangling. This was fixed along with improving how the mangling was done
16212 for format=json, and allowing sites to disable the mangling using
16213 $wgMangleFlashPolicy.
16214 * (bug 70901) SECURITY: User Jackmcbarn reported that the ability to update
16215 the content model for a page could allow an unprivileged attacker to edit
16216 another user's common.js under certain circumstances. The user right
16217 "editcontentmodel" was added, and is needed to change a revision's content
16219 * (bug 71111) SECURITY: User PleaseStand reported that on wikis that allow raw
16220 HTML, it is not safe to preview wikitext coming from an untrusted source such
16221 as a cross-site request. Thus add an edit token to the form, and when raw HTML
16222 is allowed, ensure the token is provided before showing the preview. This
16223 check is not performed on wikis that both allow raw HTML and anonymous
16224 editing, since there are easier ways to exploit that scenario.
16225 * (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with
16226 DELETED_ACTION. NOTICE: this may be reverted in a future release pending a
16227 public RFC about the desired functionality. This issue was reported by user
16229 * (bug 71621) Make allowing site-wide styles on restricted special pages a
16231 * (bug 42723) Added updated version history from 1.19.2 to 1.22.13
16232 * $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that
16233 might be a flash policy directive configurable.
16235 == MediaWiki 1.23.6 ==
16237 This is a maintenance release of the MediaWiki 1.23 branch.
16239 === Changes since 1.23.5 ===
16240 * (Bug 72274) Job queue not running (HTTP 411) due to missing
16241 Content-Length: header
16242 * (Bug 67440) Allow classes to be registered properly from installer
16244 == MediaWiki 1.23.5 ==
16246 This is a security release of the MediaWiki 1.23 branch.
16248 === Changes since 1.23.4 ===
16249 * (bug 70672) SECURITY: OutputPage: Remove separation of css and js module
16252 == MediaWiki 1.23.4 ==
16254 This is a security and maintenance release of the MediaWiki 1.23 branch.
16256 === Changes since 1.23.3 ===
16258 * (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style>
16259 elements; normalize style elements and attributes before filtering; add
16260 checks for attributes that contain css; add unit tests for html5sec and
16262 * (bug 65998) Make MySQLi work with non-standard socket.
16263 * (bug 66986) GlobalVarConfig shouldn't throw exceptions for null-valued config
16266 == MediaWiki 1.23.3 ==
16268 This is a maintenance release of the MediaWiki 1.23 branch.
16270 === Changes since 1.23.2 ===
16272 * (bug 68501) Correctly handle incorrect namespace in cleanupTitles.php.
16273 * (bug 64970) Fix support for blobs on DatabaseOracle::update.
16274 * (bug 66574) Display MediaWiki:Loginprompt on the login page.
16275 * (bug 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes.
16276 * (bug 60629) Handle invalid language code gracefully in
16277 Language::fetchLanguageNames.
16278 * (bug 62017) Restore the number of rows shown on Special:Watchlist.
16279 * Check for boolean false result from database query in SqlBagOStuff.
16281 == MediaWiki 1.23.2 ==
16283 This is a security and maintenance release of the MediaWiki 1.23 branch.
16285 === Changes since 1.23.1 ===
16287 * (bug 68187) SECURITY: Prepend jsonp callback with comment.
16288 * (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used
16289 for loading a new page in Javascript,instead of relying on the URL in the link
16290 that has been clicked.
16291 * (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and
16293 * (bug 68313) Preferences: Turn stubthreshold back into a combo box.
16294 * (bug 65214) Fix initSiteStats.php maintenance script.
16295 * (bug 67594) Special:ActiveUsers: Fix to work with PostgreSQL.
16297 == MediaWiki 1.23.1 ==
16299 This is a security and maintenance release of the MediaWiki 1.23 branch.
16301 === Changes since 1.23.0 ===
16303 * (bug 65839) SECURITY: Prevent external resources in SVG files.
16304 * (bug 67025) Special:Watchlist: Don't try to render empty row.
16305 * (bug 66922) Don't allow some E_NOTICE messages to end up in the
16307 * (bug 66467) FileBackend: Avoid using popen() when "parallelize" is disabled.
16308 * (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects
16309 like only extracting the tail of the file partially or not at all.
16310 * (bug 66182) Removed -x flag on some php files.
16312 == MediaWiki 1.23.0 ==
16314 === Configuration changes in 1.23 ===
16315 * (bug 13250) Restored method for clearing a watchlist in web UI
16316 so that users with large watchlists don't have to perform
16317 contortions to clear them.
16318 * When $wgJobRunRate is higher than zero, jobs are now executed via an
16319 asynchronous HTTP request to a MediaWiki entry point. This may require
16320 increasing the number of server worker threads. $wgRunJobsAsync has been
16321 added to disable this feature if needed, falling back to executing the job
16322 on the same process but making the execution synchronously.
16323 * $wgDebugLogGroups values may be set to an associative array with a
16324 'destination' key specifying the log destination. The array may also contain
16325 a 'sample' key with a positive integer value N indicating that the log group
16326 should be sampled by dispatching one in every N messages on average. The
16327 sampling is random.
16328 * In addition to the current exception log format, MediaWiki now serializes
16329 exception metadata to JSON and logs it to the 'exception-json' log group.
16330 This makes MediaWiki easier to integrate with log aggregation and analysis
16332 * $wgSquidServersNoPurge now supports the use of Classless Inter-Domain
16333 Routing (CIDR) notation to specify contiguous blocks of IPv4 and/or IPv6
16334 addresses that should be trusted to provide X-Forwarded-For headers.
16335 * Preferences 'watchcreations', 'watchdefault', 'enotifwatchlistpages' ("Add
16336 pages I create and files I upload to my watchlist", "Add pages and files I
16337 edit to my watchlist", "Email me when a page or file on my watchlist is
16338 changed") are now enabled by default. In addition new user accounts' personal
16339 and talk pages are now watched by them by default.
16340 * $wgLBFactoryConf: Class names have had underscores removed. The configuration
16341 should be updated if LBFactory_Simple or LBFactory_Multi is configured.
16342 * $wgPasswordSenderName has been removed and is no longer functional. To set a
16343 custom mailer name, the system message 'emailsender' should be modified
16344 (default: "{{SITENAME}}").
16345 * (bug 63269) Email notifications were not correctly handling the
16346 [[MediaWiki:Helppage]] message being set to a full URL (the default).
16347 If you customized [[MediaWiki:Enotif body]] (the text of email notifications),
16348 you'll need to edit it locally to include the URL via the new variable
16349 $HELPPAGE instead of the parser functions fullurl and canonicalurl; otherwise
16350 you don't have to do anything.
16351 * $wgDBAhandler was removed as the only class using it was also removed
16352 * The 'max threads' setting was removed from $wgDBservers.
16353 * Support for AdminSettings.php has been completely removed. All configuration
16354 belongs in LocalSettings.php.
16355 * $wgSkipSkin, which has been replaceable by $wgSkipSkins since 2005 (r9249), is
16356 now formally deprecated.
16357 * Removed deprecated $wgDisabledActions as it is hardly used anywhere.
16358 * $wgRateLimitLog has been deprecated and replaced by
16359 $wgDebugLogGroup['ratelimit'].
16360 * $wgLocalInterwikis is an array containing multiple local interwiki prefixes
16361 (interwiki prefixes that point back to the current wiki). This effectively
16362 allows more than one value of $wgLocalInterwiki to be specified and
16363 understood by the parser. The value of $wgLocalInterwiki is automatically
16364 prepended to the start of this array.
16365 * $wgQueryPages has been removed. Query Pages should be added to by using the
16367 * $wgHttpOnlyBlacklist has been removed.
16368 * $wgLicenseTerms has been removed as it was unused.
16369 * $wgProfileOnly is now deprecated; set the log file in
16370 $wgDebugLogGroups['profileoutput'] to replace it.
16371 * $wgMaxBacklinksInvalidate was removed; use $wgJobBackoffThrottling instead
16372 * Deprecated ResourceLoaderGetStartupModules hook.
16374 === New features in 1.23 ===
16375 * ResourceLoader can utilize the Web Storage API to cache modules client-side.
16376 Compared to the browser cache, caching in Web Storage allows ResourceLoader
16377 to be more granular about evicting stale modules from the cache while
16378 retaining the ability to retrieve multiple modules in a single HTTP request.
16379 This capability can be enabled by setting $wgResourceLoaderStorageEnabled to
16380 true. This feature is currently considered experimental and should only be
16382 * (bug 6092) Add expensive parser functions {{REVISIONID:}}, {{REVISIONUSER:}}
16383 and {{REVISIONTIMESTAMP:}} (with friends).
16384 * Add "wgRelevantUserName" to mw.config containing the current
16385 Skin::getRelevantUser value.
16386 * (bug 56033) Add content model to the page information.
16387 * Added Article::MissingArticleConditions hook to give extensions a chance to
16388 hide their (unrelated) log entries.
16389 * Added LonelyPagesQuery hook to let extensions modify the query used to
16390 generate Special:LonelyPages.
16391 * Added $wgOpenSearchDefaultLimit defining the default number of entries to show
16392 on action=opensearch API call.
16393 * For namespaces with $wgNamespaceProtection (including the MediaWiki
16394 namespace), the "protect" tab will be shown only if there are restriction
16395 levels available that would restrict editing beyond what
16396 $wgNamespaceProtection already applies. The protection form will offer only
16397 those protection levels.
16398 * Added $wgAPIFormatModules, allowing extensions to add additional output
16399 formatting modules for the API.
16400 * (bug 47812) The MediaWiki:Group-user.{css,js} pages can now be used to add
16401 custom CSS or JavaScript enabled only for registered users.
16402 * (bug 52005) Special pages RecentChanges, RecentChangesLinked and Watchlist
16403 now include a legend describing the symbols used in lists of changes.
16404 * Improved the accessibility of the tabs in Special:Preferences.
16405 * Added ApiBeforeMain hook, roughly equivalent to the BeforeInitialize hook:
16406 it's called after everything is set up but before any major processing
16408 * The jquery.client module now performs a component-wise version comparison in
16409 its #test method when strings are used in the browser map: version '1.10' is
16410 now correctly considered larger than '1.2'. Using numbers in the version map
16412 * All API modules now support an assert parameter, which can either be
16413 'user' or 'bot'. The API will throw an error if the user is not logged
16414 in (user) or does not have the 'bot' userright (bot). Based off of the
16415 AssertEdit extension by Steve Sanbeg.
16416 * [[Special:Diff]] was added, allowing users to create internal links to
16417 revision comparison pages using syntax such as [[Special:Diff/12345]],
16418 [[Special:Diff/12345/prev]] or [[Special:Diff/12345/98765]].
16419 * New user accounts' personal and talk pages are now watched by them by default.
16420 * Added SkinTemplateGetLanguageLink hook to allow changing the html of language
16422 * Added MessageCache::get hook as a new way to customize messages across
16424 * Added jquery.throttle-debounce ResourceLoader module to limit the number of
16425 callbacks for frequently occurring events.
16426 * Special:ProtectedPages shows now a table. The timestamp, the reason and
16427 the protecting user are also shown.
16428 * Added experimental support for using Microsoft SQL Server as the database
16430 ** Added new Microsoft SQL Server-specific configuration variable
16431 $wgDBWindowsAuthentication, which makes the web server authenticate against
16432 the database server using Integrated Windows Authentication instead of
16433 $wgDBuser/$wgDBpassword.
16434 * HTMLForm 'select', 'selectandother', 'selectorother', 'multiselect', and
16435 'radio' fields can now use message keys as labels via the 'options-messages'
16436 parameter, which overrides the 'options' parameter.
16437 * Admins can expire users passwords manually, or on a schedule using the
16438 $wgPasswordExpirationDays configuration setting.
16439 * Add new hook SendWatchlistEmailNotification, this will be used to determine
16440 whether to send a watchlist email notification.
16441 * (bug 42026) Special:Contributions now includes an option to filter page
16442 creations, similar to the topOnly option.
16443 * Add mediawiki.ui.button styling to all pages so wiki content can use styled
16445 * Special:UserLogin/signup now does AJAX checks for invalid and taken usernames,
16446 displaying the error live.
16447 * Added BaseTemplateAfterPortlet hook to allow injecting html after portlets in
16449 * Support has been added for a JSON based localisation file format. The
16450 installer has been updated to use it.
16451 * Changes to content typography (colors, line-height etc.). See
16452 https://www.mediawiki.org/wiki/Typography_refresh for further information.
16453 * The Vector skin's visual treatment of external links has been simplified to a
16454 single icon (from nine). This should not affect local rules unless they were
16455 re-using these icons, which have now been deleted.
16456 * ResourceLoader: mw.loader.using() now implements a Promise interface.
16457 * Add new hook ChangesListInitRows accessed via
16458 ChangesList::initChangesListRows.
16459 If called by the ChangesList consumer this gives extensions a chance to batch
16460 process the result set prior to rendering.
16461 * A PoolCounterRedis class was added which can be make use of in
16462 $wgPoolCounterConf. This requires at least one Redis 2.6+ server.
16463 * $wgProfileToDatabase was removed. Set $wgProfiler to ProfilerSimpleDB
16464 in StartProfiler.php instead of using this.
16465 * (bug 63444) Made it possible to change the indent string (default: 4 spaces)
16466 used by FormatJson::encode().
16468 === Bug fixes in 1.23 ===
16469 * (bug 41759) The "updated since last visit" markers (on history pages, recent
16470 changes and watchlist) and the talk page message indicator are now correctly
16471 updated when the user is viewing old revisions of pages, instead of always
16472 acting as if the latest revision was being viewed.
16473 * (bug 56443) Special:ConfirmEmail no longer shows a "Mail a confirmation code"
16474 when the email address is already confirmed. Also, consistently use
16475 "confirmed", rather than "authenticated", when messaging whether or not the
16476 user has confirmed an email address.
16477 * (bug 19415) action=render no longer shows section edit links. This affects
16478 behavior of several other features where (bogus) section edit links will
16479 disappear, such as file description pages loaded via $wgUseInstantCommons or
16480 pages transcluded cross-wiki via $wgEnableScaryTranscluding.
16481 * (bug 56912) Show correct link color on cached result of Special:DeadendPages.
16482 * Classes TitleListDependency and TitleDependency have been removed, as they
16483 have been found unused in core and extensions for a long time.
16484 * (bug 57098) SpecialPasswordReset now obeys returnto parameter
16485 * (bug 37812) ResourceLoader will notice when a module's definition changes and
16486 recompile it accordingly.
16487 * (bug 57201) SpecialRecentChangesFilters hook is now executed for feeds.
16488 * (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages
16489 to appear blank or with missing text.
16490 * (bug 56931) Updated the plural rules to CLDR 24. They are in new format
16491 which is detailed in UTS 35 Rev 33. The PHP parser and evaluator as well as
16492 the JavaScript evaluator were updated to support the new format. Plural rules
16493 for some languages have changed, most notably Russian. Affected software
16494 messages have been updated and marked for review at translatewiki.net.
16495 * (bug 23542) imagelinks now stores both the redirect and target (as
16496 templatelinks does).
16497 * (bug 58167) The web installer no longer throws an exception when PHP is
16498 compiled without support for MySQL yet with support for another DBMS.
16499 * (bug 56199) Raw option of parser functions must now match complete word,
16501 * (bug 60543) Special:PrefixIndex forgot stripprefix=1 for "Next page" link
16502 * (bug 29762) Undoing an already-undone edit will now display an appropriate
16503 message instead of leading the user to make a null edit.
16504 * (bug 52659) mediawiki.notification: Notification area remained visible when
16505 empty and thus was stealing pointer events from links on the page.
16506 * (bug 26811) When a DBUnexpectedError occurs, DB server hostnames are now
16507 hidden unless $wgShowExceptionDetails is true, and $wgShowDBErrorBacktrace
16508 no longer applies in such cases.
16509 * (bug 60960) Avoid doing file_exist() checks on data: URIs, as they cause
16510 warnings to be printed on Windows due to large path length.
16511 * (bug 48084) Fixed a bug in the installer that could cause $wgLogo to hold
16512 the wrong path to the placeholder logo (skins/common/images/wiki.png).
16513 * (bug 64289) jquery.textSelection: Don't throw errors on empty collections.
16515 === Web API changes in 1.23 ===
16516 * (bug 54884) action=parse&prop=categories now indicates hidden and missing
16518 * action=query&meta=filerepoinfo now returns additional information for each
16520 * action=parse&prop=languageshtml was deprecated in 1.18 and will be removed in
16522 * action=parse now has disabletoc flag to disable table of contents in output.
16523 * (bug 25702) list=allcategories, list=allimages, list=alllinks, list=allpages,
16524 list=deletedrevs and list=filearchive did not handle case-sensitivity
16525 properly for all parameters.
16526 * ApiQueryBase::titlePartToKey allows an extra parameter that indicates the
16527 namespace in order to properly capitalize the title part.
16528 * (bug 57874) action=feedcontributions no longer has one item more than limit.
16529 * All API modules now support an assert parameter. See the new features section
16531 * Added prop=contributors to fetch the list of contributors to the page.
16532 * The following API modules will now return entries where fields have been
16533 revision-deleted: list=deletedrevs, list=filearchive, list=recentchanges,
16534 list=watchlist. "hidden" indicators will be included, in the same style as is
16535 already done for prop=revisions.
16536 * The following API modules will now return the content of revision-deleted
16537 fields, in addition to the "hidden" indicators, if the querying user has the
16538 necessary rights: list=logevents, list=usercontribs, prop=imageinfo,
16540 * The above modules, where applicable, will now return entries filtered by
16541 revision-deleted fields if the querying user has the necessary rights. For
16542 example, prop=revisions with rvuser or rvexcludeuser will no longer skip
16543 revisions where the user was revision-deleted if the current user has the
16544 deletedhistory right.
16545 * The 'hideuser' right, used when blocking, is no longer necessary or
16546 sufficient for seeing contributions with revision-deleted in
16548 * list=watchlist now uses the querying user's rights rather than the wlowner's
16549 rights when checking whether wlprop=patrol is allowed.
16550 * (bug 32151) ApiWatch now has pageset capabilities (titles/pageids/generators).
16551 Title parameter is now deprecated.
16552 * (bug 23005) Added action=revisiondelete.
16553 * Added siprop=restrictions to API action=query&meta=siteinfo for querying
16554 possible page restriction (protection) levels and types.
16555 * Added prop 'limitreportdata' and 'limitreporthtml' to action=parse.
16556 * (bug 58627) Provide language names on action=parse&prop=langlinks.
16557 * Deprecated llurl= in favour of llprop=url for action=query&prop=langlinks.
16558 * Added llprop=langname and llprop=autonym for action=query&prop=langlinks.
16559 * prop=redirects is added, to return redirects to the pages in the query.
16560 * list=allredirects is added, to list all redirects pointing to a namespace.
16561 * (bug 42026) Added ucshow={new,!new,top,!top} to list=usercontribs.
16562 Also added newonly to action=feedcontributions.
16563 * (bug 42026) Deprecated uctoponly in favor of ucshow=top.
16564 * list=search no longer has a "srredirects" parameter. Redirects are now
16565 included in all searches.
16566 * Added list=prefixsearch that works like action=opensearch but can be used as
16568 * (bug 24782) Various modules will now use unique continuation parameters.
16569 * (bug 63249) Cache RecentChanges Atom feed in varnish for 15 seconds.
16571 === Languages updated in 1.23 ===
16573 MediaWiki supports over 350 languages. Many localisations are updated
16574 regularly. Below only new and removed languages are listed, as well as
16575 changes to languages because of Bugzilla reports.
16577 * Support was added for Algerian Spoken Arabic (arq).
16578 * Support was added for Riograndenser Hunsrückisch (hrx).
16579 * Support was added for Northern Luri (lrc).
16581 === Other changes in 1.23 ===
16582 * The rc_type field in the recentchanges table has been superseded by a new
16583 rc_source field. The rc_source field is a string representation of the
16584 change type where rc_type was a numeric constant. This field is not yet
16585 queried but will be in a future release.
16586 ** Utilize update.php to create and populate this new field. On larger wikis
16587 which do not wish to update recentchanges table in one large update please
16588 review the SQL and comments in maintenance/archives/patch-rc_source.sql.
16589 ** The rc_type field of recentchanges will be deprecated in a future release.
16590 * The global variable $wgArticle has been removed after a lengthy deprecation.
16591 * The global functions addButton and insertTags (for mw.toolbar.addButton and
16592 mw.toolbar.insertTags) now emits mw.log.warn when accessed.
16593 * The ExpandTemplates extension has been moved into MediaWiki core.
16594 * (bug 52812) Removed "Disable search suggestions" from Preference.
16595 * (bug 52809) Removed "Disable browser page caching" from Preference.
16596 * Three new modules intended for use by custom skins were added:
16597 'mediawiki.skinning.elements', 'mediawiki.skinning.content', and
16598 'mediawiki.skinning.interface', representing three levels of standard
16599 MediaWiki styling. Previously skin creators wishing to use them had to refer
16600 to the file names of appropriate files directly, which is now discouraged.
16601 * The modules 'skins.vector' and 'skins.monobook' have been renamed to
16602 'skins.vector.styles' and 'skins.monobook.styles', respectively,
16603 and their definition was changed not to include the common*.css files;
16604 the two skins now load the 'mediawiki.skinning.interface' module instead.
16605 * A page_links_updated field has been added to the page table.
16606 * SpecialPage::getTitle has been deprecated in favor of
16607 SpecialPage::getPageTitle.
16608 * BREAKING CHANGE: Two potentially backwards-incompatible changes have been made
16609 to the 'SpecialWatchlistQuery' hook's last parameter (array $values) to make
16610 the hook more consistent with the 'SpecialRecentChangesQuery' one:
16611 ** Several array keys have been renamed: hideMinor → hideminor,
16612 hideBots → hidebots, hideAnons → hideanons, hideLiu → hideliu,
16613 hidePatrolled → hidepatrolled, hideOwn → hidemyself.
16614 ** The parameter value is now a FormOptions object, not a plain array (array
16615 access operators should continue to work, as it implements the ArrayAccess
16617 * Option to mark hooks as deprecated has been added.
16618 * (bug 52811) Preference "Enable section editing via [edit] links" was removed.
16619 * (bug 52813) Preference "Show table of contents (for pages with more than
16620 3 headings)" was removed.
16621 * (bug 52810) Preference "Justify paragraphs" was removed.
16622 * OutputPage::showErrorPage raises a notice if arguments are incoherent.
16623 * Thumbnails that keep failing to render in thumb.php will be rate-limited
16624 against further render attempts for 1 hour. $wgAttemptFailureEpoch can be
16625 altered to reset all rate-limited thumbnails at once.
16626 * (bug 56572) Builds of the OOjs and OOjs UI libraries are now available.
16627 * mw.loader.go and mw.loader.version have been removed.
16628 * (bug 52815) Preference "Enable simplified search bar (Vector skin only)"
16630 * A user_password_expires column has been added to the user table. The User
16631 object expects this column to exist. Use update.php to create this new field.
16632 * The jquery.delayedBind ResourceLoader module was deprecated in favor of the
16633 jquery.throttle-debounce module. It will be removed in MediaWiki 1.24.
16634 * mw.user.bucket has been deprecated.
16635 * On Special:PrefixIndex, a table#mw-prefixindex-list-table was changed to
16636 table.mw-prefixindex-list-table to avoid duplicate ids when the special page
16638 * (bug 62198) window.$j has been deprecated.
16639 * Preference "Disable link title conversion" was removed.
16640 * SpecialRecentChanges no longer includes any functionality for generating feeds
16641 - it has been factored out to ApiFeedRecentChanges. Old URLs redirect to new
16643 * RecentChange::mExtra['lang'] is no longer set and should no longer be used.
16644 Extensions should read from other configuration variables, including
16645 $wgLocalInterwikis, to identify the current wiki.
16646 * Sections in the parser test framework have been renamed and the old
16647 section names are deprecated. Please use "!!wikitext" and "!!html"
16648 (or "!!html/php") instead of "!!input" and "!!result". This allows
16649 us to extend parser tests to accommodate additional input/output
16650 pairs, such as "!!html/parsoid" (for the output of the Parsoid
16651 parser, where it differs from the PHP parser).
16652 * Special:Search no longer has an "include redirects" option on the advanced
16653 tab. Redirects are now included in all searches.
16654 * mediawiki.api.category's getCategories() 'async' parameter was deprecated.
16655 * The locations of resources have been split between upstream libraries, now in
16656 resources/lib/, local libaries in resources/src/, and local forks of upstream
16657 libraries, also in resources/src/.
16658 * BREAKING CHANGE: The automatically-generated function closure with which
16659 ResourceLoader wraps all modules' JavaScript code now binds the identifier
16660 names 'jQuery' and '$' to the jQuery object of the version of jQuery that is
16661 bundled with MediaWiki. If you bind these names to other objects in global
16662 scope (like Zepto.js or document.querySelectorAll, for example) you will need
16663 to use different names to or re-bind them at the top of each
16664 ResourceLoader-loaded module.
16665 * (bug 52342) Preference "Remember my login" was removed.
16666 * The skin autodiscovery mechanism has been deprecated and will be removed in
16667 MediaWiki 1.25. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery
16668 for migration guide for creators and users of custom skins that relied on it.
16670 ==== Removed classes ====
16671 * FakeMemCachedClient (deprecated in 1.18)
16672 * RdfMetaData (unused)
16673 * TitleDependency (unused)
16674 * TitleListDependency (unused)
16675 * WikiError (deprecated in 1.17)
16676 * WikiXmlError (deprecated in 1.17)
16677 * WikiErrorMsg (deprecated in 1.17)
16679 ==== Renamed classes ====
16680 * CdbReader_DBA to CdbReaderDBA
16681 * CdbReader_PHP to CdbReaderPHP
16682 * CdbWriter_DBA to CdbWriterDBA
16683 * CdbWriter_PHP to CdbWriterPHP
16684 * DiffOp_Add to DiffOpAdd
16685 * DiffOp_Change to DiffOpChange
16686 * DiffOp_Copy to DiffOpCopy
16687 * DiffOp_Delete to DiffOpDelete
16688 * HWLDF_WordAccumulator to HWLDFWordAccumulator
16689 * LBFactory_Fake to LBFactoryFake
16690 * LBFactory_Multi to LBFactoryMulti
16691 * LBFactory_Simple to LBFactorySimple
16692 * LBFactory_Single to LBFactorySingle
16693 * LCStore_Accel to LCStoreAccel
16694 * LCStore_CDB to LCStoreCDB
16695 * LCStore_DB to LCStoreDB
16696 * LCStore_Null to LCStoreNull
16697 * LoadBalancer_Single to LoadBalancerSingle
16698 * LoadMonitor_MySQL to LoadMonitorMySQL
16699 * LoadMonitor_Null to LoadMonitorNull
16700 * LocalisationCache_BulkLoad to LocalisationCacheBulkLoad
16701 * csvStatsOutput to CsvStatsOutput
16702 * extensionLanguages to ExtensionLanguages
16703 * languages to Languages
16704 * statsOutput to StatsOutput
16705 * textStatsOutput to TextStatsOutput
16706 * wikiStatsOutput to WikiStatsOutput
16708 ==== Removed methods ====
16709 * ApiBase::getValidNamespaces() (deprecated in 1.17)
16710 * ApiMain::setCachePrivate() (deprecated in 1.17)
16711 * ApiMain::setVaryCookie (deprecated in 1.17)
16712 * Article::doRedirect() (deprecated in 1.18)
16713 * Article::doUnwatch() (deprecated in 1.18)
16714 * Article::doWatch() (deprecated in 1.18)
16715 * Article::forUpdate() (deprecated in 1.18)
16716 * Article::markpatrolled() (deprecated in 1.18)
16717 * Article::unwatch() (deprecated in 1.18)
16718 * Article::watch() (deprecated in 1.18)
16719 * Block::clear() (deprecated in 1.18)
16720 * Block::decodeExpiry() (deprecated in 1.18)
16721 * Block::encodeExpiry() (deprecated in 1.18)
16722 * Block::forUpdate() (deprecated in 1.18)
16723 * Block::infinity() (deprecated in 1.18)
16724 * Block::load() (deprecated in 1.18)
16725 * Block::newFromDB() (deprecated in 1.18)
16726 * Block::normaliseRange() (deprecated in 1.18)
16727 * Block::parseExpiryInput() (deprecated in 1.18)
16728 * CategoryViewer::addSubcategory() (deprecated in 1.17)
16729 * EditPage::spamPage() (deprecated since 1.17)
16730 * Exif::getFormattedData() (deprecated in 1.18)
16731 * Exif::makeFormattedData() (deprecated in 1.18)
16732 * in_string (deprecated in 1.21)
16733 * Language::convertLinkToAllVariants() (deprecated in 1.17)
16734 * LanguageConverter::convertLinkToAllVariants() (deprecated in 1.17)
16735 * Linker::makeBrokenLink() (deprecated in 1.16)
16736 * Linker::makeBrokenLinkObj() (deprecated in 1.16)
16737 * Linker::makeColouredLinkObj() (deprecated in 1.16)
16738 * Linker::makeSizeLinkObj() (deprecated in 1.17)
16739 * MediaWiki::articleFromTitle() (deprecated in 1.18)
16740 * ParserOptions::getkin() (deprecated 1.18)
16741 * ProfilerSimple::getCpuTime (deprecated in 1.20)
16742 * Revision::revText() (deprecated in 1.17)
16743 * SkinTemplate::jstext() (deprecated in 1.21)
16744 * SpecialPage::__call() (deprecated in 1.17)
16745 * SpecialPage::executePath() (deprecated in 1.18)
16746 * SpecialPage::exists() (deprecated in 1.18)
16747 * SpecialPage::file() (deprecated in 1.18)
16748 * SpecialPage::func() (deprecated in 1.18)
16749 * SpecialPage::getGroup() (deprecated in 1.18)
16750 * SpecialPage::getPage() (deprecated in 1.18)
16751 * SpecialPage::getPageByAlias() (deprecated in 1.18)
16752 * SpecialPage::getLocalNameFor() (deprecated in 1.18)
16753 * SpecialPage::getRegularPages() (deprecated in 1.18)
16754 * SpecialPage::getRestrictedPages() (deprecated in 1.18)
16755 * SpecialPage::getTitleForAlias() (deprecated in 1.18)
16756 * SpecialPage::getUsablePages() (deprecated in 1.18)
16757 * SpecialPage::includable() (deprecated in 1.18)
16758 * SpecialPage::init()
16759 * SpecialPage::initAliasList() (deprecated in 1.18)
16760 * SpecialPage::initList() (deprecated in 1.18)
16761 * SpecialPage::name() (deprecated in 1.18)
16762 * SpecialPage::removePage() (deprecated in 1.18)
16763 * SpecialPage::resolveAlias() (deprecated in 1.18)
16764 * SpecialPage::resolveAliasWithSubpage() (deprecated in 1.18)
16765 * SpecialPage::restriction() (deprecated in 1.18)
16766 * SpecialPage::setGroup() (deprecated in 1.18)
16767 * SpecialRecentChanges::feedSetup()
16768 * SpecialRevisionDelete::extractBitField() (deprecated in 1.22)
16769 * User::getPageRenderingHash() (deprecated in 1.17)
16770 * WebRequest::getFileSize() (deprecated in 1.17)
16771 * WebRequest::isPathInfoBad() (deprecated in 1.17)
16772 * wfGenerateToken (deprecated in 1.20)
16773 * wfStreamFile (deprecated in 1.19)
16774 * wfUILang (deprecated in 1.18)
16775 * WikiPage::createUpdates() (deprecated in 1.18)
16776 * WikiPage::quickEdit() (deprecated in 1.18)
16777 * WikiPage::useParserCache() (deprecated in 1.18)
16778 * WikiPage::viewUpdates() (deprecated in 1.18)
16780 ==== Removed globals ====
16781 * $wgBetterDirectionality (deprecated in 1.18)
16785 == MediaWiki 1.22.15 ==
16787 This is a security and maintenance release of the MediaWiki 1.22 branch.
16789 === Changes since 1.22.14 ===
16791 * (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
16792 could lead to xss. Permission to edit MediaWiki namespace is required to
16794 * (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in
16795 $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as
16797 * (bug T74222) The original patch for T74222 was reverted as unnecessary.
16799 == MediaWiki 1.22.14 ==
16801 This is a security and maintenance release of the MediaWiki 1.22 branch.
16803 === Changes since 1.22.13 ===
16805 * (bugs 66776, 71478) SECURITY: User PleaseStand reported a way to inject code
16806 into API clients that used format=php to process pages that underwent flash
16807 policy mangling. This was fixed along with improving how the mangling was done
16808 for format=json, and allowing sites to disable the mangling using
16809 $wgMangleFlashPolicy.
16810 * (bug 70901) SECURITY: User Jackmcbarn reported that the ability to update
16811 the content model for a page could allow an unprivileged attacker to edit
16812 another user's common.js under certain circumstances. The user right
16813 "editcontentmodel" was added, and is needed to change a revision's content
16815 * (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with
16816 DELETED_ACTION. NOTICE: this may be reverted in a future release pending a
16817 public RFC about the desired functionality. This issue was reported by user
16819 * (bug 71621) Make allowing site-wide styles on restricted special pages a
16821 * $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that
16822 might be a flash policy directive configurable.
16824 == MediaWiki 1.22.13 ==
16825 This is a maintenance release of the MediaWiki 1.22 branch.
16827 === Changes since 1.22.12 ===
16828 * (bug 67440) Allow classes to be registered properly from installer
16830 == MediaWiki 1.22.12 ==
16831 This is a security release of the MediaWiki 1.22 branch.
16833 === Changes since 1.22.11 ===
16834 * (bug 70672) SECURITY: OutputPage: Remove separation of css and js module
16837 == MediaWiki 1.22.11 ==
16838 This is a security release of the MediaWiki 1.22 branch.
16840 === Changes since 1.22.10 ===
16841 * (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style>
16842 elements; normalize style elements and attributes before filtering; add checks
16843 for attributes that contain css; add unit tests for html5sec and reported
16846 == MediaWiki 1.22.10 ==
16847 This is a maintenance release of the MediaWiki 1.22 branch.
16849 === Changes since 1.22.9 ===
16850 * (bug 64970) Fix support for blobs on DatabaseOracle::update
16851 * (bug 60719) In MediaWiki 1.22, the job queue execution on each page request
16852 was changed (Gerrit change 59797) so, instead of executing the job inside the
16853 same PHP process that's rendering the page, a new PHP cli command is spawned
16854 to execute runJobs.php in the background. It will only work if $wgPhpCli is
16855 set to an actual path or safe mode is off, otherwise, the old method will be
16857 https://www.mediawiki.org/wiki/Manual:Job_queue#Changes_in_MediaWiki_1.22
16858 for more information. This change was in earlier releases of 1.22 but was not
16859 noted here until now.
16861 == MediaWiki 1.22.9 ==
16862 This is a security and maintenance release of the MediaWiki 1.22 branch.
16864 === Changes since 1.22.8 ===
16865 * (bug 68187) SECURITY: Prepend jsonp callback with comment.
16866 * (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used
16867 for loading a new page in Javascript,instead of relying on the URL in the
16868 link that has been clicked.
16869 * (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and
16871 * (bug 59147) The img_metadata field was not being decoded from bytea into text.
16873 == MediaWiki 1.22.8 ==
16874 This is a security and maintenance release of the MediaWiki 1.22 branch.
16876 === Changes since 1.22.7 ===
16877 * (bug 65839) SECURITY: Prevent external resources in SVG files.
16878 * (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like
16879 only extracting the tail of the file partially or not at all.
16881 == MediaWiki 1.22.7 ==
16882 This is a security and maintenance release of the MediaWiki 1.22 branch.
16884 === Changes since 1.22.6 ===
16885 * (bug 65501) SECURITY: Don't parse usernames as wikitext on
16886 Special:PasswordReset.
16887 * (bug 36356) Add space between two feed links.
16888 * (bug 63269) Email notifications were not correctly handling the
16889 MediaWiki:Helppage message being set to a full URL. This is a regression from
16890 the 1.22.5 point release, which made the default value for it a URL. If you
16891 customized MediaWiki:Enotif body (the text of email notifications), you'll
16892 need to edit it locally to include the URL via the new variable $HELPPAGE
16893 instead of the parser functions fullurl and canonicalurl; otherwise you don't
16894 have to do anything.
16895 * Add missing uploadstash.us_props for PostgreSQL.
16896 * (bug 56047) Fixed stream wrapper in PhpHttpRequest.
16898 == MediaWiki 1.22.6 ==
16899 This is a security release of the MediaWiki 1.22 branch.
16901 === Changes since 1.22.5 ===
16902 * (bug 63251) SECURITY: Escape sortKey in pageInfo.
16904 == MediaWiki 1.22.5 ==
16905 This is a security and maintenance release of the MediaWiki 1.22 branch.
16907 === Changes since 1.22.4 ===
16908 * (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword.
16909 * (bug 62467) Set a title for the context during import on the cli.
16910 * Fix custom local MediaWiki:Helppage values.
16911 * mediawiki.js: Fix documentation breakage.
16912 * (bug 58153) Make MySQLi work with non standard port.
16913 * (bug 53887) Reintroduced a link to help pages in the default sidebar, that any
16914 sysop can customize by editing MediaWiki:Sidebar locally. The link now points
16915 to a mediawiki.org page which is guaranteed to exist. Nothing needs to be done
16916 on your end, but remember to adjust MediaWiki:Sidebar for the needs of your
16917 wikis. Everyone can help with the shared documentation by translating:
16918 https://www.mediawiki.org/wiki/Special:Translate/agg-Help_pages .
16919 * (bug 53888) Corrected a regression in 1.22 which introduced red links on the
16920 login page. If you previously installed 1.22.x and have created a local page
16921 to make the red link blue, write its title as in MediaWiki:helplogin-url if
16922 you didn't already. Otherwise, you don't need to do anything, but you can
16923 translate the help page at <https://www.mediawiki.org/wiki/Help:Logging_in>.
16925 == MediaWiki 1.22.4 ==
16926 This is a maintenance release of the MediaWiki 1.22 branch.
16928 === Changes since 1.22.3 ===
16929 * Use the correct branch of the extensions' git repositories.
16931 == MediaWiki 1.22.3 ==
16932 This is a security and bugfix release of the MediaWiki 1.22 branch.
16934 === Changes since 1.22.2 ===
16935 * (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
16936 namespaces. Also disallow iframe elements. * User will get an error including
16937 the namespace name if they use a non- whitelisted namespace.
16938 * (bug 61346) SECURITY: Make token comparison use constant time. It seems like
16939 our token comparison would be vulnerable to timing attacks. This will take
16941 * (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
16942 * (bug 53710) Add sequence support for upsert in DatabaseOracle in the same way
16944 * (bug 60231, bug 58719) Various fixes to job running code in Wiki.php: Make it
16945 async on Windows. Fixed possible "invalid filename" errors on Windows.
16946 Redirect output to dev/null to avoid hanging PHP.
16947 * (bug 60083) Correct sequence name for fresh Postgres installation. Spotted by
16949 * (bug 60531) Avoid variable naming conflicts in
16950 DatabasePostgres::selectSQLText. Spotted by gebhkla
16951 * (bug 60094) Fix rebuildall.php fatal error with PostgreSQL.
16952 * (bug 43817) Add error handling if descriptionmsg isn't defined for extension.
16953 * (bug 60543) Special:PrefixIndex omits stripprefix=1 for "Next page" link.
16955 == MediaWiki 1.22.2 ==
16956 This is a security and bugfix release of the MediaWiki 1.22 branch.
16958 === Changes since 1.22.1 ===
16959 * (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media
16961 * (bug 58253) Check for very old PCRE versions in installer and updater
16962 * (bug 60054) Make WikiPage::$mPreparedEdit public
16964 == MediaWiki 1.22.1 ==
16965 This is a security and maintenance release of the MediaWiki 1.22 branch.
16967 === Changes since 1.22.0 ===
16968 * (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads
16969 * (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks
16970 * (bug 58472) SECURITY: Disallow -o-link in styles
16971 * (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads
16972 * (bug 58699) SECURITY: Fix RevDel log entry information leaks
16973 * (bug 58178) Restore compatibility with curl < 7.16.2.
16974 * (bug 56931) Updated the plural rules to CLDR 24. They are in new format which
16975 is detailed in UTS 35 Rev 33. The PHP parser and evaluator as well as the
16976 JavaScript evaluator were updated to support the new format. Plural rules for
16977 some languages have changed, most notably Russian. Affected software messages
16978 have been updated and marked for review at translatewiki.net. This change is
16979 backported from the development branch of MediaWiki 1.23.
16980 * (bug 58434) The broken installer for database backend Oracle was fixed.
16981 * (bug 58167) The web installer no longer throws an exception when PHP is
16982 compiled without support for MySQL yet with support for another DBMS.
16983 * (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to
16984 appear blank or with missing text.
16985 * (bug 47055) Changed FOR UPDATE handling in Postgresql
16986 * (bug 57026) Avoid extra parsing in prepareContentForEdit()
16988 == MediaWiki 1.22.0 ==
16990 === Configuration changes in 1.22 ===
16991 * $wgRedirectScript was removed. It was unused.
16992 * Removed $wgLocalMessageCacheSerialized, it is now always true.
16993 * $wgVectorUseIconWatch is now enabled by default.
16994 * $wgCascadingRestrictionLevels was added.
16995 * ftps, ssh, sftp, xmpp, sip, sips, tel, sms, bitcoin, magnet, urn, and geo
16996 have been whitelisted inside of $wgUrlProtocols.
16997 * $wgDocType and $wgDTD have been removed and are no longer used for the
16999 * $wgHtml5 is no longer used by core. Setting it to false will no longer disable
17000 HTML5. It is still set to true for extension compatibility but doing so in
17001 extensions is deprecated.
17002 * $wgXhtmlDefaultNamespace is no longer used by core. Setting it will no longer
17003 change the xmlns used by MediaWiki. Reliance on this variable by extensions
17005 * $wgHandheldStyle was removed.
17006 * $wgHandheldForIPhone was removed.
17007 * $wgJsMimeType is no longer used by core. Most usage has been removed since
17008 HTML output is now exclusively HTML5.
17009 * $wgDBOracleDRCP added. True enables persistent connection with DRCP on Oracle.
17010 * $wgLogAutopatrol added to allow disabling logging of autopatrol edits in the
17012 Default for $wgLogAutopatrol is true.
17013 * The 'edit' right no longer allows for editing a user's own CSS and JS.
17014 * New rights 'editmyusercss', 'editmyuserjs', 'viewmywatchlist',
17015 'editmywatchlist', 'viewmyprivateinfo', 'editmyprivateinfo', and
17016 'editmyoptions' restrict actions that were formerly allowed by default. They
17017 have been added to the default for $wgGroupPermissions['*'].
17018 * The 'editprotected' right no longer allows bypassing of all page protection
17019 restrictions. Any group using it for this purpose will now need to have all
17020 the individual rights listed in $wgRestrictionTypes for the same effect.
17021 * The 'protect' and 'autoconfirmed' rights are no longer used for the default
17022 page protection levels. The rights 'editprotected' and 'editsemiprotected'
17023 are now used for this purpose instead.
17024 * (bug 40866) wgOldChangeTagsIndex removed.
17025 * $wgNoFollowDomainExceptions now only matches entire domains. For example,
17026 an entry for 'bar.com' will still match 'foo.bar.com' but not 'foobar.com'.
17027 * $wgCopyUploadTimeout and $wgCopyUploadAsyncTimeout added to change the timeout
17028 times for fetching the file during upload by url.
17029 * New key added to $wgGalleryOptions - $wgGalleryOptions['mode'] to set
17030 default gallery mode.
17031 * New hook 'GalleryGetModes' to allow extensions to make new gallery modes.
17032 * The checkbox for staying in HTTPS displayed on the login form when
17033 $wgSecureLogin is enabled has been removed. Instead, whether the user stays in
17034 HTTPS will be determined
17035 based on the user's preferences, and whether they came from HTTPS or not.
17036 * $wgRC2UDPAddress, $wgRC2UDPInterwikiPrefix, $wgRC2UDPOmitBots, $wgRC2UDPPort,
17037 and $wgRC2UDPPrefix configuration options have been deprecated in favor of a
17038 $wgRCFeeds configuration array. $wgRCFeeds makes both the format and
17039 destination of recent change notifications customizable, and allows for
17040 multiple destinations to be specified.
17041 * (bug 53862) portal-url, currentevents-url and helppage have been removed from
17042 the default Sidebar.
17043 * The 'vector-simplesearch' preference is now enabled by default. Previously
17044 it was only enabled if the Vector extension was installed.
17045 * The precise format of metric datagrams produced by the UDP profiler and stats
17046 counter may now be specified as $wgUDPProfilerFormatString and
17047 $wgStatsFormatString, respectively.
17048 * (bug 54597) $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath, and
17049 $wgProxyMemcExpiry have been removed, along with the open proxy scanner
17050 script they were added for.
17051 * Default value of $wgMaxShellMemory has been tripled (it's now 300 MB).
17053 === New features in 1.22 ===
17054 * You can now install extensions using Composer.
17055 See https://www.mediawiki.org/wiki/Composer
17056 * (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and
17058 * (bug 33454) Language::sprintfDate now has a timezone parameter, and supports
17059 the "eIOPTZ" formatting characters.
17060 * EditWarning: A warning is shown when an editor leaves the edit form without
17061 saving (enabled by default, users can opt-out via the 'useeditwarning'
17062 preference). This feature was moved from the Vector extension, and is now part
17063 of core for all skins. Take care when upgrading that you don't use an older
17064 version of the Vector extension as this feature may conflict.
17065 * New 'mediawiki.ui' CSS module providing mw-ui-* styles for buttons and a
17066 compact vertical form layout.
17067 * HTMLForm supports a new display format 'vform' which applies this compact
17069 layout and button styling. Special:PasswordReset uses this format.
17070 * New versions of login (Special:UserLogin) and create account
17071 (Special:UserLogin/signup) forms using the "vform" compact vertical form
17072 layout. These forms use new messages that assume a "Help logging in" link, see
17073 https://www.mediawiki.org/wiki/Manual:Page_customizations;
17074 https://www.mediawiki.org/wiki/Account_creation_user_experience/Strings lists
17075 the message key changes.
17076 * (bug 23343) Implemented ability to apply IP blocks to the contents of
17077 X-Forwarded-For headers by adding a new configuration variable
17078 $wgApplyIpBlocksToXff (disabled by default).
17079 * The new hook 'APIGetPossibleErrors' to modify the list of possible errors was
17081 * (bug 25592) LogEventsList::showLogExtract() will now ignore various
17082 Pager-related WebRequest parameters by default, as this is overwhelmingly
17083 likely to be what was intended by users of the method. If any caller wishes
17084 to use these parameters, the new param 'useRequestParams' may be set to true.
17085 * mw.util.addPortletLink: Tooltip is no longer required to be plain (without
17086 an accesskey in it already). As such it now rountrips. Creating a link with a
17087 message as tooltip, grabbing the title attribute and using it to create
17088 another portlet will work as expected.
17089 * (bug 6747) {{ROOTPAGENAME}} introduced, contains the name of the topmost
17090 page without namespace.
17091 * BREAKING CHANGE: (bug 41729) Display editsection links next to headings. Also
17092 change their class name from .editsection to .mw-editsection and place them at
17093 the end of the heading element instead of the beginning. Client-side code and
17094 screen-scrapers will have to be adjusted to handle both cases (old HTML will
17095 still be visible on cached page renders until they are purged); extensions
17096 using the DoEditSectionLink or EditSectionLink hooks might need adjustments as
17098 * (bug 45535) introduced the new 'LanguageLinks' hook for manipulating the
17099 language links associated with a page before display.
17100 * Chosen (http://harvesthq.github.io/chosen/) was added as module
17102 * HTMLForm will turn multiselect checkboxes into a Chosen interface when setting
17103 cssclass 'mw-chosen'
17104 * rebuildLocalisationCache learned --lang option. Let you rebuild l10n caches
17105 of the specified languages instead of all of them.
17106 * New GetNewMessagesAlert hook allowing extensions to disable or modify the new
17108 * New wgUserNewMsgRevisionId JS global for logged in users. This will be null
17109 if the user has no new talk page messages. Otherwise it will be set to the
17110 revision ID of the oldest new talk page message. This will allow gadgets and
17111 extensions to create their own new message alerts on the client side.
17112 * mediawiki.log: Added log.warn wrapper (uses console.warn and console.trace).
17113 * mediawiki.log: Implemented log.deprecate. This method defines a property and
17114 uses ES5 getter/setter to emit a warning when they are used.
17115 * $wgCascadingRestrictionLevels was added, allowing one to specify restriction
17116 levels which can be cascading (previously 'sysop' was hard-coded as the only
17118 * XHTML5 support has been improved. If you set
17119 $wgMimeType = 'application/xhtml+xml' MediaWiki will try outputting markup
17120 according to XHTML5 rules.
17121 * Altered hook 'ProtectionForm::save', adding the reason page protection is
17122 changed as third parameter.
17123 * New hook 'TitleSquidURLs' for manipulating the list of URLs to be purged from
17124 HTTP caches when a page is changed.
17125 * Changed the patrolling system to always show the link for patrolling in case
17126 the current revision is patrollable. This also removed the usage of the rcid
17128 * Oracle DB backend now supports Database Resident Connection Pooling (DRCP).
17129 Can be enabled by setting $wgDBOracleDRCP=true.
17130 Requires Oracle DB 11gR1 or above, enabled DRCP inside the DB itself and a
17131 propper connect string.
17132 More about DRCP can be found at:
17133 https://oracle-base.com/articles/11g/database-resident-connection-pool-11gr1
17134 * Add a new parameter $patrolFooterShown to hook ArticleViewFooter so the hook
17135 handlers can take further action based on the status of the patrol footer
17136 * A new hook TitleQuickPermissions was added to allow overriding of quick
17137 permissions in the Title class.
17138 * LinkCache singleton can now be altered or cleared, letting one to specify
17139 another instance that does not rely on a database backend.
17140 * MediaWiki's PHPUnit tests can now use PHPUnit installed using composer --dev.
17141 * (bug 43689) The lists of templates used on the page and hidden categories it
17142 is a member of, shown below the edit form, are now collapsible (and collapsed
17144 * Parser profiling data, formerly only available in the "NewPP limit report"
17145 HTML comment, is now also displayed at the bottom of page previews.
17146 * Added ParserLimitReportPrepare and ParserLimitReportFormat hooks, deprecated
17147 ParserLimitReport hook.
17148 * New user rights have been added to increase granularity in rights management
17149 for extensions such as OAuth:
17150 ** editmyusercss controls whether a user may edit their own CSS subpages.
17151 ** editmyuserjs controls whether a user may edit their own JS subpages.
17152 ** viewmywatchlist controls whether a user may view their watchlist.
17153 ** editmywatchlist controls whether a user may edit their watchlist.
17154 ** viewmyprivateinfo controls whether a user may access their private
17155 information (e.g. registered email address, real name).
17156 ** editmyprivateinfo controls whether a user may change their private
17158 ** editmyoptions controls whether a user may change their preferences.
17159 * Add new hook AbortTalkPageEmailNotification, this will be used to determine
17160 whether to send the regular talk page email notification
17161 * Action classes registered in $wgActions are now also supported in the form of
17162 a callback (which returns an instance of Action) instead of providing the name
17163 of a subclass of Action.
17164 * (bug 46513) Vector: Add the collapsibleTabs script from the Vector extension.
17165 * Added $wgRecentChangesFlags for defining new flags for RecentChanges and
17167 * (bug 40518) mw.toolbar: Implemented mw.toolbar.addButtons for adding multiple
17168 button objects in one call.
17169 * Rights used for the default protection levels ('sysop' and 'autoconfirmed')
17170 are now used just for that purpose, instead of overloading other rights. This
17171 allows easy granting of the ability to edit sysop-protected pages without
17172 also granting the ability to protect and unprotect.
17173 * (bug 48256) Make brackets in section edit links accessible to CSS.
17174 They are now wrapped in <span class="mw-editsection-bracket" />.
17175 * (bug 8480) Allow handler specific parameters in galleries (like page number)
17176 * jquery.client: Add detection for Opera 15 and Internet Explorer 11.
17177 * Change tags (used by the AbuseFilter extension) are now shown on diff pages.
17178 * Change tag lists (shown on recent changes, watchlist, user contributions,
17179 history pages, diff pages) now include a link to Special:Tags to distinguish
17180 them from edit summaries.
17181 * Added a new method and hook, User::isEveryoneAllowed() and
17182 UserIsEveryoneAllowed, for use in situations where a "does everyone have this
17183 right?" check is used to avoid more expensive checks.
17184 * (bug 14431) Display "(No difference)" instead of an empty diff (when comparing
17185 revisions in the history or when previewing changes while editing).
17186 * New hook 'IsUploadAllowedFromUrl' is added which can be used to intercept
17187 uploads by URL, useful for blacklisting specific URLs
17188 * (bug 21912) Watchlist token implementation has been refactored and
17189 Special:ResetTokens was added to allow users to reset their tokens
17190 instead of presenting them in Preferences.
17191 * Special:PrefixIndex now lets you strip the searched prefix from the displayed
17192 titles. Given a list of articles named Bug1, Bug2, you can now transclude the
17193 list of bug numbers using: {{Special:PrefixIndex/Bug|stripprefix=1}}.
17194 The special page form received a new checkbox matching that option.
17195 * (bug 23580) Implement javascript callback interface "mw.hook".
17196 * (bug 30713) New mw.hook "wikipage.content".
17197 * (bug 40430) jquery.placeholder gets a new parameter to set the attribute value
17199 * $wgHTCPMulticastRouting renamed $wgHTCPRouting since it accepts unicast.
17200 * $wgHTCPRouting rules can now be passed an array of hosts/ports to send purge
17201 too. Can be used whenever several multicast group could be interested by a
17203 * (bug 25931) Add Special:RandomInCategory.
17204 * mediawiki.util: addPortletLink now supports passing a jQuery object as
17206 * <wbr> can now be used inside WikiText.
17207 * WebResponse::setcookie is much more featureful. Callers using PHP's
17208 setcookie() or setrawcookie() should begin using this instead.
17209 * New hook WebResponseSetCookie, called from WebResponse::setcookie().
17210 * New hook ResetSessionID, called when the session id is reset.
17211 * Add a mode parameter to <gallery> tag with potential options of "traditional",
17212 "nolines", "packed", "packed-overlay", or "packed-hover".
17213 * (bug 47399) A success message is now displayed after changing the password.
17214 * Make thumb.php give HTTP redirects for file redirects
17215 * (bug 30607) Special:ListFiles can now show old versions of files. Additionally
17216 Special:AllMyUploads was introduced so the user can get a list of all things
17217 they have ever uploaded, even if it was subsequently overridden.
17218 * Introduced Special:MyFiles and Special:AllMyFiles as an alias for
17219 Special:MyUploads and Special:AllMyUploads respectively.
17220 * IPv6 addresses in X-Forwarded-For headers are now normalised before checking
17221 against allowed proxy lists.
17222 * Add deferrable update support for callback/closure.
17223 * Add TitleMove hook before page renames.
17224 * Revision deletion backend code is moved out of SpecialRevisiondelete
17225 * Added {{REVISIONSIZE}} variable to get the current size of a revision.
17226 * Add support for the LESS stylesheet language to ResourceLoader. LESS is a
17227 stylesheet language that compiles into CSS. ResourceLoader file modules may
17228 include LESS style files; ResourceLoader will compile these files into CSS
17229 before sending them to the client.
17230 ** The $wgResourceLoaderLESSVars configuration variable is an associative array
17231 mapping variable names to string CSS values. These variables are considered
17232 declared for all LESS files. Additional variables may be registered by
17233 adding keys to the array.
17234 ** $wgResourceLoaderLESSFunctions is an associative array of custom LESS
17235 function names to PHP callables. See
17236 <http://leafo.net/lessphp/docs/#custom_functions>
17237 for more details regarding custom functions.
17238 ** $wgResourceLoaderLESSImportPaths is an array of file system paths. Files
17239 referenced in LESS '@import' statements are looked up here first.
17240 * ResourceLoader supports hashes as module cache invalidation trigger (instead
17241 of or in addition to timestamps).
17242 * Added $wgExtensionEntryPointListFiles for use in mergeMessageFileList.php.
17243 * Added a hook, APIQuerySiteInfoStatisticsInfo, to allow extensions to modify
17244 the output of the API query meta=siteinfo&siprop=statistics
17245 * Primary keys have been added to both the archive table and the externallinks
17247 * Added $wgEnableParserLimitReporting to control whether the NewPP limit report
17248 is output in a HTML comment.
17249 * The 'UnwatchArticle' and 'WatchArticle' hooks now support a Status object
17250 instead of just a boolean return value to abort the hook.
17251 * Added a hook, SpecialWatchlistGetNonRevisionTypes, to allow extensions
17252 with custom recentchanges entries to hook into the Watchlist without
17253 clobbering each other.
17254 * A hidden, empty input field was added to the edit form, and any edit that
17255 fills it in will be rejected. This prevents against the simplest form of
17256 spambots. Previously in the "SimpleAntiSpam" extension by Ryan Schmidt.
17257 * populateRevisionLength.php maintenance script updated to also populate
17258 archive.ar_len field.
17259 * (bug 43571) DatabaseMySQLBase learned to list views, optionally filtered by a
17260 prefix. Also fixed PHPUnit test suite when using a MySQL backend containing
17263 === Bug fixes in 1.22 ===
17264 * (bug 47271) $wgContentHandlerUseDB should be set to false during the upgrade
17265 * Disable Special:PasswordReset when $wgEnableEmail is false. Previously one
17266 could still navigate to the page by entering the URL directly.
17267 * (bug 47138) Fixed a fatal error when a blocked user tries to automatically
17268 create an account on login due external authentication in some circumstances.
17269 * (bug 23393) HTML <hN> headings containing line breaks are now handled
17271 * (bug 45803) Whitespace within == Headline == syntax and within <hN> headings
17272 is now non-significant and not preserved in the HTML output.
17273 * (bug 47218) Special:BlockList now handles correctly user names with spaces
17274 when passed as subpage.
17275 * Pager's properly validate which fields are allowed to be sorted on.
17276 * mw.util.tooltipAccessKeyRegexp: The regex now matches "option-" as well.
17277 Support for Mac "option" was added in 1.16, but the regex was never updated.
17278 * (bug 46768) Usernames of blocking users now display correctly, even if
17280 * (bug 39590) Self-transclusions now show the most up to date result always
17281 after save instead of being a revision behind.
17282 * A bias in wfRandomString() toward digits 1-7 has been corrected. Generated
17283 strings will now start with digits 0 and 8-f as often as they should.
17284 * (bug 45371) Removed Parser_LinkHooks and CoreLinkFunctions classes.
17285 * (bug 41545) Allow <kbd>, <samp>, and <var> to be nested like allowed in html.
17286 * PLURAL magic word no longer causes a PHP notice when no matching form exists.
17287 * (bug 36641) Patrol page links no longer show on non-existent revisions.
17288 * (bug 35810) Pages not linked from Special:RecentChanges or Special:NewPages
17289 are patrollable now.
17290 * (bug 30213) JavaScript for search suggestions is now disabled when the API
17291 is disabled, and AJAX patrolling and watching are now disabled when use of
17292 the write API is not allowed.
17293 * (bug 48294) API: Fix chunk upload async mode.
17294 * (bug 46749) Broken files tracking category removed from pages if an image
17295 with that name is uploaded.
17296 * (bug 14176) System messages that are empty were previously incorrectly treated
17297 as non-existent, causing a fallback to the default. This stopped users from
17298 overriding system messages to make them blank.
17299 * (bug 48319) action=parse no longer returns an error if passed none of 'oldid',
17300 'pageid', 'page', 'title', and 'text' (e.g. if only passed 'summary'). A
17301 warning will instead be issued if 'title' is non-default, unless no props are
17303 * Special:Recentchangeslinked will now include upload log entries
17304 * (bug 41281) Fixed ugly output if file size could not be extracted for
17306 * (bug 50315) list=logevents API module will now output log entries by anonymous
17308 * (bug 38911) Handle headers with rowspan in jquery.tablesorter
17309 * (bug 658) Converted the table of contents on wiki pages from <table> to <div>
17310 and adjusted skin CSS accordingly. The CSS was carefully crafted to be
17311 backwards-compatible in all reasonable cases (uses of the __TOC__ magic word,
17312 the #toc CSS id and the .toc CSS class). However, particularly bad abuse of
17313 the id or the class can possibly break.
17314 * CSSJanus now supports rgb, hsl, rgba, and hsla color syntaxes.
17315 * Special:Listfiles can no longer be sorted by image name when filtering
17316 by user in miser mode.
17317 * (bug 49074) CSSJanus: Handle values of border-radius correctly.
17318 * Handle relative inclusions ({{../name}}) in main namespace with subpages
17319 enabled correctly (previously MediaWiki tried to include Template:Parent/name
17320 instead of just Parent/name).
17321 * Added $wgAPIUselessQueryPages to allow extensions to flag their query pages
17322 for non-inclusion in ApiQueryQueryPages.
17323 * (bug 50870) mediawiki.notification: Notification area should remain visible
17324 when scrolled down.
17325 * (bug 13438) Special:MIMESearch no longer an expensive special page.
17326 * (bug 48342) Fixed a fatal error when $wgValidateAllHtml is set to true and
17327 the function apache_request_headers() function is not available.
17328 * (bug 33399) LivePreview: Re-run wikipage content handlers
17329 (jquery.makeCollapsible, jquery.tablesorter) after preview content is loaded.
17330 * (bug 51891) Fixed PHP notice on Special:PagesWithProp when no properties
17332 * (bug 52006) Corrected documentation of $wgTranscludeCacheExpiry.
17333 * (bug 52077) The APIEditBeforeSave hook is giving the content of the whole
17334 revision as second argument now, rather than just the current section.
17335 * (bug 49694) $wgSpamRegex is now also applied on the new section headline text
17336 adding a new topic on a page
17337 * (bug 41756) Improve treatment of multiple comments on a blank line.
17338 * (bug 51064) Purge upstream caches when deleting file assets.
17339 * (bug 39012) File types with a mime that we do not know the extension for
17340 can no longer be uploaded as an extension that we do know the mime type
17342 * (bug 51742) Add data-sort-value for better sorting of hitcounts Special:Tags
17343 * (bug 26811) On DB error pages, server hostnames are now hidden when both
17344 $wgShowHostnames and $wgShowSQLErrors are false.
17345 * (bug 6200) line breaks in <blockquote> are handled like they are in <div>
17346 * (bug 14931) Default character set now set to 'utf8' when a new MySQL
17347 database is created.
17348 * (bug 47191) Fixed "Column 'si_title' cannot be part of FULLTEXT index"
17349 MySQL error when installing using the binary character set option.
17350 * (bug 45288) Support mysqli PHP extension
17351 * (bug 55818) BREAKING CHANGE: Removed undocumented 'Debug' hook in wfDebug.
17352 This resolves an infinite loop when using $wgDebugFunctionEntry = true.
17353 * (bug 56707) Correct tooltip of "Next n results" on query special pages.
17354 * (bug 56770) mw.util.addPortletLink: Check length before access array index.
17356 === API changes in 1.22 ===
17357 * (bug 25553) The JSON output formatter now leaves forward slashes unescaped
17358 to improve human readability of URLs and similar strings. Also, a "utf8"
17359 option is now provided to use UTF-8 encoding instead of hex escape codes
17360 for most non-ASCII characters.
17361 * (bug 46626) xmldoublequote parameter was removed. Because of a bug, the
17362 parameter has had no effect since MediaWiki 1.16, and so its removal is
17363 unlikely to impact existing clients.
17364 * (bug 47216) action=query&meta=siteinfo&siprop=skins will now indicate which
17365 skin is the default and which are unusable (e.g. listed in $wgSkipSkins).
17366 * (bug 25325) Added support for wlshow filtering (bots/anon/minor/patrolled)
17367 to action=feedwatchlist.
17368 * WDDX formatted output will actually be formatted (and normal output will no
17369 longer be), and will no longer choke on booleans.
17370 * action=opensearch no longer silently ignores the format parameter.
17371 * action=opensearch now supports format=jsonfm.
17372 * list=usercontribs&ucprop=ids will now include the parent revision id.
17373 * BREAKING CHANGE: action=parse no longer returns all langlinks for the page
17374 with prop=langlinks by default. The new effectivelanglinks parameter will
17375 request that the LanguageLinks hook be called to determine the effective
17377 * BREAKING CHANGE: list=allpages, list=langbacklinks, and prop=langlinks do not
17378 apply the new LanguageLinks hook, and thus only consider language links
17379 stored in the database.
17380 * (bug 47219) Allow specifying change type of Wikipedia feed items
17381 * prop=imageinfo now allows setting iiurlheight without setting iiurlwidth
17382 * prop=info now adds the content model and page language of the title.
17383 * New upload log entries will now contain information on the relevant
17384 image (sha1 and timestamp).
17385 * (bug 49239) action=parse now can parse in preview and section preview modes.
17386 * (bug 49259) action=patrol now accepts revision ids.
17387 * (bug 48129) list=blocks&bkip= now correctly handles IPv6 CIDR ranges and
17388 honors $wgBlockCIDRLimit. Note any clients passing invalid values to bkip
17389 will now receive an error, rather than the previous behavior listing all
17391 * (bug 48201) action=parse&text=foo now assumes wikitext if no title is given,
17392 rather than using the content model of the page "API".
17393 * action=watch no longer silently ignores hook abort.
17394 * (bug 50785) action=purge with forcelinkupdate=1 no longer queues refreshLinks
17395 jobs in the job queue for link table updates of pages that use the given page
17396 as a template. Instead, forcerecursivelinkupdate=1 is introduced and should
17397 be used if that behaviour is desirable.
17398 * The 'debugLog' property (enabled by $wgDebugToolbar) no longer sets the log
17399 entry values through ApiResult::content but directly. This changes the JSON
17400 output from an array of objects with content in '*' to an array of strings
17402 * (bug 51342) prop=imageinfo iicontinue now contains the dbkey, not the text
17403 version of the title.
17404 * (bug 52538) action=edit will now use empty text instead of the contents
17405 of section 0 when passed prependtext or appendtext with section=new.
17406 * Support for the 'gettoken' parameter to action=block and action=unblock,
17407 deprecated since 1.20, has been removed.
17408 * (bug 49090) Token-getting functions will fail when using jsonp callbacks.
17409 * (bug 52699) action=upload returns normalized file name on warning
17410 "exists-normalized" instead of filename to be uploaded to.
17411 * (bug 53884) action=edit will now return an error when the specified section
17412 does not exist in the page.
17413 * Added meta=filerepoinfo API module for getting information about foreign
17414 file repositories, and related ForeignAPIRepo methods getInfo and getApiUrl.
17415 * The new query module list=allfileusages to enumerate file usages was added.
17417 === Languages updated in 1.22 ===
17419 MediaWiki supports over 350 languages. Many localisations are updated
17420 regularly. Below only new and removed languages are listed, as well as
17421 changes to languages because of Bugzilla reports.
17423 * Batak Toba (bbc-latn) added.
17424 * (bug 46751) Made Buryat (Russia) (буряад) (bxr) fallback to Russian.
17426 === Other changes in 1.22 ===
17427 * BREAKING CHANGE: Implementation of MediaWiki's JS and JSON value encoding
17429 ** MediaWiki no longer supports PHP installations in which the native JSON
17430 extension is missing or disabled.
17431 ** XmlJsCode objects can no longer be nested inside objects or arrays.
17432 (For Xml::encodeJsCall(), this individually applies to each argument.)
17433 ** The sets of characters escaped by default, along with the precise escape
17434 sequences used, have changed (except for the Xml::escapeJsString()
17435 function, which is now deprecated).
17436 * BREAKING CHANGE: The Services_JSON class has been removed. If necessary,
17437 be sure to upgrade affected extensions at the same time (e.g. Collection).
17438 * redirect.php was removed. It was unused.
17439 * ClickTracking integration was dropped from the mediaWiki.user.bucket
17440 JavaScript function. The 'tracked' option is now ignored.
17441 * BREAKING CHANGE: Legacy skins Simple, MySkin, Chick, Standard and Nostalgia
17442 were all removed. (Nostalgia was moved to an extension.) The SkinLegacy and
17443 LegacyTemplate classes that supported them were removed as well and are now a
17444 part of the Nostalgia extension.
17445 * Event namespace used by jquery.makeCollapsible has been changed from
17446 'mw-collapse' to 'mw-collapsible' for consistency with the module name.
17447 * BREAKING CHANGE: The "ExternalAuth" authentication subsystem was removed,
17448 along with its associated globals of $wgExternalAuthType, $wgExternalAuthConf,
17449 $wgAutocreatePolicy and $wgAllowPrefChange. Affected users are encouraged to
17450 use AuthPlugin for external authentication/authorization needs.
17451 * The Quickbar feature of the legacy skin model and the last remnants of it
17452 throughout the code base have been removed.
17453 * Externaledit/externaldiff preference was removed. Very few users used this
17454 feature, and improper configuration can actually prevent a user from editing
17455 * Calling Linker methods using a skin will now output deprecation warnings.
17456 * (bug 46680) "Return to" links are no longer tagged with rel="next".
17457 * BREAKING CHANGE: mw.util.tooltipAccessKeyRegexp: The match group for the
17458 accesskey character is now $6 instead of $5.
17459 * HipHop compiler (hphpc) support was removed. HipHop VM support (hhvm) was
17461 * A new Special:Redirect page was added, providing lookup by revision ID,
17462 user ID, or file name. The old Special:Filepath page was reimplemented
17463 to redirect through Special:Redirect.
17464 * Monobook: Removed the old conditional stylesheets for Opera 6, 7 and 9.
17465 * Support for XHTML 1.0 has been removed. MediaWiki now only outputs (X)HTML5.
17466 * wikibits: User-agent related globals have been deprecated. The following
17467 properties now default to false and emit mw.log.warn: is_gecko, is_chrome_mac,
17468 is_chrome, webkit_version, is_safari_win, is_safari, webkit_match, is_ff2,
17469 ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs, opera7_bugs, opera6_bugs,
17470 is_opera_95, is_opera_preseven, is_opera, and ie6_bugs.
17471 * (bug 48276) MediaWiki will now flash a confirmation message upon successfully
17473 * (bug 40785) mediawiki.legacy.ajax has been marked as deprecated. The following
17474 properties now emit mw.log.warn when accessed: sajax_debug, sajax_init_object,
17475 sajax_do_call and wfSupportsAjax.
17476 * BREAKING CHANGE: meta keywords are no longer supported. A
17477 <meta name="keywords" will no longer be output and OutputPage::addKeyword no
17479 * Methods Title::userCanEditCssSubpage and Title::userCanEditJsSubpage,
17480 deprecated since 1.19, have been removed.
17481 * (bug 50134) Hook functions are no longer required to return a value. When a
17482 hook function does not return a value (or when it returns an explicit null),
17483 processing continues. To abort the hook, a hook function must return an
17484 explicit, boolean false or a string error message. Other falsey values are
17485 tantamount to a 'return true' in earlier versions of MediaWiki.
17486 * BREAKING CHANGE: The EditSectionLink hook was removed after being
17487 deprecated since MediaWiki 1.14. Use DoEditSectionLink instead.
17488 * (bug 48256) The 'editsection-brackets' optional message was removed.
17489 Section edit links' brackets can now be customized using CSS by
17490 styling span.mw-editsection-bracket.
17491 * The usePatrol function in ChangesList has been marked as deprecated.
17492 * (bug 50785) A "null edit", that is, a save action in which no changes to the
17493 page text are made and no revision recorded, will no longer send refreshLinks
17494 jobs to the job table to update pages which use the edited page as a template.
17495 * The LivePreviewPrepare and LivePreviewDone events triggered on "jQuery( mw )"
17496 have been deprecated in favour of using mw.hook.
17497 * The 'showjumplinks' user preference has been removed, jump links are now
17499 * Methods RecentChange::notifyRC2UDP, RecentChange::sendToUDP, and
17500 RecentChange::cleanupForIRC have been deprecated, as it is now the
17501 responsibility of classes implementing the RCFeedFormatter and RCFeedEngine
17502 interfaces to implement the formatting and delivery for recent change
17504 * SpecialPrefixindex methods namespacePrefixForm() and showPrefixChunk() have
17505 been made protected. They were accepting form variance arguments, this is now
17506 using properties in the SpecialPrefixindex class.
17507 * (bug 50310) BREAKING CHANGE: wikibits: Drop support for mwCustomEditButtons.
17508 It defaults to an empty array and emits mw.log.warn when accessed.
17509 * BREAKING CHANGE: Special:Disambiguations has been removed from MediaWiki core.
17510 Functions related to disambiguation pages are now handled by the Disambiguator
17511 extension (https://www.mediawiki.org/wiki/Extension:Disambiguator) (bug
17513 * BREAKING CHANGE: The 'mediawiki.legacy.wikiprintable' module has been removed.
17514 The skins/common/wikiprintable.css file no longer exists. Return value of
17515 Skin#commonPrintStylesheet is ignored. Please use the
17516 'mediawiki.legacy.commonPrint' module instead or base your skin on
17518 * (bug 49629) The hook ExtractThumbParameters has been deprecated in favour
17519 of media handler overriding MediaHandler::parseParamString.
17520 * (bug 46512) The collapsibleNav feature from the Vector extension has been
17521 moved to the Vector skin in core.
17522 * SpecialRecentChanges::addRecentChangesJS() function has been renamed
17523 to addModules() and made protected.
17524 * Methods WatchAction::doWatch and WatchAction::doUnwatch now return a Status
17525 object instead of a boolean.
17526 * Information boxes (CSS classes errorbox, warningbox, successbox) have been
17528 * BREAKING CHANGE: The module 'mediawiki.legacy.IEFixes' has been removed as it
17529 was unused. The file skins/common/IEFixes.js remains but is only used by
17530 wikibits. The file never contained any re-usable components. To use it in a
17531 skin, load 'mediawiki.legacy.wikibits' (which IEFixes depends on) and that
17532 will import IEFixes automatically if user agent conditions are met.
17533 * Code specific to the Math extension was marked as deprecated.
17534 * mediawiki.util: mw.util.wikiGetlink has been renamed to getUrl. (The old name
17535 still works, but is deprecated.)
17539 == MediaWiki 1.21.11 ==
17540 This is a security and maintenance release of the MediaWiki 1.21 branch.
17542 === Changes since 1.21.10 ===
17543 * (bug 65839) SECURITY: Prevent external resources in SVG files.
17544 * (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like
17545 only extracting the tail of the file partially or not at all.
17547 == MediaWiki 1.21.10 ==
17548 This is a security and maintenance release of the MediaWiki 1.21 branch.
17550 === Changes since 1.21.9 ===
17551 * (bug 65501) SECURITY: Don't parse usernames as wikitext on
17552 Special:PasswordReset.
17553 * (bug 36356) Add space between two feed links.
17555 == MediaWiki 1.21.9 ==
17556 This is a security and maintenance release of the MediaWiki 1.21 branch.
17558 === Changes since 1.21.8 ===
17559 * (bug 63251) SECURITY: Escape sortKey in pageInfo.
17560 * (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to
17561 appear blank or with missing text.
17563 == MediaWiki 1.21.8 ==
17564 This is a security and maintenance release of the MediaWiki 1.21 branch.
17566 === Changes since 1.21.7 ===
17567 * (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword.
17568 * (bug 62467) Set a title for the context during import on the cli.
17570 == MediaWiki 1.21.7 ==
17571 This is a maintenance release of the MediaWiki 1.21 branch.
17573 === Changes since 1.21.6 ===
17574 * Use the correct branch of the extensions' git repositories.
17576 == MediaWiki 1.21.6 ==
17577 This is a security release of the MediaWiki 1.21 branch.
17579 === Changes since 1.21.5 ===
17580 * (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
17581 namespaces. Also disallow iframe elements.
17582 * User will get an error including the namespace name if they use a
17583 non-whitelisted namespace.
17584 * (bug 61346) SECURITY: Make token comparison use constant time. It seems like
17585 our token comparison would be vulnerable to timing attacks. This will take
17587 * (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
17589 == MediaWiki 1.21.5 ==
17590 This is a security release of the MediaWiki 1.21 branch.
17592 === Changes since 1.21.4 ===
17593 * (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media
17596 == MediaWiki 1.21.4 ==
17597 This is a security release of the MediaWiki 1.21 branch.
17599 === Changes since 1.21.3 ===
17600 * (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads
17601 * (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks
17602 * (bug 58472) SECURITY: Disallow -o-link in styles
17603 * (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads
17604 * (bug 58699) SECURITY: Fix RevDel log entry information leaks
17606 == MediaWiki 1.21.3 ==
17607 This is a security and maintenance release of the MediaWiki 1.21 branch.
17609 === Changes since 1.21.2 ===
17610 * (bug 53032) SECURITY: Don't cache when a call could autocreate
17611 * (bug 55332) SECURITY: Improve css javascript detection
17612 * (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload
17613 * Fix comma errors in various js files
17616 == MediaWiki 1.21.2 ==
17617 This is a security and maintenance release of the MediaWiki 1.21 branch.
17619 === Changes since 1.21.1 ===
17620 * SECURITY: Fix extension detection with 2 .'s
17621 * SECURITY: Support for the 'gettoken' parameter to action=block and
17622 action=unblock, deprecated since 1.20, has been removed.
17623 * SECURITY: Sanitize ResourceLoader exception messages
17624 * Purge upstream caches when deleting file assets.
17625 * Unit test suite now runs the AutoLoader tests. Also fixed the autoloading
17626 entry for the PageORMTableForTesting class though it had no impact.
17628 == MediaWiki 1.21.1 ==
17629 This is a maintenance release of the MediaWiki 1.21 branch.
17631 === Changes since 1.21.0 ===
17632 * An incorrect version number was used for 1.21.0. 1.21.1 has the correct
17634 * A problem with the Oracle SQL table creation was fixed.
17635 * (PdfHandler extension) Fix warning if pdfinfo fails but pdftext succeeds.
17637 == MediaWiki 1.21.0 ==
17639 === Configuration changes in 1.21 ===
17640 * (bug 29374) $wgVectorUseSimpleSearch is now enabled by default.
17641 * Deprecated $wgAllowRealName is removed. Use $wgHiddenPrefs[] = 'realname'
17643 * (bug 39957) Added $wgUnwatchedPageThreshold, specifying minimum count
17644 of page watchers required for the number to be accessible to users
17645 without the unwatchedpages permission.
17646 * $wgBug34832TransitionalRollback has been removed.
17647 * (bug 29472) $wgUseDynamicDates has been removed and its functionality
17650 === New features in 1.21 ===
17651 * (bug 38110) Schema changes (adding or dropping tables, indices and
17652 fields) can be now be done separately from other changes that
17653 update.php makes. This is useful in environments that use database
17654 permissions to restrict schema changes but allow the DB user that
17655 MediaWiki normally runs as to perform other changes that update.php
17656 makes. Schema changes can be run separately. See the file UPGRADE
17657 for more information.
17658 * (bug 34876) jquery.makeCollapsible has been improved in performance.
17659 * Added ContentHandler facility to allow extensions to support other content
17660 than wikitext. See docs/contenthandler.txt for details.
17661 * New feature was developed for showing high-DPI thumbnails for high-DPI mobile
17662 and desktop displays (configurable with $wgResponsiveImages).
17663 * Added new backend to represent and store information about sites and site
17664 specific configuration.
17665 * jQuery upgraded from 1.8.2 to 1.8.3.
17666 * jQuery UI upgraded from 1.8.23 to 1.8.24.
17667 * Added separate fa_sha1 field to filearchive table. This allows sha1
17668 searches with the api in miser mode for deleted files.
17669 * Add initial and programmatic sorting for tablesorter.
17670 * Add the event "sortEnd.tablesorter", triggered after sorting has completed.
17671 * The Job system was refactored to allow for different backing stores for
17672 queues as well as cross-wiki access to queues, among other things. The schema
17673 for the DB queue was changed to support better concurrency and reduce
17675 * Added ApiQueryORM class to facilitate creation of query API modules based on
17676 tables that have a corresponding ORMTable class.
17677 * (bug 40876) Icon for PSD (Adobe Photoshop) file types.
17678 * (bug 40641) Implemented Special:Version/Credits with a list of contributors.
17679 * (bug 7851) Implemented one-click AJAX patrolling.
17680 * The <data>, <time>, <meta>, and <link> elements are allowed within WikiText
17681 for use with Microdata.
17682 * The HTML5 <mark> tag has been whitelisted.
17683 * Added ParserCloned hook for when the Parser object is cloned.
17684 * Added AlternateEditPreview hook to allow extensions to replace the page
17685 preview from the edit page.
17686 * Added EditPage::showStandardInputs:options hook to allow extensions to add
17687 new fields to the "editOptions" area of the edit form.
17688 * Upload stash DB schema altered to improve upload performance.
17689 * The following global functions are now reporting deprecated warnings in
17690 debug mode: wfMsg, wfMsgNoTrans, wfMsgForContent, wfMsgForContentNoTrans,
17691 wfMsgReal, wfMsgGetKey, wfMsgHtml, wfMsgWikiHtml, wfMsgExt, wfEmptyMsg. Use
17692 the Message class, or the global method wfMessage.
17693 * Added $wgEnableCanonicalServerLink, off by default. If enabled, a
17694 <link rel=canonical> tag is added to every page indicating the correct server
17696 * Debug message emitted by wfDebugLog() will now be prefixed with the group
17697 name when its logged to the default log file. That is the case whenever the
17698 group has no key in wgDebugLogGroups, that will help triage the default log.
17699 * (bug 24620) Add types to LogFormatter.
17700 * jQuery JSON upgraded from 2.3 to 2.4.0.
17701 * Added GetDoubleUnderscoreIDs hook, for modifying the list of magic words.
17702 * DatabaseUpdater class has two new methods to ease extensions schema changes:
17703 dropExtensionIndex and renameExtensionIndex.
17704 * New preference type - 'api'. Preferences of this type are not shown on
17705 Special:Preferences, but are still available via the action=options API.
17706 * (bug 39397) Hide rollback link if a user is the only contributor of the page.
17707 * $wgPageInfoTransclusionLimit limits the list size of transcluded articles
17708 on the info action. Default is 50.
17709 * Added action=createaccount to allow user account creation.
17710 * (bug 40124) action=options API also allows for setting of arbitrary
17711 preferences, provided that their names are prefixed with 'userjs-'. This
17712 officially reenables the feature that was undocumented and defective
17713 in MW 1.20 (saving preferences using Special:Preferences cleared any
17714 additional fields) and which has been disabled in 1.20.1 as a part of
17715 a security fix (bug 42202).
17716 * Added option to specify "others" as author in extension credits using
17717 "..." as author name.
17718 * Added the ability to limit the wall clock time used by shell processes,
17719 as well as the CPU time. Configurable with $wgMaxShellWallClockTime.
17720 * Allow memory of shell subprocesses to be limited using Linux cgroups
17721 instead of ulimit -v, which tends to cause deadlocks in recent versions
17722 of ImageMagick. Configurable with $wgShellCgroup.
17723 * Added $wgWhitelistReadRegexp for regex whitelisting.
17724 * (bug 5346) Categories that are redirects will be displayed italic in
17725 the category links section at the bottom of a page.
17726 * (bug 43915) New maintenance script deleteEqualMessages.php.
17727 * You can now create checkbox option matrices through the HTMLCheckMatrix
17728 subclass in HTMLForm.
17729 * WikiText now permits the use of WAI-ARIA's role="presentation" inside of
17730 html elements and tables. This allows presentational markup, especially
17731 tables. To be marked up as such.
17732 * maintenance/sql.php learned the --cluster option. Let you run the script
17733 on some external cluster instead of the primary cluster for a given wiki.
17734 * (bug 20281) test the parsing of inline URLs.
17735 * Added Special:PagesWithProp, which lists pages using a particular page
17737 * Implemented language-specific collations for category sorting for 67 languages
17738 based in latin, greek and cyrillic alphabets. This allows one to *finally* get
17739 articles to be correctly sorted on category pages. They are named
17740 'uca-<langcode>', where <langcode> is one of: af, ast, az, be, bg, br, bs, ca,
17741 co, cs, cy, da, de, dsb, el, en, eo, es, et, eu, fi, fo, fr, fur, fy, ga, gd,
17742 gl, hr, hsb, hu, is, it, kk, kl, ku, ky, la, lb, lt, lv, mk, mo, mt, nl, no,
17743 oc, pl, pt, rm, ro, ru, rup, sco, sk, sl, smn, sq, sr, sv, tk, tl, tr, tt, uk,
17745 * Added 'CategoryAfterPageAdded' and 'CategoryAfterPageRemoved' hooks.
17746 * Added 'HistoryRevisionTools' and 'DiffRevisionTools' hooks.
17747 * Added 'SpecialSearchResultsPrepend' and 'SpecialSearchResultsAppend' hooks.
17748 * (bug 33186) Add image rotation api "imagerotate"
17749 * (bug 34040) Add "User rights management" link on user page toolbox.
17750 * (bug 45526) Add QUnit assertion helper "QUnit.assert.htmlEqual" for asserting
17751 structual equality of HTML (ignoring insignificant differences like
17752 quotmarks, order and whitespace in the attribute list).
17753 * (bug 23393) HTML <hN> headings containing line breaks are now handled
17755 * (bug 45803) Whitespace within == Headline == syntax and within <hN> headings
17756 is now non-significant and not preserved in the HTML output.
17758 === Bug fixes in 1.21 ===
17759 * (bug 40353) SpecialDoubleRedirect should support interwiki redirects.
17760 * (bug 40352) fixDoubleRedirects.php should support interwiki redirects.
17761 * (bug 9237) SpecialBrokenRedirect should not list interwiki redirects.
17762 * (bug 34960) Drop unused fields rc_moved_to_ns and rc_moved_to_title from
17763 recentchanges table.
17764 * (bug 32951) Do not register internal externals with absolute protocol,
17765 when server has relative protocol.
17766 * (bug 39005) When purging proxies listed in $wgSquidServers using HTTP PURGE
17767 method requests, we now send a Host header by default, for Varnish
17768 compatibility. This also works with Squid in reverse-proxy mode. If you wish
17769 to support Squid configured in forward-proxy mode, set
17770 $wgSquidPurgeUseHostHeader to false.
17771 * (bug 37020) sql.php with readline eats semicolon.
17772 * (bug 11748) Properly handle optionally-closed HTML tags when Tidy is
17773 disabled, and don't wrap HTML-syntax definition lists in paragraphs.
17774 * (bug 41409) Diffs while editing an old revision should again diff against the
17776 * (bug 41494) Honor $wgLogExceptionBacktrace when logging non-API exceptions
17777 caught during API execution.
17778 * (bug 37963) Fixed loading process for user options.
17779 * (bug 26995) Update filename field on Upload page after having sanitized it.
17780 * (bug 41793) Contribution links to users with 0 edits on Special:ListUsers
17781 didn't show up red.
17782 * (bug 41899) A PHP notice no longer occurs when using the "rvcontinue" API
17784 * (bug 42036) Account creation emails now contain canonical (not
17785 protocol-relative) URLs.
17786 * (bug 41990) Fix regression: API edit with redirect=true and lacking
17787 starttimestamp and basetimestamp should not cause an edit conflict.
17788 * (bug 41706) EditPage: Preloaded page should be converted if possible and
17790 * (bug 41886) Rowspans are no longer exploded by tablesorter until the table is
17792 * (bug 2865) User interface HTML elements don't use lang attribute.
17793 (completed the fix by adding the lang attribute to firstHeading).
17794 * (bug 42173) Removed namespace prefixes on Special:UncategorizedCategories.
17795 * (bug 36053) Log in "returnto" feature forgets query parameters if no
17796 title parameter was specified.
17797 * (bug 42410) API action=edit now returns correct timestamp for the new edit.
17798 * (bug 14901) Email notification mistakes log action for new page creation.
17799 Enotif no longer sends "page has been created" notifications for some log
17800 actions. The following events now have a correct message: page creation,
17801 deletion, move, restore (undeletion), change (edit). Parameter
17802 $CHANGEDORCREATED is deprecated in 'enotif_body' and scheduled for removal in
17804 * (bug 457) In the sidebar of Vector, CologneBlue, Monobook, and Monobook-based
17805 skins, the heading levels have been changed from (variously per skin)
17806 <h4>, <h5> or <h6> to only <h3>s, with a <h2> hidden heading above them.
17807 If you are styling or scripting the headings in a custom way, this change
17808 will require updates to your site's CSS or JS.
17809 * (bug 41342) jquery.suggestions should cancel any active (async) fetches
17810 before it triggers another fetch.
17811 * (bug 42184) $wgUploadSizeWarning missing second variable.
17812 * (bug 34581) removeUnusedAccounts.php maintenance script now ignores newuser
17813 log when determining whether an account is used.
17814 * (bug 43379) Gracefully fail if rev_len is unavailable for a revision on the
17816 * (bug 42949) API no longer assumes all exceptions are MWException.
17817 * (bug 41733) Hide "New user message" (.usermessage) element from printable
17819 * (bug 39062) Special:Contributions will display changes that don't have
17820 a parent id instead of just an empty bullet item.
17821 * (bug 37209) "LinkCache doesn't currently know about this title" error fixed.
17822 * wfMerge() now works if $wgDiff3 contains spaces
17823 * (bug 43052) mediawiki.action.view.dblClickEdit.dblClickEdit should trigger
17824 ca-edit click instead opening URL directly.
17825 * (bug 43964) Invalid value of "link" parameter in <gallery> no longer produces
17827 * (bug 44775) The username field is not pre-filled when creating an account.
17828 * (bug 45069) wfParseUrl() no longer produces a PHP notice if passed a "mailto:"
17829 URL without address
17830 * (bug 45012) Creating an account by e-mail can no longer show a
17831 "password mismatch" error.
17832 * (bug 44599) On Special:Version, HEADs for submodule checkouts (e.g. for
17833 extensions) performed using Git 1.7.8+ should now appear.
17834 * (bug 42184) $wgUploadSizeWarning missing second variable
17835 * (bug 40326) Check if files exist with a different extension during uploading
17836 * (bug 34798) Updated CSS for Atom/RSS recent changes feeds to match on-wiki
17838 * (bug 42430) Calling numRows on MySQL no longer propagates unrelated errors.
17839 * (bug 44719) Removed mention of non-existing maintenance/migrateCurStubs.php
17840 script in includes/DefaultSettings.php
17841 * (bug 45143) jquery.badge: Treat non-Latin variants of zero as zero as well.
17842 * (bug 46151) mwdocgen.php should not ignore exit code of doxygen command.
17843 * (bug 41889) Fix $.tablesorter rowspan exploding for complex cases.
17845 === API changes in 1.21 ===
17846 * prop=revisions can now report the contentmodel and contentformat.
17847 See docs/contenthandler.txt.
17848 * action=edit and action=parse now support contentmodel and contentformat
17849 parameters to control the interpretation of page content.
17850 See docs/contenthandler.txt for details.
17851 * (bug 35693) ApiQueryImageInfo now suppresses errors when unserializing
17853 * (bug 40111) Disable minor edit for page/section creation by API.
17854 * (bug 41042) Revert change to action=parse&page=... behavior when the page
17856 * (bug 27202) Add timestamp sort to list=allimages.
17857 * (bug 43137) Don't return the sha1 of revisions through the API if the content
17858 is revision-deleted.
17859 * ApiQueryImageInfo now also returns imageinfo for redirects.
17860 * list=alltransclusions added to enumerate every instance of page embedding
17861 * list=alllinks & alltransclusions now allow both 'from' and 'continue' in
17862 the same query. When both are present, 'from' is simply ignored.
17863 * list=alllinks & alltransclusions now allow 'unique' in generators, to yield
17864 a list of all link/template target pages instead of source pages.
17865 * BREAKING CHANGE: list=logevents output format changed for details of some log
17866 types. Specifically, details that were formerly reported under a key like
17867 "4::foo" will now be reported under a key of simply "foo".
17868 * BREAKING CHANGE: '??_badcontinue' error code was changed to '??badcontinue'
17869 for all query modules.
17870 * ApiQueryBase adds 'badcontinue' error code if module has 'continue' parameter.
17871 * (bug 35885) Removed version parameter and all getVersion() methods.
17872 * action=options now takes a "resetkinds" option, which allows only resetting
17873 certain types of preferences when the "reset" option is set.
17874 * (bug 36751) ApiQueryImageInfo now returns imageinfo for the redirect target
17875 when queried with &redirects=.
17876 * (bug 31849) ApiQueryImageInfo no longer gets confused when asked for info on
17877 a redirect and its target.
17878 * (bug 43849) ApiQueryImageInfo no longer throws exceptions with ForeignDBRepo
17880 * On error, any warnings generated before that error will be shown in the
17882 * action=help supports generalized submodules (modules=query+value),
17883 querymodules obsolete
17884 * ApiQueryImageInfo continuation is more reliable. The only major change is
17885 that the imagerepository property will no longer be set on page objects not
17886 processed in the current query (i.e. non-images or those skipped due to
17888 * Add supports for all pageset capabilities - generators, redirects,
17889 converttitles to action=purge and action=setnotificationtimestamp.
17890 * (bug 43251) prop=pageprops&ppprop= now accepts multiple props to query.
17891 * ApiQueryImageInfo will now limit the number of calls to File::transform made
17892 in any one query. If there are too many, iicontinue will be returned.
17893 * action=query&meta=siteinfo&siprop=general will now return the regexes used for
17894 link trails and link prefixes. Added for Parsoid support.
17895 * Added an API query module list=pageswithprop, which lists pages using a
17896 particular page property.
17897 * Added an API query module list=pagepropnames, which lists all page prop names
17898 currently in use on the wiki.
17899 * (bug 44921) ApiMain::execute() will now return after the CORS check for an
17900 HTTP OPTIONS request.
17901 * (bug 44923) action=upload works correctly if the entire file is uploaded in
17903 * Added 'continue=' parameter to streamline client iteration over complex query
17905 * (bug 44909) API parameters may now be marked as type "upload", which is now
17906 used for action=upload's 'file' and 'chunk' parameters. This type will raise
17907 an error during parameter validation if the parameter is given but not
17908 recognized as an uploaded file.
17909 * (bug 44244) prop=info may now return the number of people watching each page.
17910 * (bug 33304) list=allpages will no longer return duplicate entries when
17911 querying protection.
17912 * (bug 33304) list=allpages will now find really old indefinite protections.
17913 * (bug 45937) meta=allmessages will report a syntactically invalid lang as a
17914 proper error instead of as an uncaught exception.
17915 * (bug 25325) added support for wlshow filtering (bots/anon/minor/patrolled)
17916 to action=feedwatchlist
17917 * WDDX formatted output will actually be formatted (and normal output will no
17918 longer be), and will no longer choke on booleans.
17920 === API internal changes in 1.21 ===
17921 * For debugging only, a new global $wgDebugAPI removes many API restrictions
17923 Never use on the production servers, as this flag introduces security holes.
17924 Whenever enabled, a warning will also be added to all output.
17925 * ApiModuleManager now handles all submodules (actions,props,lists) and
17927 * Query stores prop/list/meta as submodules
17928 * ApiPageSet can now be used in any action to process titles/pageids/revids or
17930 * BREAKING CHANGE: ApiPageSet constructor now has two params instead of three,
17931 with only the first one keeping its meaning. ApiPageSet is now derived from
17933 * BREAKING CHANGE: ApiQuery::newGenerator() and executeGeneratorModule() were
17935 * ApiQueryGeneratorBase::setGeneratorMode() now requires a pageset param.
17936 * $wgAPIGeneratorModules is now obsolete and will be ignored.
17937 * Added flags ApiResult::OVERRIDE and ADD_ON_TOP to setElement() and addValue()
17938 * Internal API calls will now include <warnings> in case of unused parameters
17940 === Languages updated in 1.21 ===
17942 MediaWiki supports over 350 languages. Many localisations are updated
17943 regularly. Below only new and removed languages are listed, as well as
17944 changes to languages because of Bugzilla reports.
17946 * South Azerbaijani (azb) added.
17947 * (bug 30040) Autonym for nds-nl is now 'Nedersaksies' (was 'Nedersaksisch').
17948 * (bug 45436) Autonym for pi (Pali) is now 'पालि' (was ''पाळि').
17949 * (bug 34977) Now formatted numbers in Spanish use space as separator
17950 for thousands, as mandated by the Real Academia Española.
17951 * (bug 35031) Kurdish formatted numbers now use period and comma
17952 as separators for thousands and decimals respectively.
17954 === Other changes in 1.21 ===
17955 * BREAKING CHANGE: (bug 44385) Removed the jquery.collapsibleTabs module and
17956 moved it to the Vector extension. It was entirely Vector-extension-specific,
17957 deeply interconnected with the extension, and this functionality really
17958 belongs to the extension instead of the skin anyway. In the unlikely case you
17959 were using it, you have to either copy it to your extension, or install the
17960 Vector extension (and possibly disable its features using config settings if
17961 you don't want them).
17962 * Experimental IBM DB2 support was removed due to lack of interest and
17964 * BREAKING CHANGE: Filenames of maintenance scripts were standardized into
17965 lowerCamelCase format, and made more explicit:
17966 - clear_stats.php -> clearCacheStats.php
17967 - clear_interwiki_cache.php -> clearInterwikiCache.php
17968 - initStats.php -> initSiteStats.php
17969 - proxy_check.php -> proxyCheck.php
17970 - stats.php -> showCacheStats.php
17971 - showStats.php -> showSiteStats.php.
17972 Class names were renamed accordingly:
17973 - clear_stats -> ClearCacheStats
17974 - InitStats -> InitSiteStats
17975 - CacheStats -> ShowCacheStats
17976 - ShowStats -> ShowSiteStats.
17977 * BREAKING CHANGE: (bug 38244) Removed the mediawiki.api.titleblacklist module
17978 and moved it to the TitleBlacklist extension.
17982 == MediaWiki 1.20.8 ==
17983 This is a security release of the MediaWiki 1.20 branch.
17985 === Changes since 1.20.7 ===
17986 * (bug 53032) SECURITY: Don't cache when a call could autocreate
17987 * (bug 55332) SECURITY: Improve css javascript detection
17988 * (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload
17989 * Fix comma errors in various js files
17992 == MediaWiki 1.20.7 ==
17993 This is a security release of the MediaWiki 1.20 branch.
17995 === Changes since 1.20.6 ===
17996 * SECURITY: Fix extension detection with 2 .'s
17997 * SECURITY: Token-getting functions will fail when using jsonp callbacks.
17998 * SECURITY: Sanitize ResourceLoader exception messages
17999 * Purge upstream caches when deleting file assets.
18001 == MediaWiki 1.20.6 ==
18002 This is a security and maintenance release of the MediaWiki 1.20 branch.
18004 === Changes since 1.20.5 ===
18005 * (bug 48306) SECURITY: Run file validation checks on chunked uploads, and
18006 chunks of upload, during the upload process.
18007 * (bug 44327) mediawiki.user: Use session ID instead of 1-year cross-session
18009 * (bug 47202) wikibits: FF2Fixes.css should not be loaded in Firefox 20.
18010 * (bug 31044) Make ResourceLoader behave in read-only mode
18012 == MediaWiki 1.20.5 ==
18013 This is a security and maintenance release of the MediaWiki 1.20 branch.
18015 === Changes since 1.20.4 ===
18016 * (bug 46590) Add hook AbortChangePassword to Special:ChangePassword
18017 * (bug 47304) SECURITY: Check SVG xml encoding against whitelist
18018 * Localisation updates from http://translatewiki.net.
18019 * mwdocgen.php: Implement --version option.
18020 * Remove svnstat stuff used in Doxygen generation
18021 * (bug 43594) Correctly suppress warnings that were missed after the upstream
18022 * PHP change to E_STRICT being included in E_ALL.
18024 == MediaWiki 1.20.4 ==
18025 This is a security release of the MediaWiki 1.20 branch.
18027 === Changes since 1.20.3 ===
18028 * (bug 47251) SECURITY: Disable external entities in Import
18029 * (bug 46859) SECURITY: Disable external entities in XMLReader
18030 * (bug 46084) SECURITY: Sanitize $limitReport before outputting
18032 == MediaWiki 1.20.3 ==
18033 This is a security and maintenance release of the MediaWiki 1.20 branch.
18035 === Changes since MediaWiki 1.20.2 ===
18036 * New preference type - 'api'. Preferences of this type are not shown on
18037 Special:Preferences, but are still available via the action=options API.
18039 * (bug 44010) Context is passed to UserGetLanguageObject.
18040 * The recursion guard on RequestContext::getLanguage() was weakened.
18041 * (bug 40585) Don't drop 'step="any"' in HTML input fields.
18042 * (bug 44024) Fixed problems in ObjectCache when using XCache.
18043 * (bug 44010) FauxRequest leaked cookie data from primary request.
18044 * (bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST
18045 * (bug 43518) API action=unblock should return the user name, not the full user
18047 * (bug 45355) Prevent read of arbitrary files through mwdoc-filter.php
18049 == MediaWiki 1.20.2 ==
18050 This is a maintenance release of the MediaWiki 1.20 branch
18052 === Changes since MediaWiki 1.20.1 ===
18053 * (bug 42638) Fix API action=options&reset=1 & unit tests.
18054 * (bug 42370) Fixed backport of 60cc060 to use mDoneWrites — caused
18055 * (bug 42592) User rights, preferences and other things are not saving in
18058 == MediaWiki 1.20.1 ==
18059 This is a security release of the MediaWiki 1.20 branch
18061 === Changes since 1.20.0 ===
18062 * (bug 42202) Validate options to prevent html injection
18063 * (bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391)
18064 * (bug 41400) Prevent linker regex from exceeding PCRE backtrack limit
18065 * Javscript Lint fixes
18066 * (bug 40632) Remove CleanupPresentationalAttributes feature
18067 * [Database] Fixed case where trx idle callbacks might be lost.
18069 == MediaWiki 1.20.0 ==
18071 === PHP 5.3 now required ===
18072 Since 1.20, the lowest supported version of PHP is now 5.3.2. Please
18073 upgrade PHP if you have not done so prior to upgrading MediaWiki.
18075 === Configuration changes in 1.20 ===
18076 * $wgGitRepositoryViewers defines a mapping from Git remote repository to the
18077 Gitweb instance URL used in Special:Version.
18078 * `$wgUsePathInfo = true;` is no longer needed to make $wgArticlePath work on
18079 servers using like nginx, lighttpd, and apache over fastcgi. MediaWiki now
18080 always extracts path info from REQUEST_URI if it's available.
18081 * The user right 'upload_by_url' is no longer given to sysops by default.
18082 This only affects installations which have $wgAllowCopyUploads set to true.
18083 * Removed f-prot support from $wgAntivirusSetup.
18084 * New variable $wgDBerrorLogTZ to provide dates in the error log in a
18085 different timezone than the wiki timezone set by $wgLocaltimezone.
18086 * New variables $wgDBssl and $wgDBcompress to enable SSL and compression for
18087 database connections, if either are available for the selected DB type.
18088 * $wgUseCombinedLoginLink now defaults to false, making MediaWiki output
18089 separate login and create account links by default.
18091 === New features in 1.20 ===
18092 * Added TitleIsAlwaysKnown hook which gets called when determining if a page
18094 * Added NamespaceIsMovable hook which gets called when determining if pages in a
18095 certain namespace can be moved.
18096 * Added SpecialPageBeforeExecute hook which gets called before
18097 SpecialPage::execute.
18098 * Added SpecialPageAfterExecute hook which gets called after
18099 SpecialPage::execute.
18100 * Added ORMTable, ORMRow and ORMResult classes for additional abstraction of
18101 database interaction.
18102 * Added CacheHelper and associated SpecialCachedPage and CachedAction helper
18104 * (bug 32341) Add upload by URL domain limitation.
18105 * &useskin=default will now always display the default skin. Useful for users
18106 with a preference for the non-default skin to look at something using the
18108 * (bug 27619) Remove preference option to display broken links as link?
18109 * (bug 34896) jQuery JSON plugin upgraded to v2.3 (2011-09-17).
18110 * (bug 34302) Add CSS classes to email fields in user preferences.
18111 * Introduced $wgDebugDBTransactions to trace transaction status (currently
18113 * (bug 23795) Add parser itself to ParserMakeImageParams hook.
18114 * Introduce a cryptographic random number generator source api for use when
18115 generating various tokens.
18116 * (bug 30963) Option on Special:Prefixindex and Special:Allpages to not show
18118 * (bug 18062) New message when edit or create the local page of a shared file.
18119 * (bug 22870) Separate interface message when creating a page.
18120 * (bug 17615) nosummary option should be reassigned on preview/captcha.
18121 * (bug 34355) Add a variable and parser function for the namespace number.
18122 * (bug 35649) Special:Version now shows hashes of extensions checked out from
18124 * (bug 35728) Git revisions are now linked on Special:Version.
18125 * "Show Changes" on default messages shows now diff against default message text
18126 * (bug 23006) create #speciale parser function.
18127 * generateSitemap can now optionally skip redirect pages.
18128 * (bug 27757) New API command just for retrieving tokens (not page-based).
18129 * Added GitViewers hook for extensions using external git repositories to have a
18130 web-based repository viewer linked to from Special:Version.
18131 * Memcached debug logs can now be sent to their own file logs by setting
18132 $wgDebugLogFile['memcached'] to some filepath.
18133 * (bug 35685) api.php URL and other entry point URLs are now listed on
18135 * Edit notices can now be translated.
18136 * jQuery upgraded to 1.8.2.
18137 * jQuery UI upgraded to 1.8.23.
18138 * QUnit upgraded from v1.2.0 to v1.10.0.
18139 * (bug 37604) jquery.cookie upgraded to 2011 version.
18140 * (bug 22887) Add warning and tracking category for preprocessor errors
18141 * (bug 31704) Allow selection of associated namespace on the watchlist
18142 * (bug 5445) Now remove autoblocks when a user is unblocked.
18143 * Added $wgLogExceptionBacktrace, on by default, to allow logging of exception
18145 * Added device detection for determining device capabilities.
18146 * QUnit.newMwEnvironment now supports passing a custom setup and/or teardown
18147 function. Arguments signature has changed. First arguments is now an options
18148 object of which 'config' can be a property. Previously 'config' itself was the
18149 first and only argument.
18150 * New getCreator and getOldestRevision methods added to WikiPage class
18151 * (bug 4220) the XML dump format schema now have unique identity constraints
18152 for page and revision identifiers. Patch by Elvis Stansvik.
18153 * cleanupSpam.php now can delete spam pages if --delete was specified instead of
18155 * Added new hook ChangePasswordForm to allow adding of additional fields in
18156 Special:ChangePassword
18157 * Added new function getDomain to AuthPlugin for getting a user's domain
18158 * (bug 23427) New magic word {{PAGEID}} which gives the current page ID.
18159 Will be null on previewing a page being created.
18160 * (bug 37627) UserNotLoggedIn() exception to show a generic error page whenever
18161 a user is not logged in.
18162 * Watched status in changes lists are no longer indicated by <strong></strong>
18163 tags with class "mw-watched". Instead, each line now has a class
18164 "mw-changeslist-line-watched" or "mw-changeslist-line-not-watched", and the
18165 title itself is surrounded by <span></span> tags with class "mw-title".
18166 * Added ContribsPager::reallyDoQuery hook allowing extensions to data to
18168 * Added new hook ParserAfterParse to allow extensions to affect parsed output
18169 after the parse is complete but before block level processing, link holder
18170 replacement, and so on.
18171 * (bug 34678) Added InternalParseBeforeSanitize hook which gets called during
18172 Parser's internalParse method just before the parser removes
18173 unwanted/dangerous HTML tags.
18174 * Added new hook AfterFinalPageOutput to allow modifications to buffered page
18175 output before sent to the client.
18176 * (bug 36783) Implement jQuery Promise interface in mediawiki.api module.
18177 * Make dates in sortable tables sort according to the page content language
18178 instead of the site content language
18179 * (bug 37926) Deleterevision will no longer allow users to delete log entries,
18180 the new deletelogentry permission is required for this.
18181 * (bug 14237) Allow PAGESINCATEGORY to distinguish between 'all', 'pages',
18182 'files' and 'subcats'
18183 * (bug 38362) Make Special:Listuser includeable on wiki pages.
18184 * Added support in jquery.localize for placeholder attributes.
18185 * (bug 38151) Implemented mw.user.getRights for getting and caching the current
18186 user's user rights.
18187 * Session storage can now configured independently of general object cache
18188 storage, by using $wgSessionCacheType. $wgSessionsInMemcached has been
18189 renamed to $wgSessionsInObjectCache, with the old name retained for backwards
18190 compatibility. When this feature is enabled, the expiry time can now be
18191 configured with $wgObjectCacheSessionExpiry.
18192 * Added a Redis client for object caching.
18193 * Implemented mw.user.getGroups for getting and caching user groups.
18194 * (bug 37830) Added $wgRequirePasswordforEmailChange to control whether password
18195 confirmation is required for changing an email address or not.
18196 * HTMLForm mutators can now be chained (they return $this)
18197 * A new message, "api-error-filetype-banned-type", is available for formatting
18198 API upload errors due to the file extension blacklist.
18199 * New hook 'ParserTestGlobals' allows to set globals before running parser
18201 * Allow importing pages as subpage.
18202 * Add lang and hreflang attributes to language links on Login page.
18203 * (bug 22749) Create Special:MostInterwikis.
18204 * Show change tags when transclude Special:Recentchanges(linked) or
18206 * (bug 23226) Add |class= parameter to image links in order to add class(es) to
18208 * (bug 39431) SVG animated status is now shown in long description.
18209 * (bug 39376) jquery.form upgraded to 3.14.
18210 * SVG files will now show the actual width in the SVG's specified units
18211 in the metadata box.
18212 * Added ResourceLoader module "jquery.jStorage" (v0.3.0, http://jStorage.info/).
18213 * (bug 39273) Added AJAX support for "Show changes" (diff) in LivePreview.
18214 * Added ResourceLoader module "jquery.badge".
18215 * mw.util.$content now points to the overall content area in the skin rather
18216 than just page text content area. If you need the old behavior please use
18217 $( '#mw-content-text').
18218 * jsMessage has been replaced with a floating bubble notification system
18219 complete with auto-hide, multi-message support, and message replacement tags.
18220 * jquery.messageBox which appears to be unused by both core and extensions has
18222 * (bug 34939) Made link parsing insensitive ([HttP://]).
18223 * (bug 40072) Add CSS classes to items in output of ChangesList pages.
18224 * Added $wgCopyUploadProxy global to define which proxy to use for copy
18226 * (bug 40448) mediawiki.legacy.mwsuggest has been replaced with a new module,
18227 mediawiki.searchSuggest, based on SimpleSearch from Extension:Vector.
18229 === Known issues in 1.20.0 ===
18230 These are issues that we're targeting to be fixed in a later release
18231 in the 1.20 series. Issues may be added or removed from this list as
18232 we see fit. For now, it is comprised of those bugs on the 1.20.0
18233 milestone in Bugzilla.
18235 * (bug 35894): Reports of secret key generation "hanging" on windows
18236 This is probably a bug that has been fixed in PHP. If you run
18237 into this, try upgrading your PHP.
18238 * (bug 38334): PHP Notice: Undefined index: href in /www/w/skins/Vector.php on
18240 We think this is a problem in some extension. If you see this,
18241 try disabling your extensions and check out the logging patch on
18242 this bug. Or try this patch:
18243 <https://gerrit.wikimedia.org/r/#/c/27937/1/skins/Vector.php>
18244 * (bug 39268): [Regression] Toolbar inserts in main textarea only (instead of
18245 the focussed textarea)
18246 This should only be an issue if you are using the ProofreadPage
18248 * (bug 40641): Clicking "others" in Special:Version asks to download a file
18249 If you encounter this, you can tell your webserver to serve the
18250 CREDITS file with text/plain MIME type to fix it.
18252 === Bug fixes in 1.20 ===
18253 * (bug 40939): [Regression] InfoAction: Call to a member function getUserText()
18255 * (bug 40780): searchsuggest-containing line ("containing...") doesn't include
18257 * (bug 37714): [Regression] Incomplete log entries
18258 * (bug 27202): API: Add timestamp sort to list=allimages
18259 * (bug 30245) Use the correct way to construct a log page title.
18260 * (bug 34237) Regenerate an empty user_token and save to the database
18261 when we try to set the user's cookies for login.
18262 * (bug 32210) New edit emails for watched pages always provide a link to the
18263 edit which triggered the mail.
18264 * (bug 12021) Added user talk link on Special:Listusers.
18265 * (bug 34445) section edit and TOC hide/show links are excluded from selection
18266 and copy/paste on supporting browsers.
18267 * (bug 34428) Fixed incorrect hash mismatch errors in the DiffHistoryBlob
18268 history compression method.
18269 * (bug 34702) Localised parentheses are now used in more special pages.
18270 * (bug 34723) When editing a script page on a RTL wiki the textbox should be
18272 * (bug 34762) Calling close() on a DatabaseBase object now clears the
18274 * (bug 34863) Show deletion log extract on non-existent file pages if
18276 * (bug 28019) Let ?preloadtitle=foo be passed on to target of
18277 Special:MyPage and Special:MyTalk.
18278 * (bug 34929) Show the correct diff when a section edit is rejected by the spam
18280 * (bug 15816) Add a switch for SETting the search_path (Postgres).
18281 * (bug 34521) Returning to the previous page after logging in loses any array-
18282 valued parameters in the query string.
18283 * (bug 34735) Updated compressOld.php documentation to mention the different
18284 usages of -s and -n parameters depending on compression type.
18285 * (bug 13896) Rendering of devanagari numbers in automatic '#' number lists.
18286 * (bug 33689) Upgrade to 1.19 on Postgres fails due to incomplete query when
18287 trying to defer foreign key for externallinks.
18288 * (bug 32748) Printer friendly version of article decode Unicode chars as a
18289 pretty IRI in footer.
18290 * Removed white border around thumbnails in galleries.
18291 * (bug 31236) "Next" and "Previous" buttons are shown incorrectly in
18292 an RTL environment.
18293 * (bug 35749) Updated maintenance/checkSyntax.php to use Git instead of
18294 Subversion when invoked with the --modified option.
18295 * (bug 35069) On history pages, the " . . " separator after the number of
18296 characters changed in a revision is now suppressed if no text would follow.
18297 * (bug 18704) Add a unique CSS class or ID to the tagfilter table row at
18299 * (bug 33564) transwiki import sometimes result in invalid title.
18300 * (bug 35572) Blocks appear to succeed even if query fails due to wrong DB
18302 * (bug 31757) Add a word-separator between help-messages in HTMLForm
18303 * (bug 30410) Removed deprecated $wgFilterCallback and the 'filtered' API error.
18304 * (bug 32604) Some messages needs escaping of wikitext inside username.
18305 * (bug 36537) Rename wfArrayToCGI to wfArrayToCgi for consistency with
18307 * (bug 25946) The message on the top of Special:RecentChanges is now displayed
18308 in user language instead of content language.
18309 * (bug 35264) Wrong type used for <ns> in export.xsd
18310 * (bug 24985) Use $wgTmpDirectory as the default temp directory so that people
18311 who don't have access to /tmp can specify an alternative.
18312 * (bug 27283) SqlBagOStuff breaks PostgreSQL transactions.
18313 * (bug 35727) mw.Api ajax() should put token parameter last.
18314 * (bug 37708) mw.Uri.clone() should make a deep copy.
18315 * (bug 38024) ResourceLoader should not create empty stylesheets for modules
18316 that don't have stylesheets.
18317 * (bug 36812) Special:ActiveUsers "Hide bots" should hide users from any group
18318 having the "bot" user right, instead of just the default "bot" user group.
18319 * (bug 35082) mw.util.addPortletLink incorrectly adds link to mutiple <ul> tags.
18320 * (bug 36991) jquery.tablesorter should extract date sort format from date
18321 string instead of global config. Dates like "April 1 2012" and "1 April 2012"
18322 now sort correctly regardless of the content language's DefaultDateFormat.
18323 * (bug 31895) mw.loader mode now correct when triggered from a $.fn.ready
18324 handler that is bound before mediawiki.js's handler (e.g. browser-userscripts
18325 like greasemonkey).
18326 * (bug 38152) jquery.tablesorter: Use .data() instead of .attr(), so that live
18327 values are used instead of just the fixed values from when the tablesorter
18329 * (bug 38093) Gender of changed user groups missing in Special:Log/rights
18330 * (bug 35893) Special:Block needs to load mediawiki.special.block.js.
18331 * (bug 37331) ResourceLoader modules sometimes execute twice in Firefox
18332 * (bug 31644) GlobalUsage, CentralAuth and AbuseLog extensions should not use
18333 insecure links to foreign wikis in the WikiMap.
18334 * (bug 36073) Avoid duplicate element IDs on File pages.
18335 * (bug 25095) Special:Categories should also include the first relevant item
18336 when "from" is filled.
18337 * (bug 35526) jquery.tablesorter now uses a stable sort.
18338 * (bug 38953) --memory-limit switch not working for runJobs.php.
18339 * (bug 33037) Make subpage of Special:newfiles control how many files
18340 are returned, like in previous versions.
18341 * (bug 36524) "Show" options on Special:RecentChanges and
18342 Special:RecentChangesLinked are now remembered between successive clicks.
18343 * (bug 26069) Page title is no longer "Error" for all error pages.
18344 * (bug 39297) Show warning if thumbnail of animated image will not be animated.
18345 * (bug 38249) Parser will throw an exception instead of outputting gibberish if
18346 PCRE is compiled without support for unicode properties.
18347 * (bug 30390) Suggested file name on Special:Upload should not contain
18348 illegal characters.
18349 * EXIF below sea level GPS altitude data is now shown correctly.
18350 * (bug 39284) jquery.tablesorter should not consider "."" or "?"" to be a
18352 * (bug 39273) "Show changes" should not be incorrectly displayed in the Live
18354 * Made body-content lang attribute honor the variant language when it is set.
18355 * (bug 36761) "Mark pages as visited" now submits previously established filter
18357 * (bug 39635) PostgreSQL LOCK IN SHARE MODE option is a syntax error.
18358 * (bug 36329) Accesskey tooltips for Firefox 14 on Mac should use "ctrl-option-"
18360 * (bug 32552) Drop unused database field cat_hidden from table category.
18361 * (bug 24502) Do not allow multiple language links to the same language.
18362 * (bug 40214) Category pages no longer use deprecated "width" HTML attribute.
18363 * (bug 39941) Add missing stylesheets to the installer pages
18364 * In HTML5 mode, allow new input element types values (such as color, range..)
18365 * (bug 36151) mw.Title: Don't limit extension in title parsing.
18366 * (bug 38158) jquery.byteLimit sometimes causes an unexpected 0 maxLength being
18368 * (bug 38163) jquery.byteLimit incorrectly limits input when using methods other
18369 than basic per-char typing.
18370 * (bug 34495) patrol log now credit the user patrolling (instead of patrolled
18372 * (bug 31676) ResourceLoader should work around IE stylesheet limit.
18373 * (bug 40498) ResourceLoader should not output an empty "@media print { }"
18375 * (bug 40500) ResourceLoader should not ignore media-type for urls in debug
18377 * (bug 40660) ResourceLoaderWikiModule should not convert " " to a space
18378 for pages from the MediaWiki-namespace.
18379 * (bug 40329) (bug 40632) Removed CleanupPresentationalAttributes feature.
18381 === API changes in 1.20 ===
18382 * (bug 34316) Add ability to retrieve maximum upload size from MediaWiki API.
18383 * (bug 34313) MediaWiki API intro message about "HTML format" should mention
18384 the format parameter.
18385 * (bug 32384) Allow descending order for list=watchlistraw.
18386 * (bug 31883) Limit of bkusers of list=blocks and titles of action=query is
18387 not documented in API help.
18388 * (bug 32492) API now allows editing using pageid.
18389 * (bug 32497) API now allows changing of protection level using pageid.
18390 * (bug 32498) API now allows comparing pages using pageids.
18391 * (bug 30975) API import of pages with invalid characters in this wiki leads to
18393 * (bug 30488) API now allows listing of backlinks/embeddedin/imageusage per
18395 * (bug 34927) Output media_type for list=filearchive.
18396 * (bug 28814) add properties to output of action=parse.
18397 * (bug 33224) add variants of content language to meta=siteinfo.
18398 * (bug 32643) action=purge with forcelinkupdate no longer crashes when ratelimit
18400 * The paraminfo module now also contains result properties for most modules.
18401 * (bug 32348) Allow descending order for list=alllinks.
18402 * (bug 31777) Upload unknown error ``fileexists-forbidden''.
18403 * (bug 32382) Allow descending order for list=iwbacklinks.
18404 * (bug 32381) Allow descending order for list=backlinks, list=embeddedin and
18406 * (bug 32383) Allow descending order for list=langbacklinks.
18407 * API meta=siteinfo can now return the list of known variable IDs.
18408 * (bug 35980) list=deletedrevs now honors drdir correctly in "all" mode
18410 * (bug 29290) API avoids mangling fields in continuation parameters
18411 * (bug 36987) API avoids mangling fields in continuation parameters
18412 * (bug 30836) siteinfo prop=specialpagealiases will no longer return nonexistent
18414 * (bug 38190) Add "required" flag to some token params for hint in api docs.
18415 * (bug 27567) Add file repo support to prop=duplicatefiles.
18416 * (bug 27610) Add archivename for non-latest image version to list=filearchive
18417 * (bug 38231) Add xml parse tree to action=parse.
18418 * Watchlist notification timestamp may be queried by page and may be updated via
18420 * (bug 38904) prop=revisions&rvstart=... no longer blows up when continuing.
18421 * (bug 39032) ApiQuery generates help in constructor.
18422 * (bug 11142) Improve file extension blacklist error reporting in API upload.
18423 * (bug 39665) List of query generators is now not built using reflection,
18424 instead it is defined in code.
18425 * (bug 35993) Deprecated gettoken parameter - support will be removed in 1.22.
18427 === Languages updated in 1.20 ===
18429 MediaWiki supports over 350 languages. Many localisations are updated
18430 regularly. Below only new and removed languages are listed, as well as
18431 changes to languages because of Bugzilla reports.
18433 * Emilian (egl) added.
18434 * Tornedalen Finnish (fit) added.
18435 * Mizo (lus) added.
18436 * Santali (sat) added.
18437 * (bug 34192) Namespace gender aliases for Albanian languages (sq & aln).
18438 * (bug 35541) Namespace gender aliases for Croatian (hr).
18439 * (bug 36012) Space in $separatorTransformTable should be non-breaking in
18440 Portuguese, Esperanto and Udmurt.
18441 * Turoyo (tru) added.
18442 * Cyrillic-Latin language converter added for Uzbek (uz).
18444 === Other changes in 1.20 ===
18445 * The user_token field is now left empty until a user attempts to login and
18446 cookies need to be set. It is also now possible to reset every user's
18447 user_token simply by clearing the values in the user_token column.
18448 * Removed ./tests/qunit/index.html from core. It wasn't actively maintained and
18449 has been made obsolete when [[Special:JavaScriptTest/qunit]] was introduced,
18450 which actually uses ResourceLoader, LocalSettings and the Skin.
18451 * Removed $wgDBtransactions global. This was only checked in one class
18452 and only applies to MyISAM or similar DBs. Those should only be used
18453 for archived sites anyway. We can't get edit conflicts on such sites,
18454 so the WikiPage code wasn't useful there either.
18455 * Deprecated mw.user.name in favour of mw.user.getName.
18456 * Deprecated mw.user.anonymous in favour of mw.user.isAnon.
18457 * Deprecated DatabaseBase functions newFromParams(), newFromType(), set(),
18458 quote_ident(), and escapeLike() were removed.
18459 * Use of __DIR__ instead of dirname( __FILE__ ).
18460 * OutputPage::wrapWikiMsg() no longer supports the 'options' parameter. It was
18461 not used and complicated migration to Message class.
18462 * Live preview functionality has been improved and moved into the
18463 'mediawiki.action.edit.preview' module. The old 'mediawiki.legacy.preview'
18464 module has been removed.
18465 * (bug 40448) Removed mediawiki.legacy.mwsuggest module, and removed the
18466 following that has become obsolete:
18467 - globals $wgEnableMWSuggest and $wgMWSuggestTemplate.
18468 - mw.config.values wgMWSuggestTemplate and wgSearchNamespaces.
18469 - method SearchEngine::getMWSuggestTemplate().
18471 == MediaWiki 1.19 ==
18473 == MediaWiki 1.19.24 ==
18475 This is a security and maintenance release of the MediaWiki 1.19 branch.
18477 === Changes since 1.19.23 ===
18479 * ({{bug|T85848}}, {{bug|T71210}}) SECURITY: Don't parse XMP blocks that
18480 contain XML entities, to prevent various DoS attacks.
18481 * ({{bug|T88310}}) SECURITY: Always expand xml entities when checking SVG's.
18482 * ({{bug|T73394}}) SECURITY: Escape > in Html::expandAttributes to prevent XSS.
18483 * ({{bug|T85855}}) SECURITY: Don't execute another user's CSS or JS on preview.
18484 * ({{bug|T85349}}, {{bug|T85850}}, {{bug|T86711}}) SECURITY: Multiple issues
18485 fixed in SVG filtering to prevent XSS and protect viewer's privacy.
18487 == MediaWiki 1.19.23 ==
18489 This is a security and maintenance release of the MediaWiki 1.19 branch.
18491 === Changes since 1.19.22 ===
18493 * (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
18494 could lead to xss. Permission to edit MediaWiki namespace is required to
18496 * (bug T74222) The original patch for T74222 was reverted as unnecessary.
18497 * Add missing $ in front of variable in OutputPage.php
18499 == MediaWiki 1.19.22 ==
18501 This is a security and maintenance release of the MediaWiki 1.19 branch.
18503 === Changes since 1.19.21 ===
18505 * ({{bug|66776}}, {{bug|71478}}) SECURITY: User PleaseStand reported a way to
18506 inject code into API clients that used format=php to process pages that
18507 underwent flash policy mangling. This was fixed along with improving how the
18508 mangling was done for format=json, and allowing sites to disable the mangling
18509 using $wgMangleFlashPolicy.
18510 * ({{bug|72222}}) SECURITY: Do not show log action when the entry is revdeleted
18511 with DELETED_ACTION. NOTICE: this may be reverted in a future release pending a
18512 public RFC about the desired functionality. This issue was reported by user
18514 * ({{bug|71621}}) Make allowing site-wide styles on restricted special pages a
18516 * $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that
18517 might be a flash policy directive configurable.
18519 == MediaWiki 1.19.21 ==
18520 This is a maintenance release of the MediaWiki 1.19 branch.
18522 === Changes since 1.19.20 ===
18523 * (bug 67440) Allow classes to be registered properly from installer.
18524 * (bug 47281) Fixed a dumpBackup.php error with --uploads
18525 --include-filesoptions: Unable to find the wrapper "mwstore".
18526 * System administrators are encouraged to upgrade to this release or 1.22+ and
18527 produce a full data dump.
18528 https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Backing_up_a_wiki
18529 * (bug 63049) Removed anonymous functions from ApiFormatBase, added in1.19.13 as
18530 part of the fix for bug 61362, for PHP 5.2 compatibility.
18532 == MediaWiki 1.19.20 ==
18533 This is a security release of the MediaWiki 1.19 branch.
18535 === Changes since 1.19.19 ===
18536 * (bug 70672) SECURITY: OutputPage: Remove separation of css and js module
18539 == MediaWiki 1.19.19 ==
18540 This is a security release of the MediaWiki 1.19 branch.
18542 === Changes since 1.19.18 ===
18543 * (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style>
18544 elements; normalize style elements and attributes before filtering; add checks
18545 for attributes that contain css; add unit tests for html5sec and reported
18548 == MediaWiki 1.19.18 ==
18549 This is a security release of the MediaWiki 1.19 branch.
18551 === Changes since 1.19.17 ===
18552 * (bug 68187) SECURITY: Prepend jsonp callback with comment.
18553 * (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and
18556 == MediaWiki 1.19.17 ==
18557 This is a security and maintenance release of the MediaWiki 1.19 branch.
18559 === Changes since 1.19.16 ===
18560 * (bug 65839) SECURITY: Prevent external resources in SVG files.
18561 * (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like
18562 only extracting the tail of the file partially or not at all.
18564 == MediaWiki 1.19.16 ==
18565 This is a security release of the MediaWiki 1.19 branch.
18567 === Changes since 1.19.15 ===
18568 * (bug 65501) SECURITY: Don't parse usernames as wikitext on
18569 Special:PasswordReset.
18571 == MediaWiki 1.19.15 ==
18572 This is a security and maintenance release of the MediaWiki 1.19 branch.
18574 === Changes since 1.19.14 ===
18575 Fixed resetting passwords.
18576 * (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to
18577 appear blank or with missing text.
18579 == MediaWiki 1.19.14 ==
18580 This is a security and maintenance release of the MediaWiki 1.19 branch.
18582 === Changes since 1.19.13 ===
18583 * (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword.
18584 * (bug 62467) Set a title for the context during import on the cli.
18586 == MediaWiki 1.19.13 ==
18587 This is a security and maintenance release of the MediaWiki 1.19 branch.
18589 === Changes since 1.19.12 ===
18590 * (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
18591 * Use the correct branch of the extensions' git repositories.
18593 == MediaWiki 1.19.12 ==
18594 This is a security release of the MediaWiki 1.19 branch.
18596 === Changes since 1.19.11 ===
18597 * (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
18598 namespaces. Also disallow iframe elements. * User will get an error including
18599 the namespace name if they use a non- whitelisted namespace.
18600 * (bug 61346) SECURITY: Make token comparison use constant time. It seems like
18601 our token comparison would be vulnerable to timing attacks. This will take
18604 == MediaWiki 1.19.11 ==
18605 This is a security release of the MediaWiki 1.19 branch.
18607 === Changes since 1.19.10 ===
18608 * (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media
18611 == MediaWiki 1.19.10 ==
18612 This is a security release of the MediaWiki 1.19 branch.
18614 === Changes since 1.19.9 ===
18615 * (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads
18616 * (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks
18617 * (bug 58472) SECURITY: Disallow -o-link in styles
18618 * (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads
18619 * (bug 58699) SECURITY: Fix RevDel log entry information leaks
18621 == MediaWiki 1.19.9 ==
18622 This is a security and maintenance release of the MediaWiki 1.19 branch.
18624 === Changes since 1.19.8 ===
18625 * (bug 53032) SECURITY: Don't cache when a call could autocreate
18626 * (bug 55332) SECURITY: Improve css javascript detection
18627 * (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload
18630 == MediaWiki 1.19.8 ==
18633 This is a security and maintenance release of the MediaWiki 1.19 branch.
18635 === Changes since 1.19.7 ===
18636 * SECURITY: Sanitize ResourceLoader exception messages
18637 * SECURITY: Token-getting functions will fail when using jsonp callbacks.
18638 * SECURITY: Fix extension detection with 2 .'s
18639 * Allow a string other than '*' as condition for DatabaseBase::delete()
18640 * Purge upstream caches when deleting file assets.
18641 * jquery.tablesorter: Add missing dependency on jquery.mwExtension
18643 == MediaWiki 1.19.7 ==
18646 This is a security release of the MediaWiki 1.19 branch
18648 === Changes since 1.19.6 ===
18649 * (bug 48306) SECURITY: Run file validation checks on chunked uploads, and
18650 chunks of upload, during the upload process.
18652 == MediaWiki 1.19.6 ==
18655 This is a security and maintenance release of the MediaWiki 1.19 branch
18657 === Changes since 1.19.5 ===
18658 * (bug 47304) SECURITY: Check SVG xml encoding against whitelist
18659 * (bug 46590) Added AbortChangePassword hook to allow extensions to abort
18660 password changes from Special:ChangePassword
18661 * Localisation updates from http://translatewiki.net.
18662 * mwdocgen.php: Implement --version option.
18663 * Remove svnstat stuff used in Doxygen generation
18664 * E_USER_DEPRECATED undefined prior to php 5.3
18666 == MediaWiki 1.19.5 ==
18669 This is a security and maintenance release of the MediaWiki 1.19 branch
18671 === Changes since 1.19.4 ===
18672 * (bug 47251) SECURITY: Disable external entities in Import
18673 * (bug 46859) SECURITY: Disable external entities in XMLReader
18674 * (bug 46084) SECURITY: Sanitize $limitReport before outputting
18675 * (bug 43594) Fix notices displayed on PHP 5.4
18676 * (bug 40585) Don't drop 'step="any"' in HTML input fields.
18678 == MediaWiki 1.19.4 ==
18681 This is a security release of the MediaWiki 1.19 branch
18683 === Changes since 1.19.3 ===
18684 * New preference type - 'api'. Preferences of this type are not shown on
18685 Special:Preferences, but are still available via the action=options API.
18686 * (bug 44010) Context is passed to UserGetLanguageObject.
18687 * The recursion guard on RequestContext::getLanguage() was weakened.
18688 * (bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST
18689 * (bug 43518) API action=unblock should return the user name, not the full user
18692 == MediaWiki 1.19.3 ==
18695 This is a security release of the MediaWiki 1.19 branch
18697 === Changes since 1.19.2 ===
18698 * (bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391)
18699 * (bug 41400) Prevent linker regex from exceeding PCRE backtrack limit
18700 * Increase permitted runtime for testParserTest (only used for continuous
18702 * Updated messages translations from http://translatewiki.net/
18704 == MediaWiki 1.19.2 ==
18706 This is a security release of the MediaWiki 1.19 branch
18708 === Changes since 1.19.1 ===
18709 * (bug 39700) File: link to non-existing file can inject html
18710 * (bug 39823) Hidden block text leaking to admins
18711 * (bug 39184) LDAP password leakage
18712 * (bug 39180) Disallow framing of api results
18713 * (bug 37587) Enforce language codes to be html safe
18714 * (bug 39824) Check global blocks on account creation
18716 == MediaWiki 1.19 ==
18718 MediaWiki 1.19 is a large release that contains many new features and bug
18719 fixes. This is a summary of the major changes of interest to users.
18720 You can consult the RELEASE-NOTES-1.19 file for the full list of changes in
18723 Our thanks go to everyone who helped to improve MediaWiki by testing the beta
18724 release and submitting bug reports.
18726 === Changes since 1.19.1 ===
18727 * (bug 38406) Properly quote table names in DatabaseBase::tableName()
18728 * (bug 38249) Parser will throw an exception instead of outputting gibberish if
18729 PCRE is compiled without support for unicode properties.
18731 === Changes since 1.19.0 ===
18732 * (bug 36568) Fixed "Illegal string offset 'LIMIT'" warnings in updater
18733 * (bug 36938) Correctly escape uselang attribute to prevent xss
18734 * Expanded Blacklist for SVG Files
18736 === Changes since 1.19 beta 2 ===
18737 * Special:Watchlist no longer sets links to feed when the user is anonymous.
18738 * (bug 35961) Hash comparison should always be strict.
18739 * Fix broken email confirmation expiration caused by MWCryptRand changes.
18740 * (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php
18742 * (bug 36042) 'show' causes a fatal in blocks API.
18744 === Changes since 1.19 beta 1 ===
18745 * (bug 35014) Including a special page no longer sets the page's title to the
18747 * (bug 35019) Edit summaries are no longer transformed in notification e-mails
18748 * (bug 35152) Help message for e-mail is shown again in user preferences
18749 * (bug 34887) $3 and $4 parameters are now substituted correctly in message
18751 * (bug 34841) Edit links are no longer displayed when display old page versions
18752 * (bug 34889) User name should be normalized on Special:Contributions
18753 * (bug 35051) If heading has a trailing space after == then its name is not
18754 preloaded into edit summary on section edit
18755 * (bug 31417) New ID mw-content-text around the actual page text, without
18756 categories, contentSub, ... The same div often also contains the class
18757 mw-content-ltr/rtl.
18758 * (bug 35303) Proxy and DNS blacklist blocking works again
18759 * (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in
18760 core parser functions which operate on strings, such as padleft.
18761 * (bug 18295) Don't expose strip markers when a tag appears inside a link
18763 * (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
18765 * (bug 34907) Fixed exposure of tokens through load.php that could have
18766 facilitated CSRF attacks.
18767 * (bug 35317) CSRF in Special:Upload.
18769 === Configuration changes in 1.19 ===
18770 * Removed SkinTemplateSetupPageCss hook; use BeforePageDisplay instead.
18771 * (bug 27132) movefile right granted by default to registered users.
18772 * Default cookie lifetime ($wgCookieExpiration) is increased to 180 days.
18773 * (bug 31204) Removed old user.user_options.
18774 * $wgMaxImageArea now applies to jpeg files if they are not scaled with
18776 * Introduced $wgQueryPageDefaultLimit (defaults to 50) for the number of
18777 items to show by default on query pages (special pages such as Whatlinkshere).
18778 * (bug 32470) Increase the length of ug_group.
18779 * (bug 32239) Removed $wgEnableTooltipsAndAccesskeys.
18780 * Removed $wgVectorShowVariantName.
18781 * Removed $wgExtensionAliasesFiles. Use $wgExtensionMessagesFiles.
18782 * Removed $wgResourceLoaderInlinePrivateModules , now always enabled.
18784 === New features in 1.19 ===
18785 * (bug 19838) Add ability to get all interwiki prefixes also if the interwiki
18787 * $wgDnsBlacklistUrls now accepts an array with url and key as the
18788 elements to work with DNSBLs that require keys, such as
18790 * (bug 30022) Add support for custom loadScript sources to ResourceLoader.
18791 * (bug 19052) Unicode space separator characters (Zs) now terminates external
18792 links and images links.
18793 * (bug 30160) Add public method to mw.loader to get module names from registry.
18794 * (bug 15558) Parameters to special pages included in wikitext can now be passed
18796 * Installer now issues a warning if mod_security is present.
18797 * (bug 29455) Add support for a filter callback function in jQuery byteLimit
18799 * Added two new GetLocalURL hooks to better serve extensions working on a
18800 limited type of titles.
18801 * Added a --no-updates flag to importDump.php that skips updating the links
18803 * Most presentational html attributes like valign are now converted to inline
18804 css style rules. These attributes were removed from html5 and so we clean
18805 them up when $wgHtml5 is enabled. This can be disabled using
18806 $wgCleanupPresentationalAttributes.
18807 * Magic words (time and number-formatting ones, plus DIRECTIONMARK, but not
18808 NAMESPACE) now depend on the page content language instead of the site
18809 language. In theory this sets the right magic words in system messages,
18810 although they are not used there.
18811 * (bug 30451) Add page_props to RefreshLinks::deleteLinksFromNonexistent.
18812 * (bug 30450) Clear page_props table on page deletion.
18813 * Hook added to check for exempt from account creation throttle.
18814 * (bug 30344) Add configuration variable for setting custom priorities when
18815 generating sitemaps.
18816 * (bug 96170) Add array support for space-separated list attributes (like
18817 'class') in the Html helper class.
18818 * (bug 26470) Add checkered background image on hover on files pages.
18819 * (bug 30774) mediawiki.html: Add support for numbers and booleans in the
18820 attribute values and element contents.
18821 * Conversion script between Tifinagh and Latin for the Tachelhit language.
18822 * (bug 16755) Add options 'noreplace' and 'noerror' to {{DEFAULTSORT:...}}
18823 to stop it from replace an already existing default sort, and suppress error.
18824 * (bug 18578) Rewrote revision delete related messages to allow better
18826 * (bug 30364) LanguageConverter now depends on the page content language
18827 instead of the wiki content language.
18828 * Jump links will now be usable in CSS-capable browsers instead of only
18829 in outdated text browsers.
18830 * New common*.css files usable by skins instead of having to copy piles
18831 of generic styles from MonoBook or Vector's css.
18832 * Some deprecated presentational html attributes will now be automatically
18834 * (bug 31297) Add support for namespaces in Special:RecentChanges subpage filter
18836 * The default user signature now contains a talk link in addition to the user
18838 * (bug 25306) Add link of old page title to MediaWiki:Delete_and_move_reason.
18839 * Added hook BitmapHandlerCheckImageArea.
18840 * (bug 30062) Add $wgDBprefix option to cli installer.
18841 * getUserPermissionsErrors and getUserPermissionsErrorsExpensive hooks are now
18842 also called when checking for 'read' permission.
18843 * Introduce $wgEnableSearchContributorsByIP which controls whether searching
18844 for an IP address redirects to the contributions list for that IP.
18845 * (bug 8859) Database::update should take array of tables too.
18846 * (bug 19698) Add "Inverse namespaces" option to Special:Contributions.
18847 * (bug 24037) Add byte length of revision to Special:Contributions.
18848 * (bug 1672) Added $wgDisableUploadScriptChecks to allow uploading of files
18849 containing HTML or JS. DISABLING THESE CHECKS IS VERY DANGEROUS.
18850 * New path mappings can be added using the WebRequestPathInfoRouter hook
18851 and adding paths to the PathRouter.
18852 * (bug 32666) Special:ActiveUsers now allows a subpage to be used as value for
18853 the "target" query parameter (eg. Special:ActiveUsers/Username).
18854 * New JavaScript variable wgPageContentLanguage.
18855 * Added new debugging toolbar, enabled with $wgDebugToolbar.
18856 * Differences in the history page now uses slightly better colors for people
18857 perceiving colors differently.
18858 * (bug 32879) Upgrade jQuery to 1.7.1.
18859 * jQuery UI upgraded to 1.8.17.
18860 * Extensions can use the 'Language::getMessagesFileName' hook to define new
18861 languages using messages files outside of core.
18862 * (bug 32512) Add 'Associated namespace' checkbox to Special:Contributions.
18863 * Added $wgSend404Code, true by default, which can be set to false to send a
18864 200 status code instead of 404 for nonexistent articles.
18865 * (bug 33447) Link to the broken image tracking category from
18866 Special:Wantedfiles.
18867 * (bug 27724) Add timestamp to job queue.
18868 * (bug 30339) Implement SpecialPage for running javascript tests. Disabled by
18869 default, due to tests potentially being harmful, not to be run on a production
18870 wiki. Enable by setting $wgEnableJavaScriptTest to true.
18871 * Extensions can use the RequestContextCreateSkin hook to override what skin is
18872 loaded in some contexts.
18873 * (bug 33456) Show $wgQueryCacheLimit on cached query pages.
18874 * (bug 10574) Add an option to allow all pages to be exported by Special:Export.
18875 * mediawiki.js Message object constructor is now publicly available as
18877 * (bug 29309) Allow CSS class per tooltip (tipsy).
18878 * (bug 33565) Add accesskey/tooltip to submit buttons on Special:EditWatchlist.
18879 * (bug 17959) Inline rendering/thumbnailing for Gimp XCF images.
18880 * (bug 27775) Namespace has it's own XML tag in the XML dump file.
18881 * (bug 30513) Redirect tag is now resolved in XML dump file.
18882 * sha1 xml tag added to XML dump file.
18883 * (bug 33646) Badtitle error page now emits a 400 HTTP status.
18884 * Special:MovePage now has a dropdown menu for namespaces.
18885 * (bug 34420) Special:Version now shows git HEAD sha1 when available.
18886 * (bug 33952) Refactor mw.toolbar to allow dynamic additions at any time.
18888 === Bug fixes in 1.19 ===
18889 * $wgUploadNavigationUrl should be used for file redlinks if.
18890 $wgUploadMissingFileUrl is not set. The first was used for this
18891 until the second was introduced in 1.17.
18892 * BREAKING CHANGE: Style rules for wikitable are now more specific and prevent
18893 inheritance to nested tables which caused various issues (bug 30485 and bug
18894 33434). If your wiki has overridden rules for ".wikitable", please revise them
18895 and adjust where necessary. For comparison, use the "table.wikitable" section
18896 in skins/common/shared.css as base.
18897 * $wgUploadNavigationUrl is now used for file redlinks if
18898 $wgUploadMissingFileUrl is not set. The former was used for this until the
18899 second was introduced in 1.17.
18900 * (bug 27894) Move 'editondblclick' event listener down from body to
18902 * (bug 30172) The check for posix_isatty() in maintenance scripts did not detect
18903 when the function exists but is disabled. Introduced
18904 Maintenance::posix_isatty().
18905 * (bug 30264) Changed installer-generated LocalSettings.php to use
18906 require_once() instead require() for included extensions.
18907 * Do not convert text in the user interface language to another script.
18908 * (bug 26283) Previewing user JS/CSS pages didn't load other user JS/CSS pages.
18909 * (bug 26486) ResourceLoader modules with paths to nonexistent files cause PHP
18910 warnings/notices to be thrown.
18911 * (bug 30335) Fix for HTMLForms using GET that were breaking when non-friendly
18913 * (bug 28649) Preventing half truncated multi-byte unicode characters when
18914 truncating log comments.
18915 * Show --batch-size option in help of maintenance scripts that support it.
18916 * (bug 4381) Magic quotes cleaning was not comprehensive, key strings were not
18918 * (bug 23057) Importers no longer can 'edit' or 'create' a fully-protected page
18919 by importing a new revision into it.
18920 * Allow moving the associated talk pages of subpages even if the base page
18922 * Per page edit-notices now work in namespaces without subpages enabled.
18923 * (bug 31081) $wgEnotifUseJobQ is no longer unconditionally enqueueing jobs.
18924 * (bug 30202) File names are now restricted on upload to 240 bytes, because of
18925 restrictions on some of the database fields.
18926 * Timezones are now recognised in user preferences when offset is different
18928 * (bug 31692) "summary" parameter now also works when undoing revisions.
18929 * (bug 18823) "move succeeded" text displayed bluelinks even when redirect was
18931 * (bug 19186) Special:UserLogin's title on Special:SpecialPages now says
18932 "create account" when the user cannot create an account.
18933 * (bug 31818) 'usercreated' message now supports GENDER.
18934 * (bug 32022) Our phpunit.php script can now be executed from another directory.
18935 * (bug 26020) Setting $wgEmailConfirmToEdit to true no longer removes diffs
18936 from recent changes feeds.
18937 * (bug 30232) add current time to message wlnote on Special:Watchlist.
18938 * (bug 29110) $wgFeedDiffCutoff did not affect new pages.
18939 * (bug 32168) Add wfRemoveDotSegments for use in wfExpandUrl.
18940 * (bug 32358) Do not display "No higher resolution available" for dimensionless
18941 files (like audio files).
18942 * (bug 32168) Add wfAssembleUrl for use in wfExpandUrl.
18943 * (bug 32168) fixed - wfExpandUrl expands dot segments now.
18944 * (bug 31535) Upload comments now truncated properly, and don't have brackets.
18945 * (bug 32086) Special:PermanentLink now shows an error message when no subpage
18947 * (bug 30368) Special:Newpages now shows the new page name for moved pages.
18948 * (bug 1697) The way to search blocked usernames in block log should be clearer.
18949 * (bug 29747) eAccelerator shared memory caching has been removed since it is
18950 now disabled by default and is buggy. APC, XCache and WinCache are not
18952 * Installer now refuses to install if php was not compiled with Ctype support.
18953 * (bug 29475) Remove "trackback" feature entirely from core.
18954 * (bug 32665) Special:BlockList prefills the username in the input field if
18955 using the Special:BlockList/username URL.
18956 * (bug 27721) Make JavaScript variables wgSeparatorTransformTable and
18957 wgDigitTransformTable depend on page content language so the sort script
18958 sorts correctly more often.
18959 * (bug 32230) Expose wgRedirectedFrom in JavaScript.
18960 * (bug 31212) History tab not collapsed when the screen is narrow.
18961 * (bug 15521) Use new section summary when the action of adding a new section
18962 also happens to create the page.
18963 * (bug 32960) Remove EmailAuthenticationTimestamp from database when a
18964 email address is removed.
18965 * (bug 32414) Empty page get a empty bytes attribute in Export/Dump.
18966 * (bug 33101) Viewing a User or User talk of username resembling IP ending
18967 with .xxx causes Internal error.
18968 * Warning about undefined index in certain situations when $wgLogRestrictions
18969 causes the first log type requested to be removed but not the others.
18970 * Use separate message ('prefixindex-namespace') for title of
18971 Special:PrefixIndex rather then re-using Special:AllPages's allinnamespace.
18972 * (bug 33156) Special:Block now allows you to confirm you want to block yourself
18973 when using non-normalized username.
18974 * (bug 33246) News icon shown for news:// URLs but not for news: URLs.
18975 * (bug 33305) Make mw.util.addCSS resistant to IE's @font-face bug by setting
18976 cssText after DOM insertion.
18977 * (bug 30711) When adding a new section to a page with section=new, the text is
18978 now always added to the current version of the page.
18979 * (bug 31719) Fix uploads of SVGs exported by Adobe Illustrator by expanding
18980 XML entities correctly.
18981 * (bug 30914) Embeddable ResourceLoader modules (user.options, user.tokens)
18982 should be loaded in <head> for proper dependency resolution.
18983 * (bug 32702) Removed method Skin::makeGlobalVariablesScript() has been readded
18984 for backward compatibility.
18985 * (bug 31469) Make sure tracking category messages expand variables like
18986 {{NAMESPACE}} relative to correct title.
18987 * (bug 33454) ISO-8601 week-based year number (format character 'o') is now
18988 calculated correctly with respect to timezone.
18989 * (bug 32219) InstantCommons now fetches content from Wikimedia Commons using
18990 HTTPS when the local wiki is served over HTTPS.
18991 * (bug 33525) clearTagHooks doesn't clear function hooks.
18992 * (bug 33523) Function tag hooks don't appear on Special:Version.
18993 * Files with IPTC blocks we can't read no longer prevent extraction of exif
18995 * (bug 33587) Remove action "historysubmit" from history pages.
18996 * (bug 25800) mw.config wgAction should contain the actually performed action
18997 instead of whatever the query value contains.
18998 * (bug 4438) Add CSS hook for current WikiPage action.
18999 * (bug 33703) Common border-bottom color for <abbr> should inherit default
19001 * (bug 33819) Display file sizes in appropriate units.
19002 * (bug 32948) {{REVISIONID}} and related variables are no longer blank after
19004 * (bug 33880) $wgUsersNotifiedOnAllChanges should not send e-mail to user who
19006 * (bug 33902) Decoding %2B with mw.Uri.decode results in ' ' instead of +.
19007 * (bug 33762) QueryPage-based special pages no longer misses *-summary message.
19008 * Other sizes links are no longer generated for wikis without a 404 thumbnail
19010 * (bug 29454) Enforce byteLimit for page title input on Special:MovePage.
19011 * (bug 34114) CSSMin::remap() doesn't respect its $embed parameter.
19012 * Special:Contributions/newbies now shows the contributions for the user
19013 "newbies". New user contributions are obtained using the form or using
19014 ?contribs=newbie in URL.
19015 * It is now possible to delete images that have no corresponding description
19017 * (bug 33165) GlobalFunctions.php line 1312: Call to a member function
19018 getText() on a non-object.
19019 * (bug 31676) Group dynamically inserted CSS into a single <style> tag, to work
19020 around a bug where not all styles were applied in Internet Explorer.
19021 * (bug 28936, bug 5280) Broken or invalid titles can't be removed from
19023 * (bug 34600) Older skins using useHeadElement=false were broken in 1.18.
19024 * (bug 34604) [mw.config] wgActionPaths should be an object instead of a numeral
19026 * (bug 12262) Indents and lists are now aligned
19027 * (bug 29753) mw.util.tooltipAccessKeyPrefix should be alt-shift for Chrome
19029 * (bug 25095) Special:Categories should also include the first relevant item
19030 when "from" is filled.
19031 * (bug 34972) An error occurred while changing your watchlist settings for
19032 [[Special:WhatLinksHere/Example]]
19034 === API changes in 1.19 ===
19035 * Made action=edit less likely to return "unknownerror", by returning the actual
19036 error message (which may have come from a hook call or similar).
19037 * (bug 19838) siprop=interwikimap can now use the interwiki cache.
19038 * (bug 29748) Add API search prefix support.
19039 * (bug 29684) Set forgotten parameter types in ApiQueryIWLinks.
19040 * (bug 29685) do not output NULL parentid with list=deletedrevs&drprop=parentid.
19041 * siprop=interwikimap and siprop=languages can use silanguagecode to have
19042 a best effort language name translation. Use CLDR extension for best result.
19043 * (bug 30230) action=expandtemplates should not silently override invalid title
19045 * (bug 18634) Create API to fetch MediaWiki's language fallback tree structure.
19046 * (bug 26885) Allow show/hide of account blocks, temporary blocks and single IP
19047 address blocks for list=blocks.
19048 * (bug 30591) Add support to only return keys in ApiAllMessages.
19049 * The API now respects $wgShowHostnames and won't share the hostname in
19050 servedby if it's set to false.
19051 * wlexcludeuser parameter added to ApiFeedWatchlist.
19052 * (bug 7304) Links on redirect pages no longer cause the redirect page to show
19053 up as a redirect to the linked page on Special:Whatlinkshere.
19054 * (bug 32609) API: Move captchaid/captchaword of action=edit from core
19055 to Captcha extension(s).
19056 * Added 'APIGetDescription' hook.
19057 * (bug 32688) Paraminfo for parameter "generator" of the query module shows too
19059 * (bug 32415) Empty page get no size attribute in API output.
19060 * (bug 31759) Undefined property notice in querypages API.
19061 * (bug 32495) API should allow purge by pageids.
19062 * (bug 33147) API examples should explain what they do.
19063 * (bug 33482) Api incorrectly calls ApiBase::parseMultiValue if allowed
19064 values is given as an array.
19065 * (bug 32948) {{REVISIONID}} and related variables are no longer blank after
19066 calling action=purge&forcelinkupdate.
19067 * (bug 34377) action=watch now parses messages using the correct title instead
19069 * (bug 35036) WikiLove messages were not automatically updated in JavaScript
19070 after having been changed on-wiki due to a bug in core
19072 === Languages updated in 1.19 ===
19074 MediaWiki supports over 350 languages. Many localisations are updated
19075 regularly. Below only new and removed languages are listed, as well as
19076 changes to languages because of Bugzilla reports.
19078 * Canadian English (en-ca) (new).
19079 * Norwegian (bokmål) (nb) (renamed from no).
19080 * Uighur (Latin) (ug-latn) was incorrectly marked as right-to-left language.
19081 * (bug 30217) Make pt-br a fallback of pt.
19082 * (bug 31193) Set fallback language of Assamese from Bengali to English.
19083 * Update date format for dsb and hsb: month names need the genitive.
19084 * (bug 28643) Serbian variant conversion improvements (Nikola Smolenski).
19085 * (bug 29405, bug 30809) Lower diacritics are invisible in titles in Indic
19086 languages Assamese, Bengali, Hindi, Malyalam and Odiya.
19087 * (bug 32826) Titles in indic languages are partially cut.
19088 * (bug 33367) Gendered namespaces for Czech.
19089 * (bug 33014) Language::formatSize()/formatBitrate() should be able to deal
19090 with larger numbers (tera-yotta).
19092 === Other changes in 1.19 ===
19093 * BREAKING CHANGE: Legacy global array 'ta' and global function 'akeytt' have
19094 been removed from wikibits.js.
19095 * jquery.mwPrototypes module was renamed to jquery.mwExtension.
19096 * The maintenance script populateSha1.php was renamed to the more concise
19097 populateImageSha1.php.
19098 * The Client-IP header is no longer checked for when trying to resolve a
19099 client's real IP address.
19100 * (bug 22096) Although IE5.x and below was already unsupported officially,
19101 stylesheets existing exclusively for IE5.0 and IE5.5 have now been removed
19102 (which were in skins 'chick' and 'monobook').
19103 * The constructor for CategoryView has changed, the second parameter is now a
19104 Context source and is required.
19105 * The Title::escape{Local,Full,Canonical}URL methods are deprecated, please use
19106 proper html building methods to escape the normal get{...}URL methods instead.
19107 * The $variant arguments in the Title::get{Local,Full,Link,Canonical}URL methods
19108 have been replaced with a secondary query argument.
19109 * The $variant argument in the hooks for the
19110 Title::get{Local,Full,Link,Canonical}URL methods have been removed, the
19111 variant is now part of the $query argument.
19112 * Removed Title::isValidCssJsSubpage(), deprecated since 1.17 in favor of
19113 using Title::isCssJsSubpage() or checking Title::isWrongCaseCssJsPage().
19114 * Support for the deprecated hook MagicWordMagicWords was removed.
19115 * The Xml::namespaceSelector method has been deprecated, please use
19116 Html::namespaceSelector instead (note that the parameters have changed also).
19117 * (bug 33746) Preload popular ResourceLoader modules (mediawiki.util) as
19118 stop-gap for scripts missing dependencies.
19119 New configuration variable $wgPreloadJavaScriptMwUtil has been introduced for
19120 this (set to false by default for new installations). Set to true if your wiki
19121 has a large amount of user/site scripts that are lacking dependency
19122 information. In the short to medium term these user/site scripts should be
19123 fixed by adding the used modules to the dependencies in the module registry
19124 and/or wrapping them in a callback to mw.loader.using.
19126 == MediaWiki 1.18 ==
19128 == MediaWiki 1.18.6 ==
19131 This is a maintenance and security release of the MediaWiki 1.18 branch
19133 === Changes since 1.18.5 ===
19134 * ([[bugzilla:40995|bug 40995]]) Prevent session fixation in Special:UserLogin
19136 * ([[bugzilla:41400|bug 41400]]) Prevent linker regex from exceeding PCRE
19138 * Localisation updates
19139 * Increase permitted runtime for testParserTest
19140 * ([[bugzilla:36179|bug 36179]]) Unquote 'null' for PostgreSQL.
19142 == MediaWiki 1.18.5 ==
19145 This is a security release of the MediaWiki 1.18 branch
19147 === Changes since 1.18.4 ===
19148 * (bug 39700) File: link to non-existing file can inject html
19149 * (bug 39823) Hidden block text leaking to admins
19150 * (bug 39184) LDAP password leakage
19151 * (bug 39180) Disallow framing of api results
19152 * (bug 37587) Enforce language codes to be html safe
19153 * (bug 39824) Check global blocks on account creation
19155 == MediaWiki 1.18.4 ==
19158 This is a security release of the MediaWiki 1.18 branch.
19160 === Changes since 1.18.3 ===
19161 * (bug 36938) Correctly escape uselang attribute to prevent xss
19162 * Expanded Blacklist for SVG Files
19164 == MediaWiki 1.18.3 ==
19167 This is a maintenance release of the MediaWiki 1.18 branch.
19169 === Changes since 1.18.2 ===
19170 * (bug 35446) Using "{{nse:}}" with an invalid namespace name no longer throws
19172 * (bug 35567) The whole password reminder e-mail is now sent in the same
19174 * (bug 35961) Hash comparison should always be strict.
19175 * (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php
19177 * Fix broken email confirmation expiration caused by MWCryptRand changes.
19179 == MediaWiki 1.18.2 ==
19182 This is a maintenance and security release of the MediaWiki 1.18 branch.
19184 === Changes since 1.18.1 ===
19185 * (bug 33686) could not get a list of contributors for an article when using
19187 * (Bug 33865) Exception thrown in action=parse when attempting to use the title
19188 parameter without setting the text parameter.
19189 * UserMailer could potentially throw a fatal error when a MailAddress object had
19190 an empty email address.
19191 * (Bug 33087) Exchange server rejected mail sent by MediaWiki
19192 * (bug 34528) Edit section tooltips show correction section name again
19193 * (bug 34246) MediaWiki:Whatlinkshere-summary message is displayed again in
19194 Special:Whatlinkshere
19195 * (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in
19196 core parser functions which operate on strings, such as formatnum.
19197 * (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
19199 * (bug 34907) Fixed exposure of tokens through load.php that could have
19200 facilitated CSRF attacks.
19201 * (bug 35317) CSRF in Special:Upload.
19203 == MediaWiki 1.18.1 ==
19206 This a maintenance and security release of the MediaWiki 1.18 branch.
19208 === Changes since 1.18.0 ===
19209 * (bug 32712) Fix for search indexing of pages with certain unicode chars
19211 * (bug 3901) Lang, hreflang attribs added to sidebar interlanguage links for
19213 * (bug 30774) mediawiki.html: Add support for numbers and booleans in the
19214 attribute values and element contents.
19215 * (bug 32473) [[Special:PasswordReset]] can not be used on private wiki.
19216 * (bug 32853) Fixed CACHE_DBA object cache type.
19217 * (bug 32786) Backward compatibility for extension using 1.17's
19218 Database::newFromType().
19219 * Fixed exception when using Special:WhatLinksHere on a Media: file.
19220 * (bug 32709) Private Wiki users were always taken to Special:Badtitle on login.
19221 * (bug 33240) Sort images are missing but referenced in css.
19222 * (bug 31921) Magic words REVISIONDAY, REVISIONMONTH and REVISIONYEAR were
19223 not showing their values on preview.
19224 * (bug 32702) Removed method Skin::makeGlobalVariablesScript() has been readded
19225 for backward compatibility.
19226 * (bug 30172) The check for posix_isatty() in maintenance scripts did not detect
19227 when the function exists but is disabled. Introduced
19228 Maintenance::posix_isatty().
19229 * (bug 33305) Make mw.util.addCSS resistant to IE's @font-face bug by setting
19230 cssText after DOM insertion.
19231 * (bug 29102) Upgrades no longer fail with the error "Unknown character set:
19233 * (bug 25355) Parser generates edit section links for special pages.
19234 * (bug 33321) Adding a line to MediaWiki:Sidebar that contains a pipe, but
19235 doesn't have any pipes after being transformed by MessageCache, causes
19236 exception on all pages.
19237 * Fixed recentchanges FK violation on page delete and cache purge error in
19238 updater for Oracle DB.
19239 * (bug 33117) prop=revisions allows deleted text to be exposed through cache
19242 == MediaWiki 1.18.0 ==
19245 This is the first stable release of the MediaWiki 1.18 branch.
19247 === Summary of selected changes in 1.18 ===
19249 Selected changes since MediaWiki 1.17 that may be of interest:
19251 * Some of the more commonly used MediaWiki extensions are now included in the
19252 release tarball. These extensions are ConfirmEdit, Gadgets, Nuke,
19253 ParserFunctions, Renameuser, Vector and WikiEditor.
19255 * Gender support has been improved, meaning user pages can display the correct
19256 gender variant of "User" can now be used.
19258 * MediaWiki can now detect the camera orientation of an image from the Exif
19259 metadata, and can rotate the image thumbnail appropriately. Metadata support
19260 has been generally improved, and can now extract IPTC and XMP metadata.
19262 * Improved directionality support in 1.18 means that MediaWiki is better to use
19265 * MediaWiki now supports protocol - relative URLs in links, interwiki targets
19268 * Math support has been removed from core
19270 === Changes since 1.18.0rc1 ===
19271 * (bug 32228) regression in Special:Search which did not conserve profile on
19273 * (bug 32460) Categories were improperly aligned in Simple and CologneBlue
19274 * (bug 32412) TOC links on [[Special:EditWatchlist]] points to the fieldsets
19275 * (bug 32582) Fix TOC show/hide link regression on IE 8
19277 === Changes since 1.18 beta 1 ===
19278 * (bug 31886) Wrong titles redirecting to Special:Badtitle in the 1.18
19280 * (bug 32051) Fix description for wlprop=sizes.
19281 * (bug 31913) Special:MostLinkedTemplates had an incorrect GROUP BY clause
19282 under Microsoft SQL.
19283 * (bug 32100) installer complains about suhosin GET limit.
19284 * (bug 31933) fix 1.18 regression in Monobook sidebar: huge spacing between
19285 portlets on IE 7 and IE 8/9 in compatibility view.
19286 * (bug 32126) Fix 1.18 regression in watchlist editor when items already removed
19288 * (bug 32183) remove the client-* classes added from user-agent-sniffing onto
19289 the <html> element.
19290 * (bug 29912) Unit tests break if parsertest tables are still present.
19291 * (bug 31694) During installation, tabbing order (cursor focus) goes to logo
19292 instead of 'continue'.
19293 * (bug 29102) Upgrade fails "Unknown character set: 'mysql4".
19294 * (bug 31990) justify paragraphs pref adds extra space to category listing.
19295 * (bug 20148) Better title for [[Special:Disambiguations]] page.
19296 * (bug 31502) TOC is missing on Special:EditWatchlist.
19297 * (bug 32256) API list=search stops at first invalid result.
19298 * (bug 32047) jquery.tablesorter.js: thead is before caption.
19299 * (bug 29854) Store protocol-relative links twice in the externallinks table,
19300 one with http: in el_index and once with https.
19301 * (bug 31822) Error during upgrade due to output buffer reset in stdout.
19303 === Configuration changes in 1.18 ===
19304 * The WantedPages::getSQL hook has been removed and replaced with
19305 WantedPages::getQueryInfo. This may break older extensions.
19306 * The SkinTemplateBuildContentActionUrlsAfterSpecialPage,
19307 SkinTemplateContentActions and SkinTemplateTabs hooks have been removed in
19308 favor of SkinTemplateNavigation and SkinTemplateNavigation::SpecialPage.
19309 * $wgUseCombinedLoginLink controls whether to output a combined
19310 login / create account link in the personal bar, or to output separate login
19311 and create account links.
19312 * Skin names are no longer created based on a ucfirst version of the key in
19313 $wgValidSkinNames but now the value. This means for
19314 $wgValidSkinNames["monobook"] = "MonoBook"; the skin loader will no longer try
19315 loading SkinMonobook and will instead load SkinMonoBook.
19316 * $wgMaxUploadSize may now be set to an array to specify the upload size limit
19318 * $wgAPICacheHelp added in 1.16 is now removed. To disable API help caching, set
19319 $wgAPICacheHelpTimeout = 0;
19320 * OutputPage::isUserJsAllowed() no longer returns false when scripts are allowed
19321 by the page, but $wgAllowUserJs is set to false.
19322 * Pure "Skin" class based custom skins are no longer supported, all custom skins
19323 should be put together using SkinTemplate and BaseTemplate or QuickTemplate.
19324 * The transliteration for passwords in case they were migrated from an old
19325 Latin-1 install (previous to MediaWiki 1.5) is now only done for wikis with
19326 $wgLegacyEncoding set.
19327 * (bug 27508) Add $wgSVGMetadataCutoff to limit the maximum amount of an SVG we
19328 look at when finding metadata to prevent excessive resource usage.
19329 * $wgSysopUserBans and $wgSysopRangeBans (deprecated in 1.17) are now removed.
19330 Use $wgBlockCIDRLimit = array( 'IPv4' => 43, 'IPv6' => 128 ) to achieve the
19331 same functionality as $wgSysopRangeBans; you can use the BlockIp hook to
19332 replicate $wgSysopUserBans functionality.
19333 * The options on the block form have been standardised such that checking a box
19334 makes the block 'more serious'; so while "check to prevent account creation"
19335 and "check to enable autoblock" remain the same, "check to allow user-talk
19336 edit" is reversed to "check to *disable* user-talk edit", and "check to block
19337 anon-only" becomes "check to block logged-in users too". The default settings
19339 * Most of the field names on the Special:Block form have been changed, which
19340 will probably break screen-scraping bots.
19341 * (bug 26866) The 'trackback' right is no longer granted to sysops by default.
19342 $wgUseTrackbacks is already false by default.
19343 * (bug 17009) the hiddenStructure CSS class, a highly hackish way of at least
19344 *appearing* to hide article elements, has been removed. Use the
19345 ParserFunctions extension to actually remove unwanted elements from the
19347 * (bug 14202) $wgUseTeX has been superseded by the Math extension. To re-enable
19348 math conversion after upgrading, obtain the Math extension from SVN or from
19349 https://www.mediawiki.org/wiki/Extension:Math and add to LocalSettings.php:
19350 require_once "$IP/extensions/Math/Math.php";
19351 * $wgProfiler is now a configuration array, see StartProfiler.sample for
19353 * $wgProfiling has been removed.
19354 * The spyc library is now no longer included in phase3.
19355 * (bug 28343) Unused preferences contextlines/contextchars have been removed
19356 * $wgSkinExtensionFunctions has been removed. Use $wgExtensionFunctions instead.
19357 * $wgProto has been removed. You now only need to set $wgServer to change the
19359 * $wgRateLimitsExcludedGroups (deprecated in 1.13) has been removed.
19360 * $wgInputEncoding and $wgOutputEncoding (deprecated in 1.5) have now been
19362 * $wgAllowUserSkin (deprecated in 1.16) has now been removed.
19363 * $wgExtraRandompageSQL (deprecated in 1.16) has now been removed.
19364 * LogReader and LogViewer classes (deprecated in 1.14) have now been removed.
19365 * (bug 26033) Added $wgArticleCountMethod to select the method to use to say
19366 whether a page is an article or not. $wgUseCommaCount is now deprecated.
19367 * $wgEnableDublinCoreRdf and $wgEnableCreativeCommonsRdf no longer work in core,
19368 and the functionality has been moved to the relevant extensions. See
19369 https://www.mediawiki.org/wiki/Extension:DublinCoreRdf and
19370 https://www.mediawiki.org/wiki/Extension:CreativeCommonsRdf as appropriate.
19371 * (bug 21107) Split error "customcssjsprotected" into separate messages for JS
19373 * Removed $wgCheckCopyrightUpload from DefaultSettings, since the relevant
19374 feature was removed in about 1.5.
19375 * LogPageValidTypes, LogPageLogName, LogPageLogHeader and LogPageActionText
19376 hooks have been removed.
19377 * New hook "Collation::factory" to allow extensions to create custom
19378 category collations.
19379 * $wgGroupPermissions now supports per namespace permissions.
19380 * $wgEnableAutoRotation enables or disables auto-rotation. Leaving it set to
19381 null will cause MediaWiki to determine if auto-rotation is available.
19383 === New features in 1.18 ===
19384 * BREAKING CHANGE: action=watch / action=unwatch now requires a token.
19385 * BREAKING CHANGE: Article class hierarchy split into WikiPage (backend)
19386 and Article (frontend) hierarchies. Several hooks now pass a WikiPage object
19387 instead of an Article object. These hooks all use an $article parameter as
19388 documented in hooks.txt. Extensions should be updated to account for this,
19389 though most won't require any changes.
19390 * (bug 27860) Minor edit after clicking 'new section' tab
19391 Now the "This is a minor edit" checkbox is not available when you
19392 create a page or new section.
19393 * (bug 8130) Query pages should limit to content namespaces, not just main
19395 * Special:Contribs now redirects to Special:Contributions.
19396 * (bug 6672) Images are now autorotated according to their EXIF orientation.
19397 This only affects thumbnails; the source remains unrotated.
19398 * (bug 25708) Update case mappings and normalization to Unicode 6.0.0.
19399 * New hook ArticlePrepareTextForEdit added, called when preparing text to be
19401 * New parser option PreSaveTransform added, allows the pre-save transformation
19402 to be selectively disabled.
19403 * Alternative to $wgHooks implemented, using the new Hooks class.
19404 * Add width parameter to Special:Filepath to allow getting the file path of a
19406 * (bug 26870) Add size to {{filepath:}}.
19407 * Upload warnings now show a thumbnail of the uploaded file.
19408 * Introduced the edittools-upload message, which will be inserted under the
19409 upload form instead of edittools if available.
19410 * (bug 26285) Extensions will be automatically generated on upload if the user
19411 specified a filename without extension.
19412 * (bug 26851) Special:UserRights now allows to prefill the reason field
19413 * New maintenance script to fix double redirects
19414 (maintenance/fixDoubleRedirects.php).
19415 * (bug 23315) New body classes to allow easier styling of special pages.
19416 * (bug 27159) Make email confirmation code expiration time configurable.
19417 * (bug 29047) CSS/JS for each user group is imported from
19418 MediaWiki:Group-sysop.js, MediaWiki:Group-autoconfirmed.css, etc.
19419 * (bug 24230) Uploads of ZIP types, such as MS Office or OpenOffice can now be
19420 safely enabled. A ZIP file reader was added which can scan a ZIP file for
19421 potentially dangerous Java applets. This allows applets to be blocked
19422 specifically, rather than all ZIP files being blocked.
19423 * (bug 2429) Allow selection of associated namespace in recent changes.
19424 * (bug 26217) File size is now checked before uploading in HTML5 browsers.
19425 * CSS stylesheet MediaWiki:Noscript.css is now loaded for users with JavaScript
19426 disabled (enclosed in the head in a <noscript> tag).
19427 * Added UserGetLanguageObject hook to change the language used in $wgLang.
19428 * (bug 14645) When $wgMiserMode is on, expensive special pages are styled
19429 differently (italicized by default) on Special:SpecialPages.
19430 * Added $wgAggregateStatsID, which allows UDP stats to be aggregated over
19432 * When $wgAllowMicrodataAttributes is true, all itemtypes are allowed, not just
19433 the three that were defined in the original specification.
19434 * (bug 14706) Added support for the Imagick PHP extension.
19435 * (bug 18691) Added support for SVG rasterization using the Imagick PHP
19437 * (bug 2581, bug 6834) Added links to thumbnail in several resolutions to the
19438 file description page. The sizes are set by $wgImageLimits.
19439 * (bug 28031) Add pageCount support to ArchivedFile.
19440 * (bug 27924) PhpHttpRequest doesn't return response body if HTTP != 200.
19441 * Added hook BitmapHandlerTransform to allow extension to transform a file
19442 without overriding the entire handler.
19443 * The parser now attempts to output markers for editsection tokens and defer the
19444 rendering of them post-cache to reduce parser cache fragmentation and ensure
19445 skin customizability of edit section links.
19446 * (bug 24755) AuthPlugin auto-creation of local accounts can now be aborted by
19447 other extensions by handling the 'AbortAutoAccount' hook, similar to the
19448 'AbortNewAccount' triggered by explicit account creations. (They are separate
19449 to avoid loops and confusion; auth plugins like CentralAuth need to handle
19450 AbortNewAccount separately.
19451 * Special:ListFiles is now transcludable.
19452 * (bug 13879) Special:Emailuser asks for suitable target user if called without.
19453 * (bug 16956) IPTC and XMP metadata now extracted from images.
19454 * (bug 23816) A tracking category is now added for any pages with broken images.
19455 * (bug 23495) Allow createAndPromote.php to create non-sysop users.
19456 * (bug 28916) A way to to toggle mw.config legacy globals settings from
19457 LocalSettings.php has been created by introducing $wgLegacyJavaScriptGlobals.
19458 * (bug 28503) Support for ircs:// URL protocols.
19459 * (bug 26033) It is now possible to count all non-redirect pages in content
19460 namespaces as articles.
19461 * Images can now be embedded in an XML dump stream using backupDump.php
19462 --include-files and can be imported using importDump.php --uploads;
19463 furthermore, it can import files from the filesystem using --image-base-path.
19464 * Three new hooks in Special:Undelete, 'UndeleteForm::showHistory',
19465 'UndeleteForm::showRevision' and 'UndeleteForm::undelete', so that extensions
19466 may override the usage of PageArchive class and replace it with their own
19467 class that extends PageArchive.
19468 * (bug 28915) Implement QUnit test suite for MediaWiki JavaScript.
19469 Also built-in support for distribution through a TestSwarm instance.
19470 * (bug 29036) For cascade-protected pages, the mw-textarea-cprotected class is
19471 added to the textarea on the edit form.
19472 * mw.util.wikiScript has been implemented (like wfScript in GlobalFunctions.php)
19473 * (bug 29067) Expose user.tokens (like we do user.options) in ResourceLoader.
19474 * New 'Debug' hook used by wfDebug() and wfDebugLog().
19475 * (bug 27655) Require token for watching/unwatching pages)
19476 * (bug 28904) (bug 29773) Update jQuery version from 1.4.4 to 1.6.2 (the latest
19478 * (bug 29441) Expose CapitalLinks config in JS to allow modules to properly
19479 handle titles on case-sensitive wikis.
19480 * (bug 29397) Implement mw.Title module in core.
19481 * In MySQL 4.1.9+ with replication enabled, fetch the slave lag from SHOW SLAVE
19482 STATUS instead of SHOW PROCESSLIST. This ensures that lag is reported
19483 correctly in the case where there are no write events occurring. Note that
19484 the DB user now needs to have the REPLICATION CLIENT privilege if you are
19486 * Language codes in $wgDummyLanguageCodes are now excluded on localization
19487 statistics (maintenance/language/transstat.php).
19488 * (bug 29586) Make the (next 200) links on categories link directly to
19489 the relevant section of the category.
19490 * (bug 29109) Allow the automatic edit summary for redirect creation
19491 show the first bit of the new redirect page.
19492 * (bug 29723) mw.util.wikiGetlink() now defaults to wgPageName.
19493 * (bug 29680) Add GetDefaultSortkey hook to override the default sortkey.
19494 * (bug 16699) {{#language:}} accepts second parameter to specify the language in
19495 which the language name is wanted. Coverage depends on the cldr extension.
19496 * (bug 15802) An easy way to look up messages: language qqx which returns
19498 * (bug 29868) Add support for passing parameters to mw.msg in jquery.localize.
19499 * (bug 29558) $wgMiserMode now disables update.php by default.
19500 * AjaxCategories: Easily add, edit or delete categories on article pages.
19501 Suggests possible categories when typing, all saves are done via AJAX.
19502 Supports editing of multiple categories and then saving them in one batch.
19503 * $wgAutopromoteOnce was added, allowing for users to be automatically promoted
19504 to explicit usergroups. If a group is removed from a user via
19505 Special:UserRights, it will not automatically be re-added. Configuration is
19506 similar to $wgAutopromote (see DefaultSettings.php).
19507 * The PerformRetroactiveAutoblock hook was added to allow overriding or
19508 complementing retroactive autoblock handling. This runs when blocking a user
19509 with the 'autoblock' option.
19510 * MediaWiki now supports using protocol-relative URLs in links, interwiki
19511 targets and $wgServer.
19512 * Introduced $wgVaryOnXFPForAPI which will cause the API to send
19513 Vary: X-Forwarded-Proto headers.
19514 * New maintenance script to refresh image metadata
19515 (maintenance/refreshImageMetadata.php).
19516 * (bug 16428) Include permalink in printable version.
19517 * (bug 30722) Add an identity collation that sorts things based on what the
19518 unicode code point is (aka pre-1.17 behavior).
19519 * (bug 30940) Add a hook in User:getDefaultOptions.
19520 To give extensions a better and more flexible way of providing default
19521 values for preferences a hook has been introduced in User:getDefaultOptions().
19522 Setting preferences in $wgDefaultUserOptions still work fine, but when reading
19523 them (i.e. with array_keys) to get a list of all preferences, then
19524 $wgDefaultUserOptions should no longer be used as it will contain those set
19525 via User:getDefaultOptions().
19526 * (bug 30497) Add client-nojs and client-js classes on document element
19527 to let styles easily hide or show things based on general JS availability.
19528 * (bug 31293) If Special:Userlogin is loaded over HTTPS, display
19529 MediaWiki:loginend-https instead of MediaWiki:loginend, if it's not empty.
19530 Same for signupend on the account creation page.
19531 * (bug 31233) New OutputPage::addJsConfigVars() method to make the output page
19532 specific mw.config map extendable.
19533 * mw.util.wikiScript has been implemented (like wfScript in
19534 GlobalFunctions.php).
19536 === Bug fixes in 1.18 ===
19537 * (bug 27860) Minor edit after clicking 'new section' tab.
19538 * (bug 23119) WikiError class and subclasses are now marked as deprecated.
19539 * (bug 10871) Javascript and CSS pages in MediaWiki namespace are no longer
19540 treated as wikitext on preview.
19541 * (bug 22753) Output from update.php is more clear when things changed, entries
19542 indicating nothing changed are now all prefixed by "...".
19543 * Page existence is now not revealed (in the colour of the tabs) to users who
19544 cannot read the page in question.
19545 * (bug 19006) {{REVISIONUSER}} no longer acts like {{CURRENTUSER}} in some
19547 * (bug 16019) $wgArticlePath = "/$1" no longer breaks API edit/watch actions.
19548 * (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown
19549 as "Permitted file types" on the upload form.
19550 * (bug 26379) importImages.php gives more descriptive error message on failure.
19551 * (bug 26410) + signs are no longer treated as spaces in internal links if
19552 link has a % sign in it.
19553 * (bug 26412) Search results headers no longer show a bogus edit link.
19554 * (bug 26540) Fixed wrong call to applyPatch in MysqlUpdater.
19555 * (bug 26574) Added 'upload' to $wgRestrictionTypes, allowing upload protected
19556 pages to be queried via the API and Special:ProtectedPages, and allowing
19557 disabling upload protection by removing it from $wgRestrictionTypes.
19558 * If an edit summary exceeds 250 bytes and is truncated, add an ellipse.
19559 * (bug 26638) Database error pages display correctly in RTL languages.
19560 * (bug 26187) Confirmrecreate no longer parses the edit summary.
19561 * (bug 26208) Mark directionality of some interlanguage links.
19562 * (bug 26034) Make the "View / Read" tab in content_navigation style tabs remain
19563 selected when the action is "purge".
19564 * (bug 14267) Support a MediaWiki:Mainpage-nstab override for the subject
19565 namespace tab on the mainpage of a wiki.
19566 * (bug 10158) Do not mention allowing others to contact you when the feature
19567 is disabled ($wgEnableUserEmail=false).
19568 * (bug 26733) Wrap initial table creation in transaction.
19569 * (bug 26729) Category pages should return 404 if they do not exist and have no
19571 * (bug 2585) Image pages should send 404 if no image, no shared image and no
19573 * Custom editintro's using the editintro url parameter will no longer show
19574 <noinclude> sections on pages they are included on.
19575 * (bug 26449) Keep underlines from headings outside of tables and thumbs by
19576 adding overflow:hidden to h1,h2,h3,h4,h5,h6 (also fixes editsection bunching).
19577 * (bug 26708) Remove background-color:white from tables in Monobook and Vector.
19578 * (bug 28422) Remove color:black from tables in Monobook and Vector. And add it
19579 to table.wikitable instead.
19580 * (bug 26781) {{PAGENAME}} and related parser functions escape their output
19582 * (bug 26716) Provide link to instructions for external editor related
19583 preferences and add a comment to the ini control file explaining what is
19585 * Trying to upload a file with no extension or with a disallowed MIME type now
19586 gives the right message instead of complaining about a MIME/extension
19588 * (bug 26809) Uploading files with multiple extensions where one of the
19589 extensions is blacklisted now gives the proper extension in the error message.
19590 * (bug 26961) Hide anon edits in watchlist preference now actually works.
19591 * (bug 19751) Filesystem is now checked during image undeletion.
19592 * Send last modified headers for Special:Recentchanges when RC patrol is
19593 enabled, but user cannot see rc patrol links.
19594 * (bug 26548) ForeignAPIRepo (InstantCommons) now works with PDF files
19595 and other multi-paged file formats.
19596 * Files with a mime type that does not match the extension are now properly
19598 * (bug 27201) Special:WhatLinksHere output no longer contains duplicate IDs.
19599 * (bug 15905) Nostalgia skin could become more usable by including a Talk:
19600 link at the top of the page.
19601 * (bug 27560) Search queries no longer fail in Walloon language.
19602 * (bug 27679) Broken embedded files with special characters are no longer
19603 double HTML escaped.
19604 * (bug 27700) The upload protection can now also be set for files that do not
19606 * (bug 27763) Article::getParserOutput() no longer throws a fatal given when an
19607 incorrect revision ID is passed.
19608 * Trim the form field for uploading by url to remove extra spaces which could
19609 cause confusing error messages.
19610 * (bug 27854) Http::isValidURI is way too lax.
19611 * Do not show enotifminoredits preference, if disabled by $wgEnotifMinorEdits.
19612 * AbortLogin returning "ABORTED" now handled. Also allows message identifier
19613 for "ABORTED" reason to be returned and displayed to user.
19614 * (bug 28034) uploading file to local wiki when file exists on shared repository
19615 (commons) gives spurious info in the warning message.
19616 * Usernames get lost when selecting different sorts on Special:listfiles.
19617 * (bug 14005) editing section 0 of an existing but empty page gives no such
19619 * (bug 26939) Installer does not set $wgMetaNamespace.
19620 * (bug 28166) UploadBase assumes that 'edit' and 'upload' rights are not per
19622 * Make truncate function automatically consider length of '...' string,
19623 since length can vary by localization.
19624 * (bug 28242) Make redirects generated by urls containing a local interwiki
19625 prefix be a 301 instead of a 302.
19626 * (bug 15641) blocked administrators are now prevented from deleting or
19627 protecting their own talk page; and all blocked users are more
19628 comprehensively prevented from performing other actions.
19629 * (bug 27893) Edit-on-doubleclick now applies only on view and purge actions;
19630 no longer triggers unexpectedly on delete, history etc.
19631 * (bug 28417) Fix PHP notice when importing revision without a listed id.
19632 * (bug 28430) Make html and TeX output of <math> always be left-to-right.
19633 * (bug 28306) Fix exposure of suppressed usernames in ForeignDBRepo.
19634 * (bug 28372) Fix bogus link to suppressed file versions in ForeignDBRepo.
19635 * (bug 27473) Fix regression: bold, italic no longer interfere with linktrail
19637 * (bug 28444) Fix regression: edit-on-doubleclick retains revision id again.
19638 * ' character entity is now allowed in wikitext.
19639 * UtfNormal::cleanUp on an invalid utf-8 sequence no longer returns false if
19641 * (bug 28561) The css class small will no longer make nested elements even
19643 * (bug 13172) Array type exif data (like GPS) was not being extracted from
19645 * (bug 28532) wfMsgExt() and wfMsgWikiHtml() use $wgOut->parse().
19646 * (bug 16129) Transcluded special pages expose strip markers when they output
19648 * (bug 27249) "Installed software" table in Special:Version should always be
19650 * (bug 28719) Do not call mLinkHolders __destruct explicitly.
19651 * (bug 21196) Article::getContributors() no longer fails on PostgreSQL.
19652 * (bug 28752) XCache doesn't work in CLI mode.
19653 * (bug 28076) Thumbnail height limited to 360 pixels on Special:Listfiles.
19654 * (bug 22227) Special:Listfiles no longer throws an error on bogus file entries.
19655 * (bug 19408) user_properties.up_property: 32 bytes is not enough.
19656 * (bug 25262) Fix for minification of hardcoded data: URIs in CSS.
19657 * (bug 29263) Add LTR class to the shared CSS to be used for left-to-right text
19658 such as SQL queries shown in dberrortext and similar messages in RTL
19660 * (bug 14977) Fixed $wgServer detection in cases where an IPv6 address is used
19661 as the server name.
19662 * The View X deleted revisions is now shown again on Special:Upload.
19663 * (bug 29071) mediawiki.action.watch.ajax.js should pass uselang to API.
19664 * (bug 28868) Show total pages in the subtitle of an image on the
19665 file description page for multi-paged documents.
19666 * (bug 28883) Message names for different compression types commonly
19667 used in Tiff files.
19668 * When transcluding a special page, do not let it interpret url parameters.
19669 * (bug 28887) Special page classes are no longer re-used during 1 request.
19670 * (bug 28888) Searching for something starting with a # sign no longer tells
19671 the user a page named [[:]] already exists.
19672 * (bug 23002) Imagelinks table not updated after imagemove.
19673 * (bug 27864) Transcluding {{Special:Prefix}} with empty prefix now lists all
19675 * (bug 18803) JPEG2000 images should not be uploadable as .jpg files.
19676 * (bug 11868) If using links to count articles, the checking will now be based
19677 on the real presence of an internal link instead of the "[[" string.
19678 * (bug 28287) The "your changes" box for edit conflicts is now read-only.
19679 * (bug 28940) When making a thumb of an SVG, and only specifying the height
19680 make the width be the max SVG size, not the natrual width of the SVG.
19681 * (bug 1780) Uploading files with non-ascii characters are now forbidden on
19683 * (bug 23464) File: prefixes are now chopped off during uploading.
19684 * (bug 28174) Message config-logo-help amended to not explicitly assume any
19685 LTR/RTL screen layout.
19686 * (bug 28992) Revision numbers in the patrol log are transformed in the user
19688 * (bug 27073) ResourceLoaderDynamicStyles marker should be dynamically appended
19689 to the document head if it doesn't exist.
19690 * (bug 27023) After the document is ready, mw.loader is broken (calls callback
19691 before module is parsed).
19692 * (bug 4330) External URLs without a custom title should be treated as LTR,
19694 * (bug 29055) Make "don't send email on minor edits" preference apply to
19695 changes to talk page in addition to watchlist edits.
19696 * (bug 28272) Special:AllMessages should have only one "Go" button.
19697 * (bug 29101) Special:FileDuplicateSearch no longer shows silly message.
19698 * (bug 29048) jQuery.tabIndex: firstTabIndex() should not output the same
19700 * (bug 29332) Warn if user requests mediawiki-announce subscription but does not
19701 enter an e-mail address.
19702 * (bug 25375) Add canonical namespaces to "wgNamespaceIds" in mw.config.
19703 * The class JpegOrTiffHandler was renamed ExifBitmapHandler.
19704 * (bug 29443) Special:Undelete should use JavaScript to invert all checkboxes
19705 instead of reloading the page.
19706 * (bug 29325) Setting $wgStrictFileExtensions to false no longer gives incorrect
19708 * (bug 29437) Multiple apostrophes in deleted article title cause odd rendering.
19709 * (bug 29485) RSS feed of Special:RecentChange grouped together multiple
19710 consecutive edits by same user in included diff, but then linked to
19711 a single ungrouped diff.
19712 * Do not try to group together a page creation and edit in the RSS feed of RC.
19713 * (bug 29342) Patrol preferences shouldn't be visible to users who don't have
19714 patrol permissions.
19715 * (bug 29471) Exception no longer thrown for files with invalid date in
19717 * (bug 29492) Long-running steps in the installer (such as Upgrade and Install)
19718 no longer cause timeouts.
19719 * (bug 29507) Change 'image link' to 'file link' in Special:Whatlinkshere.
19720 * If the db is really screwed up, and doesn't have a recentchanges table,
19721 make the updater throw an exception instead of a fatal.
19722 * wfArrayToCGI() and wfCgiToArray() now handle nested and associative arrays
19724 * (bug 29567) mw.util.addPortletLink should only wrap link in <span> for
19725 "vectorTabs" portlets.
19726 * (bug 8556) Incorrect session failure warning on preview-on-open
19727 namespaces (categories) when combined with $wgRawHtml.
19728 * Use content language in formatting of dates in revertpage message
19729 (rollback revert edit summary) and do not adjust for user timezone.
19730 * (bug 29277) MediaWiki:Filepage.css is also shown on the local wiki
19731 * Make sure Backlink cache does not retrieve interwiki redirects when looking
19732 for redirects to a local page.
19733 * (bug 6100) Allow different directionality (LTR/RTL) for user interface
19734 and wiki content, along with many other RTL and directionality improvements
19735 (such as bugs 28030, 12406, 28349).
19736 * (bug 29712) Removed broken defaultUserOptionOverrides in MessagesXx files and
19737 unneeded CSS flipping of quickbar. Instead, introduce option 5 which sets
19738 left/right according to the directionality of your interface language.
19739 * (bug 19514) Unordered list list-style-image should be IE6-compatible (8-bit).
19740 * (bug 27410) The tag filter on a history page is now within a <label> element.
19741 * (bug 29779) DairikiDiff/WikiDiff <ins> and <del> should undo browser default
19742 styling (strike/underline).
19743 * (bug 28630) Add iwlinks, langlinks, redirect to
19744 RefreshLinks::deleteLinksFromNonexistent.
19745 * (bug 29797) Error: "Tried to load block with invalid type" when subpages
19746 are disabled for user pages.
19747 * (bug 12205) Bidirectional names in action=credits are split and displayed
19748 incorrectly when wrapped to the next line.
19749 * (bug 20781) Move 'mainpagetext' messages to installer's .i18n file.
19750 * (bug 29737) "MediaWiki:Qbsettings-directionality" should refer to script,
19752 * (bug 26360) $wgSessionHandler was overriding system settings unconditionally.
19753 * Removed AjaxFunctions.php. The last remaining function js_unescape() was moved
19754 to the FCKEditor extension.
19755 * (bug 28762) Resizing to specified height broken for very thin images.
19756 * (bug 29959) Installer fatal when cURL and allow_url_fopen is disabled and user
19757 tries to subscribe to mediawiki-announce.
19758 * (bug 27427) mw.util.getParamValue shouldn't return value from hash even if
19759 param is only present in hash.
19760 * Installer checked for magic_quotes_runtime instead of register_globals.
19761 * (bug 30131) XCache with variable caching disabled no longer used for variable
19762 caching (CACHE_ACCEL)
19763 * $wgSVGMaxSize is now applied to the smaller of width or height, making very
19764 wide pano/timeline/diagram SVGs renderable at saner sizes.
19765 * (bug 30219) The page shown when LocalSettings.php does not exist was broken on
19767 * (bug 30074) Moving user JS subpages resulted in JS errors because
19768 #REDIRECT [[Foo]] is invalid JS.
19769 * (bug 30335) Fix for HTMLForms using GET breaking when non-friendly URLs
19771 * (bug 30264) Changed installer-generated LocalSettings.php to use
19772 require_once() instead of require() for included extensions.
19773 * Tracking categories are no longer shown in footer for special pages.
19774 * (bug 30684) Fix bad escaping in mw.message for inexistent messages (i.e.
19776 * $wgOverrideSiteFeed no longer double escapes urls.
19777 * The preprocessor no longer fails with a PHP warning about XML_PARSE_HUGE when
19778 processing complex pages using newer versions of libxml2.
19779 * (bug 30907) Special:Unusedcategories should sort ascendingly.
19780 * (bug 28545) When using the uca-default collation, sortkey's starting with a
19781 space (U+20) will sort under an invisible header like in 1.16 rather than a
19783 * (bug 30192) Thumbnails of archived files are now deleted.
19784 * (bug 30843) mediawiki.Title should not convert extensions (anything after the
19785 last full stop) to lower case).
19786 * (bug 31213) Exception thrown when trying to move file cross-namespace.
19787 * (bug 18424) Special:Prefixindex and Special:Allpages paging links are
19788 really small, and somewhat inconsistent with each other.
19789 * (bug 30466) Entries in iwlinks table are now cleared when moving a page over
19791 * (bug 31674) Can't edit watchlist if it contains special pages.
19792 * (bug 32100) Installer complains about Suhosin GET limit even if it is
19793 already set above 1024 bytes.
19795 === API changes in 1.18 ===
19796 * BREAKING CHANGE: action=watch now requires POST and token.
19797 * (bug 26339) Throw warning when truncating an overlarge API result.
19798 * (bug 14869) Add API module for accessing QueryPage-based special pages.
19799 * (bug 14020) API for Special:Unwatchedpages.
19800 * (bug 24287) Wrap API Help output at 100 characters.
19801 * Add a realname uiprop option to query=userinfo so a user's realname can be
19803 * Add a &watchuser option to ApiBlock.
19804 * (bug 26541) Generator-ise ApiQueryRecentChanges.
19805 * action=parse now correctly returns an error for nonexistent pages.
19806 * (bug 25767) Add userrights properties to allusers and users query lists.
19807 * (bug 26558) list=allusers auprop=groups does not list groups a user is
19808 automatically a member of.
19809 * (bug 26559) list=allusers auprop=rights does not match
19810 list=users usprop=rights.
19811 * (bug 26560) On allusers if limit < total number of users, last user gets
19813 * (bug 25135) add "normalized" to action=parse.
19814 * (bug 26460) Add support for listing category members by category pageid.
19815 * (bug 26482) add a imimages param to prop=images.
19816 * (bug 26498) allow LinksUpdate with API.
19817 * (bug 26485) add a elextlinks param to prop=extlinks.
19818 * (bug 26483) add a iwtitles param to prop=iwlinks.
19819 * (bug 26484) add a lltitles param to prop=langlinks.
19820 * (bug 26480) add a pppageprops param to prop=pageprops.
19821 * (bug 26650) Remove $wgAPICacheHelp in favour of $wgAPICacheHelpTimeout.
19822 * (bug 24650) Fix API to work with categorylinks changes.
19823 * Expose list of skins in meta=siteinfo.
19824 * (bug 26548) Add iiurlparam param to query=imageinfo and query=stashimageinfo.
19825 * (bug 27205) aiprop=metadata and aiprop=parsedcomment need help text.
19826 * Add a amtitle param to meta=allmessages.
19827 * (bug 25832) query=allimages now outputs ns/title as well.
19828 * (bug 27199) Thumbnail urls can be fetched for old files as well.
19829 * (bug 27376) when using ApiBase::PARAM_TYPE => 'integer' without a min or
19830 max value, API doesn't validate the input is actually an integer.
19831 * (bug 27479) API error when using both prop=pageprops and
19832 prop=info&inprop=displaytitle.
19833 * (bug 27554) Update API information text to reflect change in bug 26125.
19834 * (bug 27611) list=blocks: Use ipb_by_text instead of join with user table.
19835 * (bug 27616) Add userid of blocked user and blocker to list=blocks.
19836 * (bug 27688) Simplify queries to list user block information.
19837 * (bug 27708) list=users does not have a property to return user id.
19838 * (bug 27715) imageinfo didn't respect revdelete.
19839 * (bug 27862) Useremail module didn't properly return success on success.
19840 * (bug 27590) prop=imageinfo now allows querying the media type.
19841 * (bug 27587) list=filearchive now outputs full title info.
19842 * (bug 27018) Added action=filerevert to revert files to an old version.
19843 * (bug 27897) list=allusers and list=users list hidden users.
19844 * (bug 27717) API's exturlusage module does not respect $wgMiserMode.
19845 * (bug 27588) list=filearchive&faprop=sha1 returns empty attribute.
19846 * (bug 28010) Passing a non existent user to list=users gives internal error.
19847 * (bug 27549) action=query&list=users&usprop=groups doesn't show implicit
19848 groups if a user doesn't have explicit groups.
19849 * (bug 27670) Ordering by timestamp (and usage of start and end) isn't as clear
19850 in auto generated document, as it is on mediawiki.org.
19851 * (bug 27182) API: Add filter by prefix for meta=allmessages.
19852 * (bug 27183) API: Add filter by customisation state for meta=allmessages.
19853 * (bug 27340) API: Allow listing of "small" categories.
19854 * (bug 27342) Add audir param to list=allusers.
19855 * (bug 27203) add fato param to list=filearchive.
19856 * (bug 27341) Add drto param to list=deletedrevs.
19857 * (bug 26630) Add API for Special:ActiveUsers.
19858 * (bug 27020) API: Allow title prefix search of logevents (only when not in
19860 * (bug 26629) add Special:MIMESearch to API.
19861 * (bug 27585) add pagecount to list=filearchive.
19862 * (bug 28104) Namespace for local pages in interwiki backlinks (iwbacklinks)
19864 * (bug 27343) Add parseddescription to list=filearchive.
19865 * (bug 27469) label implicit groups in list=allusers&auprop=groups/
19866 list=users&usprop=groups.
19867 * Addition of APIQuerySiteInfoGeneralInfo hook to add extra information to
19868 the general site info results.
19869 * (bug 16288) API: consider making closure status of wikis more clear
19870 with meta=siteinfo.
19871 * (bug 27589) list=allimages&aiprop=archivename is useless.
19872 * (bug 27586) Remove duplication of props in ApiQueryStashImageInfo
19873 by using ApiQueryImageInfo.
19874 * (bug 28226) prop=extlinks&eloffset should be an integer.
19875 * (bug 28070) Fix watchlist RSS for databases that store timestamps in a
19876 real timestamp field.
19877 * API upload errors may now return the parameter that needs to be changed and
19878 a sessionkey to fix the error.
19879 * (bug 28249) allow dupes in meta=allmessages&amargs.
19880 * (bug 28263) cannot import xml with the API, when have not "import" user
19881 right, but "importupload".
19882 * (bug 28365) Added description for uiprop=preferencestoken in meta=userinfo.
19883 * (bug 28394) Set forgotten parameters types in ApiUnblock.
19884 * (bug 28395) Set forgotten parameters types in ApiParse.
19885 * (bug 28368) add hint for multipart/form-data to API information of
19886 action=import&xml=.
19887 * (bug 28391) action=feedwatchlist&allrev should be a bool.
19888 * (bug 28364) add registration date to meta=userinfo.
19889 * (bug 28254) action=paraminfo: Extract type from PARAM_DFLT if
19890 PARAM_TYPE is not set.
19891 * (bug 27712) add parent_id to list=deletedrevs.
19892 * (bug 28455) Add 'toponly' to recentchanges API module.
19893 * (bug 26873) API: Add 'toponly' filter in usercontribs module.
19894 * (bug 28586) YAML: strings that are the same as boolean literals.
19895 * (bug 28591) Update/replace/supplement spyc (YAML parsing library).
19896 * YAML API output is now 1.2 compliant, using JSON as the formatter.
19897 * (bug 28672) give information about misermode on API.
19898 * (bug 28558) Add iw_api and iw_wikiid to meta=siteinfo&siprop=interwikimap
19899 * (bug 26882) Allow listing of indefinite protections with the API.
19900 * (bug 27344) add drprefix param to list=deletedrevs.
19901 * (bug 28560) list=deletedrevs should die, if combination of param is invalid.
19902 * (bug 28238) paraminfo: output both limits for multi param.
19903 * (bug 27179) API: List of extension tags through meta=siteinfo.
19904 * Get a list of function hooks through meta=siteinfo.
19905 * Get a list of all subscribed hooks, and those subscribers.
19906 * (bug 28225) Allow hiding of user groups in list=allusers.
19907 * (bug 27185) API: Add Special:ComparePages.
19908 * (bug 28265) allow outputting of comments for action=expandtemplates.
19909 * (bug 27790) Add query type for querymodules to output of ApiParamInfo.
19910 * (bug 28963) Add langbacklinks query module to the api.
19911 * (bug 27593) API should return error message when sha1/sha1base36 is invalid.
19912 * (bug 28578) API's parse module should not silently override invalid
19914 * (bug 20699) Watchlist API should list log-events.
19915 * (bug 29070) Require a token in API action=watch.
19916 * (bug 29221) Expose oldrevid in ApiQueryWatchlist output.
19917 * (bug 29267) Always give the servername for meta=siteinfo&siprop=dbrepllag.
19918 * (bug 28897) rvparse now respects rvsection for action=query&prop=revisions.
19919 * (bug 25734) API: Possible issue with revids validation.
19920 * (bug 28002) Internal error in ApiFormatRaw::getMimeType.
19921 * (bug 29237) ApiQuery now has an option to output the "iwurl" attribute.
19922 * (bug 28392) Mark action=undelete×tamps as type "timestamp".
19923 * (bug 21346) Make deleted images searchable by hash (disabled in Miser Mode).
19924 * (bug 27595) sha1 search of list=filearchive does not work.
19925 * (bug 26763) Make RSS/Atom of user contributions more visible.
19926 * (bug 25133) Allow redirects also for action=parse&pageid.
19927 * (bug 29745) Fatal error in API search.
19928 * (bug 29476) API returns page title instead of sectiontitle for
19929 srprop=sectiontitle.
19930 * Correct the documentation of srprop properties.
19931 * (bug 28817) Add reference help page link to API Modules.
19932 * (bug 29935) Improve formatting of examples in ApiParamInfo.
19933 * (bug 29938) list=users&usprop=rights shows rights the user doesn't have.
19934 * (bug 24781) The API will include an XML namespace if the includexmlnamespace
19936 * (bug 29392) Setting the start or end parameter now works with lists blocks,
19937 categorymembers, deletedrevs, logevents, protectedtitles, usercontributions
19938 and watchlist in Postgres.
19940 === Languages updated in 1.18 ===
19942 MediaWiki supports over 330 languages. Many localisations are updated
19943 regularly. Below only new and removed languages are listed, as well as
19944 changes to languages because of Bugzilla reports.
19946 * Angika (anp) (new).
19947 * Brahui (brh) (new).
19948 * Central Dusun (dtp) (new).
19949 * Jamaican Creole English (jam) (new).
19950 * Khowar (khw) (new).
19952 * Kichwa (qug) (new).
19953 * Tokipona (tp) (removed) 'tokipona' is still valid.
19954 * (bug 17160) Gender specific display text for User namespace.
19955 * Link trail added for sl and sh.
19956 * (bug 27633) Add characters to linkTrail for Portuguese (pt and pt-br).
19957 * (bug 27426) Set $namespaceGenderAliases for Arabic (ar).
19958 * (bug 27385) Set Polish $namespaceGenderAliases.
19959 * (bug 27681) Set $namespaceGenderAliases for Portuguese (pt and pt-br).
19960 * (bug 27785) Fallback language for Kabardian (kbd) is English now.
19961 * (bug 27825) Raw watchlist edit message now uses formatted numbers.
19962 * (bug 28040) Turkish: properly lower case 'I' to 'i' (dotless i) and
19963 uppercase 'i' to 'I' (dotted i).
19964 * Conversion script between Syllabics and Latin for the Inuktitut language.
19965 * Date formats for Indonesian (id) updated.
19966 * Bhojpuri (bho) (renamed from "bh").
19967 * (bug 29031) When translating block log entries, indefinite, infinite, and
19968 infinity are now considered the same.
19969 * Aromanian (rup) (renamed from "rua-rup").
19970 * Kashmiri (ks) split into Kashmiri (Perso-Arabic) (ks-arab) and Kashmiri
19971 (Devanagari) (ks-deva). Defaults to ks-arab.
19972 * (bug 30864) Use bengali numerals for <ol> for Assamese.
19973 * (bug 30817) Restored linktrail for kk (Kazakh).
19974 * (bug 27398) Add $wgExtraGenderNamespaces for configured gendered namespaces.
19975 * (bug 30846) New LanguageOs class.
19977 === Other changes in 1.18 ===
19978 * Removed legacy wgAjaxWatch javascript global object, no longer in use.
19979 * (bug 28556) Upload support for MacBinary files has been removed (Used by
19980 Internet Explorer 5 for Mac OS 9).
19981 * On wiki farm setups using $wgConf, 'wgCanonicalServer' is now expected to be
19982 set for all wikis. This was already the case for 'wgServer'.
19984 == MediaWiki 1.17 ==
19986 == MediaWiki 1.17.5 ==
19989 This is a security release of the MediaWiki 1.17 branch.
19991 === Summary of selected changes in 1.17 ===
19993 Selected changes since MediaWiki 1.16 that may be of interest:
19995 * A new installer has been introduced. It has a wizard-style interface which is
19996 translated into many languages. Many shortcomings in the old installer were
19997 addressed with this rewrite. Note that it is no longer required for the config
19998 directory to be made writable by the webserver. Instead the generated
19999 LocalSettings.php file is offered as a download, which you must then upload
20000 to the wiki's base directory.
20002 * ResourceLoader, a new framework for delivering client-side resources such as
20003 JavaScript and CSS, has been introduced. These resources are now delivered
20004 through the new entry point script "load.php", instead of as static files
20005 served directly by the web server. This allows minification, compression and
20006 client-side caching to be used more effectively, which should provide a net
20007 performance improvement for most users.
20009 * Category sorting has been improved.
20010 ** Sorting is now case insensitive.
20011 ** Sub-categories, pages and files can now be paged separately.
20012 ** When several pages are given the same sort key, they sort by their
20013 names instead of randomly.
20015 * The lowest supported version of PHP is now 5.2.3. If necessary, please
20016 upgrade PHP prior to upgrading MediaWiki.
20018 === Changes since 1.17.4 ===
20020 * (bug 36938) Correctly escape uselang attribute to prevent xss
20021 * Expanded Blacklist for SVG Files
20023 === Changes since 1.17.3 ===
20025 * (bug 35961) Hash comparison should always be strict.
20026 * Fix broken email confirmation expiration caused by MWCryptRand changes.
20027 * (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php
20030 === Changes since 1.17.2 ===
20032 * (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in
20033 core parser functions which operate on strings, such as padleft.
20034 * (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
20036 * (bug 34907) Fixed exposure of tokens through load.php that could have
20037 facilitated CSRF attacks.
20038 * (bug 35317) CSRF in Special:Upload.
20040 === Changes since 1.17.1 ===
20041 * (bug 33117) prop=revisions allows deleted text to be exposed through cache
20043 * (bug 32709) Private Wiki users were always taken to Special:Badtitle on login.
20045 === Changes since 1.17.0 ===
20047 * (bug 29535) Added missing Creative Commons CC0 icon.
20048 * (bug 29726) Fixed failure to load internationalization messages in
20049 client-side scripts on WebKit-based browsers.
20050 * Fixed a bug in message transformation where the previous language could leak
20051 into later transformations in the UI language.
20052 * (bug 29091) Fixed form of native name for Ossetic language (Иронау -> Ирон)
20053 * Fixed maintenance scripts upgrade1_5.php and rebuildImages.php, they did not
20054 work at all since 1.17 beta 1.
20055 * (bug 29531) Fixed img_auth.php for thumbnails and other filenames with
20056 multiple dots, was broken by the fix for bug 28840.
20057 * In the maintenance script purgeList.php, fixed a fatal error when a page
20058 title is given, instead of a URL.
20059 * (bug 19514) Unordered list list-style-image should be IE6-compatible (8-bit).
20060 * Installer checked for magic_quotes_runtime instead of register_globals.
20061 * $wgSVGMaxSize is now applied to the smaller of width or height, making very
20062 wide pano/timeline/diagram SVGs renderable at saner sizes.
20063 * (bug 29959) Installer fatal when cURL and allow_url_fopen is disabled and user
20064 tries to subscribe to mediawiki-announce.
20065 * Installer checked for magic_quotes_runtime instead of register_globals
20066 * (bug 30131) XCache with variable caching disabled no longer used for variable
20067 caching (CACHE_ACCEL)
20068 * (bug 30264) Changed installer-generated LocalSettings.php to use
20069 require_once() instead require() for included extensions.
20070 * (bug 26486) ResourceLoader modules with paths to nonexistent files cause PHP
20071 warnings/notices to be thrown
20072 * (bug 30907) Special:Unusedcategories should sort ascendingly.
20073 * (bug 30219) The page shown when LocalSettings.php does not exist was broken on
20075 * Hardcoded NLS_NUMERIC_CHARACTERS for Oracle DB to prevent type conversion
20077 * Fixed recentchanges FK violation on page delete and cache purge error in
20078 updater for Oracle DB.
20079 * (bug 32276) Skins were generating output using the internal page title which
20080 would allow anonymous users to determine whether a page exists, potentially
20081 leaking private data. In fact, the curid and oldid request parameters would
20082 allow page titles to be enumerated even when they are not guessable.
20083 * (bug 32616) action=ajax requests were dispatched to the relevant internal
20084 functions without any read permission checks being done. This could lead to
20085 data leakage on private wikis.
20087 === Changes since 1.17.0rc1 ===
20089 * Fixed syntax error in generated LocalSettings.php when a non-default user
20090 rights profile is chosen.
20091 * (bug 29399) Fixed PostgreSQL installation when the DB user for installation
20092 is the same as the one for web access.
20093 * (bug 29233) Fixed failover for DB slave servers. When a DB slave went down,
20094 an error was immediately shown to the user, instead of trying another slave.
20095 Was broken since 1.17 beta 1.
20096 * (bug 29278) Fixed PHP fatal error when attempting to add text to a page via a
20098 * (bug 29408) Fixed uploads of files with MIME types that aren't detected by
20100 * Removed DEFAULT '' NOT NULL field definitions from Oracle DB schema because
20101 using the DEFAULT value ('') in DML broke Oracle backend as it treats an
20102 empty VARCHAR2 value as NULL. Indexes on Oracle do not require NOT NULL
20105 === Changes since 1.17 beta 1 ===
20107 * Fixed warning about missing file "password.js".
20108 * When installing on MySQL, don't attempt to create a new database user if the
20109 same user is used for installation and web access.
20110 * Fixed SQL query errors in queries with table aliases.
20111 * (bug 27891) Fixed the "chronology protector", broken since 1.17beta1, which
20112 ensures that when database replication is used, the new version is seen by
20113 the user immediately after they create or edit an article.
20114 * (bug 28845) Allow PostgreSQL installation using a non-root user account which
20115 has role creation abilities.
20116 * When installing on PostgreSQL and the install account is the same as the web
20117 account, check to make sure that the account has suitable privileges in the
20119 * (bug 28172) Fixed error in PostgreSQL installation when creating the wiki
20121 * Fixed an issue with the Oracle installer in cases where the user is different
20122 to the database name.
20123 * Added "unblockself" to the list of available rights.
20124 * In the installer, fixed the "user rights profile" option, it never worked.
20125 * (bug 29117) Fixed Hebrew localisation of the installer.
20126 * (bug 28840) Reduce the collateral damage caused by the fix for bug 28235 (XSS
20127 on Internet Explorer 6 due to a file extension in the query string) by
20128 reducing the number of URLs that are blocked, and by redirecting the request
20129 to a safer URL where possible instead of blocking it.
20130 * (bug 28812) Fixed documentation of API action=parse.
20131 * (bug 28979) Fixed styling of <abbr> and <acronym>.
20132 * Fixed the error message displayed when you try to create an account by email,
20133 but an email address is not given.
20134 * Fixed JS error due to missing dependency for jquery.suggestions.
20135 * Exposed $wgExtensionAssetsPath in JavaScript.
20136 * (bug 28738) Made ResourceLoader support environments with small URL length
20137 limits. The length limit can be configured via
20138 $wgResourceLoaderMaxQueryLength, and this is set automatically in the
20139 generated LocalSettings.php when the php.ini variable
20140 "suhosin.get.max_value_length" is set. When a URL exceeds this limit, the
20141 request is split up. Also, reduced the average length of load.php URLs by
20142 using a more compact parameter format.
20143 * (bug 25262) Fix for minification of hardcoded data: URIs in CSS.
20144 * (bug 25124) Respect $wgStyleDirectory in ResourceLoader.
20145 * Allow installation when no HTTP client is available, don't throw an exception.
20146 * (bug 27465) Fix metadata extraction for SVG files using unusual namespace
20148 * (bug 29174) Fix regression in upload-by-URL: uploading files larger than the
20149 PHP memory limit should work again.
20150 * Fixed the display of comments in the new user log.
20151 * (bug 28237) When installing extensions using the web-based installer, create
20152 any necessary database tables.
20153 * (bug 28983) Fixed automated installation of extensions that overwrite $path.
20154 * Fixed error caused by missing magic words.
20155 * Fixed breakage of article editing in PostgreSQL due to text search
20156 configuration errors.
20157 * Fixed the HTTPS client used when Curl is not available. This avoids an error
20158 during install about failure of the mediawiki-announce subscription.
20159 * (bug 28162) When installing to PostgreSQL, respect the "database port" input,
20162 === Configuration changes in 1.17 ===
20164 * $wgLogAutocreatedAccounts controls whether autocreation of accounts is logged
20166 * (bug 22858) $wgLocalStylePath is by default set to the same value as
20167 $wgStylePath but should never point to a different domain than the site is
20168 on, allowing skins to use .htc files which are not cross-domain friendly.
20169 * $wgFileStore has been deprecated. The only usage $wgFileStore['deleted'] has
20170 been turned into $wgDeletedDirectory.
20171 * $wgDeletedDirectory has been added to specify what directory to place deleted
20173 * IBM DB2 database no longer uses the db specific $wgDBport_db2 variable but the
20175 * $wgCategoryPrefixedDefaultSortkey was removed and is now always false. This
20176 provides more sensible sorting behavior for categories.
20177 * Removed unused globals: $wgEnableSerializedMessages, $wgCheckSerialized,
20178 $wgUseMemCached, $wgDisableSearchContext, $wgColorErrors, $wgUseZhdaemon,
20179 $wgZhdaemonHost and $wgZhdaemonPort.
20180 * (bug 24408) The include_path is not modified in the default LocalSettings.php
20181 * $wgVectorExtraStyles was removed, and is no longer in use.
20182 * Removed $wgUpdates for database updates; extensions should use
20183 DatabaseUpdater::addExtensionUpdate() via the LoadExtensionSchemaUpdates hook.
20184 * Removed $wgServerName. It doesn't need to be set anymore and is no longer
20185 available as input for other configuration items, either.
20186 * It's no longer necessary for LocalSettings.php to include DefaultSettings.php.
20187 * It's no longer necessary to set $wgCacheEpoch to the file modification time
20188 of LocalSettings.php, in LocalSettings.php itself. Instead, this is done
20189 automatically if $wgInvalidateCacheOnLocalSettingsChange is true (which is
20191 * $wgCopyrightIcon is deprecated and $wgFooterIcons['copyright']['copyright']
20192 should be used instead.
20193 * $wgSysopUserBans is deprecated, and will be made permanently true in 1.18.
20194 If you need this functionality, you should use the BlockIp hook to filter and
20195 reject such blocks.
20196 * $wgSysopRangeBans is deprecated, you should set $wgBlockCIDRLimit to maximum
20197 (32 for IPv4, 128 for IPv6), equivalent to allowing rangeblocks of only 1
20200 === New features in 1.17 ===
20202 * (bug 10183) Users can now add personal styles and scripts to all skins via
20203 User:<name>/common.css and /common.js (if user css/js is enabled).
20204 * (bug 22748) Add anchors on Special:ListGroupRights.
20205 * (bug 21981) Add parameter 'showfilename' to <gallery> to automatically
20206 apply the names of the individual files within the gallery.
20207 * Future-proof redirection to fragments in Gecko, so things work a little nicer
20208 if they fix <https://bugzilla.mozilla.org/show_bug.cgi?id=516293>.
20209 * Support git:// and mms:// protocols by default for external links.
20210 * (bug 15810) Blocked admins can no longer unblock themselves without the
20211 'unblockself' permission (which they have by default).
20212 * (bug 18499) Added "enhanced" URL parameter to switch between old and enhanced
20214 * (bug 22925) "sp-contributions-blocked-notice-anon" message now displayed when
20215 viewing contributions of a blocked IP address.
20216 * (bug 22474) {{urlencode:}} now takes an optional second parameter for type of
20218 * Special:Listfiles now supports a username parameter.
20219 * Special:Random carries over query string parameters.
20220 * (bug 23206) Add Special::Search hook for detecting successful "Go".
20221 * When visiting a "red link" of a deleted file, a deletion and move log excerpt
20222 is provided on the Upload form.
20223 * (bug 22647) Add category details in search results.
20224 * (bug 23276) Add hook to Special:NewPages to modify query.
20225 * Add accesskey 's' and tooltip to 'Save' button at Special:Preferences.
20226 * Add accesskey 'b' and tooltip to the summary field of edit mode.
20227 * (bug 20186) Allow filtering Special:Contributions for RevisionDeleted edits.
20228 * ajaxwatch now uses the API and JQuery, and can be used to animate arbitrary
20229 watch links, not just to watch the page the link is on.
20230 * (bug 20976) "searchmenu-new-nocreate" message now displayed when there
20231 is no title match in search and the user has no rights to create pages.
20232 * (bug 23429) Added new hook WatchlistEditorBuildRemoveLine.
20233 * (bug 22844) Added support for WinCache object caching (for IIS).
20234 * (bug 23580) Add two new events to LivePreview so that scripts can be notified
20235 about the beginning and finishing of LivePreview actions.
20236 * (bug 21278) Now the sidebar allows inclusion of wiki markup.
20237 * (bug 23733) Add IDs to messages used on CSS/JS pages.
20238 * Show validity period of the login cookie in Special:UserLogin and
20239 Special:Preferences.
20240 * Interlanguage links display the page title in their tooltip.
20241 * (bug 23621) New Special:ComparePages to compare (diff) two articles.
20242 * (bug 4597) Provide support in Special:Contributions to show only "current"
20244 * (bug 17857) {{anchorencode}} acts more like how the parser creates section ids
20245 * (bug 21477) \& can now be used in <math>
20246 * (bug 11641) \dotsc \dotsm \dotsi \dotso can now be used in <math>
20247 * (bug 21475) \mathtt and \textsf can now be used in <math>
20248 * texvc is now run via ulimit4.sh, to limit execution time.
20249 * SQLite now supports $wgSharedDB.
20250 * (bug 8507) Group file links by namespace:title on image pages.
20251 * Stop emitting named entities, so we can use <!DOCTYPE html> while still being
20253 * texvc now supports \bcancel and \xcancel in addition to \cancel and \cancelto
20254 * Added scriptExtension setting to $wgForeignFileRepos.
20255 * ForeignApiRepo uses scriptDirUrl if apiBase not set.
20256 * (bug 24212) Added MediaWiki:Filepage.css which is also included on foreign
20258 * (bug 14685) Double underscore magic word usage is now tracked in the
20259 page_props table, as well as the behavioral magic words {{DEFAULTSORT}} and
20261 * (bug 24045) MediaWiki:Ipb-needreblock is now wrapped in a div with class
20262 "mw-ipb-needreblock"
20263 * Non-file pages can no longer be moved to the file namespace, nor vice versa.
20264 * (bug 671) The <dfn>, <kbd> and <samp> elements have been whitelisted in user
20266 * (bug 21503) There's now a "reason" field when creating account for other
20268 * (bug 24418) action=markpatrolled now requires a token.
20269 * A variety of category sort-related fixes, including:
20270 ** (bug 164) In English, lowercase and uppercase letters now sort the same.
20271 ** (bug 1211) Subcategories, ordinary pages, and files now page separately.
20272 ** When several pages are given the same sort key, they sort by their names
20273 instead of randomly.
20274 * (bug 23848) Add {{ARTICLEPATH}} Magic Word.
20275 * (bug 8140) Add dedicated CSS classes to Special:Newpages elements.
20276 * (bug 11005) Add CSS class to empty pages in Special:Newpages.
20277 * The parser cache is now shared amongst users whose different settings aren't
20279 * Any attribute beginning with "data-" can now be used in wikitext, per HTML5.
20280 * (bug 24007) Diff pages now mention the number of users having edited
20281 intermediate revisions.
20282 * Added new hook GetIP.
20283 * Special:Version now displays whether a SQLite database supports full-text
20285 * TS_ISO_8691_BASIC was added as a time format, which is used by ResourceLoader
20287 * Maintenance scripts get a --memory-limit option to override defaults (which
20288 is usually to set it to -1 to disable the limit).
20289 * (bug 25397) Allow uploading (not displaying) of WebP images, disabled
20291 * (bug 23194) Special:ListFiles now has thumbnails.
20292 * Use hreflang to specify canonical and alternate links, search engine friendly
20293 when a wiki has multiple variant languages.
20294 * (bug 19593) Specifying --server in now works for all maintenance scripts.
20295 * Now rebuildtextindex.php warns if SQLite doesn't support full-text search.
20296 * (bug 10541) Front/backend separation of installation/upgrade code.
20297 * (bug 10596) Allow installer to enable extensions already in extensions folder.
20298 * (bug 20627) Installer should be in languages other than English.
20299 * Support for metadata in SVG files (title, description).
20300 * Special:Search: Add CSS classes to 'none found' and 'create link' messages.
20301 * Add CSS classes (including namespace and pagename) to the enhanced recent
20302 changes/watchlist entries.
20303 * (bug 22463) Add hook 'SkinGetPoweredBy' to make 'powered by' icon/text
20305 * Added CSS print pagination to the print stylesheets.
20306 * (bug 25960) Add <link rel=canonical"> for File pages of shared/foreign
20308 * When viewing a redirect, the redirect arrow and redirection target are both
20309 wrapped in a div that has the class "redirectMsg" so that the redirection
20310 arrow can be customized with CSS.
20311 * (bug 21911) Hard coded limit for long page warning removed. New message
20312 [[MediaWiki:Longpage-hint]] (empty by default) can be used instead.
20313 Parameters: $1 shows the formatted textsize in Byte/KB/MB, $2 is the raw
20314 number of the textsize in Byte.
20315 * (bug 3276) Give image <gallery>s fluid width.
20316 * Added uploads link to page subtitle in Special:Contributions.
20317 * Added Special:Myuploads special page that redirects to Special:Listfiles.
20318 * The footerlinks used in Monobook/Vector/Modern are now part of common skin
20319 code, SkinTemplateOutputPageBeforeExec can be used to customize the list.
20320 * Special wrapping setups can now define MW_CONFIG_FILE to load a config file
20321 other than LocalSettings.php. This is like MW_CONFIG_CALLBACK but works in
20322 some cases where MW_CONFIG_CALLBACK will not work.
20323 * (bug 26574) Added 'upload' to $wgRestrictionTypes, allowing upload protected
20324 pages to be queried via the API and Special:ProtectedPages, and allowing
20325 disabling upload protection by removing it from $wgRestrictionTypes.
20326 * The name attribute of HTMLForm fields can now be overridden by passing a
20327 'name' key in the descriptor array. Hidden field names are now treated
20328 consistently with other fields and, by default, prefixed with 'wp'.
20329 * (bug 27402) Add support for disabling MWSuggest.
20330 * (bug 26563) Add bytes changed per revision for stub and full article dumps.
20331 * (bug 27508) Add $wgSVGMetadataCutoff to limit the maximum amount of an svg we
20332 look at when finding metadata to prevent excessive resource usage.
20333 * (bug 198) $wgUpgradeKey allows unlocking the web installer for upgrades
20334 without having to move LocalSettings.php
20335 * Added $wgAllowImageTag, which can be set to true to whitelist the <img> tag
20337 * (bug 12797) Add $wgGalleryOptions for adjusting of default gallery display
20339 * Added the $wgAllowUserCssPrefs option which allows disabling CSS-based
20340 preferences; which can improve page loading speed.
20341 * Added $wgSQLMode for setting database SQL modes - either performance (null)
20342 or other reasons (such as enabling stricter checks).
20343 * (bug 20193) Added $wgVectorShowVariantName global configuration variable
20344 which causes Vector to render the variants drop-down menu with a label
20345 showing the current variant name. This is off by default, pending further
20346 research into its user experience implications.
20347 * The upload link for missing files can now be set separately from the
20348 navigation link with $wgUploadMissingFileUrl.
20349 * $wgAdditionalMailParams added to allow setting extra options to mail() calls.
20350 * Added $wgSecureLogin to optionally login using HTTPS.
20351 * (bug 25728) Added $wgPasswordSenderName to make the name associated
20352 with $wgPasswordSender configurable.
20353 * (bug 22463) $wgFooterIcons added to allow configuration of the icons shown in
20354 the footers of skins.
20355 * $wgFileCacheDepth can be used to set the depth of the subdirectory hierarchy
20356 used for the file cache. Default value is 2, which matches former behavior.
20358 === Bug fixes in 1.17 ===
20360 * (bug 17560) Half-broken deletion moved image files to deletion archive
20361 without updating database.
20362 * (bug 22666) Submitting user block form with an invalid user name no longer
20364 * (bug 22665, bug 22667) User '0' can now be unblocked and have its block
20366 * (bug 22606) The body of e-mail address confirmation message is now different
20367 when the address changed.
20368 * (bug 22664) Special:Userrights now accepts '0' as a valid user name.
20369 * (bug 5210) Preload parser now parses <noinclude>, <includeonly> and
20371 * (bug 22709) IIS7 mishandles redirects generated by OutputPage::output() when
20372 the URL contains a colon.
20373 * (bug 22353) Categorised recent changes now works again.
20374 * (bug 22747) "Reveal my e-mail address in notification e-mails" preference is
20375 now only displayed when relevant.
20376 * (bug 22772) {{#special:}} parser function now works with subpages.
20377 * (bug 18664) Relative URIs in interwiki links cause failed redirects.
20378 * (bug 19270) Relative URIs in interwiki links break interwiki transclusion.
20379 * (bug 22903) Revdelete log entries now show in the user preferred language.
20380 * (bug 22905) Correctly handle <abbr> followed by ISBN.
20381 * (bug 22940) Namespace aliases pointing to main namespace don't work.
20382 * (bug 15810) Blocked admins can no longer block/unblock other users.
20383 * (bug 22876) Avoid possible PHP Notice if $wgDefaultUserOptions is not
20385 * (bug 14952) Page titles are renormalized after html entities are removed so
20386 that links with non-NFC character references work correctly.
20387 * (bug 22991) wgUserGroups JavaScript variable now reports * group for
20388 anonymous users instead of null.
20389 * (bug 22627) Remove PHP notice when deleting a page only hidden users edited.
20390 * (bug 21520) Anonymous previews now also gives a warning about not being
20391 logged in (anonpreviewwarning).
20392 * (bug 22935) image/x-ms-bmp mime type added for BMP files.
20393 * (bug 23024) Special:ListFiles now escapes file names correctly.
20394 * (bug 22867) "View source" tab is now only displayed if there's source text.
20395 * (bug 19393) Feeds now format dates in user language rather than content
20397 * (bug 22852) "Served in" comment is now the time used to cache a single page
20398 when using rebuildFileCache.php
20399 * (bug 22496) Viewing diff of a redirect page without specifying "oldid"
20400 parameter no longer makes the page displayed as being the redirect target.
20401 * (bug 22918) Feed cache keys now use $wgRenderHashAppend.
20402 * (bug 21916) Last-Modified header is now correct when outputting cached feed.
20403 * (bug 20049) Fixed PHP notice in search highlighter that occurs in some cases.
20404 * (bug 23017) Special:Disambiguations now list pages in content namespaces
20405 rather than only main namespace.
20406 * (bug 23063) $wgMaxAnimatedGifArea is checked against the total size of all
20407 frames, and $wgMaxImageArea against the size of the first frame, rather than
20408 the other way around. Both now default to 12.5 megapixels. Also, images
20409 exceeding $wgMaxImageArea can still be embedded at original size.
20410 * (bug 23078) "All public logs" option on Special:Log is now always the first
20412 * (bug 16817) Group names in user rights log are now singular and in lowercase.
20413 * Special:Preferences no longer crashes if the wiki default date formatting
20414 style is not valid for the user's interface language.
20415 * (bug 23167) Check the watch checkbox by default if the watchcreations
20417 * Maintenance script cleanupTitles is now able to fix titles stored
20418 in a negative namespace (which is invalid).
20419 * (bug 19858) Removed obsolete <big> in interface messages.
20420 * (bug 21456) "Bad title" error when showing non-local interwiki pages no longer
20421 displays incorrect tabs.
20422 * (bug 23190) Improved math representation for text browsers.
20423 * (bug 22015) Improved upload-by-url error handling and error display.
20424 * (bug 17941) $wgMaxUploadSize is now honored by all upload sources.
20425 * (bug 23080) New usernames now limited to 235 bytes so that custom skin files
20427 * (bug 23075) Correct MediaTransformError default width in gallery.
20428 * (bug 16487) The Anonymous user account used on Postgres is no longer
20429 displayed on Special:Listusers.
20430 * (bug 23313) Move watchlisthidepatrolled above token in watchlist preferences
20431 to enhance preference grouping.
20432 * (bug 23298) Interwiki links with prefix only in log summaries now link to the
20434 * (bug 23284) Times are now rounded correctly.
20435 * (bug 23375) Added ogv, oga, spx as extensions for ogg files.
20436 * (bug 18408) All required permissions for uploading (upload, edit, create)
20437 are now checked when loading Special:Upload. Toolbar link for Special:Upload
20438 is no longer shown if the user does not have the required permissions.
20439 * (bug 23397) texvc in html mode renders \sim as ˜ not ∼
20440 * (bug 23241) License selector should be disabled during upload of a new
20442 * (bug 23240) Add ID to namespace selector form on Special:Watchlist.
20443 * The pipe | character in urls is now escaped.
20444 * (bug 23422) mp3 files can now be moved.
20445 * (bug 23448) MediaWiki:Summary-preview is now displayed instead of
20446 MediaWiki:Subject-preview when previewing summary.
20447 * (bug 23426) The {{REVISIONMONTH}} variable is now zero-padded and added
20448 new variable {{REVISIONMONTH1}} when unpadded version is needed.
20449 * Special:Userrights didn't recognize user as changing his/her own rights if
20450 user did not capitalize first letter of username.
20451 * (bug 23507) Add styles for printing wikitables.
20452 * (bug 19586) Avoid JS errors in mwsuggest when using old browsers such
20454 * (bug 23563) Old skins now support $wgUploadNavigationUrl and take into
20455 account upload rights.
20456 * (bug 1347) Render \phi in math using images, in order to create consistent
20457 and correct render results.
20458 * (bug 16573) Render \epsilon in math using images, in order to create
20459 consistent and correct render results.
20460 * (bug 22541) Support image redirects when using ForeignAPIRepo.
20461 * (bug 22967) Make edit summary length cut-off behave correctly for multibyte
20463 * (bug 8689) Long numeric lines no longer kill the parser.
20464 * (bug 23740) Article::doRedirect() now use $extraQuery parameter correctly if
20465 the $noRedir parameter is set to true.
20466 * (bug 23688) Correct mime types for Office 2007 OpenXML documents.
20467 * (bug 23787) Corrected $wgDefaultSkin's comment in DefaultSettings.php.
20468 * (bug 23797) Xml::input() now allows '0' for the value parameter.
20469 * (bug 23747) Make sure that on History pages, the RevDel button is not
20470 accidentally activated when hitting enter.
20471 * (bug 23845) Special:ListFiles now uses correct file names without underscores.
20472 * Ask for permanent login in Special:Preferences only if $wgCookieExpiration >
20474 * (bug 16356) Repair dumpInterwiki.inc to use proper normalization.
20475 * (bug 24006) deleteArchivedRevisions.php maintenance script now longer throws
20477 * (bug 23465) Don't ignore the predefined destination filename on
20478 Special:Upload after following a red link.
20479 * (bug 23642) Recognize mime types of MS OpenXML documents.
20480 * (bug 22784) Normalise underscores and spaces in autocomments.
20481 * (bug 19910) Headings of the form ===+\s+ are now displayed as valid headings.
20482 * (bug 24022) Only check file extensions on the uploadpage when needed.
20483 * (bug 24076) Recognize Office 2003 files with OpenXML trailers.
20484 * (bug 24244) Updated comments in DefaultSettings.php to reflect
20485 Image: --> File: namespace rename.
20486 * Make wfTimestamp recognize negative unix timestamp values.
20487 * (bug 24401) SimpleSearch: No button/text indicating 'Search' if image is
20489 * (bug 23293) Do not show change tags when Special:RecentChanges(linked) or
20490 Special:Newpages is transcluded into another page as it messes up the page.
20491 * (bug 24517) LocalFile::newFromKey() and OldLocalFile::newFromKey() no longer
20492 throw fatal errors.
20493 * (bug 23380) Uploaded files that are larger than allowed by PHP now show a
20494 useful error message.
20495 * Uploading to a protected title will allow the user to choose a new name
20496 instead of showing an error page.
20497 * (bug 24425) Use Database::replace instead of delete/insert in
20498 SqlBagOStuff::set to avoid query errors about duplicate keynames.
20499 * (bug 15470) First letters of filenames are always capitalized by upload JS.
20500 * (bug 21215) NoLocalSettings.php doesn't tolerate rewrite rules.
20501 * (bug 21052) Fix link color for stubs in NewPages.
20502 * (bug 24714) Usage of {{#dateformat: }} in wikis without $wgUseDynamicDates no
20503 longer pollutes the parser cache.
20504 * (bug 17031) Correct which characters the parser allows in tag attributes (a
20505 letter, colon or underscore followed by 0 or more letters, numbers, colons,
20506 underscores, hyphens, and/or periods).
20507 * Save 200 useless queries on each category page view.
20508 * Shell commands will now work on Linux in filesystems mounted noexec.
20509 * (bug 24804) Corrected commafying in Polish and Ukrainian.
20510 * "Difference between pages" is now displayed instead of "Difference between
20511 revisions" on diffs when appropriate.
20512 * (bug 23703) ForeignAPIRepo fails on findBySha1() when using a 1.14 install as
20513 a repository due to missing 'name' attribute from the API list=allimages.
20514 * (bug 24898) MediaWiki uses /tmp even if a vHost-specific tempdir is set, also
20515 make wfTempDir() return a sane value for Windows on worst-case.
20516 * (bug 24824) Support ImageMagick 6.5.6-2+ JPEG decoder size hint, to reduce
20517 memory usage when such an ImageMagick is used for scaling.
20518 * Disable multithreaded behavior in recent ImageMagick, to avoid a deadlock
20519 when a resource limit such as $wgMaxShellMemory is hit.
20520 * (bug 24981) Allow extensions to access SpecialUpload variables again.
20521 * (bug 20744) Wiki forgets about an uploaded file.
20522 * (bug 17913) Don't show "older edit" when no older edit available.
20523 * (bug 6204) TOC not properly rendered when using $wgMaxTocLevel.
20524 * (bug 24977) The accesskey in history page now lead directly to the diff
20525 instead of alternating focus between the two buttons.
20526 * (bug 24987) Special:ListUsers does not take external groups into account.
20527 * (bug 20633) update.php has mixed language output.
20528 * SQLite system table names are now never prefixed.
20529 * (bug 25292) SkinSubPageSubtitle hook now passes the Skin object as second
20531 * (bug 25167) Correctly load JS fixes for IE6 (fixing a regression in 1.16).
20532 * (bug 25367) wfShellExec() is more explicit when failing due to disabled
20534 * (bug 25462) Fix double-escaping for section edit link tooltips.
20535 * action=raw was removed for Special:Statistics. This information is still
20536 available via the API.
20537 * (bug 23934) Groups defined in $wgRevokePermissions but not in
20538 $wgGroupPermissions now appear on Special:ListGroupRights.
20539 * (bug 23923) Special:Prefixindex no longer shows results if nothing was
20541 * (bug 22308) Search now finds text in default main page immediately after
20543 * (bug 25697) Make sure empty lines render in diff view.
20544 * Use an actual minus sign in diff views, instead of a hyphen.
20545 * (bug 23732) Clarified "n links" message on Special:MostLinkedFiles.
20546 * (bug 23731) Clarified "n links" message on Special:MostLinkedTemplates.
20547 * (bug 25642) A exception is now thrown instead of a fatal error when using
20548 $wgSMTP without PEAR mail package.
20549 * (bug 19633) When possible, Upscale small SVGs when creating thumbnails.
20550 * (bug 11013) Database driver detection needs rewriting for robustness.
20551 * (bug 13409) Installer prompts could use clarification--now has help boxes.
20552 * (bug 16902) Installer spews warnings when exec() and dl() are not available.
20553 * (bug 19129) Only show MyISAM/InnoDB when supported.
20554 * (bug 17762) Only show other e-mail options when e-mail is globally enabled.
20555 * Cache multiple sizes of InstantCommons thumbnails.
20556 * (bug 25488) Disallowing anonymous users to read pages no longer throws error
20557 on discussion pages with vector as default skin.
20558 * (bug 24833) Files name in includes/diff/ are now less confusing.
20559 * (bug 25713) SpecialPage::resolveAlias() now normalise spaces to underscores.
20560 * (bug 25829) Special:Mypage and Special:Mytalk now forward oldid, diff and dir
20562 * (bug 25175) HTML file cache now honor $wgCacheDirectory if
20563 $wgFileCacheDirectory is not set.
20564 * (bug 13353) Diff3 version checks were too strict, did not detect working
20566 * (bug 25843) Links to special pages using link= attribute on images are now
20567 normalised like normal links to special pages.
20568 * (bug 21364) External links using link= attribute on images now respect
20569 $wgExternalLinkTarget.
20570 * (bug 17789) Added a note to the total views on Special:Statistics saying that
20571 is doesn't count non-existing pages and special pages.
20572 * (bug 17996) HTTP redirects are now combined when requesting a special page.
20573 * (bug 19944) Link on image thumbnails no longer link to "Media:" namespace in
20575 * (bug 25670) wfFindFile() now checks the namespace of the given title, only
20576 "File" and "Media" are allowed now.
20577 * (bug 25872) Rename the HttpRequest class to MWHttpRequest to avoid conflict
20578 with php extension that defines same class.
20579 * (bug 20591) There's now a different message on Special:MovePage when
20580 $wgFixDoubleRedirects is set to false.
20581 * Fixed PHP warnings when updating a broken MySQL database.
20582 * (bug 26023) Corrected deleteBacth.php's documentation.
20583 * (bug 25451) Improved datetime representation in 32 bit php >= 5.2.
20584 * Show "skin does not exist error" only when the skin is inputted in the wrong
20586 * (bug 26164) Potential html injection when the database server isn't available.
20587 * (bug 26160) Upload description set by extensions are not propagated.
20588 * (bug 9675) generateSitemap.php now takes an --urlpath parameter to allow
20589 absolute URLs in the sitemap index (as required e.g. by Google).
20590 * Partial workaround for bug 6220: at least make files on shared repositories
20591 show up as (struck-out) bluelinks instead of redlinks on Special:WantedFiles.
20592 * rebuildFileCache.php no longer creates inappropriate cache files for
20594 * (bug 25512) Subcategory list should not include category prefix for members.
20595 * (bug 10871) Javascript and CSS pages in MediaWiki namespace are no longer
20596 treated as wikitext on preview.
20597 * Page existence is now not revealed (in the colour of the tabs) to users who
20598 cannot read the page in question.
20599 * (bug 22753) Output from update.php is more clear when things changed, entries
20600 indicating nothing changed are now all prefixed by "..."
20601 * (bug 16019) $wgArticlePath = "/$1" no longer breaks API edit/watch actions.
20602 * (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown
20603 as "Permitted file types" on the upload form.
20604 * (bug 26540) Fixed wrong call to applyPatch in MysqlUpdater.
20605 * (bug 26034) Make the "View / Read" tab in content_navigation style tabs remain
20606 selected when the action is "purge".
20607 * (bug 26733) Wrap initial table creation in transaction.
20608 * (bug 26208) Mark directionality of some interlanguage links.
20609 * (bug 26716) Provide link to instructions for external editor related
20611 * (bug 26961) Hide anon edits in watchlist preference now actually works.
20612 * (bug 1379) Installer directory conflicts with some hosts' configuration panel.
20613 * (bug 27781) Installer does not warn about 5.1.x. Added a compatibility
20614 function for array_key_exists().
20615 * Fix XML well-formedness on a few pages when $wgHtml5 is true (the default).
20616 * (bug 28069) MediaWiki fails streaming files when mod_deflate and ob_gzhandler
20618 * (bug 26223) Concurrently moving an article to different titles leaks a
20619 redirect revision with no page.
20620 * (bug 15641) Fixed permissions checks in Special:Import which allowed users
20621 without the 'import' permission to import pages from configured import
20623 * (bug 26449) Keep underlines from headings outside of tables and thumbs by
20624 adding overflow:hidden to h1,h2,h3,h4,h5,h6 (also fixes editsection bunching).
20625 * (bug 26708) Remove background-color:white from tables in Monobook and Vector.
20626 * (bug 26781) {{PAGENAME}} and related parser functions escape their output
20628 * (bug 26716) Provide link to instructions for external editor related
20629 preferences and add a comment to the ini control file explaining what is going
20631 * (bug 28422) Remove color:black from tables in Monobook and Vector. And add it
20632 to table.wikitable instead.
20633 * (bug 27560) Search queries no longer fail in walloon language.
20634 * (bug 27700) The upload protection can now also be set for files that do not
20636 * (bug 28034) uploading file to local wiki when file exists on shared repository
20637 (commons) gives spurious info in the warning message.
20638 * Usernames get lost when selecting different sorts on Special:listfiles.
20639 * (bug 28166) UploadBase assumes that 'edit' and 'upload' rights are not per
20641 * (bug 28242) Make redirects generated by urls containing a local interwiki
20642 prefix be a 301 instead of a 302.
20643 * (bug 28568) Entries in the iwlinks table are now removed on page deletion.
20644 * (bug 28306) Fix exposure of suppressed usernames in ForeignDBRepo.
20645 * (bug 28444) Fix regression: edit-on-doubleclick retains revision id again.
20646 * UtfNormal::cleanUp on an invalid utf-8 sequence no longer returns false if
20648 * (bug 26729) Category pages should return 404 if they do not exist and have no
20650 * (bug 28214) When page not found, sends malformed HTTP/1.x instead of HTTP/1.1
20651 in header of response.
20652 * (bug 27634) TOC title appears in wrong language.
20653 * (bug 27761) Fix regression: pages with Esperanto titles containing convertible
20654 character sequences became unreachable.
20655 * (bug 27508) SVGMetadataExtractor takes too much resources on huge svgs.
20656 * (bug 27465) SVG thumbnail generation.
20657 * (bug 27467) preload can leave UNIQ.
20658 * (bug 27539) Allow attributes beginning with a digit in wikitext tag
20660 * (bug 27328) using relative paths in CSS imports in MediaWiki:Common.css broken
20662 * (bug 27333) Fix repetitive last-seen time queries on page history.
20663 * (bug 26250, bug 23817) Fix wfObjectToArray() to descend into arrays; fixes
20664 processing of JSON return values for ForeignAPIRepo when native json module
20666 * (bug 25675) Fix search suggestions for Special: pages with spaces.
20667 * (bug 25571) Xml::encodeJsVar now passes floats natively instead of converting
20669 * (bug 27338) Gallery in 1.17 breaks for audio/video + ogghandler.
20670 * (bug 27302) Don't append the current timestamp for user/site modules when no
20671 user/site JS/CSS is present.
20672 * (bug 27016) dumpTextPass.php now consider the "output" parameter.
20673 * (bug 22606) don't send the "someone registred an account" message when setting
20674 email address (i.e. old one empty) in user preferences.
20675 * (bug 26458) Section edit links appear on pages that user does not have right
20677 * (bug 28611) Don't die in SqlBagOStuff::incr() if there's a race condition.
20678 * (bug 16886) Sister projects box moves down the extract of the first result
20680 * (bug 17398) Fixed "link" parameter in image links with "thumb" or "frame"
20683 === API changes in 1.17 ===
20685 * BREAKING CHANGE: action=patrol now requires POST.
20686 * BREAKING CHANGE: patrol token is no longer the same as edit token.
20687 * BREAKING CHANGE: Session keys returned by ApiUpload are now strings instead
20689 * BREAKING CHANGE: (bug 25303) Fix API parameter integer validation to actually
20690 enforce validation on the input values in addition to giving a warning.
20691 Also add flag to enforce (die) if integer out of range.
20692 * (bug 24650) Fix API to work with categorylinks changes.
20693 * action=parse now correctly returns an error for nonexistent pages.
20694 * (bug 27201) Special:WhatLinksHere output no longer contains duplicate IDs.
20695 * (bug 26560) On allusers if limit < total number of users, last user gets
20697 * (bug 27715) imageinfo didn't respect revdelete.
20698 * (bug 27479) API error when using both prop=pageprops and
20699 prop=info&inprop=displaytitle.
20700 * (bug 27862) Useremail module didn't properly return success on success.
20701 * (bug 27590) prop=imageinfo now allows querying the media type.
20702 * (bug 27587) list=filearchive now outputs full title info.
20703 * (bug 27897) list=allusers and list=users list hidden users.
20704 * (bug 22738) Allow filtering by action type on query=logevent.
20705 * (bug 22764) uselang parameter for action=parse.
20706 * (bug 22944) API: watchlist options are inconsistent.
20707 * (bug 22868) don't list infinite block expiry date as "now" in API logevents.
20708 * (bug 22290) prop=revisions now outputs "comment" field even when comment
20709 is empty, for consistency with list=recentchanges.
20710 * (bug 19721) API action=help should have a way to just list for a specific
20712 * (bug 23458) Add support for pageid parameter to action=parse requests.
20713 * (bug 23460) Parse action should have a section option.
20714 * (bug 21346) Make deleted images searchable by hash.
20715 * (bug 23461) Normalise usage of parameter names in parameter descriptions.
20716 * (bug 23548) Allow access of another users watchlist through watchlistraw
20717 using token and username.
20718 * (bug 23524) Api Modules as followup to bug 14473 (Add iwlinks table to
20719 track inline interwiki link usage).
20720 * Add pltitles and tltemplates to prop=links and prop=templates respectively,
20721 similar to prop=categories's clcategories.
20722 * (bug 23834) Invalid "thumbwidth" and "thumbheight" in "imageinfo" query when
20723 thumbnailing larger than original image.
20724 * (bug 23835) Need "thumbmime" result in "imageinfo" query.
20725 * (bug 23851) Repair diff for file redirect pages.
20726 * (bug 24009) Include implicit groups in action=query&list=users&usprop=groups.
20727 * (bug 24016) API: Handle parameters specified in simple string syntax
20728 ( 'paramname' => 'defaultval' ) correctly when outputting help.
20729 * (bug 24089) Logevents causes PHP Notice if leprop=title isn't supplied.
20730 * (bug 23473) Give description of properties on all modules.
20731 * (bug 24136) unknownerror when adding new section without summary, but
20733 * (bug 22339) Added srwhat=nearmatch to list=search to get a "go" result.
20734 * (bug 24303) Added new &servedby parameter to all actions which adds the
20735 hostname that served the request to the result. It is also added
20736 unconditionally on error.
20737 * (bug 24185) Titles in the Media and Special namespace are now supported for
20738 title normalization in action=query. Special pages have their name resolved
20739 to the local alias.
20740 * (bug 24296) Added converttitles parameter to convert titles to their
20741 canonical language variant.
20742 * (bug 23936) Add "displaytitle" to query/info API.
20743 * (bug 24485) Make iwbacklinks a generator, optionally display iwprefix and
20745 * (bug 24564) Fix fatal errors when using list=deletedrevs, prop=revisions or
20746 one of the backlinks generators with limit=max.
20747 * (bug 24656) API's parse module needs option to disable PP report.
20748 * PARAM_REQUIRED parameter flag added. If this flag is set, and the end user
20749 does not set the parameter, the API will automatically throw an error.
20750 * (bug 24665) When starttimestamp is not specified, fake it by setting it to
20751 NOW, not to the timestamp of the last edit.
20752 * (bug 24677) axto= parameters added to allcategories, allimages, alllinks,
20753 allmessages, allpages, and allusers.
20754 * (bug 24236) Add add, remove, add-self, remove-self tags to
20755 meta=siteinfo&siprop=usergroups.
20756 * (bug 24484) Add prop=pageprops module.
20757 * (bug 24330) Add &redirect parameter to ?action=edit.
20758 * (bug 24722) For list=allusers&auprop=blockinfo, only show blockedby and
20759 blockreason if the user is actually blocked.
20760 * Add format=dump and format=dumpfm, outputs results in PHP's var_dump() format.
20761 * For required string parameters, if '' is provided, this is now classed as
20763 * (bug 24724) list=allusers is out by 1 (shows total users - 1).
20764 * (bug 24166) API error when using rvprop=tags.
20765 * Introduced "asynchronous download" mode for upload-by-url. Requires
20766 $wgAllowAsyncCopyUploads to be true.
20767 * sinumberingroup correctly gives size of 'user' group, and omits size of
20768 implicit groups rather than showing 0.
20769 * (bug 25248) API: paraminfo errors with certain modules.
20770 * (bug 24792) API help for action=purge sometimes wrongly stated whether a
20771 POST request was needed due to cache pollution.
20772 * Added iiprop=parsedcomment to prop=imageinfo, similar to prop=revisions.
20773 * Added rvparse to parse revisions. For performance reasons if this option is
20774 used, rvlimit is enforced to 1.
20775 * (bug 25748) If a action=parse request provides an oldid that is actually the
20776 current revision id, try the parser cache, and save it to it if necessary.
20777 * (bug 25463) Export header should not be shown if no pages were requested, to
20779 * (bug 25648) API discovery information has been added as RSD link in page
20780 <head> and by providing an API module action=rsd. Added hook
20781 ApiRsdServiceApis for extensions to add their own service to the services
20783 * The HTML of diff output markers has changed. Hyphens are now minus signs,
20784 empty markers are now filled with non-breaking-space characters.
20785 * (bug 25741) Add more data to list=search's srprop.
20786 * (bug 25760) counter property still reported by the API when
20787 $wgDisableCounters enabled.
20788 * (bug 25987) prop=info&inprop=watched now also works for missing pages.
20789 * (bug 26006) prop=langlinks now allows obtaining full URL.
20790 * (bug 26075) ApiDelete.php now calls correctly ArticleDelete hook.
20791 * (bug 26089) add block expiration to blockinfo.
20792 * (bug 26125) prop=imageinfo&iiprop=size now returns the page count if the
20793 file is a multi-page file.
20794 * (bug 10268) Added linktodiffs parameter on action=feedwatchlist.
20795 * (bug 26219) Show API limits for multi values in description.
20796 * (bug 28070) Fix watchlist RSS for databases that store timestamps in a
20797 real timestamp field.
20798 * (bug 27722) list=filearchive now supports revdel.
20800 === Language support changes in 1.17 ===
20802 MediaWiki supports over 330 languages. Many localizations are updated regularly.
20804 The following languages were added:
20806 * Moroccan Spoken Arabic (ary)
20809 * Kabardian (Cyrillic) (kbd-cyrl)
20811 * Minangkabau (min)
20812 * Dutch (informal) (nl-informal)
20815 Other significant changes to MediaWiki's language support:
20817 * Fiji Hindi (Devangari script) was removed.
20818 * Removed deprecated language code "dk" (Danish), use "da" instead.
20819 * Link trail added for sl and sh.
20820 * (bug 27633) Add characters to linkTrail for Portuguese (pt and pt-br).
20821 * (bug 23156) Commafy and search normalization updated for Belarusian
20823 * (bug 23283) Native name for Old English -> Ænglisc.
20824 * (bug 23364) Native name for Azerbaijani -> Azərbaycanca.
20825 * (bug 24593) Native name for Sorani now uses only Arabic script.
20826 * (bug 24628) Generic translations for NS_USER/NS_USER_TALK for Esperanto.
20827 * (bug 24917) Polish as fallback for Kashubia.
20828 * (bug 24794) Tatar link trail updated.
20829 * Esperanto date format corrected.
20830 * (bug 28159) Change interwiki name of language kbd to Къэбэрдеибзэ /
20832 * (bug 28184) Namespaces for the Latgalian Wikipedia.
20833 * (bug 25010) Bashkir-language interwikis: linktext change from Башҡорт
20835 * (bug 26395) Change name of Cornish language to Kernowek.
20837 === Other changes in 1.17 ===
20839 * DatabaseFunctions.php that was needed for compatibility with pre-1.3
20840 extensions has been removed.
20841 * XmlFunctions.php has been removed. Use the Xml or Html classes as appropriate.
20842 * The FailFunction "error handling" method has now been removed
20843 * Sysops now have the "suppressredirect" right by default
20844 * Removed $wgRemoteUploads. It was not well supported and superseded by
20845 $wgUploadNavigationUrl.
20846 * (bug 26253) $wgPostCommitUpdateList has been removed
20847 * The PHPUnit test suite has been removed from this release due to serious
20848 issues which should be resolved by the 1.18 release.
20849 * Oracle DB now uses the __destruct function to commit/close connection as it
20850 doesn't commit on close if transation is triggered in OCI.
20852 == MediaWiki 1.16 ==
20854 == MediaWiki 1.16.5 ==
20855 === Changes since 1.16.4 ===
20857 * (bug 28534) Fixed XSS vulnerability for IE 6 clients. This is the third
20858 attempt at fixing bug 28235.
20859 * (bug 28639) Fixed potential privilege escalation when $wgBlockDisablesLogin
20862 == MediaWiki 1.16.4 ==
20863 === Changes since 1.16.3 ===
20865 * (bug 28507) The change we made in 1.16.3 to fix bug 28235 (XSS for IE 6
20866 clients) was not actually sufficient to fix that bug. This release contains
20867 a second attempt, hopefully we have fixed it this time.
20869 == MediaWiki 1.16.3 ==
20870 === Changes since 1.16.2 ===
20872 * (bug 28449) Fixed permissions checks in Special:Import which allowed users
20873 without the 'import' permission to import pages from the configured import
20875 * (bug 28235) Fixed XSS affecting IE 6 and earlier clients only, due to those
20876 browsers looking for a file extension in the query string of the URL, and
20877 ignoring the Content-Type header if one is found.
20878 * (bug 28450) Fixed a CSS validation issue involving escaped comments, which
20879 led to XSS for Internet Explorer clients and privacy loss for other clients.
20881 == MediaWiki 1.16.2 ==
20882 === Changes since 1.16.1 ===
20884 * (bug 26642) Fixed incorrect translated namespace due to a regression in the
20885 language converter.
20886 * The interface translations were updated.
20887 * (bug 27093, CVE-2011-0047): Fixed CSS injection vulnerability.
20888 * (bug 27094) Fixed server-side arbitrary script inclusion vulnerability.
20889 Affects Windows servers only. A malicious file with extension ".php" must
20890 exist on the server for the exploit to be effective.
20892 == MediaWiki 1.16.1 ==
20893 === Changes since 1.16.0 ===
20895 * (bug 24981) Allow extensions to access SpecialUpload variables again
20896 * (bug 24724) list=allusers was out by 1 (shows total users - 1)
20897 * (bug 24166) Fixed API error when using rvprop=tags
20898 * For wikis using French as a content language, Special:Téléchargement works
20899 again as an alias for Special:Upload.
20900 * (bug 25167) Correctly load JS fixes for IE6 (fixing a regression in 1.16.0)
20901 * (bug 25248) Fixed paraminfo errors in certain API modules.
20902 * The installer now has improved handling for situations where safe_mode is
20903 active or exec() and similar functions are disabled.
20904 * (bug 19593) Specifying --server in now works for all maintenance scripts.
20905 * Fixed $wgLicenseTerms register globals.
20906 * (bug 26561) Fixed clickjacking vulnerabilities by introducing support for
20907 X-Frame-Options. The header value can be configured using $wgBreakFrames and
20908 $wgEditPageFrameOptions.
20910 == MediaWiki 1.16.0 ==
20911 === Changes since 1.16 beta 3 ===
20913 * (bug 23769) Disabled HTML 5 client-side form validation. Was introduced in
20914 1.16 beta 1, but is currently poorly supported by browsers.
20915 * (bug 23175) Re-added window.ta variable for backwards compatibility.
20916 * (bug 23264) Fixed breakage of various command line scripts due to extra line
20917 endings being inserted by Maintenance::output().
20918 * Fixed HTTP client functionality with safe_mode=On.
20919 * Fixed parser tests broken in 1.16 beta 3.
20920 * For Oracle DB backend: fixed parser tests and table prefix feature.
20921 * (bug 23767) Fixed PHP warning when REQUEST_URI is blank (IIS issue).
20922 * Fixed plural function for Northern Sami (se)
20923 * (bug 23597) Fixed conflicts between ID attributes in the Vector skin and
20924 parser-generated heading IDs. Renamed head, panel, head-base and page-base.
20925 * Disabled $wgHitcounterUpdateFreq>1 feature on SQLite, does not work yet.
20926 * (bug 23465) Don't ignore the predefined destination filename on
20927 Special:Upload after following a red link to a file.
20928 * In SQLite full-text search feature: fixed "move page" feature, was non-
20930 * (bug 24565) Fixed Cache-Control headers sent from API modules, to protect
20931 user privacy in the case where an attacker can access the wiki through the
20932 same HTTP proxy as a logged-in user.
20933 * Fixed an XSS vulnerability in profileinfo.php for installations with
20934 $wgEnableProfileInfo = true (false by default)
20935 * Fixed a case where an X-Vary-Options header was sent despite $wgUseXVO being
20936 false. Fixed a minor header parsing issue when $wgUseXVO = true.
20937 * Fixed a register_globals arbitrary inclusion vulnerability in
20938 MediaWikiParserTest.php, introduced in 1.16 beta 1.
20940 === Changes since 1.16 beta 2 ===
20942 * Fixed bugs in the [[Special:Userlogin]] and [[Special:Emailuser]] handling of
20944 * Fixed sorting in [[Special:Allmessages]]
20945 * (bug 23113) Fixed title in the show/hide links on diff pages
20946 * (bug 23117) Fixed API rollback, was returning "badtoken" for valid requests
20947 * (bug 23127) Re-added missing $1 parameter to the uploadtext message
20948 * Fixed a bug in the Vector skin where personal tools display behind the logo
20949 * (bug 23139) Fixed a bug in edit conflict resolution, where both textboxes
20950 showed the same text.
20951 * (bug 23115, bug 23124) Fixed various problems with <title> and <h1> elements
20952 in page views and previews when the language converter is enabled.
20953 * (bug 23148) Fixed a local path disclosure vulnerability in ImageMagick image
20954 scaling, which was introduced in 1.16 beta 1.
20955 * Improved error checking on installer.
20956 * (bug 22970) Fixed a JavaScript error in the upload destination conflict
20958 * (bug 23167) Check the watch checkbox by default if the watchcreations
20960 * (bug 23171) Improve IE6 version check to avoid false positives.
20961 * (bug 23176) Fixed upload warning override feature "upload new version",
20962 broken in 1.16 beta 1.
20963 * Fixed regression in unwatch links sent out in notification emails. When the
20964 mailing job was deferred via the job queue, the title was incorrect.
20965 * (bug 23534) Fixed SQL query error in API list=allusers.
20966 * Fixed a bug in uploads for non-JavaScript clients. An empty string was used
20967 as the default destination filename, instead of the source filename as
20969 * (bug 23371) Fixed CSRF vulnerability in "e-mail me my password", "create
20970 account" and "create by e-mail" features of [[Special:Userlogin]]
20971 * (bug 23687) Fixed XSS vulnerability affecting IE clients only, due to a CSS
20973 * Fixed a DoS vulnerability in ImageMagick image scaling. ImageMagick
20974 expanded wildcard characters "?" and "*" in image filenames, potentially
20975 causing large numbers of images to be scaled in response to a single request.
20976 The fix for this involves breaking the scaling of such image filenames until
20977 ImageMagick 6.6.1-5 or later is deployed, see bug 23361 for more details.
20978 * (bug 23608) Fixed invalid HTML in diff pages.
20980 === Changes since 1.16 beta 1 ===
20982 * Fixed errors in maintenance/patchSql.php
20983 * (bug 19627) Fix regression from r57867 where HTMLForm would output
20984 <element classes="foo bar"> rather than <element class="foo bar">
20985 * Fixed broken "-r" option to maintenance/lag.php
20986 * (bug 23076) Fixed login CSRF vulnerability. Logins now require a token to
20987 be submitted along with the user name and password.
20989 === Configuration changes in 1.16 ===
20991 * (bug 18222) $wgMinimalPasswordLength default is now 1
20992 * $wgSessionHandler can be used to configure session.save_handler
20993 * $wgLocalFileRepo/$wgForeignFileRepos now have a 'fileMode' parameter to
20994 be used when uploading/moving files
20995 * (bug 18761) $wgHiddenPrefs is a new array for specifying preferences not
20996 to be shown to users
20997 * $wgAllowRealName and $wgAllowUserSkin were deprecated in favor of
20998 $wgHiddenPrefs[] = 'realname', but the former are still retained
20999 for backwards-compatibility
21000 * (bug 9257) $wgRCMaxAge now defaults to three months
21001 * $wgDevelopmentWarnings can be set to true to show warnings about deprecated
21002 functions and other potential errors when developing.
21003 * Subpages are now enabled in the MediaWiki namespace by default. This is
21004 mainly a cosmetic change, and does not in any way affect the MessageCache,
21005 which was already effectively treating the namespace as if it had subpages.
21006 * Oracle: maintenance/ora/user.sql script for creating DB user on oracle with
21007 appropriate privileges. Creating this user with web-install page requires
21008 oci8.privileged_connect set to On in php.ini.
21009 * Removed UserrightsChangeableGroups hook introduced in 1.14
21010 * Added $wgCacheDirectory, to replace $wgFileCacheDirectory,
21011 $wgLocalMessageCache, and any other local caches which need a place to put
21013 * $wgFileCacheDirectory is no longer set to anything by default, and so either
21014 needs to be set explicitly, or $wgCacheDirectory needs to be set instead.
21015 * $wgLocalMessageCache has been removed. Instead, set $wgUseLocalMessageCache
21017 * Removed $wgEnableSerializedMessages and $wgCheckSerialized. Similar
21018 functionality is now available via $wgLocalisationCacheConf.
21019 * $wgMessageCache->addMessages() is deprecated. Messages added via this
21020 interface will not appear in Special:AllMessages.
21021 * $wgRegisterInternalExternals can be used to record external links pointing
21023 * (bug 19907) $wgCrossSiteAJAXdomains and $wgCrossSiteAJAXdomainExceptions added
21024 to control which external domains may access the API via cross-site AJAX.
21025 * $wgMaintenanceScripts for extensions to add their scripts to the default list
21026 * $wgMemoryLimit has been added, default value '50M'
21027 * $wgExtraRandompageSQL is deprecated, the SpecialRandomGetRandomTitle hook
21028 should be used instead
21029 * (bug 20489) $wgIllegalFileChars added to override the default list of illegal
21030 characters in file names.
21031 * (bug 19646) $wgImgAuthDetails added to display reason access to uploaded file
21032 was denied to users(img_auth only)
21033 * (bug 19646) $wgImgAuthPublicTest added to test to see if img_auth set up
21034 correctly (img_auth only)
21035 * $wgUploadMaintenance added to disable file deletions and restorations during
21037 * $wgCapitalLinkOverrides added to configure per-namespace capitalization
21038 * (bug 21172) $wgSorbsUrl can now be an array with multiple DNSBL and renamed
21039 to $wgDnsBlacklistUrls (backward compatibility kept)
21040 * $wgEnableHtmlDiff has been removed
21041 * (bug 3340) $wgBlockCIDRLimit added (default: 16) to configure the low end of
21042 CIDR ranges for blocking
21043 * $wgUseInstantCommons added for quick and easy enabling of Commons as a remote
21045 * $wgDBAhandler added to choose a DBA handler when using CACHE_DBA
21046 * $wgPreviewOnOpenNamespaces for extensions that create namespaces that behave
21047 similarly to the category namespace.
21048 * $wgEnableSorbs renamed to $wgDnsBlacklistUrls ($wgEnableSorbs kept for
21049 backward compatibility)
21050 * $wgUploadNavigationUrl now also affects inline images that do not
21051 exist. In that case the URL will get (?|&)wpDestFile=<filename> appended to
21053 * If $wgLocaltimezone is null, use the server's timezone as the default for
21054 signatures. This was always the behavior documented in DefaultSettings.php
21055 but has not been the actual behavior for some time: instead, UTC was used
21057 * Added $wgExtensionAssetsPath, to decouple assets serving from $wgScriptPath.
21058 If not specified it will default to $wgScriptPath/extensions
21059 * Added $wgCountTotalSearchHits to make search UI display total number of hits
21060 with some search engines.
21061 * Added $wgAdvertisedFeedTypes to decide what feed types (RSS, Atom, both, or
21062 neither) MediaWiki advertises. Default is array( 'atom' ), so RSS is no
21063 longer advertised by default (but it still works).
21064 * Added $wgMemCachedTimeout, controls how long to wait for data from the
21066 * New configuration variables $wgDebugTimestamps and $wgDebugPrintHttpHeaders
21067 for controlling debug output.
21068 * New $wgBlockDisablesLogin when set to true disallows blocked users from
21070 * (bug 8790) Metadata edition ($wgUseMetadataEdit) has been moved to a separate
21071 extension "MetadataEdit".
21073 === New features in 1.16 ===
21075 * Add CSS defintion of the 'wikitable' class to shared.css
21076 * (bug 17163) Added MediaWiki:Talkpageheader which will be displayed when
21078 * Superfluous border="0" removed from images
21079 * Added new hook 'MessageCacheReplace' into MessageCache.php. For instance
21080 to allow extensions to update caches in similar way as MediaWiki invalidates
21081 a cached MonoBook sidebar
21082 * Special:AllPages: Move hardcoded styles from code to CSS
21083 * (bug 18529) New hook: SoftwareInfo for adding information about the software
21085 * Added $wgExtPGAlteredFields to allow extensions to easily alter the data
21086 type of columns when using the Postgres backend.
21087 * (bug 16950) Show move log when viewing/creating a deleted page
21088 * (bug 18242) Show the Subversion revision number per extensions in
21090 * (bug 18420) Missing file revisions are handled gracefully now
21091 * (bug 9219) Auth plugins can control editing RealName/Email/Nick preferences
21092 * (bug 18466) Add note or warning when overruling a move (semi-)protection
21093 * (bug 18342) insertTags works in edit summary box
21094 * (bug 18411) The upload form also checks post_max_size
21095 * Watchlist now has a specialized <div> tag that contains a unique class for
21097 * Added Minguo calendar support for the Taiwan Chinese language
21098 * Database: unionQueries function to be used for UNION sql construction, so
21099 it can be overloaded on DB abstraction level for DB specific functionality
21100 * (bug 18849) Implement Japanese and North Korean calendars
21101 * (bug 5755) Introduce {{CURRENTMONTH1}} and {{LOCALMONTH1}} to display the
21102 month number without the leading zero
21103 * (bug 13456) categoriespagetext supports PLURAL
21104 * (bug 18860) Blocks of IPs affecting registered users can now block email
21105 * (bug 17093) Date and time are separate parameters in Special:BlockList
21106 * (bug 11484) Added ISO speed rating to default collapsed EXIF metadata view
21107 * (bug 14866) Messages 'recentchangeslinked-toolbox' and
21108 'recentchangeslinked-toolbox' were added to allow more fine grained
21109 customisation of the user interface
21110 * DISPLAYTITLE now accepts a limited amount of wiki markup (the single-quote
21112 * Special:Search now could search terms in all variant-forms. ONLY apply on
21113 wikis enabled LanguageConverter.
21114 * Add autopromote condition APCOND_BLOCKED to autopromote blocked users to
21115 various user groups.
21116 * Add $wgRevokePermissions as a means of restricting a group's rights. The
21117 syntax is identical to $wgGroupPermissions, but users in these groups will
21118 have these rights stripped from them.
21119 * Added a PHP port of CDB (constant database), for improved local caching when
21120 the DBA extension is not available.
21121 * Introduced a new system for localisation caching. The system is based around
21122 fast fetches of individual messages, minimising memory overhead and startup
21123 time in the typical case. The database backend will be used by default, but
21124 set $wgCacheDirectory to get a faster CDB-based implementation.
21125 * Expanded the number of variables which can be set in the extension messages
21127 * Added a feature to allow per-article process pool size control for the parsing
21128 task, to limit resource usage when the cache for a heavily-viewed article is
21129 invalidated. Requires an external daemon.
21130 * (bug 19576) Moved the id attributes from the anchors accompanying section
21131 headers to the <span class="mw-headline"> elements within the section headers,
21132 removing the redundant anchor elements.
21133 * Parser::setFunctionTagHook now can be used to add a new tag which is parsed at
21135 * Added $wgShowArchiveThumbnails, allowing sysadmins to disable thumbnail
21136 display for old versions of images.
21137 * In watchlists and Special:RecentChanges, the difference in page size now
21138 appears in dark green if bytes were added and dark red if bytes were removed.
21139 * Added FSRepo configuration properties thumbUrl and thumbDir, to allow the
21140 thumbnails to be stored in a separate location to the source images.
21141 * If config/ directory is not executable, the command to make it executable
21142 now asks the user to cd to the correct directory
21143 * Add experimental new external authentication framework, ExternalAuth
21144 * (bug 18768) Remove AdminSettings requirements. Maintenance environment
21145 will still load it if it exists, but it's not required for anything
21146 * (bug 19900) The "listgrouprights-key" message is now wrapped in a div with
21147 class "mw-listgrouprights-key"
21148 * (bug 471) Allow RSS feeds for watchlist, using an opt-in security token
21149 * (bug 10812) Interwiki links can have names and descriptions, fetched from
21150 message 'interwiki-desc-PREFIX', not really used anywhere yet though
21151 * (bug 9691) Add type (signup or login) parameter to
21152 AuthPlugin::ModifyUITemplate()
21153 * (bug 14454) "Member of group(s)" in Special:Preferences causes language
21155 * (bug 16697) Unicode combining characters are difficult to edit in some
21157 * Parser test supports uploading results to remote CodeReview instance
21158 * (bug 20013) Added CSS class "mw-version-ext-version" is wrapped on the
21159 extension version in Special:Version
21160 * (bug 20014) Added CSS class "mw-listgrouprights-right-name" is wrapped on the
21161 right name in Special:ListGroupRights
21162 * (bug 12920) New CoreParserFunction {{nse:...}} as an url-friendly equivalent
21164 * (bug 16322) Allow maintenance scripts to accept DB user/pass over input or
21166 * (bug 18566) Maintenance script to un/protect pages
21167 * (bug 671) The HTML <abbr> tag is now permitted.
21168 * RecentChanges now has a legend to explain what the Nmb! flags mean, and the
21169 flags have tooltips.
21170 * (bug 15209) New hook BeforeInitialize called after everything has been setup
21171 but before MediaWiki::performRequestForTitle()
21172 * wgMainPageTitle variable now available to JavaScript code to identify the main
21173 page link, so it doesn't have to be extracted from the link URLs.
21174 * (bug 16836) Display preview of signature in user preferences and describe its
21176 * The default output format is now HTML 5 instead of XHTML 1.0 Transitional.
21177 This can be disabled by setting $wgHtml5 = false;. Specific features enabled
21179 ** Some extra inputs will be autofocused, in supporting browsers.
21180 ** The summary attribute has been removed from tables of contents. summary is
21181 obsolete in HTML 5 and wasn't useful here anyway.
21182 ** Unnecessary type="" attribute removed for CSS and JS.
21183 ** If $wgWellFormedXml is set to false, some bytes will be shaved off of HTML
21184 output by omitting some things like quotation marks where HTML 5 allows.
21185 ** (bug 16921) maxlength enabled for page move comments
21186 * The description message in $wgExtensionCredits can be an array with parameters
21187 * New hook SpecialRandomGetRandomTitle allows extensions to modify the selection
21188 criteria used by Special:Random and subclasses, or substitute a custom result,
21189 deprecating the $wgExtraRandompageSQL config variable
21190 * (bug 20318) Distinct CSS classes for ISBN/RFC/PMID special links added
21191 * (bug 20404) Custom fields in the user creation form template can now have
21192 detail labels in prefsectiontip divs.
21193 * MakeSysop and MakeBot are now aliases for Special:UserRights
21194 * IndexPager->mLimitsShown can now be an associative array of limit => text-to-
21195 display-in-limit-form.
21196 * (bug 18880) LogEventsList::showLogExtract() can now take a string-by-reference
21197 and add its HTML to it, rather than having to go straight to $wgOut.
21198 * Added $wgShowDBErrorBacktrace, to allow users to easily gather backtraces for
21199 database connection and query errors.
21200 * Show change block / unblock link on Special:Contributions if user is blocked
21201 * Display note on Special:Contributions if the user is blocked, and provide an
21202 excerpt from the block log.
21203 * (bug 19646) New hook: ImgAuthBeforeStream for tests and functionality before
21204 file is streamed to user, but only when using img_auth
21205 * Note on non-existing user and user talk pages if user does not exist
21206 * New hook ShowMissingArticle so extensions can modify the output for
21207 non-existent pages.
21208 * Admins could disable some variants using $wgDisabledVariants now. ONLY apply
21209 on wikis enabled LanguageConverter.
21210 * (bug 16310) Credits page now lists IP addresses rather than saying the number
21211 of anonymous users that edited the page
21212 * New permission 'sendemail' added. Default right for all registered users. Can
21213 for example be used to prevent new accounts from sending spam.
21214 * (bug 16979) Tracking categories for __INDEX__ and __NOINDEX__
21215 * Two new hooks, ConfirmEmailComplete and InvalidateEmailComplete, which are
21216 called after a user's email has been successfully confirmed or invalidated.
21217 * (bug 19741) Moved the XCF files out of the main MediaWiki distribution, for
21218 a smaller subversion checkout.
21219 * (bug 13750) First letter capitalization can now be a per-namespace setting
21220 * (bug 21073) "User does not exist" message no longer displayed on sub-sub-pages
21222 * (bug 21095) Tracking categories produced by the parser (expensive parser
21223 function limit exceeded, __NOINDEX__ tracking, etc) can now be disabled by
21224 setting the system message ([[MediaWiki:expensive-parserfunction-category]]
21226 * Added maintenance script sqlite.php for SQLite-specific maintenance tasks.
21227 * Rewrote Special:Upload to allow easier extension.
21228 * Upload errors that can be solved by changing the filename now do not require
21230 * Added $wgRateLimitsExcludedIPs, to allow specific IPs to be whitelisted from
21232 * (bug 21222) When $wgUseTeX is not enabled, <math> is no longer registered with
21233 the parser so extensions are free to implement their own <math> tag
21234 * (bug 21047) Wrap 'cannotdelete' into a div with the generic 'error' class and
21235 an own 'mw-error-cannotdelete' class
21236 * New hook AbortNewAccountAuto, called before account creation from AuthPlugin-
21237 or ExtUser-driven requests.
21238 * (bug 3480) The warning saying that the page has a history when deleting it now
21239 contains the number of revisions in the history
21240 * $wgStylePath and $wgLogo are now set in the default LocalSettings.php file.
21241 * (bug 20186) Allow filtering history for revision deletion.
21242 * New hook OtherBlockLogLink, called in Special:IPBlockList and Special:Block
21243 to show links to block logs of other blocking extensions, i.e. GlobalBlocking
21244 * Added search capabilities to SQLite backend
21245 * rebuildtextindex.php maintenance script now supports databases other than
21247 * upgrade1_5.php now requires to be run --update option to prevent confusion
21248 * (bug 17662) Customizable default preload/editintro for new sections in the
21249 respective addsection-preload and addsection-editintro messages
21250 * Added maintenance script checkSyntax.php that checks for PHP syntax errors
21251 and common coding mistakes
21252 * Updated Unicode normalization tables
21253 * (bug 21604) Spellcheck attribute for editsummary
21254 * New wgCategories JavaScript global variable for userscripts.
21255 * (bug 20717) Added checkboxes to hide users with bot and/or sysop group
21256 membership in SpecialActiveusers
21257 * Allow \pagecolor and \definecolor in texvc
21258 * $wgTexvcBackgroundColor contains background color for texvc call
21259 * (bug 21574) Redirects can now have "303 See Other" HTTP status
21260 * EditPage refactored to allow extensions to derive new edit modes much easier.
21261 * (bug 21826) Subsections of Special:Version now also have anchors
21262 * (bug 19791) Add URL of file source as comment to thumbs (for ImageMagick)
21263 * (bug 21946) Sorted wikitables do not properly handle minus signs
21264 * (bug 18885) Red links for media files do not support shared repositories
21265 * Added $wgFixArabicUnicode, to convert deprecated presentation forms in
21266 Arabic text to their modern equivalents, and $wgFixMalayalamUnicode, to
21267 convert ZWJ-based chillu sequences in Malayalam text to their Unicode 5.1
21269 * (bug 22051) Returing false in SpecialContributionsBeforeMainOutput hook now
21270 stops normal output
21271 * Send new password e-mail in users preference language
21272 * LanguageConverter now support nested using of manual convert syntax like
21274 * Upload license preview now uses the API instead of action=ajax
21275 * (bug 7346) Add <guid> to RSS to avoid duplicates
21276 * (bug 19996) Added new hooks for Special:Search, which allow to further
21277 restrict/expand it.
21278 * (bug 21936) When a revision has been patrolled, there's now a link back to the
21280 * (bug 22315) SpecialRecentChangesQuery hook now pass $query_options and checks
21282 * Separate unit test suites under t/ and tests/ were merged and moved to
21283 maintenance/tests/.
21284 * importImages.php maintenance script can now use the original uploader and
21285 comment from another wiki.
21286 * Support for Turck MMCache was removed
21287 * (bug 14592) Warn users when they try to move their user page that their
21288 account will not be renamed
21289 * Show block log on non-existing user (talk) pages of currently blocked users
21291 === Bug fixes in 1.16 ===
21293 * (bug 18031) Make namespace selector on Special:Export remember the previous
21295 * The svn-version version numbers on Special:Version have been removed
21296 * (bug 17374) Special:Export no longer exports two copies of the same page
21297 * (bug 18190) Proper parsing in MediaWiki:Sharedupload message
21298 * (bug 17617) HTML cleanup for ImagePage
21299 * (bug 17964) namespaceDupes.php no longer fails on an empty interwiki table
21300 * Improved error handling for image moving
21301 * (bug 17974) On Special:SpecialPages, restricted special pages are now marked
21302 with <strong> tags, helps with text-based browsers
21303 * (bug 18259) Special:DeletedContributions now also uses
21304 MediaWiki:Sp-contributions-logs for the link to Special:Log
21305 * Don't add empty title="" attributes to links to anchors on the current page
21306 * (bug 18291) rebuildrecentchanges.php failed to add deletion log entries
21307 * (bug 18304) rebuildrecentchanges.php got size changes wrong
21308 * (bug 18170) Fixed a PHP warning in Parser::preSaveTransform() in PHP 5.3
21309 * (bug 18289) Database connection error page now returns correct HTML
21310 * "successbox", "errorbox" and related CSS classes are now available in all
21312 * (bug 18316) Removed superfluous name="fulltext" from Special:Search
21313 * (bug 18331) MediaWiki:Undelete-revision can now have wikitext
21314 * The "noautoblock" flag is no longer displayed in the block log when blocking
21316 * (bug 18009) $wgHooks and $wgExtensionFunctions now support closures
21317 * (bug 17948) Maintenance scripts now exit(0) or exit(1) as appropriate
21318 * (bug 18377) Time in Enhanced ChangesList lacking localisation
21319 * (bug 12998) Allow <sup>, <sub>, etc. in DISPLAYTITLE
21320 * (bug 1553) Lowercase navigation headings in German
21321 * (bug 7830) Pending transactions failed to commit on loginToUse() error
21322 * (bug 11613) session.save_handler being over-ridden
21323 * (bug 11381) session.save_handler being set twice (causes error)
21324 * (bug 17835) ForeignAPIRepo throwing error on first page load for file
21325 * (bug 18115) ForeignAPIRepo cache isn't working
21326 * Fixed a bug caused by LanguageConverter.php, which brings an abnormal '}-'
21327 after some parsed math syntax.
21328 * (bug 18441) rebuildrecentchanges.inc no longer ignores $wgLogRestrictions
21329 * (bug 18317) Bolded selections in 1 | 3 | etc days on RecentChanges now use
21330 <strong> instead of hardcoded styles
21331 * (bug 18449) Fixed items number per column on category pages when the total is
21333 * (bug 18121) maintenance/deleteArchivedRevisions.php no longer deletes
21334 revisions when --delete is not passed
21335 * (bug 13172) GPS coordinates in image Exif data are now actually displayed
21336 * Overhaul of preferences system, includes the following bug fixes:
21337 ** (bug 5363) Changes to default preferences now impact registered users.
21338 ** (bug 14806) Hook to enable putting preferences in existing tabs.
21339 ** (bug 17191) Registration date now listed on preferences page.
21340 ** The user_properties table (now used for storing preferences) has been added
21341 to $wgSharedTables.
21342 ** Note that this change will break some extensions which have not been adapted
21344 * (bug 17020) Adding fallback encodings for Traditional and Simplified Chinese
21345 languages while the text is typed as URLs.
21346 * (bug 17614) Prev / Next links are not shown if all results are shown
21347 * (bug 18207) Strange spacing before [[irc:...]] links
21348 * Removed float from the user login form in RTL interface - caused display
21350 * (bug 15008) Redirect images are now subject to Bad image list rules
21351 * (bug 6802) profileinfo.php now also work on other database servers than MySQL
21352 * (bug 16925) Diffs no longer fail when $wgExternalDiffEngine is set to
21353 'wikidiff' or 'wikidiff2' but extension is not installed
21354 * (bug 18326) Chmod errors in file repos have been hidden
21355 * (bug 18718) Comma after a } create a error in IE
21356 * (bug 18716) Removed redundant class in Modern skin CSS for category links and
21358 * (bug 18656) Use proper directory separators in wfMkdirParents()
21359 * (bug 18549) Make Special:Blockip respect $wgEnableUserEmail and
21361 * (bug 16912) Tooltips on images with link= disappear
21362 * (bug 18389) Localise numbers in EXIF data
21363 * (bug 18522) Wrap MediaWiki:Protect-cascadeon in a div for identification
21364 * (bug 18438) Tweak HTML for preview bar for consistency and accessibility
21365 * (bug 18432) Updated documentation for dumpBackup.php
21366 * Fix array logic in Sanitizer::removeHTMLtags so that it doesn't strip good
21367 tags that were redundantly defined.
21368 * (bug 14118) SpecialPage::getTitleFor does not return a localised name
21369 * (bug 18698) Renaming non entry point maintenance scripts from .inc.php to
21371 * Deprecated methods Title::getInterwikiLink, Title::userCanCreate(),
21372 Title::userCanEdit() and Title::userCanMove() have been removed
21373 * Only show upload links on file description if $wgEnableUploads = true
21374 and user can upload
21375 * Don't say "You need to log in to upload/move", because it's possible that
21376 uploading/moving is disabled for registered users as well (e.g. only sysops)
21377 * (bug 18943) Handle invalid titles gracefully at Special:Mostlinked
21378 * (bug 8873) Enable variant conversion in text on 'alt' and 'title' attributes
21379 * (bug 10837) Introducing the StubUserVariant class to determine the variant
21380 variable instead of using this to overrule the user language preference.
21381 * (bug 19014) If user had deletedhistory right, but not undeleted right, then
21382 show "view" instead of "view/restore" on logs.
21383 * (bug 19017) TOC level calculation error in an odd case
21384 * (bug 18999) CSS update for RTL interwiki links
21385 * (bug 18925) history.js removes class names of list elements on initialization
21386 * Multiple whitespace in TOC anchors is now stripped, for consistency with the
21387 link from the edit comment
21388 * (bug 19112) Preferences now respects $wgUseExternalEditor
21389 * (bug 18173) MediaWiki now fails when unable to determine a client IP
21390 * (bug 19170) Special:Version should follow the content language direction
21391 * (bug 19160) maintenance/purgeOldText.inc is now compatible with PostgreSQL
21392 * Fixed performance regression in "bad image list" feature
21393 * Show user preference 'Use live preview' if $wgLivePreview is enabled only
21394 * (bug 17014) Blocked users can no longer use Special:UserRights unless they
21395 can add/remove *all* groups (have 'userrights' permission).
21396 * (bug 19294) Always show Sp-contributions-footer(-anon)
21397 * Attempts to restrict reading of pages while anonymous viewing is allowed
21398 via extensions not using the userCan hook and via $wgRevokePermissions now
21400 * (bug 8445) Multiple-character search terms are now handled properly for
21402 * (bug 19450) Use formatNum for "Number of edits" in Special:Preferences
21403 * (bug 11242) Check for MySQL storage engines during installation now checks
21404 whether the engines are actually available
21405 * (bug 19390) Omit the "printable version" link on the printable version
21406 * (bug 18394) img_auth.php now respects userCan
21407 * (bug 19509) Uploading to a file named '0' previously treated it as null input
21408 and attempted to upload with the source name. Now warns about not having an
21409 extension (since 0.ext is perfectly valid)
21410 * (bug 19468) Enotif preferences are now only displayed when they are turned on
21411 * (bug 19442) Show/hide options on watchlist only work once
21412 * (bug 19602) PubMed Magic links now use updated NIH url
21413 * (bug 19637) externallinks have links to self
21414 * Don't load Opera 9.5 RTL fixes for Opera 9.6
21415 * Remove five-year-old KHTMLFixes.css, which is unlikely to be relevant anymore
21416 and was causing problems.
21417 * Removed repetition of URIs in the title attributes of external links.
21418 * (bug 19693) User name is now escaped in "Contributions for ..." link on
21420 * (bug 19571) Override buildConcat for SQLite.
21421 * Log in and log out links no longer return to page view when clicked from
21422 history view, edit page, or something similar
21423 * (bug 19513) RTL fixes for new Search UI
21424 * (bug 16497) Special:Allmessages is paginated
21425 * (bug 18708) CSS plainlinks class now available to all skins
21426 * (bug 19590) Database error messages no longer have "MySQL" hardcoded as the
21428 * (bug 19759) successbox on Special:Preferences now correctly aligned on
21429 standard, nostalgia and cologneblue skin
21430 * (bug 19814) interwiki links from file links ([[File:Foo.jpg|link=de:Test]])
21431 are no longer recorded in the pagelinks table
21432 * (bug 19784) date option "ISO 8601" produced illegal id
21433 * (bug 19761) Removed autogenerated <meta keywords> tag with link data.
21434 Keyword set was not useful, and is ignored by modern search engines anyway.
21435 * (bug 19827) Special:SpecialPages title is "Upload file
21436 * (bug 19355) Added .xhtml, .xht to upload file extension blacklist
21437 * (bug 19287) Workaround for lag on history page in Firefox 3.5
21438 * (bug 19564) Updated docs/hooks.txt
21439 * (bug 18751) Fix for buggage in profiling setup for some extensions on PHP 5.1
21440 * (bug 17139) ts_resortTable inconsistent trimming makes date sorting fragile
21441 * (bug 19445) Change oldimage table to use ON UPDATE CASCADE for FK to image
21443 * (bug 14080) Short notation links to subpages didn't work in edit summaries
21444 * (bug 17374) Special:Export no longer exports multiple copies of pages
21445 * (bug 19818) Edits to user CSS/JS subpages can now be marked as patrolled by
21446 users who can't edit them
21447 * (bug 19839) Comments in log items are no more double escaped
21448 * (bug 18161) Fix inconsistent separators in watchlist link toolbars with
21449 "enhanced recent changes"
21450 * (bug 16877) Moving a page over a redirect no longer leaves an orphan entry in
21451 the recentchanges table
21452 * (bug 16009) Limit selection forms based on Pager now links to the correct page
21453 when using long urls
21454 * The display of the language list on the preferences is more comply with the
21456 * (bug 19849) Custom X-Vary-Options header now disabled unless $wgUseXVO is set
21457 * (bug 19301) Duplicate entries in $wgAddGroups, $wgRemoveGroups,
21458 $wgGroupsAddToSelf and $wgGroupsRemoveFromSelf are no more displayed on
21459 Special:ListGroupRights
21460 * (bug 18799) Special:Userlogin now handles correctly the returnto parameter
21461 to not link back to Special:Userlogout when user's language isn't the same as
21463 * (bug 19479) Show proper error message when unable to connect to PostgreSQL
21464 database with username/password in MediaWiki's setup
21465 * (bugs 18407, 18409) Special:Upload is now listed on Special:Specialpages only
21466 if uploads are enabled and the user can access it
21467 * (bug 17988) Spaces before [[Category:]] links are no longer ignored
21468 * (bug 19957) All known-failing tests now marked disabled; added --run-disabled
21469 option to parser test suite to run disabled tests if desired.
21470 * (bug 16311) Make recent change flags (n/m/b) <abbr>s instead of <span>s
21471 * (bug 15680) Split the edit tip message of user CSS/JS subpage into
21472 "usercssyoucanpreview" and "userjsyoucanpreview" respectively.
21473 * (bug 12110) Split the rights for editing users' CSS/JS subpage from
21474 "editusercssjs" into "editusercss" and "edituserjs" respectively.
21475 * (bug 19394) RecentChanges feed URLs for log items with no revisions
21476 (eg Newuser, Userrights) are no longer broken
21477 * (bug 17395) Remote file descriptions use user language ($wgLang), not wiki
21478 language ($wgContLang)
21479 * (bug 11867) Lock error on redirect table when running orphans.php
21480 * (bug 18930) initStats.php now refreshes active users count
21481 * (bug 18699) Using the nosummary URL option no longer triggers the "You have
21482 not provided a summary" warning for those who activated it in their
21484 * (bug 18855) commandLine.inc and Maintenance.php are now properly included
21485 using the full path
21486 * (bug 18497) Fixed broken style sheets in Opera fullscreen mode
21487 * (bug 16084) Default memory limit has be increased to 50M, see $wgMemoryLimit
21488 * (bug 17864/19519) Added proper input normalization in Special:UserRights
21489 * (bug 20086) Add Hook to add extra statistics at the end of Special:Statistics
21490 * (bug 19289) importDump.php can now handle bzip2 and 7zip
21491 * (bug 20131) Fixed a PHP notice for users having the "rollback" right on
21492 Special:RecentChangesLinked
21493 * Do not transform EXIF fields with pure text to avoid results like
21494 foo,bar@example,com
21495 * (bug 20176) Fix login/logout links in skin CologneBlue
21496 * (bug 20203) "Powered by MediaWiki" now has height/width on image tag
21497 * (bug 20273) Fix broken output when no pages are found in the content
21499 * (bug 20265) Make AncientPages and UnusedFiles work on SQLite
21500 * Fixed XSS vulnerability for Internet Explorer clients (only pre-release
21501 versions of MediaWiki were affected).
21502 * (bug 14817) Moving a page to a subpage of itself moves it twice
21503 * (bug 20289) $wgMaximumMovedPages should only count pages actually moved
21504 * (bug 15248) Non-breaking spaces and certain other Unicode space characters
21505 are now normalized to ordinary spaces in titles; if your wiki has existing
21506 titles with such characters, run cleanupTitles.php and/or cleanupImages.php
21507 * (bug 11143) Links containing invalid UTF-8 percent-code sequences are now
21508 cleanly disabled instead of breaking parsing entirely on PHP 5.2.
21509 * (bug 20296) Fixed an PHP warning in Language::getMagic() in PHP 5.3
21510 * (bug 20358) Unprotect tab was missing accesskey; now same as protect tab.
21511 * (bug 20317) Cleaned up default main page link accesskey settings
21512 * (bug 20362) Special:Statistics now produces valid HTML when view counters are
21514 * (bug 19857) maintenance/deleteRevision.php on last revision no longer breaks
21516 * (bug 20365) Page name with c/g/h/j/s/u + x are now correctly handled in
21517 Special:MovePage with Esperanto as content language
21518 * (bug 20364) Fixed regression in GIF metadata loading
21519 * (bug 20299) MediaWiki:Move-subpages and MediaWiki:Move-talk-subpages can now
21521 * (bug 15475) DatabaseBase::setFlag(), DatabaseBase::clearFlag() and
21522 DatabaseBase::getFlag() now have documentation
21523 * (bug 19966) MediaWiki:License-header is now used for the licensing header in
21524 the file description page instead of MediaWiki:License
21525 * (bug 20380) Links to history/deleted edits at the top of
21526 Special:RevisionDelete are no more displayed when doing log suppression
21527 * (bug 8143) Localised parser function names are now correctly case insensitive
21528 if they contain non-ASCII characters
21529 * (bug 19055) maintenance/rebuildrecentchanges.php now purges
21530 Special:Recentchanges's RSS and Atom feed cache
21531 * The installer will now try to bypass PHP's max_execution_time
21532 * (bug 20260) SQLite no longer tries to automatically create the database at
21533 execution time, this now happens only at install time; if it is not available
21534 at script execution, it now throws an exception
21535 * Fixed EditFilterMerged hook so the hookError parameter serves a purpose
21536 (analogous to EditFilter hook)
21537 * (bug 2257) Tag extensions can expand template parameters provided to the tag,
21538 by using a new parameter added to the recursiveTagParse function
21539 * (bug 14900) __INDEX__ and __NOINDEX__ no longer override site config set in
21540 $wgArticleRobotPolicies.
21541 * (bug 20466) Hidden categories are no more displayed when printing
21542 * (bug 20446) When changing user rights with User@remotewiki and remotewiki is
21543 the local wiki, the user is now treated as the local user
21544 * (bug 20494) OutputPage::getArticleBodyOnly() no longer requires an useless
21546 * (bug 20136) Protection form JavaScript now synchronizes the expiry boxes on
21547 any change, in addition to onkeyup.
21548 * Don't link to "edit this page" on MediaWiki:Noarticletext if user is not
21549 allowed to create page. Done via new message
21550 MediaWiki:Noarticletext-nopermission
21551 * Improved compatibility between the Vector skin and addPortletLink() from
21552 wikibits.js: empty portlets are now present but hidden, adding an element to a
21554 * (bug 19531) addPortletLink() now wraps inserted labels in a <span> element to
21555 be compatible with the CSS for the Vector skin
21556 * (bug 20578) Wrong localized image metadata - duplicated string?
21557 * (bug 20556) Stub threshold's "other" <input> in Special:Preferences now has a
21558 correct type="text" parameter
21559 * (bug 482) Don't include TOC in the printable version if it has been hidden
21560 * Adjust the time according to the user configuration on Special:Revisiondelete
21561 * (bug 20624) Installation no longer allows "qqq" as the chosen language
21562 * (bug 20634) The installer-created database user will now have all rights on
21563 the database so that upgrades will go more smoothly.
21564 * (bug 18180) Special:Export ignores limit, dir, offset parameters
21565 * User::getBlockedStatus() works for all kinds of user objects and doesn't
21566 assume the user object is equal to the current-user object ($wgUser)
21567 * (bug 20517) Cancel link from edit page now returns to the old version when
21568 editing an old version
21569 * (bug 16902) Installer no longer shows warnings when exec() has been disabled
21570 by disable_functions
21571 * (bug 20726) Title::getLatestRevID's documentation now says that the function
21572 returns false if the page doesn't exist
21573 * (bug 20751) ForeignApiRepo now urldecodes filenames when saving to local cache
21574 * (bug 20730) Fix to Special:Version ViewVC link for branch checkouts
21575 * (bug 20353) wfShellExec() was adding extra quotes on Windows Vista, causing
21576 command line scripts to fail
21577 * (bug 20702) Parser functions can now be used correctly in
21578 MediaWiki:Missing-article
21579 * (bug 14117) "redirected from" is now also shown on foreign file redirects
21580 * (bug 17747) Only display thumbnail column in file history if the image can
21582 * (bug 3421) Live preview no longer breaks user CSS/JS previews
21583 * (bug 11264) The file logo on a file description page for documents (PDF, ...)
21584 now links to the file rather than the file description page
21585 * Password fields built with HTMLForm now still have the type="password"
21586 attribute if $wgHtml5=false.
21587 * (bug 20836) Preload now works for MediaWiki namespace
21588 * (bug 20885) Search box no longer suggests unavailable special pages
21589 * (bug 20948) "Create this page" on Special:Search is no longer displayed when
21590 searching for special pages
21591 * (bug 20524) Hideuser: Show nice error when trying to block hidden user without
21593 * (bug 21026) Fixed file redirects on shared repos on non-English client wikis
21594 * (bug 21030) Fixed schema choices from being overwritten by defining unique
21595 field names per driver.
21596 * (bug 21115) wgCanonicalSpecialPageName javascript variable is now always
21597 false on non-special pages
21598 * (bug 21113) "Other statistics" header on Special:Statistics is no more
21599 displayed when there isn't any entry in it
21600 * (bug 21114) Special:Contributions no longer shows diff links for new
21602 * (bug 21116) MediaWiki:Templatesused, MediaWiki:Templatesusedpreview and
21603 MediaWiki:Templatesusedsection now support plural
21604 * (bug 21079) There is no more line wrapping between label and field in
21606 * (bug 20256) Fixed SQL errors on Special:Recentchanges and
21607 Special:Recentchangeslinked on SQLite backend
21608 * (bug 20880) Fixed updater failure on SQLite backend
21609 * (bug 21182) Fixed invalid HTML in Special:Listgrouprights
21610 * (bug 20242) Installer no longer promts for user credentials for SQLite
21612 * (bug 20911) Installer failed to create a SQLite database
21613 * (bug 20847) Deprecated deprecated akeytt() removed in wikibits.js leaving
21615 * (bug 21161) Changing $wgCacheEpoch now always invalidates file cache
21616 * (bug 20268) Fixed row count estimation on SQLite backend
21617 * (bug 20275) Fixed LIKE queries on SQLite backend
21618 * (bug 21234) Moving subpages of titles containing \\ now works properly
21619 * (bug 21006) maintenance/updateArticleCount.php now works again on PostgreSQL
21620 * (bug 19319) Add activeusers-intro message at top of SpecialActiveUsers page
21621 * (bug 21255) Fixed hostname construction for DNSBL checking
21622 * (bug 18019) Users are now warned when moving a file to a name in use on a
21623 shared repository and only users with the 'reupload-shared' permission can
21625 * (bug 18909) Add missing Postgres INSERT SELECT wrapper
21626 * User::isValidPassword now only returns boolean results,
21627 User::getPasswordValidity can be used to get an error message string
21628 * The error message shown in Special:ChangePassword now parses wiki markup
21629 * (bug 19859) Removed experimental HTMLDiff feature
21630 * Removed section edit links in edit conflict form
21631 * Allow SpecialActiveusers to work on non-MySQL databases
21632 * (bug 6579) Fixed protecting images from uploading only
21633 * (bug 18609) Search index was empty for some pages
21634 * (bug 13453) rebuildrecentchanges maintenance script works on PG again
21635 * (bug 16583) Reduce false positives when checking for PHP (on upload, etc.)
21636 * (bug 20112) Bitrotted tests in the t/ directory were failing.
21637 * (bug 21470) MediaWiki:Sp-contributions-explain is now wrapped in a <p> with
21638 id "mw-sp-contributions-explain"
21639 * (bug 19159) Fixed \overleftrightarrow in texvc
21640 * (bug 19391) Fix caching for Recent ChangesFeed.
21641 * (bug 21455) Fixed "Watch this page" checkbox appearing on some special pages
21642 even to non-logged in users
21643 * (bug 21551) Rewrote the Squid purge HTTP client to provide a more robust and
21644 general implementation of HTTP, allowing it to purge non-Squid caches such as
21646 * Fixed corruption of long UDP debug log messages by using socket_sendto()
21647 instead of fsockopen() with fwrite().
21648 * (bug 16884) Fixed feed links in sidebar not complying with URL parameters
21649 of the displayed page
21650 * (bug 21403) memcached class renamed to MWMemecached to avoid conflict with
21651 PHP's memcached extension
21652 * (bug 21650) Both calls to SkinTemplateTabs hook are now compatible
21653 * (bug 21672) Add missing Accept-Language to both Vary and XVO headers
21654 * (bug 21679) "Edit block reasons" link at the bottom of Special:Blockip is now
21655 only displayed to the users that have "editinterface" right
21656 * (bug 21740) Attempting to protect a page that doesn't exist (salting) returns
21658 * (bug 18762) both redirects and links get fixed one after another if
21659 redirects-only switch is not present
21660 * (bug 20159) thumbnails rerendered if older than $wgThumbnailEpoch
21661 * Fixed a bug which in some situations causes the job queue to grow forever,
21662 due to an infinite loop of job requeues.
21663 * (bug 21523) File that can have multiple pages (djvu, pdf, ...) no longer have
21664 the page selector when they have only one page
21665 * (bug 21559) "logempty" message is now wrapped in a div with class
21666 "mw-warning-logempty" when used in log extract
21667 * (bug 20549) Parser tests were broken on SQLite backend
21668 * (bug 21776) Interwiki urls like http://en.wikibooks.org/wiki/cs: should give
21669 a redirect instead of a baderror.
21670 * (bug 21803) Special:MyContributions now keeps the query string parameters
21671 * Redirecting special pages now keep query string parameters set to "0" (e.g.
21673 * (bug 20765) Special:ListGroupRights no longer misses addables and removables
21674 groups if there are duplicate entries
21675 * (bug 21814) Message shown when rolling back an edit with a deleted username
21676 now shows '(username deleted)' instead of broken user tool links
21677 * (bug 21536) Fixed JavaScript error on Special:Search caused by an incorrect ID
21678 * (bug 21535) RecentChanges RSS feed now always recognises the namespace filter,
21679 previously it sometimes didn't due to caching.
21680 * (bug 20388) ProfilerSimpleText no longer outputs comment on action=raw
21681 * refreshLinks.php now purges orphaned redirect table rows
21682 * (bug 2971) Swap links of hist & diff location on Special:Contributions for
21683 consistency with RC/WL
21684 * (bug 21986) Special page names are now capitalized by content language
21685 * If two log types have the same description, they're now both displayed in the
21686 type selector on Special:Log
21687 * (bug 20115) Special:Userlogin title says "Log in / create account" even if the
21688 user can't create an account
21689 * (bug 2658) Don't attempt to set the TZ environment variable.
21690 * (bug 9794) User rights log entries for foreign user now links to the foreign
21691 user's page if possible
21692 * (bug 14717) Don't load nonexistent CSS fix files for non-Monobook skins
21693 * (bug 22034) Use wfClientAcceptsGzip() in wfGzipHandler instead of
21695 * (bug 19226) First line renders differently on many UI messages.
21696 * (bug 21303) Comments are no longer stripped from MediaWiki:Common.js and
21697 skin-specific JS pages
21698 * (bug 5061) Use the more precise thumbcaption thumbimage and thumbinner classes
21700 * (bug 22096) IE50Fixes.css and IE55Fixes.css have been dropped from the
21701 Monobook and Chick skins
21702 * Fixed bug involving unclosed "-{" markup in the language converter
21703 * (bug 21870) No longer include Google logo from an external server on wiki
21705 * (bug 22181) Do not truncate if the ellipsis actually make the string longer
21706 * (bug 16039) Text disappearing after a bad image
21707 * (bug 18784) Internal links like [[File:Foo|caption]] should read 'caption',
21708 not 'File:Foo' when Foo is not an image
21709 * (bug 21518) Special:UserRights no longer displays the user name box for users
21710 that can only change their rights
21711 * (bug 21593) Special:UserRights now lists automatic groups membership
21712 * (bug 22364) Setting $wgUseExternalEditor to false no longer hides the reupload
21713 link from file pages
21714 * Fix bug introduced in MediaWiki 1.12: The author field in
21715 $wgExtensionCredits is no longer sorted with sort() but rather used
21716 as it appears in extensions as was the case before r30117 where it
21717 was unintentionally sorted along with other fields.
21718 * (bug 19334) Textarea no longer jumps when editing longer articles in IE8
21719 * Truncate summary of page moves in revision comment field to avoid broken
21720 multibyte characters
21721 * (bug 22540) ForeignApiRepos no longer try to store thumbnails that don't exist
21722 * (bug 22551) Special:Resetpass now has a "Cancel" button that sends the user to
21723 the page set in the &returnto parameter.
21724 * (bug 19194) Search box in Modern skin doesn't focus with Safari/Chrome
21725 * (bug 17790) Users instantly logged off on HughesNet
21726 * (bug 21549) Make foreign key constraints DEFERRABLE INITIALLY DEFERRED
21727 when using Postgres as the database backend.
21729 == API changes in 1.16 ==
21731 * Added uiprop=changeablegroups to meta=userinfo
21732 * Added usprop=gender to list=users
21733 * (bug 18311) action=purge now works for images too
21734 * Add parentid to prop=revisions output
21735 * (bug 17832) action=delete returns 'unknownerror' instead of 'permissiondenied'
21736 when the user is blocked
21737 * (bug 18546) Added timestamp of new revision to action=edit output
21738 * (bug 18554) Also list hidden revisions in list=usercontribs for privileged
21740 * (bug 13049) "API must be accessed from the primary script entry point" error
21741 * (bug 16422) Don't display help for format=jsonfm unless specifically requested
21742 * Added PHP and database version to meta=siteinfo output
21743 * (bug 18533) Add readonly message to meta=siteinfo output
21744 * (bug 18518) Add clprop=hidden to prop=categories
21745 * (bug 18710) Fixed internal error with empty parameter in action=paraminfo
21746 * (bug 18709) Missing descriptions for some parameters in action=paraminfo
21748 * (bug 18731) Show correct SVN links for extension modules in api.php?version
21749 * (bug 18730) Add version information to action=paraminfo output
21750 * (bug 18743) Add ucprop=size to list=usercontribs
21751 * (bug 18749) Add generator flag to action=paraminfo output
21752 * Make action=block respect $wgEnableUserEmail and $wgSysopEmailBans
21753 * Made deleting file description pages without files possible
21754 * (bug 18773) Add content flag to siprop=namespaces output
21755 * (bug 18785) Add siprop=languages to meta=siteinfo
21756 * (bug 14200) Added user and excludeuser parameters to list=watchlist and
21758 * Added index, fromtitle and byteoffset fields to action=parse&prop=sections
21760 * (bug 19313) action=rollback returns wrong revid on master/slave setups
21761 * (bug 19323) action=parse doesn't return section tree on pages with Cite
21763 * (bug 18720) Add anchor field to action=parse&prop=sections output
21764 * (bug 19423) The initial file description page used caption in user lang
21765 rather than UI lang
21766 * (bug 17809) Add number of users in user groups to meta=siteinfo
21767 * (bug 18533) Add readonly reason to readonly exception
21768 * (bug 19528) Added XSLT parameter to API queries in format=xml
21769 * (bug 19040) Fix prependtext and appendtext in combination with section
21770 parameter in action=edit
21771 * (bug 19090) Added watchlist parameter, deprecated watch and unwatch
21772 parameter in action=edit
21773 * Added fields to list=search output: size, wordcount, timestamp, snippet
21774 * Where supported by backend, list=search adds a 'searchinfo' element with
21775 optional info: 'totalhits' count and 'suggestion' alternate query term
21776 * (bug 19907) $wgCrossSiteAJAXdomains added to allow specified (or all)
21777 external domains to access api.php via AJAX, if the browser supports the
21778 Access-Control-Allow-Origin HTTP header
21779 * (bug 19999) Made metadata and properties of search results optional. Added
21781 * (bug 20700) Add amprop=default to meta=allmessages to list default value for
21782 customized messages
21783 * Don't parse magic words in meta=allmessages, output messages unparsed
21784 * (bug 21105) list=usercontribs can now list contribs for User:0
21785 * (bug 21085) list=deletedrevs no longer returns only one revision when
21786 drcontinue param is passed
21787 * (bug 21106) Deprecated parameters now tagged in action=paraminfo
21788 * (bug 19004) Added support for tags
21789 * (bug 21083) list=allusers no longer returns current timestamp for users
21790 without registration date
21791 * (bug 20967) action=edit allows creation of invalid titles
21792 * (bug 19523) Add inprop=watched to prop=info
21793 * (bug 21589) API: Separate summary and initial page text for uploads
21794 * (bug 21817) list=usercontribs returns empty result for empty ucuser
21795 * (bug 21441) meta=userinfo&uiprop=options no longer returns default options
21796 for logged-in users under certain circumstances
21797 * (bug 21945) Add chomp control in YAML
21798 * Expand the thumburl to an absolute url to make it consistent with url and
21800 * (bug 20233) ApiLogin::execute() doesn't handle LoginForm :: RESET_PASS
21801 * (bug 22061) API: add prop=headitems to action=parse
21802 * (bug 22240) API: include time in siteinfo
21803 * (bug 22241) Quick edit is still using the deprecated watch parameter (API:
21804 Setting default for watch/unwatch wrongly set)
21805 * (bug 22245) blfilterredirect=nonredirects in blredirect mode wrongly filtering
21806 * (bug 22248) Output extension URLs in meta=siteinfo&siprop=extensions
21807 * Support key-params arrays in 'descriptionmsg' in
21808 meta=siteinfo&siprop=extensions
21809 * (bug 21922) YAML output should quote asterisk when used as key
21810 * (bug 22297) safesubst: to allow substitution without breaking transclusion
21811 * (bug 18758) API read of watchlist's wl_notificationtimestamp
21812 * (bug 20809) Expose EditFormPreloadText via the API
21813 * (bug 18427) Comment (edit summary) parser option for API
21814 * (bug 18608) API should provide list of CSS styles to apply to rendered output
21815 * (bug 18771) List possible errors in action=paraminfo
21817 === Languages updated in 1.16 ===
21819 MediaWiki supports over 300 languages. Many localisations are updated
21820 regularly. Below only new and removed languages are listed, as well as
21821 changes to languages because of Bugzilla reports.
21823 * Capiznon (cps) (new)
21824 * North Frisian (frr) (new)
21825 * Kirmanjki (kiu) (new)
21826 * Komi-Permyak (koi) (new)
21827 * Karachay-Balkar (krc) (new)
21828 * Hill Mari (mrj) (new)
21829 * Prussian (prg) (new)
21830 * Romagnol (rgn) (new)
21831 * Lower Silesian (sli) (new)
21832 * Picard (pcd) (new)
21833 * Uyghur (Arabic script) (ug-arab) (new)
21834 * Upper Franconian (vmf) (new)
21835 * Votic (vot) (new)
21836 * Eastern Yiddish (ydd) (removed)
21837 * Iriga Bicolano (bto) (removed)
21838 * Ladin (lld) (removed)
21839 * Laz (lzz) (removed)
21840 * Palembang (plm) (removed)
21841 * Megleno-Romanian (Greek script) (ruq-grek) (removed)
21842 * Tamazight (tzm) (removed)
21845 * (bug 18474) Sorani (ckb - Central Kurdish) (renamed from ku-arab)
21846 * Add PLURAL function for Scots Gaelic (gd)
21847 * Add Estonian letters äöõšüž to linktrail (et)
21848 * (bug 18776) Native name of Burmese language (my)
21849 * (bug 18806) Use correct unicode characters in spelling of native Chuvash
21851 * (bug 18864) Updated autonym for Zhuang language
21852 * (bug 18308) Updated date formatting in Occitan (oc)
21853 * (bug 19080) Added ăâîşţșțĂÂÎŞŢȘȚ to Romanion (ro) linktrail
21854 * (bug 19286) Correct commafying function in Polish (pl)
21855 * (bug 19441) Updated date formatting for Lithuanian
21856 * (bug 19630) Added ÄäÇçĞğŇňÖöŞşÜüÝýŽž to Turkmen (tk) linktrail
21857 * (bug 19949) New linktrail for Greek (el)
21858 * (bug 19809) Korean (North Korea) (ko-kp) (new)
21859 * (bug 19968) Fixed "Project talk" namespace name for Maltese (mt)
21860 * (bug 21168) Added áâãàéêçíóôõúü to Portuguese (pt) linktrail
21861 * (bug 21596) Change interwiki link for Kurdish (ku)
21862 * (bug 23767) PHP warning/error when REQUEST_URI returns blank (IIS issue).
21864 == MediaWiki 1.15 ==
21866 == MediaWiki 1.15.5 ==
21867 === Changes since 1.15.4 ===
21869 * (bug 24565) Fixed Cache-Control headers sent from API modules, to protect
21870 user privacy in the case where an attacker can access the wiki through the
21871 same HTTP proxy as a logged-in user.
21872 * Fixed a minor cookie header parsing issue causing incorrect Cache-Control
21873 headers to be sent.
21874 * Fixed an XSS vulnerability in profileinfo.php for installations with
21875 $wgEnableProfileInfo = true (false by default)
21876 * For backwards compatibility with extensions from 1.14.x or before, restored
21877 the original function ApiMain::requestWriteMode().
21878 * In API login "need token" responses, added the cookieprefix and sessionid
21879 fields, as in MediaWiki 1.16.x. This is an improvement to the CSRF fix
21880 introduced in 1.15.3.
21882 == MediaWiki 1.15.4 ==
21883 === Changes since 1.15.3 ===
21885 * (bug 23534) Fixed SQL query error in API list=allusers.
21886 * (bug 23371) Fixed CSRF vulnerability in "e-mail me my password", "create
21887 account" and "create by e-mail" features of [[Special:Userlogin]]
21888 * (bug 23687) Fixed XSS vulnerability affecting IE clients only, due to a CSS
21891 == MediaWiki 1.15.3 ==
21892 === Changes since 1.15.2 ===
21894 * (bug 22828) Fixed deletion on SQLite.
21895 * (bug 23076) Fixed login CSRF vulnerability. Logins now require a token to
21896 be submitted along with the user name and password.
21898 == MediaWiki 1.15.2 ==
21899 === Changes since 1.15.1 ===
21901 * The installer now includes a check for a data corruption issue with certain
21902 versions of libxml2 2.7 and PHP earlier than 5.2.9, and also for a PHP bug
21903 present in the official release of PHP 5.3.1.
21904 * (bug 20239) MediaWiki:Imagemaxsize does not contain anymore a <br /> tag which
21905 was displayed to the user
21906 * (bug 21150) SQLite no longer raise an error when deleting files
21907 * (bug 20880) Fixed updater failure on SQLite backend
21908 * upgrade1_5.php now requires to be run --update option to prevent confusion
21909 * Fixed a CSS validation issue which allowed external images to be included
21910 into wikis where that is disallowed by configuration.
21911 * Fixed a data leakage vulnerability for private wikis using img_auth.php or
21912 similar image access authentication schemes. Check user permissions before
21913 streaming out scaled images from thumb.php.
21915 == MediaWiki 1.15.1 ==
21916 === Changes since 1.15.0 ===
21917 * Fixed fatal errors for unusual file repository configurations, such as
21919 * Fixed the "change password" link on Special:Preferences to have the correct
21920 returnto parameter.
21921 * (bug 19693) Fixed cross-site scripting vulnerability in Special:Block
21923 == MediaWiki 1.15.0 ==
21924 === Changes since 1.15.0rc1 ===
21926 * Removed category redirect feature, implementation was incomplete.
21927 * (bug 18846) Remove update_password_format(), unnecessary, destroys all
21928 passwords if a wiki with $wgPasswordSalt=false is upgraded with the web
21930 * (bug 19127) Documentation warning for PostgreSQL users who run update.php:
21931 use the same user in AdminSettings.php as in LocalSettings.php.
21932 * Fixed possible web invocation of some maintenance scripts, due to the use of
21933 include() instead of require(). A full exploit would require a very strange
21934 web server configuration.
21935 * Localisation updates.
21937 === Configuration changes in 1.15 ===
21939 * Added $wgNewPasswordExpiry, to specify an expiry time (in seconds) to
21940 temporary passwords
21941 * Added $wgUseTwoButtonsSearchForm to choose the Search form behavior/look
21942 * Added $wgNoFollowDomainExceptions to allow exempting particular domain names
21943 from rel="nofollow" on external links
21944 * (bug 12970) Brought back $wgUseImageResize.
21945 * Added $wgRedirectOnLogin to allow specifying a specific page to redirect users
21946 to upon logging in (ex: "Main Page")
21947 * Add $wgExportFromNamespaces for enabling/disabling the "export all from
21948 namespace" option (disabled by default)
21950 === New features in 1.15 ===
21952 * (bug 2242) Add an expiry time to temporary passwords
21953 * (bug 9947) Add PROTECTIONLEVEL parser function to return the protection level
21954 for the current page for a given action
21955 * (bug 17002) Add &minor= and &summary= as parameters in the url when editing,
21956 to automatically add a summary or a minor edit.
21957 * (bug 16852) padleft and padright now accept multiletter pad characters
21958 * When using 'UserCreateForm' hook to add new checkboxes into
21959 Special:UserLogin/signup, the messages can now contain HTML to allow
21960 hyperlinking to the site's Terms of Service page, for example
21961 * Add new hook 'UserLoadFromDatabase' that is called while loading a user
21963 * (bug 17045) Options on the block form are prefilled with the options of the
21964 existing block when modifying an existing block.
21965 * (bug 17055) "(show/hide)" links to Special:RevisionDelete now use a CSS class
21966 rather than hardcoded HTML tags
21967 * Added new hook 'WantedPages::getSQL' into SpecialWantedpages.php to allow
21968 extensions to alter the SQL query which is used to get the list of wanted
21970 * (bugs 16957/16969) Add show/hide to preferences for RC patrol options on
21972 * (bug 11443) Auto-noindex user/user talk pages for blocked user
21973 * (bug 11644) Add $wgMaxRedirects variable to control how many redirects are
21974 recursed through until the "destination" page is reached.
21975 * Add $wgInvalidRedirectTargets variable to prevent redirects to certain
21977 * Use HTML5 rel attributes for some links, where appropriate
21978 * Added optional alternative Search form look - Go button & Advanced search
21979 link instead of Go button & Search button
21980 * (bug 2314) Add links to user custom CSS and JS to Special:Preferences
21981 * More helpful error message on raw page access if PHP_SELF isn't set
21982 * (bug 13040) Gender switch in user preferences
21983 * (bug 13040) {{GENDER:}} magic word for interface messages
21984 * (bug 3301) Optionally sort user list according to account creation time
21985 * Remote description pages for foreign file repos are now fetched in the
21987 * (bug 17180) If $wgUseFileCache is enabled, $wgShowIPinHeader is automatically
21989 * (bug 16604) Mark non-patrolled edits in feeds with "!"
21990 * (bug 16604) Show title/rev in IRC for patrol log
21991 * (bug 16854) Whether a page is being parsed as a preview or section preview
21992 can now be determined and set with ParserOptions.
21993 * Wrap message 'confirmemail_pending' into a div with CSS classes "error" and
21994 "mw-confirmemail-pending"
21995 * (bug 8249) The magic words for namespaces and pagenames can now be used as
21996 parser functions to return the desired namespace or normalized title/title
21997 part for a given title.
21998 * (bug 17110) Styled #mw-data-after-content in cologneblue.css to match the
22000 * (bug 7556) Time zone names in signatures lack i18n
22001 * (bug 3311) Automatic category redirects
22002 * (bug 17236) Suppress 'watch user page link' for IP range blocks
22003 * Wrap message 'searchresulttext' (Special:Search) into a div with
22004 class "mw-searchresult"
22005 * (bug 15283) Interwiki imports can now fetch included templates
22006 * Treat svn:// URLs as external links by default
22007 * New function to convert namespace text for display (only applies on wiki with
22008 LanguageConverter class)
22009 * (bug 17379) Contributions-title is now parsed for magic words.
22010 * Preprocessor output now cached in memcached.
22011 * (bug 14468) Lines in classic RecentChanges and Watchlist have classes
22012 "mw-line-odd" and "mw-line-even" to make styling using css possible.
22013 * (bug 17311) Add a note beside the gender selection menu to tell users that
22014 this information will be public
22015 * Localize time zone regions in Special:Preferences
22016 * Add NUMBEROFACTIVEUSERS magic word, which is like NUMBEROFUSERS, but uses
22017 the active users data from site_stats.
22018 * Add a <link rel="canonical"> tag on redirected page views
22019 * Replace hardcoded '...' as indication of a truncation with the
22021 * Wrap warning message 'editinginterface' into a div with class
22022 'mw-editinginterface'
22023 * (bug 17497) Oasis opendocument added to mime.types
22024 * Remove the link to Special:FileDuplicateSearch from the "file history" section
22025 of image description pages as the list of duplicated files is shown in the
22026 next section anyway.
22027 * Added $wgRateLimitsExcludedIPs, to allow specific IPs to be whitelisted from
22029 * (bug 14981) Shared repositories can now have display names, located at
22030 MediaWiki:Shared-repo-name-REPONAME, where REPONAME is the name in
22031 $wgForeignFileRepos
22032 * Special:ListUsers: Sort list of usergroups by alphabet
22033 * (bug 16762) Special:Movepage now shows a list of subpages when possible
22034 * (bug 17585) Hide legend on Special:Specialpages from non-privileged users
22035 * Added $wgUseTagFilter to control enabling of filter-by-change-tag
22036 * (bug 17291) MediaWiki:Nocontribs now has an optional $1 parameter for the
22038 * Wrap special page summary message '$specialPageName-summary' into a div
22039 with class 'mw-specialpage-summary'
22040 * $wgSummarySpamRegex added to handle edit summary spam. This is used *instead*
22041 of $wgSpamRegex for edit summary checks. Text checks still use $wgSpamRegex.
22042 * New function to convert content text to specified language (only applies on
22043 wiki with LanguageConverter class)
22044 * (bug 17844) Redirect users to a specific page when they log in, see
22046 * Added a link to Special:UserRights on Special:Contributions for privileged
22048 * (bug 10336) Added new magic word {{REVISIONUSER}}, which displays the editor
22049 of the displayed revision
22050 * LinkerMakeExternalLink now has an $attribs parameter for link attributes and
22051 a $linkType parameter for the type of external link being made
22052 * (bug 17785) Dynamic dates surrounded with a <span> tag, fixing sortable tables
22053 with dynamic dates.
22054 * (bug 4582) Provide preference-based autoformatting of unlinked dates with the
22055 dateformat parser function.
22056 * (bug 17886) Special:Export now allows you to export a whole namespace (limited
22058 * (bug 17714) Limited TIFF upload support now built in if 'tif' extension is
22059 enabled. Image width and height are now recognized, and when using
22060 ImageMagick, optional flattening to PNG or JPEG for inline display can be
22061 enabled by setting $wgTiffThumbnailType
22062 * Renamed two input IDs on Special:Log from 'page' and 'user' to 'mw-log-page'
22063 and 'mw-log-user', respectively
22064 * Added $wgInvalidUsernameCharacters to disallow certain characters in
22065 usernames during registration (such as "@")
22066 * Added $wgUserrightsInterwikiDelimiter to allow changing the delimiter
22067 used in Special:UserRights to denote the user should be searched for
22068 on a different database
22069 * Add a class if 'missingsummary' is triggered to allow styling of the summary
22071 * Title attributes are now always blank on framed and thumbnailed images, and
22072 default to blank on inline images instead of defaulting to the image's
22073 filename. Additionally, the alt attribute now defaults to the filename on
22074 framed and thumbnailed images if no caption or alt attribute is specified.
22076 === Bug fixes in 1.15 ===
22077 * (bug 16968) Special:Upload no longer throws useless warnings.
22078 * (bug 17000) Special:RevisionDelete now checks if the database is locked
22079 before trying to delete the edit.
22080 * (bug 16852) padleft and padright now handle multibyte characters correctly
22081 * (bug 17010) maintenance/namespaceDupes.php now add the suffix recursively if
22082 the destination page exists
22083 * (bug 17035) Special:Upload now fails gracefully if PHP's file_uploads has
22085 * Fixing the caching issue by using -{T|xxx}- syntax (only applies on wiki with
22086 LanguageConverter class)
22087 * Improving the efficiency by using -{A|xxx}- syntax (only applies on wiki with
22088 LanguageConverter class)
22089 * (bug 17054) Added more descriptive errors in Special:RevisionDelete
22090 * (bug 11527) Diff on page with one revision shows "Next" link to same diff
22091 * (bug 8065) Fix summary forcing for new pages
22092 * (bug 10569) redirects to Special:Mypage and Special:Mytalk are no longer
22093 allowed by default. Change $wgInvalidRedirectTargets to re-enable.
22094 * (bug 3043) Feed links of given page are now preceded by standard feed icon
22095 * (bug 17150) escapeLike now escapes literal \ properly
22096 * Inconsistent use of sysop, admin, administrator in system messages changed
22098 * (bug 14423) Check block flag validity for block logging
22099 * DB transaction and slave-lag avoidance tweaks for Email Notifications
22100 * (bug 17104) Removed [Mark as patrolled] link for already patrolled revisions
22101 * (bug 17106) Added 'redirect=no' and 'mw-redirect' class to redirects at
22102 "user contributions"
22103 * Rollback links on new pages removed from "user contributions"
22104 * (bug 15811) Re-upload form tweaks: license fields removed, destination locked,
22105 comment label uses better message
22106 * Whole HTML validation ($wgValidateAllHtml) now works with external tidy
22107 * Parser tests no longer fail when $wgExternalLinkTarget is set in
22109 * (bug 15391) catch DBQueryErrors on external storage insertion. This avoids
22110 error messages on save were the edit in fact is saved.
22111 * (bug 17184) Remove duplicate "z" accesskey in MonoBook
22112 * Parser tests no longer fail when $wgAlwaysUseTidy is set in LocalSettings.php
22113 * Removed redundant dupe warnings on reupload for the same title. Dupe warnings
22114 for identical files at different titles are still given.
22115 * Add 'change tagging' facility, where changes can be tagged internally with
22116 certain designations, which are displayed on various summaries of changes,
22117 and the entries can be styled with CSS.
22118 * (bug 17207) Fix regression breaking category page display on PHP 5.1
22119 * Categoryfinder utility class no longer fails on invalid input or gives wrong
22120 results for category names that include pseudo-namespaces
22121 * (bug 17252) Galician numbering format
22122 * (bug 17146) Fix for UTF-8 and short word search for some possible MySQL
22124 * (bug 7480) Internationalize database error message
22125 * (bug 16555) Number of links to mediawiki.org scaled back on post-installation
22126 * (bug 14938) Removing a section no longer leaves excess whitespace
22127 * (bug 17304) Fixed fatal error when thumbnails couldn't be generated for file
22129 * (bug 17283) Remove double URL escaping in show/hide links for log entries
22130 and RevisionDeleteForm::__construct
22131 * (bug 17105) Numeric table sorting broken
22132 * (bug 17231) Transcluding special pages on wikis using language conversion no
22133 longer affects the page title
22134 * (bug 6702) Default system messages updated/improved
22135 * (bug 17190) User ID on preference page no longer has delimeters
22136 * (bug 17341) "Powered by MediaWiki" should be on the left on RTL wikis
22137 * (bug 17404) "userrights-interwiki" right was missing in User::$mCoreRights
22138 * (bug 7509) Separation strings should be configurable
22139 * (bug 17420) Send the correct content type from action=raw when the HTML file
22141 * (bug 12746) Do not allow new password e-mails when wiki is in read-only mode
22142 * (bug 17478) Fixed a PHP Strict standards error in
22143 maintenance/cleanupWatchlist.php
22144 * (bug 17488) RSS/Atom links in left toolbar are now localized in classic skin
22145 * (bug 17472) use print <<<EOF in maintenance/importTextFile.php
22146 * Special:PrefixIndex: Move table styling to shared.css, add CSS IDs to tables
22147 use correct message 'allpagesprefix' for input form label, replace _ with ' '
22149 * (bug 17506) Exceptions within exceptions now respect $wgShowExceptionDetails
22150 * Fixed excessive job queue utilisation
22151 * File dupe messages for remote repos are now shown only once.
22152 * (bug 14980) Messages 'shareduploadwiki' and 'shareduploadwiki-desc' are now
22153 used as a parameter in 'sharedupload' for easier styling and customization.
22154 * (bug 17482) Formatting error in Special:Preferences#Misc (Opera)
22155 * (bug 17556) <link> parameters in Special:Contributions feeds (RSS and Atom)
22156 now point to the actual contributors' feed.
22157 * ForeignApiRepos now fetch MIME types, rather than trying to figure it locally
22158 * Special:Import: Do not show input field for import depth if
22159 $wgExportMaxLinkDepth == 0
22160 * (bug 17570) $wgMaxRedirects is now correctly respected when following
22161 redirects (was previously one more than $wgMaxRedirects)
22162 * (bug 16335) __NONEWSECTIONLINK__ magic word to suppress new section link.
22163 * (bug 17581) Wrong index name in PostgreSQL's updater: was rc_timestamp_nobot,
22164 changed to rc_timestamp_bot
22165 * (bug 17437) Fixed incorrect link to web-based installer
22166 * (bug 17538) Use shorter URLs in <link> elements
22167 * (bug 13778) Hidden input added to the search form so that using the Enter key
22168 on IE will do a fulltext search like clicking the button does
22169 * (bug 1061) CSS-added icons next to links display through the text and makes
22170 it unreadable in RTL
22171 * Special:Wantedtemplates now works on PostgreSQL
22172 * (bug 14414) maintenance/updateSpecialPages.php no longer throws error with
22174 * (bug 17546) Correct Tongan language native name is "lea faka-Tonga"
22175 * (bug 17621) Special:WantedFiles has no link to Special:Whatlinkshere
22176 * (bug 17460) Client ecoding is now correctly set for PostgreSQL
22177 * (bug 17648) Prevent floats from intruding into edit area in previews if no
22179 * (bug 17692) Added (list of members) link to 'user' in Special:Listgrouprights
22180 * (bug 17707) Show file destination as plain text if &wpForReUpload=1
22181 * (bug 10172) Moved setting of "changed since last visit" flags out of the job
22183 * (bug 17761) "show/hide" link in page history in now works for the first
22184 displayed revision if it's not the current one
22185 * (bug 17722) Fix regression where users are unable to change temporary
22187 * (bug 17799) Special:Random no longer throws a database error when a non-
22188 namespace is given, silently falls back to NS_MAIN
22189 * (bug 17751) The message for bad titles in WantedPages is now localized
22190 * (bug 17860) Moving a page in the "MediaWiki" namespace using SuppressRedirect
22191 no longer corrupts the message cache
22192 * (bug 17900) Fixed User Groups interface log display after saving groups.
22193 * (bug 17897) Fixed string offset error in <pre> tags
22194 * (bug 17778) MediaWiki:Catseparator can now have HTML entities
22195 * (bug 17676) Error on Special:ListFiles when using Postgres
22196 * Special:Export doesn't use raw SQL queries anymore
22197 * (bug 14771) Thumbnail links to individual DjVu pages no longer have
22198 two "page" parameters
22199 * (bug 17972) Special:FileDuplicateSearch form now works correctly on wikis that
22200 don't use PathInfo or short urls
22201 * (bug 17990) trackback.php now has a trackback.php5 alias and works with
22203 * (bug 14990) Parser tests works again with PostgreSQL
22204 * (bug 11487) Special:Protectedpages doesn't list protections with pr_expiry
22206 * (bug 18018) Deleting a file redirect leaves behind a malfunctioning redirect
22207 * (bug 17537) Disable bad zlib.output_compression output on HTTP 304 responses
22208 * (bug 11213) [edit] section links in printable version no longer appear when
22209 you cut-and-paste article text
22210 * (bug 17405) "Did you mean" to mirror Go/Search behavior of original request
22211 * (bug 18116) 'edittools' is now output identically on edit and upload pages
22212 * (bug 17241) The diffonly URI parameter should cascade to "Next edit" and
22213 "Previous edit" diff links
22214 * (bug 16823) Sidebar search form should not use Special:Search view URL as
22216 * (bug 16343) Non-existing, but in use, category pages can be "go" match hits
22217 * Fixed a CSS validation issue which allowed external images to be included
22218 into wikis where that is disallowed by configuration.
22219 * Fixed a data leakage vulnerability for private wikis using img_auth.php or
22220 similar image access authentication schemes. Check user permissions before
22221 streaming out scaled images from thumb.php.
22223 == API changes in 1.15 ==
22224 * (bug 16858) Revamped list=deletedrevs to make listing deleted contributions
22225 and listing all deleted pages possible
22226 * (bug 16844) Added clcategories parameter to prop=categories
22227 * (bug 17025) Add "fileextension" parameter to meta=siteinfo&siprop=
22228 * (bug 17048) Show the 'new' flag in list=usercontribs for the revision that
22229 created the page, even if it's not the top revision
22230 * (bug 17069) Added ucshow=patrolled|!patrolled to list=usercontribs
22231 * action=delete respects $wgDeleteRevisionsLimit and the bigdelete user right
22232 * (bug 15949) Add undo functionality to action=edit
22233 * (bug 16483) Kill filesort in ApiQueryBacklinks caused by missing parentheses.
22234 Building query properly now using makeList()
22235 * (bug 17182) Fix pretty printer so URLs with parentheses in them are
22236 autolinked correctly
22237 * (bug 17224) Added siprop=rightsinfo to meta=siteinfo
22238 * (bug 17239) Added prop=displaytitle to action=parse
22239 * (bug 17317) Added watch parameter to action=protect
22240 * (bug 17007) Added export and exportnowrap parameters to action=query
22241 * (bug 17326) BREAKING CHANGE: Changed output format for iiprop=metadata
22242 * (bug 17355) Added auwitheditsonly parameter to list=allusers
22243 * (bug 17007) Added action=import
22244 * BREAKING CHANGE: Removed rctitles parameter from list=recentchanges because
22245 of performance concerns
22246 * Listing (semi-)deleted revisions and log entries as well in prop=revisions
22248 * (bug 11430) BREAKING CHANGE: Modules may return fewer results than the
22249 limit and still set a query-continue in some cases
22250 * (bug 17357) Added movesubpages parameter to action=move
22251 * (bug 17433) Added bot flag to list=watchlist&wlprop=flags output
22252 * (bug 16740) Added list=protectedtitles
22253 * Added mainmodule and pagesetmodule parameters to action=paraminfo
22254 * (bug 17502) meta=siteinfo&siprop=namespacealiases no longer lists namespace
22255 aliases already listed in siprop=namespaces
22256 * (bug 17529) rvend ignored when rvstartid is specified
22257 * (bug 17626) Added uiprop=email to list=userinfo
22258 * (bug 13209) Added rvdiffto parameter to prop=revisions
22259 * Manual language conversion improve: Now we can include both ";" and ":" in
22261 * (bug 17795) Don't report views count on meta=siteinfo if $wgDisableCounters
22263 * (bug 17774) Don't hide read-restricted modules like action=query from users
22264 without read rights, but throw an error when they try to use them.
22265 * Don't hide write modules when $wgEnableWriteAPI is false, but throw an error
22266 when someone tries to use them
22267 * BREAKING CHANGE: action=purge requires write rights and, for anonymous users,
22269 * (bug 18099) Using appendtext to edit a non-existent page causes an interface
22270 message to be included in the page text
22271 * Fixed the circular template inclusion check, was broken when the loop
22272 involved redirects. Without this, infinite recursion within the parser is
22274 * (bug 18601) generator=backlinks returns invalid continue parameter
22275 * (bug 18597) Internal error with empty generator= parameter
22276 * (bug 18617) Add xml:space="preserve" attribute to relevant tags in XML output
22277 * (bug 17611) Provide a sensible error message on install when the SQLite data
22278 directory is wrong.
22280 === Languages updated in 1.15 ===
22282 MediaWiki supports over 300 languages. Many localisations are updated
22283 regularly. Below only new and removed languages are listed, as well as
22284 changes to languages because of Bugzilla reports.
22286 * Austrian German (de-at) (new)
22287 * Swiss Standard German (de-ch) (new)
22288 * Simplified Gan Chinese (gan-hans) (new)
22289 * Traditional Gan Chinese (gan-hant) (new)
22290 * Literary Chinese (lzh) (new)
22291 * Uyghur (Latin script) (ug-latn) (renamed from 'ug')
22293 * Võro (vro) (renamed from fiu-vro)
22294 * (bug 17151) Add magic word alias for #redirect for Vietnamese
22295 * (bug 17288) Messages improved for default language (English)
22296 * (bug 12937) Update native name for Afar
22297 * (bug 16909) 'histlegend' now reuses messages instead of copying them
22298 * (bug 17832) action=delete returns 'unknownerror' instead of 'permissiondenied'
22299 when the user is blocked
22300 * Traditional/Simplified Gan Chinese conversion support
22302 == MediaWiki 1.14 ==
22304 == MediaWiki 1.14.1 ==
22305 === Changes since 1.14.0 ===
22307 * (bug 17737) Fixed russian URLs for Special:BookSources
22308 * (bug 17713) Using links with only an anchor no longer add an dummy entry in
22309 the pagelinks table
22310 * (bug 17897) Fixed string offset error in <pre> tags
22311 * (bug 17832) Fixed action=delete returning 'unknownerror' instead of
22312 'permissiondenied' when the user is blocked
22313 * Fixed performance regression when accessing deleted (archived) files
22314 * (bug 19693) Fixed cross-site scripting vulnerability in Special:Block
22316 == MediaWiki 1.14.0 ==
22317 === Changes since 1.14.0rc1 ===
22319 * Fixed the performance of the backlinks API module
22320 * (bug 17420) Send the correct content type from action=raw when the HTML file
22322 * (bug 17437) Fixed incorrect link to web-based installer
22323 * (bug 17527) Fixed missing MySQL-specific options in installer
22325 === Configuration changes in 1.14 ===
22327 * $wgExemptFromUserRobotsControl is an array of namespaces to be exempt from
22328 the effect of the new __INDEX__/__NOINDEX__ magic words. (Default: null, ex-
22329 empt all content namespaces.)
22330 * $wgForwardSearchUrl has been removed entirely. Documented setting since 1.4
22331 has been $wgSearchForwardUrl.
22332 * (bug 15080) $wgOverrideSiteFeed has been added. Setting either
22333 $wgSiteFeed['rss'] or 'atom' to a URL will override the default Recent
22334 Changes feed that appears on all pages.
22335 * $wgSQLiteDataDirMode has been introduced as the default directory mode for
22336 SQLite data directories on creation. Note that this setting is separate from
22337 $wgDirectoryMode, which applies to all normal dirs created by MediaWiki.
22338 * $wgGroupsAddToSelf and $wgGroupsRemoveFromSelf now work more like
22339 $wgAddGroups and $wgRemoveGroups, where the user must belong to a specified
22340 group in order to add or remove those groups from themselves.
22341 Backwards compatibility is maintained.
22342 * $wgRestrictDisplayTitle controls if the use of the {{DISPLAYTITLE}} magic
22343 word is restricted to titles equivalent to the actual page title. This
22344 is true by default, but can be set to false to allow any title.
22345 * $wgSpamRegex may now be an array of multiple regular expressions.
22346 * $wgAjaxSearch has been removed; use $wgEnableMWSuggest instead.
22347 * Editing the MediaWiki namespace is now unconditionally restricted to people
22348 with the editinterface right, configuring this in $wgNamespaceProtection
22350 * $wgAllowExternalImagesFrom may now be an array of multiple strings.
22351 * Introduced $wgEnableImageWhitelist to toggle the on-wiki external image
22352 whitelist on or off.
22353 * Added $wgRenderHashAppend to append some string to the parser cache and the
22354 sitenotice cache keys.
22355 * $wgRCChangedSizeThreshold is now a positive integer by default,
22356 * (bug 16006) $wgEnableWriteAPI is now true by default. Authorized can perform
22357 write actions using the API.
22358 * Added $wgRC2UDPInterwikiPrefix which adds an interwiki prefix
22359 ($wgLocalInterwiki) onto the page names in the UDP feed.
22360 * Added $wgAllowUserSkin to let the wiki's owner disable user selectable skins
22361 on the wiki. If it's set to false, then the skin used will *always* be
22363 * Added $wgEnotifUseRealName, which allows UserMailer to send out e-mails based
22364 on the user's real name if one is set. Defaults to false (use the username)
22365 * Removed the 'apiThumbCacheDir' option from $wgForeignFileRepos (only used in
22367 * (bug 44) Image namespace and accompanying talk namespace renamed to File.
22368 For backward compatibility purposes, Image still works. External tools may
22369 need to be updated.
22370 * The constants NS_FILE and NS_FILE_TALK can now be used instead of NS_IMAGE and
22371 NS_IMAGE_TALK. The old constants are retained as aliases for compatibility,
22372 and should still be used in code meant to be compatible with v1.13 or older.
22373 * MediaWiki can be forced to use private IPs forwarded by a proxy server by
22374 using $wgUsePrivateIPs.
22375 * The 'BeforeWatchlist' hook has been removed due to internal changes in
22376 Special:Watchlist. 'SpecialWatchlistQuery' should now be used by extensions
22377 to customize the watchlist database query.
22379 === Migrated extensions ===
22380 The following extensions are migrated into MediaWiki 1.14:
22382 * Special:DeletedContributions to show deleted user contributions (was
22383 extension DeletedContributions)
22384 * Special:Log/newusers recording new users (was extension Newuserlog)
22385 * Special:LinkSearch to search for external links (was extension LinkSearch)
22388 * UniversalEditButton
22390 === New features in 1.14 ===
22392 * New URL syntaxes for Special:ListUsers - 'Special:ListUsers/USER' and
22393 'Special:ListUsers/GROUP/USER', in addition to the older syntax
22394 'Special:ListUsers/GROUP' where GROUP is a valid group name.
22395 * Configurable per-namespace and per-page notices for the edit form,
22396 respectively MediaWiki:Editnotice-# where # is the namespace number, and
22397 MediaWiki:Editnotice-#-PAGENAME where # is the page's namespace number and
22398 PAGENAME is the page name minus the namespace prefix.
22399 * (bug 8068) New __INDEX__ and __NOINDEX__ magic words allow user control of
22400 search engine indexing on a per-article basis.
22401 * Handheld stylesheet options
22402 * Added 'DoEditSectionLink' hook as a cleaner unified version of the old
22403 'EditSectionLink' and 'EditSectionLinkForOther' hooks. Note that the
22404 'EditSectionLinkForOther' hook has been removed, but 'EditSectionLink' is
22405 run in all cases instead, so extensions using the old hooks should still work
22406 if they ran roughly the same code for both hooks (as is almost certain).
22407 * Signature (~~~~) "cleaning", i.e. template removal, can be disabled with
22408 $wgCleanSignatures=false
22409 * Extensions can use the SkinBuildSidebar hook to modify the content of the
22410 sidebar and add custom portlets to it
22411 * Added 'MakeGlobalVariablesScript' hook for extensions to be able to add vari-
22412 ables into the output of Skin::makeVariablesScript
22413 * (bug 13846) Added $wgAddGroups and $wgRemoveGroups display on
22414 Special:ListGroupRights
22415 * (bug 14377) Add a date selector to history pages
22416 * (bug 15007) New 'pagetitle-view-mainpage' message allows the HTML <title> of
22417 the main page to be customized
22418 * Added $wgDisableTitleConversion to disabling the conversion for all pages on
22420 * Added 'noconvertlink' toggle that can be set per user preferences, also
22421 added 'convertlink=no|yes' on GET requests whether have the link titles
22422 being converted or not
22423 * (bug 14921) Special:Contributions/: add user name to <title>
22424 Patch by Emufarmers
22425 * Unescape more "safe" characters when producing URLs, for added prettiness
22426 * Introduced a new hook 'SkinAfterContent' that allows extensions to add text
22427 after the page content and article metadata. Updated all skins and skin
22428 templates to work with that hook.
22429 * (bug 14929) removeUnusedAccounts.php now supports 'ignore-touched' and
22430 'ignore-groups'. Patch by Louperivois
22431 * (bug 15127) Work around minor display glitch in Opera.
22432 * By default, reject file uploads that look like ZIP files, to avoid the
22433 so-called GIFAR vulnerability.
22434 * (bug 15141) Give ability to only list protected pages with the cascading
22435 option enabled on Special:ProtectedPages
22436 * (bug 15157) Special:Watchlist has the same options as Special:Watchlist:
22437 Show/Hide logged in users, Show/Hide anonymous, Invert namespace selection
22438 * Added hook 'UserrightsChangeableGroups' to allow modification of what
22439 groups may be added or removed via the Special:UserRights interface.
22440 * HTML entities like now work (are not escaped) in edit summaries.
22441 * (bug 13815) In the comment for page moves, use the colon-separator message
22442 instead of a hardcoded colon.
22443 * Allow <gallery> to accept image names without an Image: prefix
22444 * Add tooltips to rollback and undo links
22445 * BMP images are now displayed as PNG
22446 * (bug 13471) Added NUMBERINGROUP magic word
22447 * (bug 11884) Now support Flash EXIF attribute
22448 * Show thumbnails in the file history list, patch by User:Agbad
22449 * Added support of piped wikilinks using double-width brackets
22450 * Added an on-wiki external image whitelist. Items in this whitelist are
22451 treated as regular expression fragments to match for when possibly
22452 displaying an external image inline.
22453 * (bugs 15405, 15436) Sort more currency types correctly in sortable tables
22454 * (bug 15422) Sort more different types of numbers in sortable tables
22455 * (bug 2889) MediaWiki:Print.css applies to the printable version
22456 * Category counts (e.g. from {{PAGESINCATEGORY:}}) should be more accurate for
22458 * After logging in, automatically redirect to wherever you logged in from
22459 * (bug 5619) Break messages used in Special:Statistics down further
22460 * (bug 11029) Add link to Special:Listusers?group=sysop etc at
22462 * (bug 15514) Setting $wgRightsText without $wgRightsUrl now produces a
22463 plaintext copyright notice. Patch by Juliano F. Ravasi.
22464 * (bug 15551) Deletion log excerpt is now shown whenever a user vists a
22465 deleted page, even if they are unable to edit it.
22466 * Added Wantedfiles special pages, allowing users to find image links with no
22468 * (bug 12650) It is now possible to set different expiration times for
22469 different restriction types on the protection form.
22470 * (bug 8440) Allow preventing blocked users from editing their talk pages
22471 * Improved upload file type detection for OpenDocument formats
22472 * Added the ability to set the target attribute on external links with
22473 $wgExternalLinkTarget
22474 * api.php now sends "Retry-After" and "X-Database-Lag" HTTP headers if the
22475 maxlag check fails, just like index.php does
22476 * Added "link" parameter to image links, to allow images to link to an
22477 arbitrary title or URL. This should replace inaccessible and incomplete
22478 solutions such as CSS-based overlays and ImageMap.
22479 * (bug 368) Don't use caption for alt attribute; allow manual specification
22480 using new "alt=" parameter for images
22481 * (bug 44) The {{ns:}} core parser function now also accepts localized
22482 namespace names and aliases; also, its output now uses spaces instead of
22483 underscores to match the behavior of the {{NAMESPACE}} magic word
22484 * Added the ability to display user edit counts in Special:ListUsers. Off by
22485 default, enabled with $wgEdititis = true (named after the medical condition
22486 marked by unhealthy obsession with edit counts).
22487 * Added a file cache to the parser to improve page rendering time on pages with
22488 several uses of the same image.
22489 * (bug 1250) Users can still use "show preview" and "show changes" even if the
22490 wiki is set to read-only mode.
22491 * Added a call to the 'UnwatchArticleComplete' hook to the watchlist editor.
22492 This should make it so that ALL user-accessible methods of removing a page
22493 from a watchlist lead to this hook being called (it was previously only
22494 called from within Article.php
22495 * Maximum execution time for shell processes on linux is now configured with
22496 $wgMaxShellTime (180 seconds by default)
22497 * (bug 1306) 'Email user' link no longer shown on user page when emailing
22498 is not available due to lack of confirmed address or disabled preference
22499 * Special:Wanted templates special page added to display missing templates
22500 linked from articles
22501 * Make search matches bold only, not red as well
22502 * (bug 10080) Blocks can be modified without unblocking first
22503 * (bug 15820) Special:BlockIP shows a notice if the user being blocked is
22504 already directly blocked
22505 * (bug 13710) Allow to force "watch this" checkbox via URL using parameter
22507 * (bug 15125) Add Public Domain to default options when installing. Patch by
22509 * Set a special temporary directory for ImageMagick with $wgImageMagickTempDir
22510 * (bug 16113) Show/hide for redirects in Special:NewPages
22511 * (bug 15903) Upload link was added to Nostalgia skin
22512 * (bug 15761) Add user toggle to omit diff after rollback
22513 * Added the BitmapHandler_ClientOnly media handler, which allows server-side
22514 image scaling to be completely disabled for specific media types, via the
22515 $wgMediaHandlers configuration variable.
22516 * New 'AbortDiffCache' hook can be used to cancel the caching of a diff
22517 * (bug 15835) Added Content-Style-Type meta tag
22518 * (bug 11027) Add parameter to MW:Randompage-nopages so that user can see the
22520 * Add id="mw-user-domain-section" to <tr> tag in Userlogin.php template so that
22521 admins with a single domain can hide the domain section using CSS
22522 * Dropped old Paser_OldPP class. Only new parser with preprocessor is used.
22523 * Moved password reset form from Special:Preferences to Special:ResetPass
22524 * Added Special:ChangePassword as a special page alias for Special:ResetPass
22525 * Added complementary function for addHandler() called removeHandler() for
22527 * Improved security of file uploads for IE clients, using a reverse-engineered
22528 algorithm very similar to IE's content detection algorithm.
22529 * Cascading protection no longer requires that both edit and move are restricted
22530 to sysop, just edit=sysop is enough
22531 * (bug 2391) A warning is now shown for invalid ISBN numbers on
22532 Special:Booksources.
22533 * Installer has been updated to reflect the release of the GFDL 1.3. The URL for
22534 1.2 has been updated, and the 1.3 URL has been given. 1.2 is still
22535 Wikipedia-compatible. RightsCode was changed from 'gfdl' to 'gfdl1_2', so we
22536 can now support 1.2 as well as 1.3 (gfdl1_3).
22537 * (bug 16293) PD URL was changed to the CreativeCommons site on PD (which
22538 auto-detects your language) instead of Wikipedia.
22539 * (bug 16635) The "view and edit watchlist" page (Special:Watchlist/edit) now
22540 includes a table of contents
22541 * File objects returned by wfFindFile() are now cached by default
22542 * (bug 7492) Rights can now be assigned to specific IP addresses and ranges by
22543 using $wgAutopromote (new defines: APCOND_ISIP and APCOND_IPINRANGE)
22544 * Add a 'change block' link to Special:IPBlockList and Special:Log
22545 * (bug 16459) Use native getElementsByClassName where possible, for better
22546 performance in modern browsers
22547 * Enable \cancel and \cancelto in texvc (recompile required)
22548 * Added 'UserCryptPassword' and 'UserComparePasswords' hooks to allow extensions
22549 to implement their own password hashing methods.
22550 * (bug 16760) Add CSS-class to action links of Special:Log
22551 * (bug 505) Time zones can now be specified by location in user preferences,
22552 avoiding the need to manually update for DST. Patch by Brad Jorsch.
22553 * (bug 2585) HTTP 404 return code is now given for a page view if the page
22554 does not exist, allowing spiders and link checkers to detect broken links.
22555 * Special:Log: Add 'change protection' link for unprotected pages too
22556 * Special:Log: Add log type specific CSS classes 'mw-logline-$logtype' to
22558 * (bug 16754) Making arbitrary rows of sortable tables sticky:
22559 |- class="unsortable"
22560 * Show subversion too even if a "normal" version number is available
22561 * (bug 16121) Add a note that a page move was without creating a redirect in the
22563 * Image moving is now enabled for sysops by default
22564 * Make "Did you mean" search feature more noticeable
22565 * (bug 16720) Transcluded Special:NewPages processes "/username="
22567 === Bug fixes in 1.14 ===
22569 * (bug 14907) DatabasePostgres::fieldType now defined.
22570 * (bug 14659) Passing the default limit param to Special:Recentchanges no more
22571 falls back to the user option
22572 * (bug 14954) Fix regression in Modern and Simple skins
22573 * Recursion loop check added to Categoryfinder class
22574 * Fixed few performance troubles of large job queue processing
22575 * Not setting various parameters in Foreign Repos now fails more gracefully
22576 * (bug 2333) Redirects are properly rendered when previewing an edit.
22577 * (bug 14972) Use localized alias of Special:Search on all search forms
22578 * (bug 11035) Special:Search should have descriptive <title>
22579 * Special pages are now not subject to special handling for "self-links"
22580 * (bug 15053) Syntactically incorrect redirects with another link in them
22581 no longer redirect to the second link
22582 * (bug 15049) Fix for CheckUser extension's log search: usernames containing
22583 a "-" were incorrectly turned into bogus IP range searches.
22584 Patch by Max Semenik.
22585 * (bug 15055) Talk page notifications no longer attempt to send mail when
22586 user's e-mail address is invalid or unconfirmed
22587 * (bug 12370) Add throttle on password attempts. Defaults to max 5 attempts in
22589 * (bug 15016) 'Templates used on this page' list in view source should be
22590 wrapped in a div with class "templatesUsed"
22591 * (bug 14868) Setting $wgFeedDiffCutoff to 0 now disables generation of the
22592 diff entirely, not just the display of it.
22593 * (bug 6387) Introduced new setting $wgCategoryPrefixedDefaultSortkey which
22594 allows having the unprefixed page title as the default category sortkey
22595 * (bug 15079) Add class="ns-talk" / "ns-subject" to <body>. Also added
22596 ns-special to special pages.
22597 * (bug 15052) Skins should add their name as a class in <body>
22598 * (bug 14165, bug 14294) Wikimedia specific configuration in convertGrammar()
22599 for several languages was removed. The settings have been put in extension
22600 WikimediaMessages. Patch for Czech by Danny B.
22601 * (bug 15101) Displaying only bots edits in Special:Recentchanges now works
22603 * (bug 13770) Fixed incorrect detection of PHP's DOM module
22604 * (bug 14790) Export of category pages when using Category: prefix now actually
22606 * Avoid recursive crazy expansions in section edit comments for pages which
22607 contain '/*' in the title
22608 * Fix excessive memory usage when parsing pages with lots of links
22609 * $wgSpamRegex now matches the edit summary and page move descriptions in
22610 addition to body text.
22611 * Navigation links to images available from a shared repository (like Commons)
22612 from their local talk pages no longer appear as redlinks
22613 * Action=purge on ForeignApiFiles now works (purges their thumbnails and
22614 description pages).
22615 * (bug 15303) Title conversion for templates wasn't working in some cases.
22616 * (bug 15264) Underscores in Special:Search/Foo_bar parameters were taken
22617 literally; now converting them to spaces per expectation.
22618 * (bug 15342) "Invert" checkbox now works correctly when selecting main
22619 namespace in Special:Watchlist
22620 * (bug 15172) 'Go' button of Special:Recentchanges now on the same line as the
22621 last input element (like Special:Watchlist too)
22622 * (bug 15351) Fix fatal error for invalid section fragments in autocomments
22623 * Fixed intermittent deadlock errors involving objectcache table queries.
22624 Use a separate database connection for the objectcache table to avoid
22625 long-lasting locks on that table.
22626 * Respect file restrictions in the file history list
22627 * (bug 15399) Odd/even classes on sortable tables' rows could be slow for large
22628 tables, and have been disabled by default.
22629 * (bug 15482) Special:Recentchangeslinked has no longer two submit buttons
22630 * (bug 15292) New message notification for unregistred users now works again
22631 * (bug 14398) mwsuggest.js: Let width of container be configurable
22632 * (bug 15543) Only include user touched timestamp to generated CSS
22633 * (bug 15497) Removed encoding attribute from <?xml ?> tag
22634 * (bug 12284) Special:Preferences now sets a returnto parameter on the link to
22635 Special:UserLogin. Patch by Marooned.
22636 * Fixed the HTTP accept language string detection length in
22637 LanguageConverter.php, instead of the fixed length language codes.
22638 * Special:RecentChangesLinked no longer shows outgoing links for nonexistent
22639 pages even if there are broken link records with source article id 0 in the
22641 * (bug 15598) Special:Newpages default limit uses user preference for
22642 recentchanges limit instead of hardcoded 50.
22643 * (bug 15617) $wgFeedClassesOutputPage::getHeadLinks() respects $wgFeedClasses,
22644 instead of hardcoding rss and atom. Patch by Juliano F. Ravasi.
22645 * (bug 14638) Special:Blockip now provides a link to the block log if the user
22646 has been blocked more than 10 times. Patch by Matt Johnston.
22647 * (bug 12678) Skins don't show Upload link if the user isn't allowed to upload.
22648 * Fixed incorrect usage of DB_LAST in Special:Export. Deprecated DB_LAST.
22649 * (bug 15642) Blocked sysops can no longer block other users
22650 * Http::request() now respects $wgHTTPtimeout when not using cURL
22651 * (bug 15158) Userinvalidcssjstitle not shown on preview
22652 * (bug 15196) Free external links should be numbered in a localised manner
22653 * (bug 15388) Title of Special:PrefixIndex
22654 * Links with no title but a curid parameter now use the curid to pick a page
22655 * (bug 10323) Special:Undelete should have "inverse selection" button
22656 * (bug 15831) Modern skin RTL support is bugous
22657 * (bug 15869) Nostalgia skin does not show page title in printable mode
22658 * (bug 15795) Special:Userrights is now listed on Special:SpecialPages when the
22659 user can only change his rights
22660 * (bug 15846) Categories "leak" from older revisions in certain circumstances
22661 * (bug 15928) Special pages dropdown should be inline in non-MonoBook skins
22662 * (bug 14178) Some uses of UserLoadFromSession hook cause segfault
22663 * (bug 15925) Postitive bytes added on recentchanges and watchlists are now
22664 bolded if above the threshold, previously it only worked for negatives
22665 * Specify apple-touch-icon before favicon in HTML head section to make the
22666 Konqueror browser correctly use the latter
22667 * (bug 15717) Set $separatorTransformTable for language 'eu'
22668 * (bug 15605) Enabled $datePreferences for language 'hr'. Added standard date
22670 * (bug 13701) {{NUMBEROFVIEWS}} magic word to show number of total views.
22671 * (bug 5101) Image from Commons doesn't show up when searched in Wikipedia
22673 * (bug 14609) User's namespaces to be searched default not updated after adding
22675 * Purge form uses valid XHTML
22676 * (bug 12764) Special:LonelyPages shows transcluded pages
22677 * (bug 16073) Enhanced RecentChanges uses onclick handler with better fallback
22678 if JavaScript is disabled
22679 * (bug 4253) Recentchanges IRC messages no longer include title in diff URLs
22680 * Allow '0' to be an accesskey.
22681 * (bug 8063) Use language-dependent sorting in client-side sortable tables
22682 * (bug 16160) Suggestions box should be resized from left for RTL wikis
22683 * (bug 11533) Fixed insane slowdown when in read-only mode for long periods
22684 of time with CACHE_NONE (default objectcache table configuration).
22685 * Trying to set two different default category sort keys for one page now
22687 * (bug 16143) Fix redirect loop on special pages starting with lower case
22689 * (bug 15737) Fix notices while expanding using PPCustomFrame
22690 * (bug 15544) Non-index entry points cause the "Wiki not set up" message to
22692 * (bug 5101) Image from Commons doesn't show up when searched in Wikipedia
22694 * (bug 4362) [[MediaWiki:History copyright]] no more used with most recent
22695 revision when passing oldid parameter in the url
22696 * (bug 16265) When caching thumbs with the ForeignApiRepo, we now use the same
22697 filename as the remote site.
22698 * (bug 8345) Don't autosummarize where a redirect was left unchanged
22699 * Made thumb caching in ForeignApiFile objects integrated with normal thumb
22700 path naming (/thumbs/hash/file), retired 'apiThumbCacheDir' as a result.
22701 * (bug 5530) Consistency between character encoding in {{PAGENAMEE}},
22702 {{SUBPAGENAMEE}} and {{FULLPAGENAMEE}}
22703 * Safer handling of non-MediaWiki exceptions -- now obeys our settings for
22704 formatting and path exposure.
22705 * Less verbose errors from profileinfo.php when not configured
22706 * Blacklist redirects via Special:Filepath, hard to use.
22707 * Improved input validation on Special:Import form
22708 * Add a .htaccess to deleted images directory for additional protection
22709 against exposure of deleted files with known SHA-1 hashes on default
22711 * Improved scripting safety heuristics for IE 5/6 content-type detection.
22712 * Improved scripting safety heuristics on SVG uploads.
22713 * (bug 11728) Unify layout of enhanced watchlist/recent changes
22714 * (bug 8702) Properly update stats when running nukePage maintenance script
22715 * (bug 7726) Searches for words less than 4 characters now work without
22716 requiring customization of MySQL server settings
22717 * Honour unchecked "Leave a redirect behind" for moved subpages
22718 * (bug 16440) Broken 0-byte math renderings are now deleted and re-rendered
22719 when page is re-parsed.
22720 * (bug 6100) Unicode BiDi embedding/override characters (U+202A - U+202E) are
22721 now automatically removed from titles; these characters can accidentally end
22722 up in copy-and-pasted titles, and, by overriding normal bidirectional text
22723 handling, can lead to annoying behavior such as text rendering backwards
22724 * Fixed minor bug where the memcached value for how many accounts an IP had
22725 created that day would be increased even if $wgAccountCreationThrottle was
22726 hit. This meant if an IP hit the throttle and then the throttle was raised
22727 later that day, the IP still couldn't create another account, because it
22728 had marked them as having created another account, when their last account
22729 creation had actually failed.
22730 * (bug 12647) Allow autogenerated edit summary messages to be blanked with '-'
22731 * (bug 16026) 'Revision-info' and 'revision-info-current' both accept wiki
22733 * (bug 16529) Fix for search suggestions with some third-party JS libraries
22734 * (bug 13342) importScript() generates more consistent URI encoding
22735 * (bug 16577) When a blocked user tries to rollback a page, the block message
22736 is now only displayed once
22737 * (bug 14268) SVG image sizes now extracted with proper XML parser
22738 * (bug 14365) RepoGroup::findFiles() no longer crashes if passed an invalid
22740 * (bug 4253, bug 16586) Revision ID is now given instead of title in URLs for
22741 new pages in the recent changes IRC feed
22742 * Ugly tooltips in Special:Statistics were phased out in favor of more direct
22743 information. Went ahead and rewrote SpecialStatistics to subclass SpecialPage
22744 * (bug 5506) Links to files on foreign repositories are now shown consistently
22745 as bluelinks e.g. in logs and edit summaries
22746 * (bug 16623) Add missing </p> tag in Special:LockDB
22747 * (bug 15849) Special:Movepage now throws a more specific error when trying to
22748 move a title to an interwiki target
22749 * (bug 16638) 8-bit URL fallback encoding now set on additional languages using
22750 Arabic script (Persian, Urdu, Sindhi, Punjabi)
22751 * (bug 16656) cleanupTitles and friends should now work in load-balanced
22752 DB environments when $wgDBserver isn't set.
22753 * (bug 3691) Aspect ratio from viewBox attribute is now preserved for SVG
22754 images which do not specify width and height attributes.
22755 * (bug 15027) Internet domain names and IP addresses can now be indexed and
22756 searched sensibly with the default MySQL search backend.
22757 * (bug 11733) Fixed parameter validation in importTextFile.php
22758 * (bug 16712) Special:NewFiles updated to use "newer"/"older" paging messages
22759 for clarity over "previous/next"
22760 * (bug 16612) Fixed "noprint" class for Modern skin print style
22761 * Section anchors now have an "id" attribute as well as a "name" attribute,
22762 even when Tidy is not used
22763 * (bug 16026) revision-info, revision-info-current, cannotdelete,
22764 redirectedfrom, historywarning and difference messages now use Wiki text
22765 rather than raw HTML markup
22766 * (bug 13835) Fix rendering of {{filepath:Wiki.png|nowiki}}
22767 * (bug 16772) Special:Upload now correctly rejects files with spaces in the
22768 file extension (e.g. Foo. jpg).
22769 * Image moving over an existing file no longer throws a database error
22770 * (bug 16786) Restored "redundant" links recently removed from Classic sidebar
22771 * (bug 16850) $wgActionPaths can have query strings now, previously, this broke
22773 * (bug 16376) Mention in deleteBatch.php and moveBatch.php maintenance scripts
22774 that STDIN can be used for page list
22775 * (bug 16560) Special:Random returns a page from ContentNamespaces, and no
22776 longer from NS_MAIN
22778 === API changes in 1.14 ===
22780 * Registration time of users registered before the DB field was created is now
22781 shown as empty instead of the current time.
22782 * API search now falls back to fulltext search by default when using Lucene
22783 or other engine which doesn't support a separate title search function.
22784 This means you can use API search on Wikipedia without explicitly adding
22785 &srwhat=text to the query.
22786 * Added iiprop=bitdepth to imageinfo and aiprop=bitdepth to allimages
22787 * (bug 14713) API-specific permissions (such as 'writeapi' and 'apihighlimits'
22788 are now listed on action=help
22789 * (bug 15044) Added requestid parameter to api.php to facilitate distinguishing
22791 * (bug 15048) Added limit field for multivalue parameters to action=paraminfo
22793 * When the limit on multivalue parameters is exceeded, a warning is issued
22794 * list=search doesn't list missing pages any more
22795 * (bug 15178) Added clshow to prop=categories to allow filtering for hidden/
22796 non-hidden categories
22797 * (bug 15228) Combining revids= and redirects now throws a warning instead of
22798 an error, and still resolves redirects generated by the generator.
22799 * list={backlinks,embeddedin,imageusage} now return arrays with keys 0, 1, 2,
22800 etc. (AKA lists) instead of arrays with pageIDs as keys (AKA hash tables)
22801 for consistency with other list modules.
22802 * Added action=watch
22803 * (bug 15275) apprefix and related parameters ignore spaces at the end
22804 * action=edit no longer throws unknown error 228 when trying to create an
22805 empty section with section=new
22806 * Database replication lag doesn't cause all action=edit requests to return the
22807 nochange flag any more
22808 * (bug 15392) ApiFormatBase::formatHTML now uses $wgUrlProtocols.
22809 * (bug 15444) action=edit returns "Unknown error: ``AS_END''" where it should
22810 return just "Unknown error"
22811 * (bug 15448) YAML output returns empty values instead of 0
22812 * (bug 15445) Added action=patrol
22813 * (bug 15466) Added action=purge
22814 * (bug 15486) action=block ignores autoblock parameter
22815 * (bug 15492) added rcprop=loginfo to list=recentchanges
22816 * (bug 15527) action=rollback can now revert anonymous editors
22817 * (bug 15535) prop=info&inprop=protection doesn't list pre-1.10 protections
22818 if the page is also protected otherwise (1.10+ style or cascading)
22819 * list=random now has rnredirect parameter, to get random redirects.
22820 * Added APIAfterExecute, APIQueryAfterExecute and APIQueryGeneratorAfterExecute
22821 hooks which allow for extending core modules in a cleaner way
22822 * action=protect checks for invalid protection types and levels
22823 * (bug 15673) Added indentation to format=wddxfm output and improved built-in
22824 WDDX formatter to resemble PHP's more
22825 * (bug 15706) Empty values for apprtype and apprlevel are now silently ignored
22826 rather than causing an exception
22827 * Added uiprop=preferencestoken to meta=userinfo
22828 * (bug 15609) Add inprop=url and inprop=readable to prop=info
22829 * Add ApiDisabled and ApiQueryDisabled classes so individual modules can
22830 be disabled in LocalSettings.php
22831 * (bug 15653) Add prop=duplicatefiles
22832 * (bug 15768) Add list=watchlistraw
22833 * (bug 15647) action=edit with basetimestamp fails if the page has been deleted
22834 and undeleted since the last edit
22835 * (bug 15785) Allow for different expiry times for different protections in
22837 * Added allowsduplicates attribute to action=paraminfo output
22838 * (bug 15767) apfilterlanglinks returns duplicate results
22839 * (bug 15845) Added pageid/fromid parameter to action=delete/move, making
22840 manipulation of legacy pages with invalid titles possible
22841 * (bug 15881) Empty or invalid parameters cause database errors
22842 * The maxage and smaxage parameters are now properly validated
22843 * (bug 15945) list=recentchanges doesn't check $wgUseRCPatrol, $wgUseNPPatrol
22844 and patrolmarks right
22845 * (bug 15985) acfrom and aifrom parameters didn't work when sorting in
22847 * (bug 15995) Add cmstartsortkey and cmendsortkey parameters to
22848 list=categorymembers
22849 * (bug 16017) list=categorymembers sets invalid continue parameters for
22850 sortkeys containing pipes
22851 * (bug 16018) Added uccontinue parameter to list=usercontribs so paging
22852 works properly when multiple users are queried or a userprefix is used
22853 * (bug 16047) Added activeusers attribute to meta=siteinfo&siprop=statistics
22855 * Added redirect resolution to action=parse
22856 * (bug 16074) rvprop=content combined with a generator with a high limit causes
22858 * (bug 16105) Image metadata attributes containing spaces result in invalid XML
22859 * (bug 16126) Added siprop=magicwords to meta=siteinfo
22860 * (bug 16159) Added wlshow=patrolled|!patrolled to list=watchlist
22861 * (bug 16225) Titles like Talk:Talk:Foo broke apfrom and friends
22862 * meta=siteinfo&siprop=interwikimap no longer throws an exception for empty
22863 sifilter parameter.
22864 * (bug 12760) meta=userinfo&uiprop=ratelimits doesn't list group-specific rate
22866 * (bug 16398) meta=userinfo&uiprop=rights lists some rights twice in some cases
22867 * (bug 16408) Added rvgeneratexml to prop=revisions
22868 * (bug 16421) Made list=logevents's leuser accept user names with underscores
22870 * (bug 16516) Made rvsection=T-2 work
22871 * (bug 16526) Added usprop=emailable to list=users
22872 * (bug 16548) list=search threw errors with an invalid error code
22873 * (bug 16515) Added pst and onlypst parameters to action=parse
22874 * (bug 16541) Added block expiry timestamp to list=logevents output
22875 * (bug 16613) action=protect doesn't tell when &cascade was set but cascading
22876 protection wasn't allowed
22877 * (bug 16626) action=delete now correctly handles empty "reason" param
22878 * (bug 15579) clshow considers all categories !hidden
22879 * (bug 16647) list=allcategories, prop=categories don't return "hidden"
22880 property for hidden categories
22881 * New siprop parameter of 'extensions' to list all installed extensions
22882 * (bug 16672) Include canonical namespace name in
22883 meta=siteinfo&siprop=namespaces.
22884 * (bug 16726) siprop=namespacealiases should also list localized aliases
22885 * (bug 16730) Added apprfiltercascade parameter to list=allpages to filter
22886 cascade-protected pages
22888 === Languages updated in 1.14 ===
22890 MediaWiki supports over 300 languages. Many localisations are updated
22891 regularly. Below only new and removed languages are listed.
22893 * Bakhtiari (bqi) (new)
22894 * Fiji Hindi (Devanagari script) (hif-deva) (new)
22896 * Lezghian (lez) (new)
22898 * Eastern Mari (mhr) (new)
22899 * Niuean (niu) (new)
22901 * Plautdietsch (pdt) (new)
22902 * Western Punjabi (pnb) (new)
22903 * Tarantino (roa-tara) (new)
22904 * Serbo-Croatian (sh) (new)
22908 == MediaWiki 1.13 ==
22910 == MediaWiki 1.13.5 ==
22914 This is a maintenance update to the Summer 2008 snapshot release of MediaWiki.
22916 MediaWiki is now using a "continuous integration" development model with
22917 quarterly snapshot releases. The latest development code is always kept
22918 "ready to run", and in fact runs our own sites on Wikipedia.
22920 Release branches will continue to receive security updates for about a year
22921 from first release, but nonessential bugfixes and feature developments
22922 will be made on the development trunk and appear in the next quarterly release.
22924 Those wishing to use the latest code instead of a branch release can obtain
22925 it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
22927 == Changes since 1.13.4 ==
22929 * (bug 17449) Fixed PostgreSQL installation
22930 * (bug 17527) Fixed missing MySQL-specific options in installer
22932 == Changes since 1.13.3 ==
22934 A number of cross-site scripting (XSS) security vulnerabilities were discovered
22935 in the web-based installer (config/index.php). These vulnerabilities all
22936 require a live installer -- once the installer has been used to install a wiki,
22939 Note that cross-site scripting vulnerabilities can be used to attack any website
22940 in the same cookie domain. So if you have an uninstalled copy of MediaWiki on
22941 the same site as an active web service, MediaWiki could be used to attack the
22944 If you are hosting an old copy of MediaWiki that you have never installed, you
22945 are advised to remove it from the web.
22947 == Changes since 1.13.2 ==
22949 David Remahl of Apple's Product Security team has identified a number of
22950 security issues in previous releases of MediaWiki. Subsequent analysis by the
22951 MediaWiki development team expanded the scope of these vulnerabilities. The
22952 issues with a significant impact are as follows:
22954 * An XSS vulnerability affecting all MediaWiki installations between 1.13.0 and
22955 1.13.2. [CVE-2008-5249]
22956 * A local script injection vulnerability affecting Internet Explorer clients for
22957 all MediaWiki installations with uploads enabled. [CVE-2008-5250]
22958 * A local script injection vulnerability affecting clients with SVG scripting
22959 capability (such as Firefox 1.5+), for all MediaWiki installations with SVG
22960 uploads enabled. [CVE-2008-5250]
22961 * A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki
22962 installations since the feature was introduced in 1.3.0. [CVE-2008-5252]
22964 XSS (cross-site scripting) vulnerabilities allow an attacker to steal an
22965 authorised user's login session, and to act as that user on the wiki. The
22966 authorised user must visit a web page controlled by the attacker in order to
22967 activate the attack. Intranet wikis are vulnerable if the attacker can
22968 determine the intranet URL.
22970 Local script injection vulnerabilities are like XSS vulnerabilities, except
22971 that the attacker must have an account on the local wiki, and there is no
22972 external site involved. The attacker uploads a script to the wiki, which another
22973 user is tricked into executing, with the effect that the attacker is able to act
22974 as the privileged user.
22976 CSRF vulnerabilities allow an attacker to act as an authorised user on the wiki,
22977 but unlike an XSS vulnerability, the attacker can only act as the user in a
22978 specific and restricted way. The present CSRF vulnerability allows pages to be
22979 edited, with forged revision histories. Like an XSS vulnerability, the
22980 authorised user must visit the malicious web page to activate the attack.
22982 These four vulnerabilities are all fixed in this release.
22984 David Remahl also reminded us of some security-related configuration issues:
22986 * By default, MediaWiki stores a backup of deleted images in the images/deleted
22987 directory. If you do not want these images to be publically accessible, make
22988 sure this directory is not accessible from the web. MediaWiki takes some steps
22989 to avoid leaking these images, but these measures are not perfect.
22990 * Set display_errors=off in your php.ini to avoid path disclosure via PHP fatal
22991 errors. This is the default on most shared web hosts.
22992 * Enabling MediaWiki's debugging features, such as $wgShowExceptionDetails, may
22993 lead to path disclosure.
22995 Other changes in this release:
22997 * Avoid fatal error in profileinfo.php when not configured.
22998 * Add a .htaccess to deleted images directory for additional protection against
22999 exposure of deleted files with known SHA-1 hashes on default installations.
23000 * Avoid streaming uploaded files to the user via index.php. This allows
23001 security-conscious users to serve uploaded files via a different domain, and
23002 thus client-side scripts executed from that domain cannot access the login
23003 cookies. Affects Special:Undelete, img_auth.php and thumb.php.
23004 * When streaming files via index.php, use the MIME type detected from the
23005 file extension, not from the data. This reduces the XSS attack surface.
23006 * Blacklist redirects via Special:Filepath. Such redirects exacerbate any
23007 XSS vulnerabilities involving uploads of files containing scripts.
23008 * Internationalisation updates.
23010 == Changes since 1.13.1 ==
23012 * Security: Work around misconfiguration by requiring strict comparisons for
23013 in_array in User::isAllowed().
23014 * (bug 14944) Added $wgShellLocale for configuration of an appropriate locale
23015 to use for LC_CTYPE during shell invocation. For servers that don't have
23016 en_US.utf8. Also added locale detection during install.
23017 * Localisation updates
23018 * Security: Fixed XSS vulnerability in useskin parameter.
23020 == Changes since 1.13.0 ==
23022 * (bug 15460) Fixed intermittent deadlock errors and poor concurrent
23023 performance for installations without memcached.
23024 * (bug 13770) Fixed DOM module detection for installations with both dom
23026 * (bug 15148) Fixed Special:BlockIP for PostgreSQL
23027 * Fixed SQLite support for non-memcached installations
23028 * Localisation updates, Achinese (ace) added.
23030 == Changes since 1.13.0rc2 ==
23032 * (bug 13770) Fixed incorrect detection of PHP's DOM module
23033 * Fix regression from r37834: accesskey tooltip hint should be given for the
23034 minor edit and watch labels on the edit page.
23035 * Updated Chinese simplified/traditional conversion tables
23037 == Changes since 1.13.0rc1 ==
23039 * $wgForwardSearchUrl has been removed entirely. Documented setting since 1.4
23040 has been $wgSearchForwardUrl.
23041 * (bug 14907) DatabasePostgres::fieldType now defined.
23042 * (bug 14966) Fix SearchEngineDummy class for silently non-functional search
23043 on Sqlite instead of horribly fatal error breaky one.
23044 * (bug 14987) Only fix double redirects on page move when the checkbox is
23046 * (bug 13376) Use $wgPasswordSender, not $wgEmergencyContact, as return
23047 address for page update notification mails.
23048 * API: Registration time of users registered before the DB field was created is
23049 now shown as empty instead of the current time.
23050 * (bug 14904): fragments were lost when redirects were fixed.
23051 * Added magic word __STATICREDIRECT__ to suppress the redirect fixer
23052 * (bug 15035) Revert English linkTrail to /^([a-z]+)(.*)$/sD, as it was before
23053 r36253. Multiple reports of breakage due to old (pre-5.0) PCRE libraries,
23054 both bundled with PHP and packaged with distros such as RHEL.
23055 * (bug 14944) Shell invocation of external programs such as ImageMagick convert
23056 was broken in PHP 5.2.6, if the server had a non-UTF-8 locale.
23059 === Configuration changes in 1.13 ===
23061 * New option $wgFeed can be set false to turn off syndication feeds
23062 * (bug 5745) Special:Whatlinkshere now shows up to $wgMaxRedirectLinksRetrieved
23063 links through each redirect instead of hardcoded 500
23064 * Set $wgUploadSizeWarning to false by default
23065 * Added $wgLBFactoryConf, for generic configuration of multi-master wiki farms
23066 * Removed $wgAlternateMaster, use $wgLBFactoryConf
23067 * (bug 13562) Misspelled option $wgUserNotifedOnAllChanges changed to
23068 $wgUserNotifiedOnAllChanges
23069 * (bug 12860) New option $wgSitemapNamespaces allows sitemaps to be generated
23070 for only some namespaces
23071 * Removed the emailconfirmed implicit group by default. To re-add it, use:
23072 $wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED;
23073 in your LocalSettings.php.
23074 * (bug 2396) New shared database configuration variables. $wgSharedPrefix allows
23075 you to use a shared database with a different prefix. Or you can now use a
23076 local database and use prefixes to separate wiki and the shared tables. And
23077 the new $wgSharedTables variable allows you to specify a list of tables to
23079 * Automatic edit summaries can be disabled with $wgUseAutomaticEditSummaries
23080 * Duplicates of images are now shown on the image page
23081 * $wgRCFilterByAge allows for the list of dates in recent changes special pages
23082 to be filtered to only those within the range of $wgRCMaxAge
23083 * $wgRCLinkLimits and $wgRCLinkDays allow for customization of the list and
23084 limits displayed on the recent changes special pages
23085 * The "createpage" permission is no longer required when uploading if the target
23086 image page already exists
23087 * $wgMaximumMovedPages restricts the number of pages that can be moved at once
23088 (default 100) with the new subpage-move functionality of Special:Movepage
23089 * Hooks display in Special:Version is now disabled by default, use
23090 $wgSpecialVersionShowHooks = true; to enable it.
23091 * $wgActiveUserEditCount sets the number of edits that must be performed over
23092 a certain number of days to be considered active
23093 * $wgActiveUserDays is that number of days
23094 * $wgRateLimitsExcludedGroups has been deprecated in favor of
23095 $wgGroupPermissions[]['noratelimit']. The former still works, however.
23096 * New $wgGroupPermissions option 'move-subpages' added to control bulk-moving
23097 subpages along with pages. Assigned to 'user' and 'sysop' by default.
23098 * New $wgRC2UDPOmitBots allows user to omit bot edits from UDP output.
23100 * Removed $wgEnableCascadingProtection option. Disabling cascading protection
23101 is no longer possible.
23102 * $wgMessageCacheType defines now the type of cache used by the MessageCache
23103 class, previously it was choosen based on $wgParserCacheType
23104 * $wgExtensionAliasesFiles option to simplify adding aliases to special pages
23105 provided by extensions, in a similar way to $wgExtensionMessagesFiles
23106 * Added $wgXMLMimeTypes, an array of XML mimetypes we can check for
23108 * Added $wgDirectoryMode, which allows for setting the default CHMOD value when
23109 creating new directories.
23110 * (bug 14843) $wgCookiePrefix can be set by LocalSettings now, false defaults
23113 === New features in 1.13 ===
23115 * __HIDDENCAT__ on a category page causes the category to be hidden on the
23117 * Do not show edit permissions errors on a red link click, just redirect to the
23118 article. This is so that readers who don't know what a red link is are not
23119 confused when they are told they are range-blocked.
23120 * Add a new hook ImageBeforeProduceHTML to allow extensions to modify wikitext
23121 image syntax output
23122 * (bug 13100) Added 'preloadtitle' parameter to action=edit§ion=new that
23123 pre-fills the section title field
23124 * (bug 13112) Added Special:RelatedChanges alias to Special:RecentChangesLinked
23125 * (bug 13130) Moved edit token and autosummary fields above edit tools to
23126 reduce broken form submissions
23127 * Add --old-redirects-only option to maintenance/refreshLinks.php, to add old
23128 redirects to the redirect table
23129 * Add links to page and file deletion forms to edit predefined delete reasons
23130 * (bug 13269) Added MediaWiki:Uploadfooter to the bottom of Special:Upload
23131 * (bug 2815) Search results for media now use thumbnail instead of text extract
23132 * When a page doesn't exist, the tab should say "create", not "edit"
23133 * (bug 12882) Added a span with class "patrollink" around "Mark as patrolled"
23135 * Magic word formatnum can now take raw suffix to undo formatting
23136 * Add updatelog table to reliably permit updates that don't change the schema
23137 * Add category table to allow better tracking of category membership counts
23138 ** (bug 1212) Give correct membership counts on the pages of large categories
23139 ** Use category table for more efficient display of Special:Categories
23140 * (bug 1459) Search for duplicate files by hash: Special:FileDuplicateSearch
23141 * (bug 9447) Added hooks for search result headings
23142 * Image redirects are now enabled by default
23143 * (bug 13450) Email confirmation can now be canceled before the expiration
23144 * (bug 13490) Show upload/file size limit on upload form
23145 * Redesign of Special:UserRights
23146 * Make rev_deleted log entries more intelligible
23147 * (bug 6943) Added PAGESINCATEGORY: magic word
23148 * (bug 13604) Added Special:ListGroupRights
23149 * (bug 6332, 8617) Added message 'mainpage-description' as duplicate of
23150 'mainpage' and added it to message 'sidebar'
23151 * Automatically add old redirects to the redirect table when needed
23152 * (bug 6934) Allow inclusions, links, redirects to be separately toggled on or
23153 off on Special:WhatLinksHere
23154 * Cache image redirects
23155 * (bug 10457) Organize Special:SpecialPages into sections
23156 * Add a new hook EditPageBeforeConflictDiff to allow extensions like FCKeditor
23157 to modify the output for edit conflicts
23158 * Add class="nested" for <fieldset>s so fieldsets inside fieldsets get
23159 a slightly less huge margin and padding
23160 * (bug 13527) Use sitemaps.org format 0.9 instead of a Google-specific format
23161 * Allow \C and \Q as TeX commands to match \R, \N, \Z
23162 * On Special:UserRights, when you can add a group you can't remove or remove
23163 one you can't add, a notice is printed to warn you
23164 * (bug 12698) Create PAGESIZE parser function, to return the size of a page
23165 * Allow the "log in / create account" link in the toolbar to have different
23166 text from Special:UserLogin title (new message 'nav-login-createaccount')
23167 * Say "log in / create account" if an anonymous user can create an account,
23168 otherwise just "log in", consistently across skins
23169 * Special:Shortpages and Special:Longpages now returns pages in all content
23170 namespaces, not just NS_MAIN.
23171 * (bug 889) Improve conflict-handling between shared upload repository
23173 * Update documentation links in auto-generated LocalSettings.php
23174 * (bug 13584) The new hook SkinTemplateToolboxEnd was added.
23175 * (bug 709) Cannot rename/move images and other media files [EXPERIMENTAL]
23176 * Custom rollback summaries now accept the same arguments as the default message
23177 * (bug 12542) Added hooks for expansion of Special:Listusers
23178 * Drop-down AJAX search suggestions (turn on $wgEnableMWSuggest)
23179 * More relevant search snippets (turn on $wgAdvancedSearchHighlighting)
23180 * (bug 13950) Allow users to watch the user/talk pages of users they block.
23181 * (bug 13970) Allow MonoBook-based skins to specify their own print stylesheet
23182 * Show image links on Special:Whatlinkshere
23183 * Use rel="start", "prev", "next" appropriately on Pager-based pages
23184 * Add support for SQLite
23185 * AutoAuthenticate hook renamed to UserLoadFromSession
23186 * (bug 13232) importScript(), importStylesheet() funcs available to custom JS
23187 * (bug 13095) Search by first letters or digits in [[Special:Categories]]
23188 * Users moving a page can now move all subpages automatically as well
23189 * (bug 14259) Localisation message for upload button on Special:Import is now
23190 'import-upload' instead of 'upload'
23191 * Add information about user group membership to Special:Preferences
23192 * (bug 14146) Wrap usage section on imagepages into <div>s.
23193 * New layout for Special:Specialpages. Restricted pages are marked but not
23194 separated from other pages in their group.
23195 * (bug 14263) Show a diff of the revert on rollback notification page.
23196 * (bug 13434) Show a warning when hash identical files exist
23197 * Sidebar is now cached for all languages
23198 * The User class now contains a public function called isActiveEditor. Figures
23199 out if a user is active based on at least $wgActiveUserEditCount number of
23200 edits in the last $wgActiveUserDays days.
23201 * SpecialSearchResults hook now passes results by reference, so they can be
23202 changed by extensions.
23203 * Add a new hook LinkerMakeExternalLink to allow extensions to modify the output
23205 * (bug 14132) Allow user to disable bot edits from being output to UDP.
23206 * (bug 14328) jsMsg() within Wikibits now accepts a DOM object, not just a
23208 * (bug 14558) New system message (emailuserfooter) is now added to the footer of
23209 e-mails sent with Special:Emailuser
23210 * Add support for Hijri (Islamic) calendar
23211 * Add a new hook LinkerMakeExternalImage to allow extensions to modify the
23212 output of external (hotlinked) images.
23213 * (bug 14604) Introduced the following features for the LanguageConverter:
23214 Multi-tag support, single conversion flag, remove conversion flag on a single
23215 page, description flag, variant name, multi-variant fallbacks.
23216 * Add zh-mo and zh-my variants for the zh language
23217 * (bugs 4832, 9481, 12890) Special:Recentchangeslinked now has all options that
23218 are in Special:Recentchanges
23219 * Allow an $error message to be passed to ArticleDelete hook
23220 * Allow extensions to modify the user creation form by calling addInputItem();
23221 * Add meta generator tag to HTML output
23222 * MediaWikiPerformAction hook is now passed the MediaWiki object
23223 * Added blank special page Special:BlankPage for benchmarking, etc.
23224 * Foreign repo file descriptions and thumbnails are now cached.
23225 * (bug 11732) Allow localisation of edit button images
23226 * Allow the search box, toolbox and languages box in the Monobook sidebar to be
23227 moved around arbitrarily using special sections in [[MediaWiki:Sidebar]]:
23228 SEARCH, TOOLBOX and LANGUAGES
23229 * Add a new hook NormalizeMessageKey to allow extensions to replace messages
23230 before the database is potentially queried
23231 * (bug 9736) Redirects on Special:Fewestrevisions are now marked as such.
23232 * New date/time formats in Cs localization according to ČSN and PČP.
23233 * Special:Recentchangeslinked now includes changes to transcluded pages and
23234 displayed images; also, the "Show changes to pages linked" checkbox now works
23235 on category pages too, showing all links that are not categorizations
23236 * (bug 4578) Automatically fix redirects broken by a page move
23238 === Bug fixes in 1.13 ===
23240 * (bug 10677) Add link to the file description page on the shared repository
23241 * (bug 13084) Increase size of source/destination filename fields in upload form
23242 * (bug 13115) rebuildrecentchanges should print the current value of $wgRCMaxAge
23243 * (bug 13140) Show parent categories in category namespace
23244 * (bug 13149) Correctly format 'fileexists' message on Upload page
23245 * Make the default filepageexists message accurate
23246 * (bug 12988) $wgMinimalPasswordLength no longer breaks create user by email
23247 * (bug 13022) Fix upload from URL on PHP 5.0.x
23248 * (bug 13132) Unable to unprotect pages protected with earlier versions of
23250 * (bug 12723) OpenSearch description name now uses more compact language code
23251 to avoid passing the length limit as often, is customizable per site via
23252 'opensearch-desc' message.
23253 * (bug 13135) Special:Userrights now passes IDs through form submission
23254 to allow functionality on not-quite-right usernames
23255 * (bug 12575) Prevent duplicate patrol log entries from being created
23256 * (bug 13174) __HIDDENCAT__ now applies only to category pages
23257 * (bug 13031) Add links to user pages in e-mail form
23258 * (bug 13147) Description for categoriespagetext (used in Special:Categories)
23260 * (bug 11561) Fix fatal error when calling action=revert to non-image page
23261 * (bug 12430) Fix call to private method LinkFilter::makeRegex fatal error in
23262 maintenance/cleanupSpam.php
23263 * All skins should have the "mediawiki" class on the body element
23264 * (bug 13019) Message cache for some extensions not loaded at time of editing
23265 * (bug 13247) Prettified ISBN links
23266 * maintenance/refreshLinks.php did not fix page_id 1 with the --new-only option
23267 * (bug 13110) Don't show "Permission error" page if the edit is already rolled
23268 back when using rollback
23269 * (bug 13012) Use content messages for block options when generating the
23270 recentchanges entry
23271 * (bug 13274) Change links for messages to ucfirst
23272 * (bug 13273) Un-hardcode some punctuation (add new messages colon-separator,
23273 autocomment-prefix)
23274 * Parse MediaWiki message translations with a correct language setting on
23276 * (bug 13281) Treat X-Forwarded-For, Client-ip and User-Agent headers as
23277 case-insensitive names.
23278 * Adding the fix for lists in RTL wikis to more skins, and fixing the image toc
23279 * (bug 8157) Remove redirects from Special:Unusedtemplates. Patch by WebBoy.
23280 * (bug 10721) Duplicate section anchors with differing case now disambiguated
23281 for Internet Explorer's sake and standards compliance
23282 * (bug 13298) Tighter limits on Special:Newpages limits when embedding
23283 * Email subject in content language instead of sending user's UI language
23284 * (bug 13251) Allow maintenance rebuild scripts to work with Postgres
23285 * (bug 2084) Fixed incorrect regex to match redirects
23286 * (bug 3131) Manually-specified upload destination filename is no longer
23287 overwritten by browsing for a file after you wrote it.
23288 * (bug 7251) Sidebars generated by MediaWiki:Sidebar now have the class
23289 'generated-sidebar'.
23290 * (bug 13265) Media handler is missing 'image/x-bmp'
23291 * (bug 13407) MediaWiki:Powersearch is used in two places
23292 * (bug 13403) Fix cache invalidation of history pages when old revisions change
23293 * (bug 11563) Deprecated SearchMySQL4 class; merged code to SearchMySQL
23294 * (bug 12801) Fix link in subtitle message in AJAX search
23295 * (bug 13428) Fix regression in protection form layout HTML validity
23296 * (bug 9403) Sanitize newlines from search term input
23297 * (bug 13429) Separate date and time in message sp-newimages-showfrom
23298 * (bug 13137) Allow setting 'editprotected' right separately from 'protect',
23299 so groups may optionally edit protected pages without having 'protect' perms
23300 * Disallow deletion of big pages by means of moving a page to its title and
23301 using the "delete and move" option.
23302 * (bug 13466, 13632) White space differences not shown in diffs
23303 * (bug 1953) Search form now honors namespace selections more reliably
23304 * (bug 12294) Namespace class renamed to MWNamespace for PHP 5.3 compatibility
23305 * PHP 5.3 compatibility fix for wfRunHooks() called with no parameters
23306 * (bug 6447) Trackbacks now work with transactional tables, if enabled
23307 * (bug 6892, 7147) Trackback error handling, optional fields more robust
23308 * (bug 6813) Don't break HTML validator when using trackbacks
23309 * Fix for size checks on SVG images with global 'stroke-width' attribute
23310 * (bug 11874) Inline CSS with !important no longer borken
23311 * (bug 1600) Strip extra == section markup == in new-comment field
23312 * (bug 11325) Wrapped page titles in MonoBook skin spaced more nicely
23313 * (bug 12077) Fix HTML nesting for TOC
23314 * (bug 344) Purge cache for talk/article pages when deleting the other tab
23315 * (bug 13436) Treat image captions correctly when they include option keywords
23316 (like ending with "px" or starting with "upright")
23317 * Trackback display formatting fixed
23318 * Don't die when single-element arrays are passed to SQL query constructors
23319 that have an array index other than 0
23320 * (bug 13522) Fix fatal error in Parser::extractTagsAndParams
23321 * (bug 13532) Use proper timestamp call when reverting images
23322 * (bug 13543) Updated FAQ link in the installer sidebar
23323 * (bug 13540) Date format in confirmation e-mail now matches message language
23324 * (bug 13554) PHP Notice in old pre-processor when list item is empty.
23325 * (bug 13556) Don't show a blank form if no image is attached in Special:Upload
23326 * (bug 13576) maintenance/rebuildrecentchanges.php fails
23327 * (bug 13441) Allow Special:Recentchanges to show bots only
23328 * (bug 13431) Show true message source in Special:Allmessages&ot=php / xml
23329 * (bug 13463) Login successful page doesn't use user's preferred interface
23331 * (bug 13630) Fixed warnings for pass by reference at call time in
23332 Special:Revisiondelete when generating the log entry.
23333 * (bug 12064) BeforePageDisplay hook is now called for all skins
23334 * (bug 13624) Fix regression with manual thumb= parameter on images
23335 * (bug 11039) Add missing labels on protection form
23336 * (bug 13458) Preview/edit toolbar spacing now works consistently
23337 * (bug 13433) Fix action=render on Image: pages
23338 * (bug 13678) Fix CSS validation for Monobook
23339 * (bug 13684) Links in Special:ListGroupRights should be in content language
23340 * (bug 13690) Fix PHP notice on accessing some URLs
23341 * Hide (undo) link if user isn't able to edit page
23342 * Invalidate cache of pages that includes images via redirects on upload
23343 * (bug 13705) Don't show rollback link in page history on incorrect revisions
23344 * (bug 13708) Don't set "Search results" title when loading Special:Search
23346 * (bug 13736) Don't show MediaWiki:Anontalkpagetext on non-existent IP addresses
23347 * (bug 13728) Don't trim initial whitespace during section edits
23348 * (bug 13727) Don't delete log entries from recentchanges on page deletion
23349 * (bug 13752) Redirects to sections now work again
23350 * (bug 13725) Upload form watch checkbox state set correctly with wpDestFile
23351 * (bug 13756) Don't show the form and navigation links of Special:Newpages if
23352 the page is included
23353 * When hiding things on WhatLinksHere, generated URLs should hide them too
23354 * Properly escape search terms with regex chars so they appear highlighted in
23356 * (bug 13768) pt_title field encoding fixed
23357 * Do not display empty columns on Special:UserRights if all groups are
23358 changeable or all unchangeable
23359 * Fix fatal error on calling PAGESINCATEGORY with invalid category name
23360 * (bug 13793) Special:Whatlinkshere filters wrong - after paginating instead of
23362 * (bug 13796) Show links to parent pages even if some of them are missing
23363 * (bug 13816) Filter by main namespace doesn't work on WhatLinksHere
23364 * (bug 13822) Fatal error on some pages when calculating subpage subtitle
23365 * (bug 13824) AJAX search suggestion now works with non-SkinTemplate skins
23366 * Added 'application/x-dia-diagram' MediaWiki's known MIME types
23367 * (bug 13866) skins/common/shared.css - invalid attribute fixing
23368 * Hide edit section links on Special:Undelete
23369 * (bug 13860) Fix "Justify paragraphs" option for Modern skin
23370 * (bug 13168) accessibility links in Modern skin link to wrong anchor id
23371 * (bug 13185) No line break after 'subpages' class in Modern skin
23372 * (bug 13583) No "poweredby" in Modern skin
23373 * (bug 13880) "Printable" link in Modern skin now formats as print mode
23374 * (bug 13885) Bump default $wgSVGMaxSize from 1024 to 2048 pixels
23375 * (bug 13891) Show categories box even if all categories are hidden and user has
23376 "show hidden categories" option on
23377 * (bug 13915) Undefined variable $wltsfield in includes/SpecialWatchlist.php
23378 * (bug 13913) Special:Whatlinkshere now has correct HTML markup
23379 * (bug 13905) Blacklist Mac IE from HttpOnly cookies; it eats them sometimes
23380 * (bug 13922) Fix bad HTML on empty Special:Prefixindex and Special:Allpages
23381 * (bug 13924) Fix bad HTML on power search form
23382 * (bug 13820) Fix updater for rev_parent_id population
23383 * (bug 13925) Fix bad HTML on search results list
23384 * (bug 13934) Fixing the link to GNU General Public License Version 2
23385 * Show correct accesskey prefix for Firefox 3 beta (Alt-Shift-, not Alt-)
23386 * (bug 13949) Special:PrefixIndex/AllPages paging links contain invalid XML
23387 * (bug 13770) Use Preprocessor_Hash by default to avoid missing DOM module
23389 * (bug 13982) Disable ccmeonemails preference when user-to-user mails disabled
23390 * (bug 13615) Update case mappings and normalization to Unicode 5.1.0
23391 Note that case mappings will only be used if mbstring extension is not
23393 * (bug 14044) Don't increment page view counters on views from bot users
23394 * (bug 14042) Calling Database::limitResult() misplaced the comment in the log
23396 * (bug 14047) Fix regression in installer which hid DB-specific options
23397 Also makes SQLite path configurable in the installer.
23398 * (bug 13546) Follow image redirects on image page
23399 * (bug 12644) Template list on edit page now sorted on preview
23400 * (bug 14058) Support pipe trick for namespaces and interwikis with "-"
23401 * Message name filter on Special:Allmessages now case-insensitive
23402 * (bug 13943) Fix image redirect behavior on image pages
23403 * (bug 14093) Do 'sysop' => 'protect' magic in Title::isValidMoveOperation
23404 * (bug 14063) Power search form missing <label> for redirects check
23405 * (bug 14111) Similar filename warning links now lead to correct page
23406 * (bug 14082) Fix for complex text input vs AJAX suggestions on some browsers
23407 * (bug 13693) Categories sometimes claim to have a negative number of members
23408 * (bug 1701) Korean Hangul syllables now broken down properly in Category lists
23409 even if the wiki's overall content language is not Korean
23410 * (bug 12773) addOnloadHook() now calls functions immediately when scripts are
23411 loaded after the primary page completion, instead of dropping them
23412 * (bug 14199) Fix deletion form for image redirect pages
23413 * (bug 14220) Disabling $wgCheckFileExtensions now works without also
23414 disabling $wgStrictFileExtensions
23415 * (bug 14241) Pages can no longer be protected to levels you are not in
23416 * (bug 14296) Fix local name of ang: (Anglo-Saxon)
23417 * (bug 4871) Hardcoded superscript in time zone preferences moved to message
23418 * (bug 6957) E-mail confirmation links now using English special page name
23419 for better compatibility and keeping the links shorter. Avoids problem
23420 with corrupt links in Gmail on IE 6.
23421 * (bug 14273) Fix for HTTP Accept header parsing with spaces as from Konqueror
23422 * (bug 14312) Update LanguageKaa.php for handling transform issues with i to İ
23424 * (bug 13826) MediaWiki:Defaultns accepts Wikicode
23425 * (bug 14324) Creating an account is again possible with $wgEmailConfirmToEdit
23427 * (bug 13034) Interwiki pages can now be reached using Go search button
23428 * (bug 14362) Change interwiki names of Erzya and Moksha Wikipedias
23429 * (bug 14370) When a grouppage-x message does not exist the entry on the
23430 ListGroupRights special page now links to the project namespace page for it,
23431 not the main namespace page.
23432 * (bug 11659) Urldecode image names in galleries
23433 * (bug 14258, 14368) Fix for subpage renames in replication environments
23434 * (bug 14367) Failed block no longer adds phantom watchlist entry
23435 * (bug 14385) "Move subpages" option no longer tries to move to invalid titles
23436 * (bug 14386) Fix subpage namespace oddity when moving a talk page
23437 * (bug 11771) Signup form now not shown if in read-only mode.
23438 * (bug 12859) $wgRateLimitsExcludedGroups has been deprecated in favor of
23439 $wgGroupPermissions[]['noratelimit'].
23440 * (Bug 13828) Split parameter $1 of MediaWiki:Missingarticle into $1 (=title)
23441 and $2 (=revision numbers)
23442 * (bug 14401) Fix Safari access key tooltips for Windows and >3.1 Mac versions
23443 * (bug 14432) Fix notice regression in Special:Newpages feed mode
23444 * (bug 11951) EditPage::getEditToolbar() is now static.
23445 * (bug 14392) Fix regression breaking table prefix in installer
23446 * (bug 11084) $wgDBprefix replacement for updater SQL will now work for
23447 extension tables using uppercase letters or digits in their names.
23448 * (bug 12311) Fix regression with lists at start of undeletion preview
23449 * (bug 14496) Fix regression with parseinline on Special:Upload.
23450 * We no longer just give up on a missing upload base directory; it's now
23451 created automatically if we have sufficient permissions!
23452 * (bug 14479) MediaWiki:upload-maxfilesize should have a div id wrapper
23453 * (bug 14497) Throw visible errors in installer scripts when SQL files
23454 fail due to database permission or other error
23455 * (bug 14500) Site feed (Recentchanges) no longer shows up on the actual
23456 recent changes page.
23457 * (bug 14511) MediaWiki:Delete-legend is no longer double escaped
23458 * Generate correct section anchors for numeric headers
23459 * (bug 14520) Don't load nonexistent CSS files for Chick/Myskin/Simple skins
23460 * (bug 14551) Cancel upload no longer automatically suppresses warnings
23461 * (bug 13878) Deprecate Article::getDB() in favor of direct wfGetDB() calls
23462 * (bug 4977) Fix for possible squid purging errors when using HTTP purges
23463 and multiple servers
23464 * (bug 14572) Redirects listed on file links on image pages no longer redirect.
23465 * (bug 14537) Change interwiki name for Old Church Slavonic (cu)
23466 * (bug 14583) Fix regression in recent changes "limit to certain categories."
23467 * (bug 14515) HTML nesting cleanup on edit form
23468 * (bug 14647) Removed unused 'townBox' CSS classes
23469 * (bug 14687) OutputPage::addStyle() now adds type="text/css" like it should.
23470 * OpenSearch cleanup; Firefox now sends you to the search page for empty
23471 searches instead of the domain root (which may not even be a wiki).
23472 * (bug 3481) Pages moved shortly after creation are shown at their new title
23473 on Special:Newpages.
23474 * (bug 12716) Trying to unprotect a title that isn't protected no longer
23475 generates a log entry.
23476 * (bug 14088) Excessively long block expiry times are rejected as invalid,
23477 keeps the log page from being distorted.
23478 * (bug 14708) Emulate INSERT...IGNORE with standard SQL for Postgres backend.
23479 * (bug 14646) Fix some double-escaping of HTML in feed output
23480 * (bug 14709) Fix login success message formatting when using cookie check
23481 * (bug 14710) Remove "donate" link from default sidebar
23482 * (bug 14745) Image moving works on sites that transform thumbnails via 404
23483 * (bug 2186) Document.write() in wikibits caused failures when using
23484 application/xhtml+xml. The calls to this have been removed.
23485 * (bug 14764) Fix regression in from Article::lastModified(), failed to work
23486 on non-mySQL schemas.
23487 * (bug 14763) Child classes of Database (DatabasePostgres and DatabaseOracle)
23488 had strict standards issues with setFakeSlaveLag() and setFakeMaster().
23489 * (bug 451) Improve the phrase mappings of the Chinese converter arrays.
23490 * (bug 12487) Rights log is not fully internationalized
23491 * (bug 10837) Language variants no longer override other languages than base
23492 * (bug 14778) 'limit' parameter now applies to history feeds as well as
23494 * (bug 14845) Bug in prefs javascript: Calling an array item without checking
23496 * Accesskeys for minor edit/watch checkboxes on edit now work in Firefox 3
23497 * (bug 12384) Comments in maintenance/*php
23498 * (bug 12441) ./maintenance/generateSitemap.php fix -fspath requiring
23500 * (bug 12568) configuration script now produce valid XHTML.
23501 * The accesskey to edit a page is now disabled when editing the page, to pre-
23502 vent conflicts with Safari shortcuts.
23504 === API changes in 1.13 ===
23506 * Fixing main page display in meta=siteinfo
23507 * (bug 13128) Added patrolled flag to list=recentchanges
23508 * Implemented {bl,ei,iu}redirect (lists links through redirects as well)
23509 * (bug 13154) Introduced subpages flag to meta=siteinfo&siprop=namespaces
23510 * (bug 13157) Added ucuserprefix parameter to list=usercontribs
23511 * (bug 12394) Added rctitles parameter to list=recentchanges, making rcid
23513 * (bug 13218) Fix inclusion of " character in hyperlinks
23514 * Added watch and unwatch parameters to action=delete and action=move
23515 * Added action=edit
23516 * (bug 11401) Added xmldoublequote to xml formatter
23517 * Added rvsection parameter to prop=revisions to allow fetching the content of
23518 a certain section only
23519 * Introduced list=allimages
23520 * (bug 13371) Build page set from image hashes
23521 * Mark non-existent messages in meta=allmessages as missing
23522 * (bug 13390) One invalid title no longer kills an entire API query
23523 * (bug 13419) Fix gblredirect so it actually works
23524 * (bug 13418) Disable eiredirect because it's useless
23525 * (bug 13395) list=allcategories should use category table
23526 * (bug 13442) Missing pages in prop=langlinks and prop=extlinks are now
23528 * (bug 13444) Add description to list=watchlist
23529 * (bug 13482) Disabled search types handled properly
23530 * Added inprop=talkid,subjectid to prop=info
23531 * Added help text message that specifies whether a module is POST-only
23532 * Added createonly parameter to action=edit
23533 * Replaced $wgAPIUCUserPrefixMinLength by the more generic $wgAPIMaxDBRows
23534 * (bug 11719) Remove trailing blanks in YAML output.
23535 * (bug 13541) Added siprop=specialpagealiases to meta=siteinfo
23536 * Added fallback8bitEncoding and readonly fields to
23537 meta=siteinfo&siprop=general output
23538 * (bug 13544) Added prop=revid to action=parse
23539 * (bug 13603) Added siprop=usergroups to meta=siteinfo
23540 * Cleaned up redirect resolution
23541 * Added possibility to obtain all external links through list=exturlusage
23542 * (bug 13606) Added archivename to iiprop
23543 * (bug 11633) Explicitly convert redirect titles to strings due to PHP's
23544 very weak typing on array keys.
23545 * (bug 12136) Extend allowed characters in JSON callback to ][.'"_A-Za-z0-9
23546 * (bug 11673) Return error 'unknown_action' in specified format
23547 * (bug 13618) Added rcprop=redirect and rcshow=redirect to list=recentchanges
23548 * (bug 13544) Added oldid parameter to action=parse to allow for parsing of old
23550 * (bug 13718) Return the proper continue parameter for cmsort=timestamp
23551 * action=login now returns the correct waiting time in the details property
23552 * (bug 13792) Broken titles are now silently skipped in search results.
23553 * (bug 13819) exturlusage paging skipped an item
23554 * Fixed handling of usernames containing spaces in list=block
23555 * (bug 13836) Fixed fatal errors resulting from combining iiprop=metadata with
23557 * (bug 13735) Added prop=categoryinfo module
23558 * (bug 13945) Retrieve cascading protection sources via inprop=protection
23559 * (bug 13965) Hardcoded 51 limit on titles is too limiting
23560 * (bug 13993) apfrom doesn't work with apdir=descending
23561 * (bug 14018) Introduced alcontinue to list=alllinks to improve paging
23562 * (bug 14013) Added rcshow=patrolled to list=recentchanges
23563 * (bug 14028) Added language attribute to interwiki map in meta=siteinfo
23564 * (bug 14022) Added usprop=registration and auprop=blockinfo
23565 * (bug 14021) Removed titles= support from list=backlinks (has been obsolete
23567 * (bug 13829) Expose parse tree via action=expandtemplates
23568 * (bug 13606) Allow deletion of images
23569 * Added iiprop=mime and aiprop=metadata
23570 * Handled unrecognized values for parameters more gracefully
23571 * Handled requesting disallowed tokens more gracefully
23572 * (bug 14140) URL-encoded page titles are now decoded in edit summaries
23573 * (bug 14243) Only accept post requests in action=edit; patch by HardDisk
23574 * action=block now returns an ISO8601 timestamp, like all other modules do
23575 * Added md5 parameter to action=edit
23576 * (bug 14335) Logging in to unified account using API not possible
23577 * Added action=emailuser to send an email to a user
23578 * (bug 14471) Use HTMLTidy and generate limit report in action=parse
23579 * (bug 14459) Added prependtext and appendtext parameters to action=edit
23580 * (bug 14526) Unescaped SQL in list=backlinks
23581 * Added 'hidden' flag to list=allcategories and prop=categoryinfo output
23582 * Added nocreate parameter to action=edit
23583 * (bug 14402) Added maxage and smaxage parameters to api.php
23584 * Added bkip parameter to list=blocks
23585 * (bug 14651) apprefix and similar parameters are now canonicalized
23586 * Added clprop=timestamp to prop=categories
23587 * (bug 14678) API errors now respects $wgShowExceptionDetails and
23589 * (bug 14723) Added time zone and writing direction to meta=siteinfo
23590 * Added APIQueryInfoTokens and APIQueryRevisionsTokens hooks so extensions
23591 can add their own tokens
23592 * Added block and unblock tokens to prop=info as well
23593 * Added paging (limit and continue parameters) to
23594 prop={links,templatelinks,langlinks,extlinks,categories,images}
23595 * Added flag "top" to list=usercontribs if the user is the last contributor to
23597 * list=exturlusage in "list all links" mode can now filter by protocol
23599 == MediaWiki 1.12 ==
23601 == MediaWiki 1.12.4 ==
23605 A number of cross-site scripting (XSS) security vulnerabilities were discovered
23606 in the web-based installer (config/index.php). These vulnerabilities all
23607 require a live installer -- once the installer has been used to install a wiki,
23610 Note that cross-site scripting vulnerabilities can be used to attack any
23611 website in the same cookie domain. So if you have an uninstalled copy of
23612 MediaWiki on the same site as an active web service, MediaWiki could be used to
23613 attack the active service.
23615 If you are hosting an old copy of MediaWiki that you have never installed, you
23616 are advised to remove it from the web.
23618 == MediaWiki 1.12.3 ==
23620 * Fixed packaging/distribution error. Many files were missing from the
23621 distributed tarball.
23623 == MediaWiki 1.12.2 ==
23625 David Remahl of Apple's Product Security team has identified a number of
23626 security issues in previous releases of MediaWiki. Subsequent analysis by the
23627 MediaWiki development team expanded the scope of these vulnerabilities. The
23628 issues with a significant impact are as follows:
23630 * A local script injection vulnerability affecting Internet Explorer clients
23631 for all MediaWiki installations with uploads enabled. [CVE-2008-5250]
23632 * A local script injection vulnerability affecting clients with SVG scripting
23633 capability (such as Firefox 1.5+), for all MediaWiki installations with SVG
23634 uploads enabled. [CVE-2008-5250]
23635 * A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki
23636 installations since the feature was introduced in 1.3.0. [CVE-2008-5252]
23638 A local script injection vulnerability allows an attacker with a wiki account
23639 to steal another user's login session, and to act as that user on the wiki. The
23640 attacker uploads a malicious script file, and tricks the victim into executing
23643 CSRF vulnerabilities allow an attacker to act as an authorised user on the
23644 wiki, but unlike an XSS vulnerability, the attacker can only act as the user in
23645 a specific and restricted way. The present CSRF vulnerability allows pages to
23646 be edited, with forged revision histories. Like an XSS vulnerability, the
23647 authorised user must visit the malicious web page to activate the attack.
23649 These three vulnerabilities are all fixed in this release.
23651 David Remahl also reminded us of some security-related configuration issues:
23653 * By default, MediaWiki stores a backup of deleted images in the images/deleted
23654 directory. If you do not want these images to be publically accessible, make
23655 sure this directory is not accessible from the web. MediaWiki takes some steps
23656 to avoid leaking these images, but these measures are not perfect.
23657 * Set display_errors=off in your php.ini to avoid path disclosure via PHP fatal
23658 errors. This is the default on most shared web hosts.
23659 * Enabling MediaWiki's debugging features, such as $wgShowExceptionDetails, may
23660 lead to path disclosure.
23662 Other changes in this release:
23664 * Avoid fatal error in profileinfo.php when not configured.
23665 * Add a .htaccess to deleted images directory for additional protection against
23666 exposure of deleted files with known SHA-1 hashes on default installations.
23667 * Avoid streaming uploaded files to the user via index.php. This allows
23668 security-conscious users to serve uploaded files via a different domain, and
23669 thus client-side scripts executed from that domain cannot access the login
23670 cookies. Affects Special:Undelete, img_auth.php and thumb.php.
23671 * When streaming files via index.php, use the MIME type detected from the file
23672 extension, not from the data. This reduces the XSS attack surface.
23673 * Blacklist redirects via Special:Filepath. Such redirects exacerbate any XSS
23674 vulnerabilities involving uploads of files containing scripts.
23675 * Internationalisation updates.
23677 == MediaWiki 1.12.1 ==
23679 Changes since 1.12.0:
23680 * (bug [[bugzilla:13522|13522]]) Fix fatal error in Parser::extractTagsAndParams
23681 * (bug [[bugzilla:12077|12077]]) Fix HTML nesting for TOC
23682 * (bug [[bugzilla:13532|13532]]) Use proper timestamp call when reverting images
23683 * (bug [[bugzilla:13649|13649]], [[bugzilla:14084|14084]]) Bad call to
23685 * (bug [[bugzilla:13770|13770]]) Use Preprocessor_Hash by default to avoid
23686 missing DOM module errors
23687 * (bug [[bugzilla:13442|13442]]) API: Missing pages in prop=langlinks and
23688 prop=extlinks are now handled properly.
23689 * (bug [[bugzilla:13482|13482]]) API: Disabled search types handled properly
23690 * (bug [[bugzilla:13836|13836]]) API: Fixed fatal errors resulting from
23691 combining iiprop=metadata with format=xml
23692 * (bug [[bugzilla:11633|11633]]) API: Explicitly convert redirect titles to
23693 strings due to PHP's very weak typing on array keys.
23694 * API: Fixing main page display in meta=siteinfo
23695 * (bug [[bugzilla:11719|11719]]) API: Remove trailing blanks in YAML output.
23696 * (bug [[bugzilla:13718|13718]]) API: Return the proper continue parameter for
23698 * Security: Work around misconfiguration by requiring strict comparisons for
23699 in_array in User::isAllowed().
23700 * Security: Fixed XSS vulnerability in useskin parameter.
23702 == MediaWiki 1.12.0 ==
23704 This is the quarterly branch release of [[MediaWiki]] for Winter 2008.
23706 MediaWiki is now using a "continuous integration" development model with
23707 quarterly snapshot releases. The latest development code is always kept "ready
23708 to run", and in fact runs our own sites on [[wikipedia:|Wikipedia]].
23710 Release branches will continue to receive security updates for about a year
23711 from first release, but nonessential bugfixes and feature developments will be
23712 made on the development trunk and appear in the next quarterly release.
23714 Those wishing to use the latest code instead of a branch release can obtain it
23715 from source control: [[Download from SVN]].
23717 Changes since 1.12.0rc1:
23718 *(bug [[bugzilla:13359|13359]]) Double-escaping in [[Special:Allpages]].
23719 *Localization updates.
23721 == MediaWiki 1.12.0rc1 ==
23723 This is a release candidate of the Winter 2008 quarterly snapshot release of
23726 MediaWiki is now using a "continuous integration" development model with
23727 quarterly snapshot releases. The latest development code is always kept "ready
23728 to run", and in fact runs our own sites on [[wikipedia:|Wikipedia]].
23730 Release branches will continue to receive security updates for about a year
23731 from first release, but nonessential bugfixes and feature developments will be
23732 made on the development trunk and appear in the next quarterly release.
23734 Those wishing to use the latest code instead of a branch release can obtain it
23735 from source control: [[Download from SVN]].
23737 This is the Winter 2007 quarterly release.
23739 MediaWiki is now using a "continuous integration" development model with
23740 quarterly snapshot releases. The latest development code is always kept
23741 "ready to run", and in fact runs our own sites on Wikipedia.
23743 Release branches will continue to receive security updates for about a year
23744 from first release, but nonessential bugfixes and feature developments
23745 will be made on the development trunk and appear in the next quarterly release.
23747 Those wishing to use the latest code instead of a branch release can obtain
23748 it from source control: https://www.mediawiki.org/wiki/Download_from_SVN
23750 === Configuration changes in 1.12 ===
23751 * Marking edits as bot edits with Special:Contributions?bot=1 now requires the
23752 markbotedit permission, rather than the rollback permission previously used.
23753 This permission is assigned by default to the sysop group.
23754 * MediaWiki now checks if serialized files are out of date. New configuration
23755 variable $wgCheckSerialized can be set to false to enable old behavior (i.e.
23756 to not check and assume they are always up to date)
23757 * The rollback permission can now be rate-limited using the normal mechanism.
23758 * New configuration variable $wgExtraLanguageNames
23759 * Behavior of $wgAddGroups and $wgRemoveGroups changed. New behavior:
23760 * * Granting the userrights privilege allows arbitrary changing of rights.
23761 * * Without the userrights privilege, a user will be able to add and/or
23762 remove the groups specified in $wgAddGroups and $wgRemoveGroups for
23763 any groups they are in.
23764 * New permission userrights-interwiki for changing user rights on foreign wikis.
23765 * $wgImplicitGroups for groups that are hidden from Special:Listusers, etc.
23766 * $wgAutopromote: automatically promote users who match specified criteria
23767 * $wgGroupsAddToSelf, $wgGroupsRemoveFromSelf: allow users to add or remove
23768 themselves from specified groups via Special:Userrights.
23769 * When $wgUseTidy has been enabled, PHP's Tidy module is now used if it is
23770 present, in preference to an external Tidy executable which may or may not
23771 be present. To force use of external Tidy even when the PHP module is
23772 available, set $wgTidyInternal to false.
23775 === New features in 1.12 ===
23776 * (bug 10735) Add a warning for non-descriptive filenames at Special:Upload
23777 * Add {{filepath:}} parser function to get full path to an uploaded file,
23778 complementing {{fullurl:}} for pages.
23779 * (bug 11136) If using Postgres, search path is explicitly set if wgDBmwschema
23780 is not set to 'mediawiki', allowing multiple mediawiki instances per user.
23781 * (bug 11151) Add descriptive <title> to revision history page
23782 * (bug 5412) Add feed links for the site to all pages
23783 * (bug 11353) Add ability to retrieve raw section content via action=raw
23784 * (bug 6909) Show relevant deletion log lines when uploading a previously
23786 * On SkinTemplate based skins (like MonoBook), omit confusing "edit"/"view
23787 source" tab entirely if the page doesn't exist and the user isn't allowed to
23789 * Clarify instructions given when an exception is thrown
23790 * AuthPlugin added strictUserAuth() method to allow per-user override
23791 of the strict() authentication behavior.
23792 * (bug 7872) Deleted revisions can now be viewed as diffs showing changes
23793 against the previous revision, whether currently deleted or live.
23794 * Added tooltips for the "Go" and "Search" buttons
23795 * (bug 11649) Show input form when Special:Whatlinkshere has no parameters
23796 * isValidEmailAddr hook added to User method of that name, to allow, e.g., re-
23797 stricting e-mail addresses to a specific domain
23798 * Removed "Clear" link in watchlist editor tools, as people were afraid to
23799 click it. Existing clear links will fall back to the raw editor, which is
23800 very easy to clear your watchlist with.
23801 * (bug 1405) Add wgUseNPPatrol option to control patroling for new articles
23802 on Special:Newpages
23803 * LogLine hook added to allow formatting custom entries in Special:Log.
23804 * Support for Iranian calendar
23805 * (bug 1401) Allow hiding logged-in users, bots and patrolled pages on
23807 * ChangesListInsertArticleLink hook added for adding extra article info to RC.
23808 * MediaWikiPerformAction hook added for diverting control after the main
23809 globals have been set up but before any actions have been taken.
23810 * BeforeWatchlist hook added for filtering or replacing watchlist.
23811 * SkinTemplateTabAction hook added for altering the properties of tab links.
23812 * OutputPage::getRedirect public method added.
23813 * (bug 11848, 12506) Allow URL parameters 'section', 'editintro' and 'preload'
23814 in Special:Mypage and Special:Mytalk
23815 * Add ot=raw to Special:Allmessages
23816 * Support for Hebrew calendar
23817 * Support for Hebrew numerals in dates and times
23818 * (bug 11315) Signatures can be configured in [[MediaWiki:Signature]] and
23819 [[MediaWiki:Signature-anon]]
23820 * Signatures for anonymous users link to Special:Contributions page rather than
23822 * Added --override switch for disabled pages in updateSpecialPages.php
23823 * Provide a unique message (ipb_blocked_as_range) if unblock of a single IP
23825 because it is part of a blocked range.
23826 * (bug 3973) Use a separate message for the email content when an account is
23827 created by another user
23828 * dumpTextPass.php can spawn fetchText.php as a subprocess, which should restart
23829 cleanly if database connections fail unpleasantly.
23830 * (bug 12028) Add Special:Listbots as shortcut for Special:Listusers/bot
23831 * (bug 9633) Add a predefined list of delete reasons to the deletion form
23832 * Show a warning message when creating/editing a user (talk) page but the user
23834 * (bug 8396) Ignore out-of-date serialised message caches
23835 * (bug 12195) Undeleting pages now requires 'undelete' permission
23836 * (bug 11810) Localize displayed semicolons
23837 * (bug 11657) Support for Thai solar calendar
23838 * (bug 943) RSS feed for Recentchangeslinked
23839 * Introduced AbortMove hook
23840 * (bug 2919) Protection of nonexistent pages with regular protection interface.
23841 * Special:Upload now lists permitted/prohibited file extensions.
23842 * Split ambiguous filetype-badtype message into two new messages,
23843 filetype-unwanted-type and filetype-banned-type.
23844 * Added link to the old title in Special:Movepage
23845 * On Special:Movepage, errors are now more noticeable.
23846 * It is now possible to change rights on other local wikis without the MakeSysop
23848 * Add HTML ID's mw-read-only-warning and mw-anon-edit-warning to warnings when
23849 editing to allow CSS styling.
23850 * Parser now returns list of sections
23851 * When a user is prohibited from creating a page, a title of "View source"
23852 makes no sense, and there should be no "Return to [[Page]]" link.
23853 * (bug 12486) Protected titles now give a warning for privileged editors.
23854 * (bug 9939) Special:Search now sets focus to search input box when no existing
23856 * For Special:Userrights, use GET instead of POST to search for users.
23857 * Allow subpage syntax for Special:Userrights, i.e., Special:Userrights/Name.
23858 * When submitting changes on Special:Userrights, show the full form again, not
23859 just the search box.
23860 * Added exception hooks
23861 * (bug 12574) Allow bots to specify whether an edit should be marked as a bot
23862 edit, via the parameter 'bot'. (Default: '1')
23863 * (bug 12536) User should be able to get MediaWiki version from any page
23864 * (bug 12622) A JavaScript constant to declare whether api.php is available
23865 * Add caching to the AJAX search
23866 * Add APCOND_INGROUPS
23867 * Add DBA caching to installer
23868 * (bug 12585) Added a bunch of parameters to the revertpage message
23869 * Support redirects in image namespace
23870 * (bug 10049) Prefix index search and namespaces in Special:Withoutinterwiki
23871 * (bug 12668) Support for custom iPhone bookmark icon via $wgAppleTouchIcon
23872 * Add option to include templates in Special:Export.
23873 * (bug 12655) Added $wgUserEmailUseReplyTo config option to put sender
23874 address in Reply-To instead of From for user-to-user emails.
23875 This protects against SPF problems and privacy-leaking bounce messages
23876 when using mailers that set the envelope sender to the From header value.
23877 * (bug 11897) Add alias [[Special:CreateAccount]] & [[Special:Userlogin/signup]]
23878 for Special:Userlogin?type=signup
23879 * (bug 12214) Add a predefined list of delete reasons to the file deletion form
23880 * Merged backends for OpenSearch suggestions and AJAX search.
23881 Both now accept namespace prefixes, handle 'Media:' and 'Special:' pages,
23882 and reject interwiki prefixes. PrefixSearch class centralizes this code,
23883 and the backend part can be overridden by the PrefixSearchBackend hook.
23884 * (bug 10365) Localization of Special:Version
23885 * When installing using Postgres, the Pl/Pgsql language is now checked for
23886 and installed when at the superuser level.
23887 * The default robot policy for the entire wiki is now configurable via the
23888 $wgDefaultRobotPolicy setting.
23889 * (bug 12239) Use different separators for autocomments
23890 * (bug 12857) Patrol link on new pages should clear floats
23891 * (bug 12968) Render redirect wikilinks in a redirect class for customization
23893 * EditPageBeforeEditButtons hook added for altering the edit buttons below the
23896 === Bug fixes in 1.12 ===
23898 * Subpages are now indexed for searching properly when using PostgreSQL
23899 * (bug 3846) Suppress warnings from, e.g. open_basedir when scanning for
23900 ImageMagick, diff3 et al. during installation [patch by Jan Reininghaus]
23901 * (bug 7027) Shift handling of deletion permissions-checking to
23902 getUserPermissionsErrors.
23903 * Login and signup forms are now more correct for right-to-left languages.
23904 * (bug 5387) Block log items on RecentChanges don't make use of possible
23906 * (bug 11211) Pass, as a parameter to the protectedpagetext interface
23907 message, the level of protection.
23908 * (bug 9611) Supply the blocker and reason for the cantcreateaccounttext
23910 * (bug 8759) Fixed bug where rollback was allowed on protected pages for wikis
23911 where rollback is given to non-sysops.
23912 * (bug 8834) Split off permission for editing user JavaScript and CSS from
23913 editinterface to a new permission key editusercssjs.
23914 * (bug 11266) Set fallback language for Fulfulde (ff) to French
23915 * (bug 11179) Include image version deletion comment in public log
23916 * Fixed notice when accessing special page without read permission and whitelist
23918 * (bug 9252) Fix for tidy funkiness when using editintro mode
23919 * (bug 4021) Fix for MySQL wildcard search
23920 * (bug 10699) Fix for MySQL phrase search
23921 * (bug 11321) Fix width of gallerybox when option "width=xxx" is used
23922 * (bug 7890) Special:BrokenRedirects links deleted redirects to a non-existent
23924 * Fix initial statistics when installing: add correct values
23925 * (bug 11342) Fix several 'returnto' links in permissions/error pages which
23926 linked to the main page instead of targetted page
23927 * Strike the link to the redirect rather than using an asterisk in
23928 Special:Listredirects
23929 * (bug 11355) Fix false positives in Safe Mode and other config detection
23930 when boolean settings are disabled with 'Off' via php_admin_value/php_value
23931 * (bug 11292) Fixed unserialize errors with Postgres by creating special Blob
23933 * (bug 11363) Make all metadata fields bytea when using Postgres.
23934 * (bug 11331) Add buildConcat() and use CASE not IF for DB compatibility. Make
23935 oldimage cascade delete via image table for Postgres, change fa_storage_key
23937 * (bug 11438) Live Preview chops returned text
23938 * Show the right message on account creation when the user is blocked
23939 * (bug 11450) Fix creation of objectcache table on upgrade
23940 * Fix namespace selection after submit of Special:Newpages
23941 * Make input form of Special:Newpages nicer for RTL wikis
23942 * (bug 11462) Fix typo in LanguageGetSpecialPageAliases hook name
23943 * (bug 11474) Fix unintentional fall-through in math error handling
23944 * (bug 11478) Fix undefined method call in file deletion interface
23945 * (bug 278) Search results no longer highlight incorrect partial word matches
23946 * Compatibility with incorrectly detected old-style DJVU mime types
23947 * (bug 11560) Fix broken HTML output from weird link nesting in edit comments.
23948 Nested links (as in image caption text) still don't work _right_ but they're
23950 * (bug 9718) Remove unnecessary css from main.css causing spacing issues on
23952 * (bug 11574) Add an interface message loginstart, which, similarly to loginend,
23953 appears just before the login form. Patch by MinuteElectron.
23954 * Do not cache category pages if using 'from' or 'until'
23955 * Created new hook getUserPermissionsErrors, to go with userCan changes.
23956 * Diff pages did not properly display css/js pages.
23957 * (bug 11620) Add call to User::isValidEmailAddr during accout creation.
23958 * (bug 11629) If $wgEmailConfirmToEdit is true, require people to supply an
23959 email address when registering.
23960 * (bug 11612) Days to show in recent changes cannot be larger than 7
23961 * (bug 11131) Change filearchive width/height columns to int for Postgres
23962 * Support plural in undeleted{revisions,revisions-files,files}
23963 * (bug 11343) If the database is read-only, ensure that undelete fails.
23964 * (bug 11690) Show revert link for page moves in Special:Log to allowed users
23966 * Initial-lowercase prefix checks in namespaceDupes.php now actually work.
23967 * Fix regression in LinkBatch.php breaking PHP 5.0
23968 * (bug 11452) wfMsgExt uses sometimes wrong language object for parsing magic
23969 words when called with options ''parsemag'' or ''content''.
23970 * (bug 11727) Support plural in 'historysize' message
23971 * (bug 11744) Incorrect return value from Title::getParentCategories()
23972 * (bug 11762) Fix native language name of Akan (ak)
23973 * (bug 11722) Fix inconsistent case in unprotect tabs
23974 * (bug 11795) Be more paranoid about confirming accept-encoding header is
23976 * (bug 11809) Use formatNum() for more numbers
23977 * (bug 11818) Fix native language name of Inuktitut (iu)
23978 * Remove all commas when parsing float numbers in sorted tables
23979 * Limit text field of deletion, protection and user rights changes reasons to
23980 255 characters (already restricted in the database)
23981 * In the deletion default reasons, calculate how much text to get from the
23982 article text, rather than getting 150 characters (which may be too much)
23983 * Add two messages for Special:Blockme which were used but undefined
23984 * (bug 11921) Support plural in message number_of_watching_users_pageview
23985 * If an IP address is blocked as part of a rangeblock, attempting to unblock
23986 the single IP should not unblock the entire range.
23987 * (bug 6695) Fix native language name of Southern Sotho (Sesotho) (st)
23988 * Make action=render follow redirects by default
23989 * If restricted read access was enabled, whitelist didn't work with special
23990 pages which had spaces in theirs names
23991 * If restricted read access was enabled, requests for non-existing special pages
23993 * Feeds for recent changes now provide correct URLs for the change, not just
23995 * Check for if IP is blocked as part of a range when unblocking (see above bug-
23996 fix) was faulty. Now fixed.
23997 * Fixed wpReason URL parameter to action=delete.
23998 * Do not force a password for account creation by email
23999 * Ensure that rate-limiting is applied to rollbacks.
24000 * Make a better rate-limiting error message (i.e. a normal MW error,
24001 rather than an "Internal Server Error").
24002 * Do not present an image bigger than the source when 'frameless' option is used
24003 (to be consistent with the 'thumb' option now)
24004 * Support {{PLURAL}} for import log
24005 * Make sure that the correct log entries are shown on Special:Userrights even
24006 for users with special characters in their names
24007 * The number of watching users in watchlists was always reported as 1
24008 * namespaceDupes.php no longer dies when coming across an illegal title
24009 * (bug 12143) Do not show a link to patrol new pages for non existent pages
24010 * (bug 12166) Fix XHTML validity for Special:Emailuser
24011 * (bug 11346) Users who cannot edit a page can now no longer unprotect it.
24012 * (bug 451) Add a generic Traditional / Simplified Chinese conversion table,
24013 instead of a Traditional conversion with Taiwan variant, and a Simplified
24014 conversion with China variant.
24015 * (bug 12178) Fix wpReason parameter to action=delete, again.
24016 * Graceful behavior for updateRestrictions.php if a page already has records
24017 in the page_restrictions matching its old page_restrictions field.
24018 May help with odd upgrade issues or race condition.
24019 * (bug 11993) Remove contentsub "revision history"
24020 * (bug 11952) Ensure we quote_ident() all schema names as needed
24021 inside of the DatabasePostgres.php file.
24022 * (bug 12184) Exceptions now sent to stderr instead of stdout for command-line
24023 scripts, making for cleaner reporting during batch jobs. PHP errors will also
24024 be redirected in most cases on PHP 5.2.4 and later, switching 'display_errors'
24025 to 'stderr' at runtime.
24026 * (bug 12148) Text highlight wasn't applied to cleanly deleted and added
24027 lines in diff output
24028 * (bug 10166) Fix a PHP warning in Language::getMagic
24029 * Only mark rollback edits as minor if the user can normally mark edits minor
24030 * Escape page names in the move successful page (e.g. for pages with two
24032 * (bug 12145) Add localized names of kk-variants
24033 * (bug 12259) Localize the numbers in deleted pages on the sysop view
24034 * Set proper page title for successful file deletion
24035 * (bug 11221) Do not show 'Compare selected versions' button for a history page
24036 with one revision only
24037 * (bug 12267) Set the default date format to Thai solar calender for the Thai
24039 * (bug 10184) Extensions' stylesheets and scripts should be loaded before
24040 user-customized ones (like Common.css, Common.js)
24041 * (bug 12283) Special:Newpages forgets parameters
24042 * (bug 12031) All namespaces doesn't work in Special:Newpages
24043 * (bug 585) Only create searchindex replica table for parser tests if db is
24045 * Allow --record option if parserTests.php to work when using Postgres
24046 * (bug 12296) Simplify cache epoch in default LocalSettings.php
24047 * (bug 12346) XML fix when body double-click and click handlers are present
24048 * Fix regression -- missing feed links in sidebar on Special:Recentchanges
24049 * (bug 12371) Handle more namespace case variants in namespaceDupes.php
24050 * (bug 12380) Bot-friendly EditPage::spamPage
24051 * (bug 8066) Spaces can't be entered in special page aliases
24052 * Hide undo link if user can't edit article
24053 * (bug 12416) Fix password setting for createAndPromote.php
24054 * (bug 3097) Inconsistently usable titles containing HTML character entities
24055 are now forbidden. A run of cleanupTitles.php will fix up existing pages.
24056 * (bug 12446) Permissions check fix for undelete link
24057 * (bug 12451) AJAX title normalization tweaks
24058 * When a user creating a page is not allowed to either create the page nor edit
24059 it, all applicable reasons are now shown.
24060 * (bug 11428) Allow $wgScript inside $wgArticlePath when emulating PATH_INFO
24061 Fixes 'root'-style rewrite configurations
24062 * (bug 12493) Removed hardcoded MAX_FILE_SIZE from Special:Import upload form
24063 * (bug 12489) Special:Userrights listed in restricted section again
24064 * (bug 12553) Fixed invalid XHTML in edit conflict screen
24065 * (bug 12505) Fixed section=0 with action=raw
24066 * (bug 12614) Do not log user rights change that didn't change anything
24067 * (bug 12584) Don't reset cl_timestamp when auto-updating sort key on move
24068 * (bug 12588) Fix selection in namespace selector on Special:Newpages
24069 * Use only default options when generating RSS and Atom syndication links.
24070 This should help prevent infinite link loops that some software may follow,
24071 and will generally keep feed behavior cleaner.
24072 * (bug 12608) Unifying the spelling of getDBkey() in the code.
24073 * (bug 12611) Bot flag ignored in recent changes
24074 * (bug 12617) Decimal and thousands separators for Romanian
24075 * (bug 12567) Fix for misformatted read-only messages on edit, protect.
24076 Also added proper read-only checks to several special pages.
24077 Have removed read-only checks from the general user permission framework.
24078 * Creating a site with a name containing '#' is no longer permitted, since the
24079 name will not work (but $wgSiteName is not checked if manually set).
24080 * (bug 12695) Suppress dvips verbiage from web server error log
24081 * (bug 12716) Unprotecting a non-protected page leaves a log entry
24082 * Log username blocks with canonical form of name instead of input form
24083 * (bug 11593, 12719) Fixes for overzealous invocation of thumb.php.
24084 Non-image handlers and full-size images may now decline it, fixing
24085 mystery failures when using $wgThumbnailScriptPath.
24086 * (bug 12327) Comma in username no longer disrupts mail headers
24087 * (bug 6436) Localization of Special:Import XML parser Error message(s).
24088 * Security fix for API on MSIE
24089 * (bug 12768) Database query syntax error in maintenance/storage/compressOld.inc
24090 * (bug 12753) Empty captions in MediaWiki:Sidebar result in PHP errors
24091 * (bug 12790) Page protection is not logged when edit-protection is used
24092 and move-protection is not
24093 * (bug 12793) Fix for restricted namespaces/pages in Special:Export
24094 * Fix for Special:Export so it doesn't ignore the page named '0'
24095 * Don't display rollback link if the user doesn't have all required permissions
24096 * The comment of a time-limited protection now contains the date in the default
24098 * (bug 12880) wfLoadExtensionMessages does not use $fallback from MessagesXx.php
24099 * (bug 12885) Correction for Russian convertPlural function
24100 * (bug 12768) Make DatabasePostgres->hasContraint() schema aware.
24101 * (bug 12735) Truncate usernames in comments using mb_ functions.
24102 * (bug 12892) Poor tab indexing on "delete file" form
24103 * (bug 12660) When creating an account by e-mail, do not send the creator's IP
24105 * (bug 12931) Fix wrong global variable in SpecialVersion
24106 * (bug 12919) Use 'deletedrevision' message as content when deleting an old file
24108 * (bug 12952) Using Nosuchusershort instead of Nosuchuser when account creation
24110 * (bug 12869) Magnify icon alignment should be adjusted using linked CSS
24111 * Fixing message cache updates for MediaWiki messages moves
24112 * (bug 12815) Signature timestamps were always in UTC, even if the timezone code
24113 in parentheses after them claimed otherwise
24114 * (bug 12732) Fix installer and searching to handle built-in tsearch2 for
24116 * (bug 12784) Change "bool" types to smallint to handle Postgres 8.3 strictness.
24117 * (bug 12301) Allow maintenance/findhooks.php to search hooks in multiple
24119 * (bug 7681, 11559) Cookie values no longer override GET and POST variables.
24120 * (bug 5262) Fully-qualified $wgStylePath no longer corrupted on XML feeds
24121 * (bug 3269) Inaccessible titles ending in '/.' or '/..' now forbidden.
24122 * (bug 12935, 12981) Fully-qualify archive URLs in delete, revert messages
24123 * (bug 12938) Fix template expansion and 404 returns for action=raw with section
24124 * (bug 11567) Fix error checking for PEAR::Mail. UserMailer::send() now returns
24125 true-or-WikiError, which seems to be the calling convention expected by half
24126 its callers already
24127 * (bug 12846) IE rtl.css issue in RTL wikis special:Preferences when selecting
24128 an LTR user language
24129 * (bug 13005) DISPLAYTITLE does not work on preview
24130 * (bug 13004) Fix error on Postgres searches that return too many results.
24132 == Parser changes in 1.12 ==
24134 For help with migration to the MediaWiki 1.12 parser, please visit:
24136 http://meta.wikimedia.org/wiki/Migration_to_the_new_preprocessor
24138 The parser pass order has changed from
24140 * Extension tag strip and render
24141 * HTML normalisation and security
24142 * Template expansion
24147 * Template and extension tag parse to intermediate representation
24148 * Template expansion and extension rendering
24149 * HTML normalisation and security
24152 The main effect of this for the user is that the rules for uncovered syntax
24155 Uncovered main-pass syntax, such as HTML tags, are now generally valid, whereas
24156 previously in some cases they were escaped. For example, you could have "<ta" in
24157 one template, and "ble>" in another template, and put them together to make a
24158 valid <table> tag. Previously the result would have been "<table>".
24160 Uncovered preprocessor syntax is generally not recognised. For example, if you
24161 have "{{a" in Template:A and "b}}" in Template:B, then "{{a}}{{b}}" will be
24162 converted to a literal "{{ab}}" rather than the contents of Template:Ab. This
24163 was the case previously in HTML output mode, and is now uniformly the case in
24164 the other modes as well. HTML-style comments uncovered by template expansion
24165 will not be recognised by the preprocessor and hence will not prevent template
24166 expansion within them, but they will be stripped by the following HTML security
24169 Bug 5678 has been fixed. This has a number of user-visible effects related to
24170 the removal of this double-parse. Please see the wiki page for examples.
24172 Message transformation mode has been removed, and replaced with "preprocess"
24173 mode. This means that some MediaWiki namespace messages may need to be updated,
24174 especially ones which took advantage of the terribly counterintuitive behavior
24175 of the former message mode.
24177 The header identification routines for section edit and for numbering section
24178 edit links have been merged. This removes a significant failure mode and fixes a
24179 whole category of bugs (tracked by bug #4899). Wikitext headings uncovered by
24180 template expansion will still be rendered into a heading tag, and will get an
24181 entry in the TOC, but will not have a section edit link. HTML-style headings
24182 will also not have a section edit link. Valid wikitext headings present in the
24183 template source text will get a template section edit link. This is a major
24184 break from previous behavior, but I believe the effects are almost entirely
24187 The main motivation for making these changes was performance. The new two-pass
24188 preprocessor can skip "dead branches" in template expansion, such as unfollowed
24189 #switch cases and unused defaults for template arguments. This provides a
24190 significant performance improvement in template-heavy test cases taken from
24191 Wikipedia. Parser function hooks can participate in this performance improvement
24192 by using the new SFH_OBJECT_ARGS flag during registration.
24194 The pre-expand include size limit has been removed, since there's no efficient
24195 way to calculate such a figure, and it would now be meaningless for performance
24196 anyway. The "preprocessor node count" takes its place, with a generous default
24199 The context in which XML-style extension tags are called has changed, so
24200 extensions which make use of the parser state may need compatibility changes.
24202 The new preprocessor syntax has been documented in Backus-Naur Form at:
24204 https://www.mediawiki.org/wiki/Preprocessor_ABNF
24206 The ExpandTemplates extension now has the ability to generate an XML parse
24207 tree from wikitext source. This parse tree corresponds closely to the grammar
24208 documented on that page.
24210 === API changes in 1.12 ===
24212 Full API documentation is available at https://www.mediawiki.org/wiki/API
24214 * (bug 11275) Enable descending sort in categorymembers
24215 * (bug 11308) Allow the API to output the image metadata
24216 * (bug 11296) Temporary fix for escaping of ampersands inside links in
24219 * (bug 11405) Expand templates implementation in the API
24220 * (bug 11218) Add option to feedwatchlist to display multiple revisions for each
24222 * (bug 11404) Provide name of exception caught in error code field of internal
24223 api error messages.
24224 * (bug 11534) rvendid doesn't work
24225 * Fixed rvlimit of the revisions query to only enforce the lower query limit if
24226 revision content is requested.
24227 * Include svn revision number (if install is checked-out from svn) in siteinfo
24229 * (bug 11173) Allow limited wikicode rendering via api.php
24230 * (bug 11572) API should provide interface for expanding templates
24231 * (bug 11569) Login should return the cookie prefix
24232 * (bug 11632) Breaking change: Specify the type of a change in the recentchanges
24233 list as 'edit', 'new', 'log' instead of 0, 1, 2, respectively.
24234 * Compatibility fix for PHP 5.0.x.
24235 * Add rctype parameter to list=recentchanges that filters by type
24236 * Add apprtype and apprlevel parameters to filter list=allpages by protection
24238 * Add apdir parameter to enable listing all pages from Z to A
24239 * (bug 11721) Use a different title for results than for the help page.
24240 * (bug 11562) Added a user_registration parameter/field to the list=allusers
24242 * (bug 11588) Preserve document structure for empty dataset in backlinks query.
24243 * Outputting list of all user preferences rather than having to request them by
24245 * (bug 11206) api.php should honor maxlag
24246 * Make prop=info check for restrictions in the old format too.
24247 * Add apihighlimits permission, default for sysops and bots
24248 * Add limit=max to use maximal limit
24249 * Add action=parse to render parser output. Use it instead of action=render
24250 which has been removed
24251 * Add rvtoken=rollback to prop=revisions
24252 * Add meta=allmessages to get messages from site's messages cache.
24253 * Use bold and italics highlighting only in API help
24254 * Added action={block,delete,move,protect,rollback,unblock,undelete} and
24255 list={blocks,deletedrevs}
24256 * Fixed sessionid attribute in action=login
24257 * Standardized limits. Revisions and Deletedrevisions formerly using
24258 200 / 10000, now 500 / 5000, in line with other modules.
24259 * Added list=allcategories module
24260 * (bug 12321) API list=blocks reveals private data
24261 * Fix output of wfSajaxSearch
24262 * (bug 12413) meta=userinfo missing <query> tag
24263 * Add list of sections to action=parse output
24264 * Added action=logout
24265 * Added cascade flag to prop=info&inprop=protections
24266 * Added wlshow parameter to list=watchlist, similar to rcshow
24267 (list=recentchanges)
24268 * Added support for image thumbnailing to prop=imageinfo
24269 * action={login,block,delete,move,protect,rollback,unblock,undelete} now must be
24271 * prop=imageinfo interface changed: iihistory replaced by iilimit, iistart and
24273 * Added amlang parameter to meta=allmessages
24274 * Added apfilterlanglinks parameter to list=allpages, replacing
24275 query.php?what=nolanglinks
24276 * (bug 12718) Added action=paraminfo module that provides information about API
24277 modules and their parameters
24278 * Added iiurlwidth and iiurlheight parameters to prop=imageinfo
24279 * Added format=txt and format=dbg, imported from query.php
24280 * Added uiprop=editcount to meta=userinfo
24281 * Added list=users which fetches user information
24282 * Added list=random which fetches a list of random pages
24283 * Added page parameter to action=parse to facilitate parsing of existing pages
24284 * Added uiprop=ratelimits to meta=userinfo
24285 * Added siprop=namespacealiases to meta=siteinfo
24286 * Made multiple values for ucuser possible in list=usercontribs
24287 * (bug 12944) Added cmstart and cmend parameters to list=categorymembers
24288 * Allow queries to have a where range that does not match the range field
24290 == MediaWiki 1.11 ==
24292 == MediaWiki 1.11.2 ==
24296 This is a security release of the Fall 2007 snapshot release of MediaWiki.
24297 Possible cross-site information leaks using the callback parameter for
24298 JSON-formatted results in the API are prevented by dropping user credentials.
24300 MediaWiki release versions prior to 1.11 are not vulnerable, as they do not
24301 include the callback feature which allows client-side JavaScript on other sites
24304 Changes in this release:
24306 * User credentials are dropped for API JSON requests using a callback
24307 * Edit tokens are not reported for API JSON requests using a callback
24309 == MediaWiki 1.11.1 ==
24313 This is a security and bugfix release of the Fall 2007 snapshot release of
24314 MediaWiki. A potential XSS injection vector affecting api.php only for
24315 Microsoft Internet Explorer users has been closed.
24317 Changes in this release:
24318 * (bug [[bugzilla:11450|11450]]) Fix creation of objectcache table on upgrade
24319 * (bug [[bugzilla:11462|11462]]) Fix typo in LanguageGetSpecialPageAliases hook
24321 * Fix regression in LinkBatch.php breaking PHP 5.0
24322 * Security fix for API on MSIE
24324 To work around the vulnerability without upgrading, you may disable the API if
24326 :[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;
24328 Not vulnerable versions:
24333 * 1.8 any version (if $wgEnableAPI has been left off)
24335 Vulnerable versions:
24336 * 1.11 <= 1.11.0rc1
24339 * 1.8 any version (if $wgEnableAPI has been switched on)
24341 MediaWiki 1.7 and below are not affected as they do not include the API
24342 functionality, however the BotQuery extension is similarly vulnerable unless
24343 updated to the latest SVN version.
24345 == MediaWiki 1.11.0 ==
24349 This is the Fall 2007 snapshot release of MediaWiki.
24351 MediaWiki is now using a "continuous integration" development model with
24352 quarterly snapshot releases. The latest development code is always kept "ready
24353 to run", and in fact runs our own sites on Wikipedia.
24355 Release branches will continue to receive security updates for about a year
24356 from first release, but nonessential bugfixes and feature developments will be
24357 made on the development trunk and appear in the next quarterly release.
24359 Those wishing to use the latest code instead of a branch release can obtain it
24360 from source control: [[Download from SVN]]
24362 This is the Summer 2007 branch release of MediaWiki.
24364 MediaWiki is now using a "continuous integration" development model with
24365 quarterly snapshot releases. The latest development code is always kept
24366 "ready to run", and in fact runs our own sites on Wikipedia.
24368 Release branches will continue to receive security updates for about a year
24369 from first release, but nonessential bugfixes and feature developments
24370 will be made on the development trunk and appear in the next quarterly release.
24372 Those wishing to use the latest code instead of a branch release can obtain
24373 it from source control: https://www.mediawiki.org/wiki/Download_from_SVN
24375 == Changes since 1.11.0rc1 ==
24377 A possible HTML/XSS injection vector in the API pretty-printing mode has been
24380 The vulnerability may be worked around in an unfixed version by simply
24381 disabling the API interface if it is not in use, by adding this to
24382 [[Manual:LocalSettings.php|LocalSettings.php]]:<br />
24383 <code>[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;</code> <br />
24384 (This is the default setting in 1.8.x.)
24386 Not vulnerable versions:
24392 Vulnerable versions:
24393 * 1.11 <= 1.11.0rc1
24396 * 1.8 <= 1.8.4 (if [[Manual:$wgEnableAPI|$wgEnableAPI]] has been switched on)
24398 MediaWiki 1.7 and below are not affected as they do not include the faulty
24399 function, however the [[Extension:BotQuery|BotQuery extension]] is similarly
24400 vulnerable unless updated to the latest SVN version.
24402 == Configuration changes since 1.10 ==
24404 * $wgThumbUpright - Adjust width of upright images when parameter 'upright' is
24406 * $wgAddGroups, $wgRemoveGroups - Finer control over who can assign which
24408 * $wgEnotifImpersonal, $wgEnotifUseJobQ - Bulk mail options for large sites
24409 * $wgShowHostnames - Expose server host names through the API and HTML comments
24410 * $wgSaveDeletedFiles has been removed, the feature is now enabled
24413 == New features since 1.10 ==
24415 * (bug 8868) Separate "blocked" message for autoblocks
24416 * Adding expiry of block to block messages
24417 * Links to redirect pages in categories are wrapped in
24418 <span class="redirect-in-category"></span>
24419 * Introduced 'ImageOpenShowImageInlineBefore' hook; see docs/hooks.txt for
24421 * (bug 9628) Show warnings about slave lag on Special:Contributions,
24423 * (bug 8818) Expose "wpDestFile" as parameter $1 to "uploaddisabledtext"
24424 * Introducing new image keyword 'upright' and corresponding variable
24425 $wgThumbUpright. This allows better proportional view of upright images
24426 related to landscape images on a page without nailing the width of upright
24427 images to a fix value which makes views for anon unproportional and user
24428 preferences useless
24429 * (bug 6072) Introducing 'border' keyword to the [[Image:]] syntax
24430 * Introducing 'frameless' keyword to [[Image:]] syntax which respects the
24431 user preferences for image width like 'thumb' but without a frame.
24432 * (bug 7960) Link to "what links here" for each "what links here" entry
24433 * Added support for configuration of an arbitrary number of commons-style
24435 * Added a Content-Disposition header to thumb.php output
24436 * Improved thumb.php error handling
24437 * Display file history on local image description pages of shared images
24438 * Added $wgArticleRobotPolicies
24439 * (bug 10076) Additional parameter $7 added to MediaWiki:Blockedtext
24440 containing, the ip, ip range, or username whose block is affecting the
24441 * (bug 7691) Show relevant lines from the deletion log when re-creating a
24442 previously deleted article
24443 * Added variables 'wgRestrictionEdit' and 'wgRestrictionMove' for JS to header
24444 * (bug 9898) Allow viewing all namespaces in Special:Newpages
24445 * (bug 10139) Introduce 'EditSectionLink' and 'EditSectionLinkForOther' hooks;
24446 see docs/hooks.txt for details
24447 * (bug 9769) Provide "watch this page" toggle on protection form
24448 * (bug 9886) Provide clear example "stub link" in Special:Preferences
24449 * (bug 10055) Populate email address and real name properties of User objects
24450 passed to the 'AbortNewAccount' hook
24451 * Show result of Special:Booksources in wiki content language always, it's
24452 normally better maintained than the generic list from the standard message
24454 * (bug 7997) Allow users to be blocked from using Special:Emailuser
24455 * (bug 8989) Blacklist 'mhtml' and 'mht' files from upload
24456 * (bug 8760) Allow wiki links in "protectexpiry" message
24457 * (bug 5908) Add "DEFAULTSORTKEY" and "DEFAULTCATEGORYSORT" aliases for
24458 "DEFAULTSORT" magic word
24459 * (bug 10181) Support the XCache object caching mechanism
24460 * (bug 9058) Introduce '--aconf' option for all maintenance scripts, to provide
24461 a path to the AdminSettings.php file
24462 * (bug 8781) Remind users to check file permissions for LocalSettings.php
24464 * Use shared.css for all skins and oldshared.css in place of common.css for
24465 pre-Monobook skins. As always, modifications should go in-wiki to MediaWiki:
24466 Common.css and MediaWiki:Monobook.css.
24467 * (bug 8869) Introduce Special:Uncategorizedtemplates
24468 * (bug 8734) Different log message when article protection level is changed
24469 * (bug 8458, 10338) Limit custom signature length to $wgMaxSigChars Unicode
24471 * (bug 10096) Added an ability to query interwiki map table
24472 * On reupload, add a null revision to the image description page
24473 * Group log output by date
24474 * Kurdish interface latin/arabic writing system with transliteration
24475 * Support wiki text in all query page headers
24476 * Add 'Orphanedpages' as an alias to Special:Lonelypages
24477 * (bug 9328) Use "revision-info-current" message in place of "revision-info"
24478 when viewing the current revision of a page, if available
24479 * (bug 8890) Enable wiki text for "license" message
24480 * Throw a showstopper exception when a hook function fails to return a value.
24481 Forgetting to give a 'true' return value is a very common error which tends
24482 to cause hard-to-track-down interactions between extensions.
24483 * Use $wgJobClasses to determine the correct Job to instantiate for a particular
24484 queued task; allows extensions to introduce custom jobs
24485 * (bug 10326) AJAX-based page watching and unwatching has been cleaned up and
24486 enabled by default.
24487 * Added option to install to MyISAM
24488 * (bug 9250) Remove hardcoded minimum image name length of three characters
24489 * Fixed DISPLAYTITLE behavior to reject titles which don't normalise to the
24490 same title as the current page, and enabled by default
24491 * Wrap site CSS and JavaScript in a <pre> tag, like user JS/CSS
24492 * (bug 10196) Add classes and dir="ltr" to the <pre>s on CSS and JS pages (new
24493 classes: mw-code, mw-css, mw-js)
24494 * (bug 6711) Add $wgAddGroups and $wgRemoveGroups to allow finer control over
24495 usergroup assignment.
24496 * Introduce 'UserEffectiveGroups' hook; see docs/hooks.txt for more information
24497 * (bug 10387) Detect and handle '.php5' extension environments at install time
24498 * Introduce 'ShowRawCssJs' hook; see docs/hooks.txt for more information
24499 * (bug 10404) Show rights log for the selected user in Special:Userrights
24500 * New javascript for upload page that will show a warning if a file with the
24501 "destination filename" already exists.
24502 * Add 'editsection-brackets' message to allow localization (or removal) of the
24503 brackets in the "[edit]" link for sections
24504 * (bug 10437) Move texvc styling to shared.css
24505 * Introduce "raw editing" mode for the watchlist, to allow bulk additions,
24506 removals, and convenient exporting of watchlist contents
24507 * Show "undo" links in page histories
24508 * Option to jump to specified time period in user contributions
24509 * Improved feedback on "rollback success" page
24510 * Show distinct 'namespaceprotected' message to users when namespace protection
24511 prevents page editing
24512 * (bug 9936) Per-edit suppression of preview-on-first edit with "preview=no"
24513 * Allow showing a one-off preview on first edit with "preview=yes"
24514 * (bug 9151) Remove timed redirects on "Return to X" pages for accessibility.
24515 * Link to user logs in toolbox when viewing a user page
24516 * (bug 10508) Allow HTML attributes on <gallery>
24517 * (bug 1962) Allow HTML attributes on <math>
24518 * (bug 10530) Introduce optional "sp-contributions-explain" message for
24519 additional explanation in Special:Contributions
24520 * (bug 10520) Preview licences during upload via AJAX (toggle with
24521 $wgAjaxLicensePreview)
24522 * New Parser::setTransparentTagHook for parser extension and template
24524 * Introduced 'ContributionsToolLinks' hook; see docs/hooks.txt for more
24526 * Add a message if category is empty
24527 * Add CSS compatibility for Opera 9.5
24528 * Remove largely untested handheld stylesheet, which was causing more trouble
24529 than good. Proper handheld support will be added at a future date. For now,
24530 display should be acceptable either with CSS turned off or when using a so-
24531 phisticated handheld browser.
24532 * (bug 3173) Option to offer exported pages as a download, rather than
24533 displaying inline, as in most browsers
24534 * Pass the user as an argument to 'isValidPassword' hook callbacks; see
24535 docs/hooks.txt for more information
24536 * Introduce 'UserGetRights' hook; see docs/hooks.txt for more information
24537 * (bug 9595) Pass new Revision to the 'ArticleInsertComplete' and
24538 'ArticleSaveComplete' hooks; see docs/hooks.txt for more information
24539 * (bug 9575) Accept upload description from GET parameters
24540 * Skip the difference engine cache when 'action=purge' is used while requesting
24541 a difference page, to allow refreshing the cache in case of errors
24542 * (bug 10701) Link to Special:Listusers in default Special:Statistics messages
24543 * Improved file history presentation
24544 * (bug 10739) Users can now enter comments when reverting files
24545 * Improved handling of permissions errors
24546 * (bug 10793) "Mark patrolled" links will now be shown for users with
24547 patrol permissions on all eligible diff pages
24548 * (bug 10655) Show standard tool links for blocked users in block log messages
24549 * Show standard tool links for blocked users in Special:Ipblocklist
24550 * Miscellaneous aesthetic improvements to Special:Ipblocklist
24551 * (bug 10826) Added link trail with Cyrillic characters for Mongolian language
24552 * (bug 10859) Introduce 'UserGetImplicitGroups' hook; see docs/hooks.txt for
24554 * (bug 10832) Include user information when viewing a deleted revision
24555 * (bug 10872) Fall back to sane defaults when generating protection selector
24556 labels for custom restriction levels
24557 * Show edit count in user preferences
24558 * Improved support for audio/video extensions
24559 * (bug 10937) Distinguish overwritten files in upload log
24560 * Introduce 'ArticleUpdateBeforeRedirect' hook; see docs/hooks.txt for more
24562 * Confirmation is now required when deleting old versions of files
24563 * (bug 7535) Users can now enter comments when deleting old versions of files
24564 * (bug 11001) Submit Special:Newpages as a GET, rather than a POST request
24565 * The <strong></strong> around links to watched pages in change lists now
24566 has a class - "mw-watched"
24567 * (bug 9002) Provide a "view/restore deleted edits" link on Special:Upload
24568 when a destination filename is provided that corresponds with previous
24570 * Make the "invalid special page" message clearer
24571 * Add accesskey 's' and tooltip to 'upload file' button at Special:Upload
24572 * Introduced 'SkinAfterBottomScripts' hook; see docs/hooks.txt for
24574 * (bug 11095) Honour "preview on first edit" preference when preloading
24575 text for a non-existent page
24576 * (bug 11022) Use a more accurate page title for Special:Whatlinkshere and
24577 Special:Recentchangeslinked
24578 * Add link to user contributions in normal watchlist edit mode
24579 * (bug 9426) Add 'newsectionheaderdefaultlevel' message to allow
24580 modification of the heading formatting for new sections when section=new
24581 argument is supplied
24582 * (bug 10836) Add 'newsectionsummary' message to allow modification of the
24583 text that prefixes a new section link in Recent Changes
24585 == Bugfixes since 1.10 ==
24587 * (bug 9712) Use Arabic comma in date/time formats for Arabic and Farsi
24588 * (bug 9670) Follow redirects when render edit section links to transcluded
24590 * (bug 6204) Fix incorrect unindentation with $wgMaxTocLevel
24591 * (bug 3431) Suppress "next page" link in Special:Search at end of results
24592 * Don't show unblock form if the user doesn't have permission to use it
24593 (cosmetic change, no vulnerabilities existed)
24594 * Subtitle success message when unblocking a block ID instead of a pseudo link
24595 like [[User:#123|#123]]
24596 * Use the standard HTTP fetch functions when retrieving remote wiki pages
24597 through transwiki, so we can take advantage of cURL goodies if available
24598 * Disable user JavaScript on Special:Userlogin, Special:Resetpass and
24599 Special:Preferences, to avoid a compromised script sniffing passwords, etc.
24600 * (bug 9854, 3770) Clip overflow text in gallery boxes for visual cleanliness
24601 instead of letting it flow outside the box or trigger ugly scroll bars.
24602 * Tooltips for print version and permalink
24603 * Links to the MediaWiki namespace for system messages having their default
24604 values are no longer shown as nonexistent (e.g., in red)
24605 * Special:Ipblocklist differentiates between empty list and no search results.
24606 * (bug 5375) profiling does not respect read-only mode.
24607 * (bug 7070) monobook/user.gif has antialias artifacts
24608 * (bug 9123) Safer way when applying $wgLocalTZoffset
24609 * (bug 9896) Documentation for $wgSquidServers and X-FORWARDED-FOR
24610 * (bug 9417) Uploading new versions of images when using Postgres no longer
24612 * (bug 9908) Using tsearch2 with Postgres 8.1 no longer gives an error.
24613 * (bug 1438) Fix for diff table layout on very wide lines.
24614 Diff style rules have been broken out to common/diff.css,
24615 and the dupes removed from the default skin files.
24616 Skins can still override the default rules.
24617 * (bug 1229) Balance columns in diff display evenly
24618 * Right-align diff line numbers in RTL language display
24619 * (bug 9332) Fix instructions in tests/README
24620 * (bug 9813) Reject usernames containing '#' to avoid silent truncation
24621 of fragments during the normalisation process
24622 * (bug 7989) RSS feeds content now use black text when using white background.
24623 * (bug 9971) Typo in a french language message.
24624 * (bug 9973) Changed size was shown in advanced recentchanges collapsible items
24625 with $wgRCShowChangedSized = false.
24626 * Fix PHP strict standards warning in enhanced recent changes.
24627 * (bug 5850) Added hexadecimal html entities comments for $digitTransformTable
24629 * (bug 7432) Change language name for Aromanian (roa-rup)
24630 * (bug 908) Unexistent special pages now generate a red link.
24631 * (bug 7899) Added \hline and \vline to the list of allowed TeX commands
24632 * (bug 7993) support mathematical symbol classes
24633 * (bug 10007) Allow Block IP to work with Postgrs again.
24634 * Add Google Wireless Transcoder to the Unicode editing blacklist
24635 * (bug 10083) Fix for Special:Version breakage on PHP 5.2 with some hooks
24636 * (bug 3624) TeX: \ker, \hom, \arg, \dim treated like \sin & \cos
24637 * (bug 10132, 10134) Restore back-compatibility Image::imageUrl() function
24638 * (bug 10113) Fix double-click for view source on protected pages
24639 * (bug 10117) Special:Wantedpages doesn't handle invalid titles in result
24640 set [now prints out a warning]
24641 * (bug 10118) Introduced Special:Mostlinkedtemplates, report which lists
24642 templates with a high number of inclusion links
24643 * (bug 10104) Fixed Database::getLag() for PostgreSQL and Oracle
24644 * (bug 9820) session.save_path check no longer halts installation, but
24645 warns of possible bad values
24646 * (bug 9978) Fixed session.save_path validation when using extended
24647 configuration format, e.g. "5;/tmp"
24648 * Don't generate a diff link in the patrol log if the page doesn't exist
24649 * (bug 10067) Translations for former skins removed from message files
24650 * (bug 9993) Force $wgShowExceptionDetails on during installation
24651 * (bug 9980) Validate administrator username and password during
24653 * (bug 9383) Don't set a default value for BLOB column in rc-deleted
24655 * (bug 10149) Don't show full template list on section-0 edit
24656 * (bug 9909) Ensure access to binary fields in the math table use encodeBlob()
24658 * (bug 6743) Don't link broken image links to the upload form when uploads
24660 * (bug 9679) Improve documentation for $wgSiteNotice
24661 * (bug 10215) Show custom editing introduction when editing existing pages
24662 * (bug 10223) Fix edit link in noarticletext localizations for fr, oc
24663 * (bug 10247) Fix IP address regex to avoid false positive IPv6 matches
24664 * (bug 9948) Workaround for diff regression with old Mozilla versions
24665 * (bug 10265) Fix regression in category image gallery paging
24666 * (bug 8577) Fix some weird misapplications of time zones.
24667 {{CURRENT*}} functions now consistently use UTC as intended, while
24668 {{LOCAL*}} functions return local time per server config or $wgLocaltimezone.
24669 Signature dates for Japanese and other languages including weekday now show
24670 the correct day to match the rest of the time in local time.
24671 * Escape the output of magic variables that return page name or part of it
24672 * (bug 10309) Initialise parser state properly in extractSections(), fixes
24673 some cases where section edits broke because tags were improperly stripped
24674 * Avoid PHP notice errors when doing HTTP proxy purges for an empty list
24675 * As intended, *skip* the HTTP proxy purges when doing HTCP purges
24676 * (bug 9696) Fix handling of brace transformations in "pagemovedtext"
24677 * (bug 10325) Fix regression in form action on Special:Listusers
24678 * Fixed installation on MyISAM or old InnoDB with charset=utf8, was giving
24679 overlong key errors.
24680 * Fixed zero-padding issues with MySQL 5 binary schema
24681 * (bug 10344) Don't follow a redirect after changing its protection level
24682 * (bug 10333) Correct date format in Slovenian
24683 * (bug 10160) Show error message for unknown namespace on Special:Allpages and
24684 Special:Prefixindex; making forms prettier for RTL wikis.
24685 * (bug 10334) Replace normal spaces before percent (%) signs with non-breaking
24687 * (bug 10372) namespaceDupes.php no longer ignores namespace aliases
24688 * (bug 10198) namespaceDupes.php no longer ignores interwiki prefixes
24689 * namespaceDupes.php should work better for initial-lowercase wikis
24690 * (bug 10377) "Permanent links" to revisions still work if the page is moved
24691 and the redirect deleted
24692 * (bug 7071) Properly handle an 'oldid' passed to view or edit that doesn't
24693 match the given title. Fixes inconsistencies with talk, history, edit links.
24694 * (bug 10397) Fix AJAX watch error fallback when we receive a bogus result
24695 * (bug 10396) Fix AJAX error when $wgScriptPath/index.php is not valid;
24696 using $wgScript now included in JS info
24697 * Use native XMLHttpRequest class in preference to ActiveX on IE 7; this
24698 avoids the "ActiveX "Do you want to allow ActiveX?" prompt when something
24699 security settings are cranked this way and AJAX-y gets used.
24700 * Delay AJAX watch initialization until click so IE 6 with ugly security
24701 settings doesn't prompt you until you use the link.
24702 * (bug 10401) Provide non-redirecting link to original title in Special:Movepage
24703 * Fix broken handling of log views for page titles consisting of one
24704 or more zeros, e.g. "0", "00" etc.
24705 * Fix read permission check for special pages with subpage parameters, e.g.
24706 Special:Confirmemail
24707 * Fix read permission check for unreadable page titles which are numerically
24708 equivalent to a whitelisted title
24709 * '?>' closing tag removed from all files to help avoid problems with extraneous
24710 whitespace (broken XML feeds, etc.)
24711 * Don't use garbled parser cache output when viewing custom CSS or JavaScript
24713 * (bug 10406) Fix Special:Listusers filter form for non-ASCII localizations
24714 * Fix empty message checks for message names containing &
24715 This corrects some odd behavior with sidebar items and custom namespaces
24716 containing ampersands.
24717 * (bug 10375) Change thousands separator character to for Latin (la)
24718 * (bug 10477) Fix AJAX watch for Farsi on Firefox: JavaScript encoding tweak
24719 * (bug 10496) Fix broken DISTINCT option logic in database backend
24720 * Fix CSS media declaration for "screen, projection"; was causing some
24722 * (bug 10495) $wgMemcachedDebug set twice in includes/DefaultSettings.php
24723 * (bug 10316) Prevent inconsistent cached skin settings in gen=js by setting
24724 the intended skin directly in the URL.
24725 * (bug 9903) Don't mark redirects in categories as stubs
24726 * (bug 6965) Cannot include "Template:R" with {{R}} (magic word conflict)
24727 * Padding parser functions now work with strings like '0' that evaluate to false
24728 * (bug 10332) Title->userCan( 'edit' ) may return false positive
24729 * Fix bug with <nowiki> in front of links for wikis where linkPrefixExtension is
24731 * (bug 10552) Suppress rollback link in history for single-revision pages
24732 * (bug 10538) Gracefully handle invalid input on move success page
24733 * Fix for Esperanto double-x-encoding in move success page
24734 * (bug 10526) Fix toolbar/insertTags behavior for IE 6/7 and Opera (8+)
24735 Now matches the selection behavior on Mozilla / Safari.
24736 Patch by Alex Smotrov.
24737 * Don't show non-functional toolbar buttons on Opera 7 anymore
24738 * (bug 9151) Fix relative subpage links with section fragments
24739 * (bug 10560) Adding a space between category letter heading and "continues"
24740 * (bug 4650) Keep impossibly large/small counts off Special:Statistics
24741 * (bug 10608) PHP notice when installing with PostgreSQL
24742 * (bug 10615) Fix for transwiki import when CURL not available
24743 * (bug 8054) Return search page for empty search requests with ugly URLs
24744 * (bug 10572) Force refresh after clearing visitation timestamps on watchlist
24745 * (bug 10631) Warn when illegal characters are removed from filename at upload
24746 * Fix several JavaScript bugs under MSIE 5/Macintosh
24747 * (bug 10591) Use Arabic numerals (0,1,2...) for the Malayam language
24748 * (bug 10642) Fix shift-click checkbox behavior for Opera 9.0+ and 6.0
24749 * Work around Safari bug with pages ending in ".gz" or ".tgz"
24750 * Removed obsolete maintenance/changeuser.sql script; use RenameUser extension
24751 * (bug 2735) "Preview" shown in title bar for action=submit on special pages
24752 * Removed "restore" links from the deletion log embedded in Special:Undelete
24753 * Improved error reporting and robustness for file delete/undelete.
24754 * Improved speed of file delete by storing the SHA-1 hash in image/oldimage
24755 * Fixed leading zero in base 36 SHA-1 hash
24756 * Protection form no longer produces JavaScript errors
24757 * (bug 10741) File histories show "delete" links for non-sysops
24758 * (bug 10744) Treat "noarticletext" and "noarticletextanon" as wiki text when
24759 used on a non-existent page with "action=info"
24760 * Fix escaping of raw message text when used on a non-existent page with
24762 * (bug 10683) Fix inconsistent handling of URL-encoded titles in links
24763 used in redirects (i.e. they now work)
24764 * (bug 8878) Changes to $dateFormats in German localization (removing unused,
24765 nonexistent formats, putting time after date)
24766 * (bug 10769) Database::update() should return boolean result
24767 * Fix preference checkbox display for right-to-left languages which caused
24768 them to be hidden in IE in some cases
24769 * Fix upload form display in right-to-left languages
24770 * Fixed regression in blocking of username '0'
24771 * (bug 9437) Don't overwrite edit form submission handler when setting up
24772 edit box scroll position preserve/restore behavior
24773 * (bug 10805) Fix "undo" link when viewing the diff of the most recent
24774 change to a page using "diff=0"
24775 * (bug 10765) img_auth.php will now refuse logged-out requests where
24776 $wgWhitelistRead is undefined, instead of (incorrectly) honouring them
24777 * Fixed img_auth.php file name extraction for whitelist checking
24778 * Tweak spacing of email preference display
24779 * Table sorting JavaScript prefers textContent over innerText to allow hidden
24780 sort keys to work on Safari
24781 * (bug 4530) Fix local name of Kurdish language
24782 * (bug 10830) Fix local name of Haitian Creole language
24783 * Fix invalid XHTML in Special:Protectedpages
24784 * Fix comments in contributions and log pages for right-to-left languages
24785 * Make installer include_path-independent, so it should work on hosts which
24786 disable user setting of PHP include_path setting
24787 * glob() is horribly unreliable and doesn't work on some systems, including
24788 free.fr shared hosting. No longer using it in Language::getLanguageNames()
24789 * (bug 10763) Fix multi-insert logic for PostgreSQL
24790 * Fix invalid XHTML when viewing a deleted revision
24791 * Fix syntax error in translations of magic words in Romanian language
24792 * (bug 8737) Fix warnings caused by incorrect use of `/dev/null` when piping
24793 process error output under Windows
24794 * (bug 7890) Don't list redirects to special pages in Special:BrokenRedirects
24795 * (bug 10783) Resizing PNG-24 images with GD no longer causes all alpha
24796 channel transparency to be lost and transparent pixels to be turned black
24797 * (bug 9339) General error pages were transforming messages and their parameters
24799 * (bug 9026) Incorrect heading numbering when viewing Special:Statistics with
24800 "auto-numbered headings" enabled
24801 * Fixed invalid XHTML in Special:Upload
24802 * (bug 11013) Make sure dl() is available before attempting to use it to check
24803 available databases in installer
24804 * Resizing transparent GIF images with GD now retains transparency by skipping
24806 * (bug 11065) Fix regression in handling of wiki-formatted EXIF metadata
24807 * Double encoding broke Special:Newpages for some languages
24808 * Adding a newline before the statistics footer, to prevent parsing problems
24809 * Preventing the TOC from appearing in Special:Statistics
24810 * (bug 11082) Fix check for fully-specced table names in Database::tableName
24811 * (bug 11067) Fix regression in upload conflict thumbnail display
24812 * (bug 10985) Resolved cached entries on Special:DoubleRedirects were being
24813 suppressed, breaking paging - now strikes out "fixed" results
24814 * (bug 8393) <sup> and <sub> need to be preserved (without attributes) for
24815 entries in the table of contents
24816 * (bug 11114) Fix regression in read-only mode error display during editing
24817 * Force non-MySQL databases to use an ORDER BY in SpecialAllpages to ensure
24818 that the first page_title is truly the first page title.
24819 * (bug 10836) Change the summary on creating of new section
24820 * Inclusion of Special:Wantedpages now works again
24822 == API changes since 1.10 ==
24824 Full API documentation is available at https://www.mediawiki.org/wiki/API
24826 * New properties: links, templates, images, langlinks, categories, external
24828 * Breaking Change: imagelinks renamed into imageusage (il->iu)
24829 * Bug fix: incorrect generator behavior in some cases
24830 * JSON format allows an optional callback function to wrap the result.
24831 * Login module disabled until a more secure solution can be implemented
24832 * (bug 9938) Querying by revision identifier returns the most recent revision
24833 for the corresponding page, rather than the requested revision
24834 * (bug 8772) Filter page revision queries by user
24835 * (bug 9927) User contributions queries do not accept IP addresses
24836 * Watchlist feed now reports a proper feed item when the user is not logged in
24837 * Watchlist feed date bug fixed - automatically shows one last day
24838 * Watchlist feed now allows to specify number of hours to monitor
24839 * list=allpages now returns a list instead of a map in JSON format
24840 * Breaking Change: in json, revisions are now returned as a list, not as a map.
24841 * Add: prop=info can show page is new flag, current page length, and visit
24843 * Change: Query watchlist now shows flags only when explicitly requested with
24845 * rc_this_oldid (textid) is no longer accessible from query watchlist
24846 * action=usercontribs: additional filtering by ucshow=; selection of needed
24847 fields with ucprop=; the textid (rev_text_id) is no longer being exposed
24848 * (bug 9970) Breaking Change: backlinks, embeddedin and imageusage now return
24849 lists in JSON instead of a map, and do not return anything when titles do
24851 * (bug 9121) Introduced indexpageids query parameter to list the page_id
24852 values of all returned page items
24853 * (bug 10147) Now interwiki titles are not processed but added to a separate
24854 "interwiki" section of the output.
24855 * Added categorymembers list to query for pages in a category.
24856 * (bug 10260) Show page protection status
24857 * (bug 10392) Include MediaWiki version details in version output
24858 * (bug 10411) Site language in meta=siteinfo
24859 * (bug 10391) action=help doesn't return help if format is fancy markup
24860 * backlinks, embeddedin and imageusage lists should use (bl|ei|iu)title
24861 parameter instead of titles. Titles for these lists is obsolete and might stop
24863 * Added prop=imageinfo - gets image properties and upload history
24864 * (bug 10211) Added db server replication lag information in meta=siteinfo
24865 * Added external url search within wiki pages (list=exturlusage)
24866 * Added link enumeration (list=alllinks)
24867 * Added registered users enumeration (list=allusers)
24868 * Added full text search in titles and content (list=search)
24869 * (bug 10684) Expanded list=allusers functionality
24870 * Possible breaking change: prop=revisions no longer includes pageid for
24872 * Added rvprop=size to prop=revisions (The size will not be shown if it is NULL
24874 * list=allpages now allows to filter by article min/max size and protection
24876 * Added site statistics (siprop=statistics for meta=siteinfo)
24877 * (bug 10902) Unable to fetch user contributions from IP addresses
24878 * `list=usercontribs` no longer requires that the user exist
24879 * (bug 10971) `aufrom` parameter doesn't work with spaces
24880 * Fix username handling issue with `auprefix` parameter
24881 * Treat underscores as spaces for `aufrom` and `auprefix` parameters
24882 * Added edit/delete/... token retrieval to prop=info
24883 * Added meta=userinfo - logged-in user information, group membership, rights
24884 * (bug 11072) Fix regression in API image history query
24885 * (bug 11115) Adding SHA1 hash to imageinfo query
24886 * (bug 10898) API does not return an edit token for non-existent pages
24887 * (bug 10890) Timestamp support for categorymembers query
24888 * (bug 10980) Add exclude redirects on backlinks
24889 * IPv6 titles in User namespace are normalized (run cleanupTitles.php to fix any
24892 == Maintenance script changes since 1.10 ==
24894 * Add support for wgMaxTocLevel option in parserTests
24895 * (bug 6823) Disable article view counter in maintenance/dumpHTML.php
24896 * Fix maintenance/importImages.php so it doesn't barf PHP errors when no
24897 suitable files are found, and make the list of extensions an option (defaults
24898 to $wgFileExtensions)
24899 * Add option to maintenance/createAndPromote.php to give the user bureaucrat
24900 permissions (--bureaucrat)
24901 * Allow overwriting existing files with a conflicting name using
24902 maintenance/importImages.php
24903 * (bug 10266) Use native newlines when rebuilding a messages file.
24905 == Languages updated since 1.10 ==
24918 * Extremaduran (ext)
24923 * Français Cadien (frc) (new)
24924 * Franco-Provençal/Arpetan (frp)
24928 * Upper Sorbian (hsb)
24938 * Kinaray-a (krj) (new)
24945 * Bahasa Melayu (ms)
24951 * Punjabi (Gurmukhi) (pa)
24953 * Piedmontese (pms)
24957 * Aromanian (roa-rup)
24975 * Winaray (war) (new)
24977 * Old Chinese / Late Middle Chinese (zh-classical)
24978 * Chinese (PRC) (zh-cn)
24979 * Chinese (Taiwan) (zh-tw)
24980 * Cantonese (zh-yue)
24982 == MediaWiki 1.10 ==
24984 == MediaWiki 1.10.4 ==
24988 * Correction for API path fix, broken in 1.10.3
24990 == MediaWiki 1.10.3 ==
24994 This is a security update to the Winter 2007 quarterly release. A potential
24995 XSS injection vector affecting api.php only for Microsoft Internet Explorer
24996 users has been closed.
24999 To work around the vulnerability without upgrading, you may disable the API if
25002 :[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;
25004 Not vulnerable versions:
25009 * 1.8 any version (if $wgEnableAPI has been left off)
25011 Vulnerable versions:
25012 * 1.11 <= 1.11.0rc1
25015 * 1.8 any version (if $wgEnableAPI has been switched on)
25017 MediaWiki 1.7 and below are not affected as they do not include the API
25018 functionality, however the BotQuery extension is similarly vulnerable unless
25019 updated to the latest SVN version.
25021 == MediaWiki 1.10.2 ==
25024 This is a security fix update to the Spring 2007 quarterly release snapshot. A
25025 possible HTML/XSS injection vector in the API pretty-printing mode has been
25028 The vulnerability may be worked around in an unfixed version by simply
25029 disabling the API interface if it is not in use, by adding this to
25031 :[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;
25033 Not vulnerable versions:
25039 Vulnerable versions:
25040 * 1.11 <= 1.11.0rc1
25043 * 1.8 <= 1.8.4 (if $wgEnableAPI has been switched on)
25045 MediaWiki 1.7 and below are not affected as they do not include the faulty
25046 function, however the BotQuery extension is similarly vulnerable unless updated
25047 to the latest SVN version.
25049 == MediaWiki 1.10.1 ==
25052 This is a bugfix update to the Spring 2007 quarterly release snapshot. A number
25053 of fixes to improve compatibility with PostgreSQL, some versions of MySQL, and
25054 some PHP configurations are included.
25056 Changes since 1.10.0:
25058 * (bug [[bugzilla:9417|9417]]) Uploading new versions of images when using
25059 Postgres no longer throws warnings.
25060 * (bug [[bugzilla:9908|9908]]) Using tsearch2 with Postgres 8.1 no longer gives
25062 * (bug [[bugzilla:9973|9973]]) Changed size was shown in advanced recentchanges
25063 collapsible items with $wgRCShowChangedSized = false.
25064 * Fixed installation on MyISAM or old InnoDB with charset=utf8, was giving
25065 overlong key errors.
25066 * Fixed zero-padding issues with MySQL 5 binary schema
25067 * (bug [[bugzilla:9820|9820]]) session.save_path check no longer halts
25068 installation, but warns of possible bad values
25069 * (bug [[bugzilla:9978|9978]]) Fixed session.save_path validation when using
25070 extended configuration format, e.g. "5;/tmp"
25072 == MediaWiki 1.10.0 ==
25075 This is the quarterly release snapshot for Spring 2007. See below for a full
25076 list of changes since the 1.9.x series.
25078 Changes since 1.10.0rc2:
25080 * (bug [[bugzilla:9808|9808]]) Fix regression that ignored user 'rclimit'
25081 option for Special:Contributions
25083 == MediaWiki 1.10.0rc2 ==
25086 THIS IS A RELEASE CANDIDATE MADE AVAILABLE FOR TESTING!
25087 A FINAL 1.10.0 RELEASE WILL APPEAR WITHIN A FEW DAYS.
25089 Changes since 1.10.0rc1:
25090 * Various l10n fixes and updates
25091 * Fix for upgrade of page_restrictions table
25092 * (bug [[bugzilla:9780|9780]]) Fix normalization of titles with initial colon
25093 followed by whitespace
25094 * Fix for regression in upload: wrong size info saved into image table
25095 * Avoid cyclic stub problems when authorization hooks do funny things with the
25096 user and the database at load time
25098 == MediaWiki 1.10.0rc1 ==
25099 This is the Spring 2007 branch release of MediaWiki.
25101 MediaWiki is now using a "continuous integration" development model with
25102 quarterly snapshot releases. The latest development code is always kept
25103 "ready to run", and in fact runs our own sites on Wikipedia.
25105 Release branches will continue to receive security updates for about a year
25106 from first release, but nonessential bugfixes and feature developments
25107 will be made on the development trunk and appear in the next quarterly release.
25109 Those wishing to use the latest code instead of a branch release can obtain
25110 it from source control: https://www.mediawiki.org/wiki/Download_from_SVN
25112 == Configuration changes ==
25114 * A new switch $wgCommandLineDarkBg used by maintenance scripts
25115 (parserTests.php). It lets you specify if your terminal use a dark background,
25116 the colorized output will be made lighter making things easier to read.
25117 * The minimum permissions needed to edit a page in each namespace can now be
25118 customized via the $wgNamespaceProtection array. By default, editing pages in
25119 the MediaWiki namespace requires "editinterface" permission, as before.
25120 * Allow restriction of autoconfirmed permission by edit count. New global
25121 setting $wgAutoConfirmCount (defaulting to zero, naturally).
25122 * Added rate limiter for Special:Emailuser
25123 * Private logs can now be created using $wgLogRestrictions
25124 * (Bug 8590) limited HTML is now always enabled ($wgUserHtml = true).
25125 * Deprecated $wgUseImageResize, thumbnailing will be enabled unconditionally.
25127 == New features since 1.9 ==
25129 * (bug 6937) Introduce "statistics-footer" message, appended to
25131 * (bug 6638) List block flags in block log entries
25132 * (bugs 5051, 5376) Tooltips and accesskeys no longer require JavaScript
25133 * Added SkinTemplateOutputPageBeforeExec hook before SkinTemplate::outputPage()
25135 (http://lists.wikimedia.org/pipermail/wikitech-l/2007-January/028554.html)
25136 * Introduce "cascading protection" -- implicit protection on pages transcluded
25137 into a page protected with this option enabled
25138 * (bug 8567) Added hook RawPageViewBeforeOutput just before the text is blown
25139 out in action=raw, so extensions might influence the output.
25140 * (bug 3446) Add user preference to hide page content below diffs, can be
25141 overridden by adding diffonly=1 or diffonly=0 to the URL of the diff page
25142 * Add 'purge' privilege to replace the hardcoded check for login state in
25143 determining whether action=purge can be done via GET. Switching the
25144 permission on for anons can be helpful for benchmarking.
25145 * (bug 7842) Link back to deleted revision list from deleted revision preview
25146 * (bug 8619) Add user-aware "unblock" link to Special:Blockip
25147 * (bug 8522) Provide a "delete" link on Special:Brokenredirects for users with
25148 the appropriate permission
25149 * (bug 8628) Add user-aware block list link to Special:Blockip
25150 * (bug 8621) Log revisions marked as patrolled
25151 * Introduce "BookInformation" hook; see docs/hooks.txt for more details
25152 * Add title prefix search for Special:Undelete
25153 * Remove full-archive list from Special:Undelete
25154 * (bug 8136) Introduce 'ArticleUndelete' hook; see docs/hooks.txt for more info
25155 * (bug 8712) Expose user groups as a JavaScript global
25156 * Introduce 'CustomEditor' hook; see docs/hooks.txt for more information
25157 * New special page, Special:Protectedpages, which shows all protected pages
25158 and their protection status (full protection status is not pulled out due
25159 to performance considerations, so it just shows "full protected" or
25161 * (bug 4133) Allow page protections to be made with an expiry date, in the same
25162 format as block expiry dates. Existing protections are assumed to be infinite,
25163 as are protections made with the new field left blank.
25164 * (bug 8535) Allow certain vertical alignment attributes to be used as image
25166 * (bug 6987) Allow perrow, widths, and heights attributes for <gallery>
25167 * (bug 3678) Allow disabling MediaWiki:Aboutsite in the same way as
25168 MediaWiki:Disclaimers; Also means that if any of the footer links are
25169 disabled in the wiki's default language (by setting to "-"), they'll also
25170 be disabled in other languages too (e.g. if the user specifies uselang=fr).
25171 * Sort log types in Special:Log
25172 * Added a classname ("mw-toolbar-editbutton") and unique IDs to the edit
25174 * Hide irrelevant block options in Special:Blockip based on whether an
25175 IP address/range or username is listed. (Dynamic using JS.)
25176 * (bug 9032) Make quickbarSettings localizable through Special:Allmessages
25177 * (bug 7782) Standardisation of file info at image description pages.
25178 * (bug 1035) View contributions / recentchanges for an IP range.
25179 * (bug 8747) When unwatching pages from Special:Watchlist/edit, put the
25180 confirmation messages in a proper list with a CSS class and id.
25181 * (bug 9118) Show relevant log fragments on deletion confirmatio page
25182 * (bug 9009) Add username entry field to Special:Contributions
25183 * (bug 1723) Article size in history
25184 * (bug 9223) Disallow magic tilde sequences in page titles and usernames
25185 * (bug 6997) Link from Special:log/block to unblock form
25186 * (bug 9117) Link from Special:log/delete to undelete form
25187 * Link from Special:log/protect to change protection form
25188 * (bug 1196) Add IPv6 support added to blocks, more consistancy for IPv6
25190 * (bug 3984) Searching in logs by title%
25191 * Show thumbnail of existing image if image exists already under this filename
25192 * (bug 5546) Watchlist reflects logged actions like move, protection, undelete
25193 * Support protocols other than HTTP in LinkFilter, use $wgUrlProtocols
25194 * (bug 3069) Warning on upload of scaled down images
25195 * Warning on upload of images with uppercase extension if image with lowercase
25197 * (bug 4624) Namespace selection for Special:Whatlinkshere
25198 * Introduce PageHistoryBeforeList and PageHistoryLineEnding hooks; see
25199 docs/hooks.txt for more information
25200 * (bug 9397) Introduce "sp-contributions-footer" and
25201 "sp-contributions-footer-anon" messages, shown at the end of
25202 Special:Contributions as appropriate for the target
25203 * (bug 8421) Expose current action in JavaScript globals (as 'wgAction')
25204 * (bug 9069) Use galleries in query pages dedicated to images
25205 * (bug 9177) Installer now warns of various conditions affecting
25206 session.save_path which can lead to broken session storage
25207 * (bug 9046) Special page to list pages without language links
25208 * (bug 9508) Special page to list articles with the fewest revisions
25209 * Introduce 'FileUpload' hook; see docs/hooks.txt for more information
25210 * Introduce 'SearchUpdate' hook; see docs/hooks.txt for more information
25211 * Introduce 'mywatchlist' message; used on personal menu to link to watchlist
25213 * Introduce magic word {{NUMBEROFEDITS}}
25214 * Introduced media handlers for file-type specific operations.
25215 * Improved error reporting for image thumbnailing
25216 * Added sharpening option for ImageMagick thumbnailing
25217 * (bug 9656) Autosummaries will be generated for deletion of pages longer than
25219 * Predefined block reasons added to Special:Blockip
25220 * (bug 9196) Installer now check that zend.ze1_compatibility_mode is off
25221 * (bug 9697) Introduce 'InternalParseBeforeLinks' hook; see docs/hooks.txt for
25223 * 'contribsub' message changed to 'contribsub2' with two parameters to permit
25224 better localization. Change is reverse-compatible and can be ignored for
25226 * Adding a 'reason' field to Special:Userrights
25228 == Bugfixes since 1.9 ==
25230 * (bug 7292) Fix site statistics when moving pages in/out of content namespaces
25231 * (bug 8531) Correct local name of Lingála
25232 * Made the PLURAL: parser function return singular on -1 by default
25233 * Fixed up the AjaxSearch
25234 * Fix SpecialVersion->formatCredits input. Version and Url parameters should be
25235 null to be treated properly with isset.
25236 * Page restrictions moved into a new, dedicated table
25237 * Correct tooltip accesskey hint for Opera on the Macintosh
25238 (uses Shift-Esc-, not Ctrl-).
25239 * (bug 8002) Math should render left-to-right even in right-to-left wikis
25240 * Pass e-mail and real name fields to AuthPlugin::addUser, as additional
25241 optional fields, which may be considered useful at registration time.
25242 * PostgreSQL upgrade scripts fixed and updated
25243 * (bug 8613) Fix error when viewing "Recent Changes" and using Postgres.
25244 * Initialise site_stats table at upgrade time if data was missing
25245 * (bug 7250) Updated Unicode normalization tables to Unicode 5.0
25246 * Unmaintained Oracle support files have been removed.
25247 * Use browser default for printing size, don't force to 11pt
25248 * (bug 8632) Fix regression in page protection null edit update
25249 * (bug 8407) Disallow indexing of "printable" versions
25250 * (bug 8643) Correctly escape the page-specific CSS class for non-Monobook skins
25251 * (bug 8629) Document $wgFilterCallback
25252 * (bug 1000) Clarify warning about memory_limit in installer
25253 * Suppress PHP warning about set_time_limit in installer when safe mode is on
25254 * (bug 3000) Fall back to SCRIPT_NAME plus QUERY_STRING when REQUEST_URI is
25255 not available, as on IIS with PHP-CGI
25256 * Missing interwiki row for English Wikipedia restored (as "wikipedia:")
25257 * use configured cache servers for mctest.php
25258 * bucket details in mcc.php
25259 * fix input validation and remove debugging code in compressOld
25260 * full ID range for moveToExternal
25261 * fix resolveStubs.php for compatibility with older serialized data
25262 * maximum line length for bar graphs in getLagTimes.php
25263 * recognize specieswiki in rebuildInterwiki.inc
25264 * profile unicode cleanup in Xml
25265 * log slow parses in Article.php
25266 * profile wfMsgReal
25267 * log mkdir failures
25268 * profile AutoLoader
25269 * rebuild empty DjVu metadata containing ''
25270 * security fix for DjVu metadata retrieval
25271 * Undelete page list can use plural marker
25272 * (bug 8638) Fix update from 1.4 and earlier
25273 * (bug 8641) Fix order of updates to ipblocks table
25274 * (bug 8678) Fix detection of self-links for numeric titles in Parser
25275 * (bug 6171) Magically close tags in tables when not using Tidy.
25276 * Sanitizer now correctly escapes lonely '>' occurring before the first wikitag.
25277 * Ignore self closing on closing tags ( '</div />' now gives '</div>')
25278 * (bug 8673) Minor fix for web service API content-type header
25279 * Fix API revision list on PHP 5.2.1; bad reference assignment
25280 * (bug 8688) Handle underscores/spaces in Special:Blockip and
25281 Special:Ipblocklist in a consistent manner
25282 * (bug 8701) Check database lock status when blocking/unblocking users
25283 * ParserOptions and ParserOutput classes are now in their own files
25284 * (bug 8708) Namespace translations for Zealandic language
25285 * Renamed constructor methods to PHP 5 __construct reserved name
25286 * (bug 8715) Warn users when editing an interface message whether or not the
25287 message page exists
25288 * ar: fix the 'create a new page' on search page when no exact match found
25289 * (bug 8703) Corrected talk and image namespace name for Limburgish (li)
25290 * (bug 8671) Expose "wpDestFile" as a parameter to "uploadtext"
25291 * (bug 8403) Respect bad image list exceptions in galleries on wiki pages
25292 * Allow sending per-user contribution requests to "contributions" query group
25293 * (bug 3717) Update user count for AuthPlugin account autocreation
25294 * (bug 8719) Firefox release notes lie! Fix tooltips for Firefox 2 on x11;
25295 accesskeys default settings appear to be same as Windows.
25296 * Added an option to make Linker::userToolLinks() show the contribs link
25297 red when the user has no edits. Linker::userToolLinksRedContribs() is an
25298 alias to that which should be used to make it more self documentating.
25299 * (bug 8749) Bring MySQL 5 table defs back into sync
25300 * (bug 8751) Set session cookies to HTTPS-only to match other cookies
25301 * (bug 8652) Catch exceptions generated by malformed XML in multipage media
25302 * (bug 8782) Help text in Makefile
25303 * (bug 8777) Suppress 'previous' link on Special:Allpages when at first page
25304 * (bug 8774) Fix path for GNU FDL rights icon on new installs
25305 * Fix multipage selector drop-down for DjVu images to work when title
25306 is passed as a query string parameter; we have to pass the title as
25307 a form parameter or it gets dropped from the form submission URL
25308 * (bug 8819) Fix full path disclosure in with skins dependencies
25309 * Fixed bug affecting HTML formatting in sortable table column titles
25310 * Merged table sorting code into wikibits.js
25311 * (bug 8711) Stop floats in previews from spilling into edit area
25312 * (bug 8858) Safer handling when $wgImageLimits is changed. Added a note
25313 in DefaultSettings to make it clear.
25314 * (bug 4268) Fixed data-loss bug in compressOld batch text compression
25315 affecting pages which had null edits (move, protect, etc) as second
25316 edit in a batch group. Isolated and patched by Travis Derouin.
25317 * Fix for paths in 1.4->1.5 special-case updater script
25318 * (bug 8789) AJAX search: IE users can now use the return key
25319 * (bug 6844) Use <ins> and <del> tags to emphase the differences
25320 * (bug 6684) Fix improper javascript array iteration
25321 * (bug 4347) use MailAddress object for reply-to
25322 * Add AlphabeticPager abstract class
25323 * Use faster AlphabeticPager for Special:Categories
25324 * (bug 8875) Show printable link in MonoBook sidebar for locally nonexistent
25325 pages; perhaps useful for categories and shared images
25326 * Clean up session checks to better handle the case where the session was
25327 opened during the current request. May help with some caching corner
25329 * (bug 8897) Fix whitespace removal for interlanguage links with link prefix
25330 * Add 'ParserTestTables' hook to expand the list of temporary tables copied
25331 by the parser test harness; use for extensions which require the presence
25332 of other tables while they work.
25333 * Message names changed for AlphabeticPager introduced with r19758
25334 for better localisations.
25335 * (bug 8944) The deprecated is_a() function is used in StubObjects.php
25336 * (bug 8992) Fix a remaining raw use of REQUEST_URI in history
25337 * (bug 8999) User.php gives "undefined user editcount" PHP notice.
25338 * (bug 8984) Fix a database error in Special:Recentchangeslinked
25339 when using the Postgres database.
25340 * Moved the main ob_start() from the default LocalSettings.php to WebStart.php.
25341 The ob_start() section should preferably be removed from older
25342 LocalSettings.php files.
25343 * Give Content-Length header for HTTP/1.0 clients.
25344 * Partial support for Flash cross-domain-policy filtering.
25345 * Lazy-initialize site_stats row on load when empty. Somewhat kinder to
25346 dump-based installations, avoiding PHP warnings when NUMBEROFARTICLES
25348 * Add 'charset' to Content-Type headers on various HTTP error responses
25349 to forestall additional UTF-7-autodetect XSS issues. PHP sends only
25350 'text/html' by default when the script didn't specify more details,
25351 which some inconsiderate browsers consider a license to autodetect
25352 the deadly, hard-to-escape UTF-7.
25353 This fixes an issue with the Ajax interface error message on MSIE when
25354 $wgUseAjax is enabled (not default configuration); this UTF-7 variant
25355 on a previously fixed attack vector was discovered by Moshe BA from BugSec:
25356 http://www.bugsec.com/articles.php?Security=24
25357 * Trackback responses now specify XML content type
25358 * (bug 9044) Send a comment with action=raw pages in CSS/JS output mode
25359 to work around IE/Mac bug where empty pages time out verrrrryyyyy slowly,
25360 particularly with new keepalive-friendly HTTP on Wikipedia
25361 * (bug 8919) Suppress paging links and related messages where there are no
25362 rows to list for query pages
25363 * (bug 9057) Standardize MediaWiki: namespace for oc
25364 * (bug 8132) Suppress "Pages in this category" heading in categories when
25366 * (bug 8958) Handle search operators better when using tsearch2 (Postgres)
25367 * (bug 8799) Use redirect table for Special:BrokenRedirects and
25368 Special:DoubleRedirects
25369 * (bug 8918) Enable PLURAL option for MediaWiki:showingresults and
25370 MediaWiki:showingresultsnum
25371 * (bug 9122) Fix minor display issue in RTL with section edit link margin
25372 * (bug 5805) Enable PLURAL option for some messages of watchlist and statistic
25373 * (bug 3953) Work around poor display of parenthesis in the in other
25374 languages section of MonoBook skin
25375 * (bug 8539) Enable PLURAL option for another message of recentchanges.
25376 * (bug 8728) MediaWiki:Badfiletype split into 3 messages
25377 * (bug 9131) Allow SpecialContributions to work with Postgres
25378 * (bug 9155) Allow footer info to wrap in Monobook
25379 * (bug 8847) Strip spurious #fragments from request URI to fix redirect
25380 loops on some server configurations
25381 * (bug 9097) column "pr_pagetype" does not exist
25382 * (bug 9217) Balance wfProfile calls in Skin::outputPage
25383 * (bug 9222) PostgreSQL updater should not be version-specific
25384 * Fix fallback implementation of mb_strlen so it works and isn't insanely
25385 slow for large strings, since it's used for page edit lengths
25386 * (bug 8815) Setting password in initUser() breaks LdapAuthentication plugin
25387 * (bug 9256) Add a quick note to index.php header comments
25388 * Make Special:Listusers caseinsensitive for first letter
25389 * Default tidy.conf has been moved from extensions module into includes.
25390 * Ignore lonely '''''
25391 * (bug 9244) When calling edit page for nonexistent section, generate error
25392 inside of just discarding edits, since edit links sometimes go to the wrong
25394 * (bug 9019) No warning during upload if image description page exists, but no
25396 * (bug 8582) Allow thumbnailing when imagesize has a space.
25397 * (bug 8716) Change math_inputhash and math_outputhash to bytea for Postgres
25398 * (bug 9343) Correct internal name for Wolof language
25399 * (bug 9363) Fix Postgres error on Recentchangeslinked
25400 * (bug 5142) Fixed call of hook ArticleViewHeader
25401 * (bug 4777) Separate prev/next messages for Special:Whatlinkshere
25402 * Merge approx 15 missing Wikipedia language codes into wikipedia-interwiki.sql
25403 based on Jeff Merkey's mediawiki-1.9.3.WG-20070316.tar.gz.bz2 archive.
25404 * (bug 9411) Fix for shared image descriptions using query-string titles
25405 * (bug 4756) Add user tool links for self created accounts at special:log
25406 instead of sometimes broken block links from newuserlog extension
25407 * (bug 5817) Special:Recentchangeslinked now shows red link for nonexistent
25408 target page instead of silently redirecting
25409 * (bug 8914) Don't transform colons in {{anchorencode:}}
25410 * (bug 9241) Handle edit section links and include size links for cached
25411 templates the same as the first transclusion.
25412 * (bug 9466) "Rollback failed" page doesn't format edit comment
25413 * (bug 9472) Invalid XHTML on cached special pages
25414 * (bug 9472) Invalid XHTML on Special:Newpages
25415 * (bug 4764) "My contributions" not bold when viewing own contributions
25416 * (bug 9194) Add {{PLURAL:...}} to navigation bar of Special:Whatlinkshere
25417 * (bug 9033) Use a more specific error message when users are not able/allowed
25418 to edit page protection levels due to a block, database lock or permissions
25419 * Fixed $wgFeedLimit
25420 * (bug 9270) Corrected help namespace name for Dutch Lower Saxon (nds-nl)
25421 * (bug 929, 4215) Expose "rcdays" user preference in Special:Preferences
25422 * (bug 9554) Extension-provided group name messages not used
25423 * (bug 9565) Translate template namespace name for Hindi (hi)
25424 * (bug 8599) Correct localized names of zh-variants
25425 * (bug 3366) Require skins based on SkinTemplate to override the skinname
25427 * (bug 9220) Removed obsoletes functions in install-utils.inc.
25428 * Removed obsoletes Title::getRelatedCache and Title:touchArray
25429 * (bug 7285) Check MySQL username length during install
25430 * (bug 6910) Correct date/time formats in Vietnamese (vi)
25431 * (bug 9608) Correctly use ORDER BY in dumpLinks.php
25432 * (bug 9609) Correctly use ORDER BY in SpecialWhatlinkshere.php
25433 * Special:Random and Special:Randomredirect now try harder to send the user to
25434 a random page, and will give an error message if none really can be found
25435 instead of sending the user to the main page like they used to
25436 * Fix object variable used for displaying "not-patrolled" CSS class on list
25437 * Fixed interaction of page parameter to ImagePage with the HTML file cache
25438 * Fixed MIME type for SVG files, will be silently changed from image/svg
25439 to image/svg+xml after loading from the database.
25440 * Workaround for djvutoxml bug #1704049 (poor performance). Use djvudump
25442 * Fixed odd behavior in ImagePage on DjVu thumbnailing errors
25443 * (bug 5439) "Go" title search will now jump to shared/foreign Image: and
25444 MediaWiki: pages that have not been locally edited.
25445 * (bug 9630) Limits links in Whatlinkshere forgot about namespace filter
25446 * Fixed upgrade for the non-standard MySQL schemas
25447 * Disable MySQL's strict mode at session start for MySQL 4.1+, to avoid the
25448 various problems that occur when it is on.
25449 * (bug 9585) Fix regression in tidy usage in Special:Undelete previews
25450 * (bug 3826) Normalize some invalid cookie name characters when setting
25451 up $wgCookiePrefix. Completes application of patch by Anders Kaseorg.
25452 * (bug 9649) Fix RTL form alignment for Special:Movepage
25453 * (bug 9582) Members of bot group now mark edits patrolled by default
25454 * (bug 9669) Fix limit ordering for rebuildrecentchanges; broken since
25455 converted from 1.4 to 1.5 schema
25456 * (bug 9682) Revert PHP 5.1 dependency on warning suppression for SVN info
25457 * (bug 5959) Anchors dropped from stub links
25458 * (bug 3348) Some additional weak password checks: password which is same
25459 as username will now be rejected.
25460 * (bug 8602) Converted Special:Contributions to use an IndexPager. The
25461 interpretation of the offset parameter has changed, and the go parameter
25463 * (bug 6204) Fixes for indentation with $wgMaxTocLevel:
25464 - don't emit too many list close tags after an invisible header
25465 - don't emit too many final list close tags if last header is invisible
25466 - don't emit TOC when there are no visible headers
25467 * (bug 7629) Fix $wgBrowserBlackList to avoid false positive on MSIE
25468 when certain plugins are present which alter the user agent
25473 * New script maintenance/language/checkExtensioni18n.php used to check i18n
25474 progress in the extension repository.
25475 * Running maintenance/parserTests.php with '--record' option, will now
25476 automatically attempt to create the required tables
25477 * --purge option to do additional parser-cache purging for purgeList.php
25478 * Fix hardcoded background color in parserTests.php
25479 * parserTests.php : removed the 'light' option for --color argument, replacing
25480 it with a new global switch : $wgCommandLineDarkBg
25481 * (bug 8780) Clarify message for command-line scripts if LocalSettings.php
25482 exists but is not readable
25483 * dumpBackup / importDump now work with PostgreSQL
25484 * (bug 8975) Use "Maintenance script" as the default username for
25485 importImages.php and importTextFile.php scripts
25486 * (bug 8933) Fix maintenance/reassignEdits.php script
25487 * (bug 9440) Added "mediawikiwiki" interwiki prefix to MediaWiki.org
25488 * (bug 2979) Import now gracefully skips invalid titles with a warning
25489 * Restore '--norc' option for maintenance/importTextFile.php
25490 * Help information for maintenance/importTextFile.php now easier to read on
25492 * Doxygen documentation now show the revision number of each file, generate
25493 graphs using dot and include a search engine.
25496 == Languages updated ==
25501 * Belarusian normative (be)
25502 * Belarusian alternative (be-x-old)
25520 * Upper Sorbian (hsb)
25540 * Dutch Lower Saxon (nds-nl)
25542 * Nepal Bhasa (new)
25560 * Old Chinese / Late Middle Chinese (zh-classical)
25561 * Chinese (PRC) (zh-cn)
25562 * Chinese (Taiwan) (zh-tw)
25563 * Cantonese (zh-yue)
25565 == Compatibility ==
25567 MediaWiki 1.10 requires PHP 5 (5.1 recommended). PHP 4 is no longer supported.
25569 PHP 5.0.x fails on 64-bit systems due to serious bugs with array processing:
25570 http://bugs.php.net/bug.php?id=34879
25571 Upgrade affected systems to PHP 5.1 or higher.
25573 MySQL 3.23.x is no longer supported; some older hosts may need to upgrade.
25574 At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases.
25579 1.10 has several database changes since 1.9, and will not work without schema
25582 If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
25583 new database fields are filled with data.
25585 If you are upgrading from MediaWiki 1.4.x or earlier, some major database
25586 changes are made, and there is a slightly higher chance that things could
25587 break. Don't forget to always back up your database before upgrading!
25589 See the file UPGRADE for more detailed upgrade instructions.
25591 = MediaWiki release notes =
25592 Security reminder: MediaWiki does not require PHP's register_globals
25593 setting since version 1.2.0. If you have it on, turn it *off* if you can.
25597 == MediaWiki 1.9.6 ==
25601 * Correction for API path fix, broken in 1.9.5
25603 == MediaWiki 1.9.5 ==
25607 This is a security update to the Winter 2007 quarterly release. A potential XSS
25608 injection vector affecting api.php only for Microsoft Internet Explorer users
25612 To work around the vulnerability without upgrading, you may disable the API if
25615 :[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;
25617 Not vulnerable versions:
25622 * 1.8 any version (if $wgEnableAPI has been left off)
25624 Vulnerable versions:
25625 * 1.11 <= 1.11.0rc1
25628 * 1.8 any version (if $wgEnableAPI has been switched on)
25630 MediaWiki 1.7 and below are not affected as they do not include the API
25631 functionality, however the BotQuery extension is similarly vulnerable unless
25632 updated to the latest SVN version.
25634 == MediaWiki 1.9.4 ==
25638 This is a security and bug fix update to the Winter 2007 quarterly release.
25639 Minor compatibility fixes for IIS 5 are included.
25641 * (bug [[bugzilla:8847|8847]]) Strip spurious #fragments from request URI to
25642 fix redirect loops on some server configurations
25643 * A possible HTML/XSS injection vector in the API pretty-printing mode has been
25646 The vulnerability may be worked around in an unfixed version by simply
25647 disabling the API interface if it is not in use, by adding this to
25650 :[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;
25652 Not vulnerable versions:
25658 Vulnerable versions:
25659 * 1.11 <= 1.11.0rc1
25662 * 1.8 <= 1.8.4 (if $wgEnableAPI has been switched on)
25664 MediaWiki 1.7 and below are not affected as they do not include the faulty
25665 function, however the BotQuery extension is similarly vulnerable unless updated
25666 to the latest SVN version.
25668 == MediaWiki 1.9.3 ==
25672 This is a security and bug-fix update to the Winter 2007 quarterly release.
25673 Minor compatibility fixes for IIS and PostgreSQL are included.
25675 An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7
25676 charset autodetection was located in the AJAX support module, affecting MSIE
25677 users on MediaWiki 1.6.x and up when the optional setting $wgUseAjax is enabled.
25679 If you are using an extension based on the optional Ajax module, either disable
25680 it or upgrade to a version containing the fix:
25682 * 1.9: fixed in 1.9.3
25683 * 1.8: fixed in 1.8.4
25684 * 1.7: fixed in 1.7.3
25685 * 1.6: fixed in 1.6.10
25687 There is no known danger in the default configuration, with ''$wgUseAjax'' off.
25689 * ([[mediazilla:8992|8992]]) Fix a remaining raw use of REQUEST_URI in history
25690 * ([[mediazilla:8984|8984]]) Fix a database error in
25691 Special:Recentchangeslinked when using the PostgreSQL database.
25692 * Add ''charset'' to Content-Type headers on various HTTP error responses to
25693 forestall additional UTF-7-autodetect XSS issues. PHP sends only ''text/html''
25694 by default when the script didn't specify more details, which some
25695 inconsiderate browsers consider a license to autodetect the deadly,
25696 hard-to-escape UTF-7. This fixes an issue with the Ajax interface error message
25697 on MSIE when ''$wgUseAjax'' is enabled (not default configuration); this UTF-7
25698 variant on a previously fixed attack vector was discovered by Moshe BA from
25699 BugSec: [http://www.bugsec.com/articles.php?Security=24
25700 http://www.bugsec.com/articles.php?Security=24]
25701 * Trackback responses now specify XML content type
25703 == MediaWiki 1.9.2 ==
25707 This is a bug-fix update that fixes some installation and other minor issues
25708 with the 1.9.1 release as well as a security issue which was introduced in the
25711 JavaScript code which regenerated the "sortable tables" feature did not
25712 properly sanitize input, leading to an HTML injection vulnerability.
25714 * ([[mediazilla:8774|8774]]) Fix path for GNU FDL rights icon on new installs
25715 * ([[mediazilla:8819|8819]]) Fix full path disclosure with skins dependencies
25716 * ([[mediazilla:8819|8819]]) Fixed data-loss bug in compressOld batch text
25717 compression affecting pages which had null edits (move, protect, etc) as second
25718 edit in a batch group. Isolated and patched by Travis Derouin.
25719 * Security fix for sortable tables JavaScript
25721 == MediaWiki 1.9.1 ==
25725 This is a bug-fix update that fixes some installation and upgrade issues with
25726 the original 1.9.0 release.
25728 * ([[mediazilla:3000|3000]]) Fall back to SCRIPT_NAME plus QUERY_STRING when
25729 REQUEST_URI is not available, as on IIS with PHP-CGI
25730 * Security fix for DjVu images. (Only affects servers where .djvu file uploads
25731 are enabled and ''$wgDjvuToXML'' is set.)
25732 * ([[mediazilla:8638|8638]]) Fix update from 1.4 and earlier
25733 * ([[mediazilla:8641|8641]]) Fix order of updates to ipblocks table for updates
25735 * ([[mediazilla:8673|8673]]) Minor fix for web service API content-type header
25736 * Fix API revision list on PHP 5.2.1; bad reference assignment
25737 * Fixed up the AjaxSearch
25738 * Exclude settings files when generating documentation. That could expose the
25739 database user and password to remote users.
25740 * ar: fix the 'create a new page' on search page when no exact match found
25741 * Correct tooltip accesskey hint for Opera on the Macintosh (uses Shift-Esc-,
25743 * ([[mediazilla:8719|8719]]) Firefox release notes lie! Fix tooltips for
25744 Firefox 2 on x11; accesskeys default settings appear to be same as Windows.
25746 == Changes since 1.8 ==
25748 * (bug 8200) Make category lists sorted by name when using Postgres.
25749 * (bug 7841) Support 'IGNORE' inserts for Postgres, fixes watchlist
25751 * (bug 6835) Removing the includes/Parser.php::getTemplateArgs() function,
25752 because it seems to be unused.
25753 * (bug 7139) Increasing the visual width of the edit summary field on larger
25754 screen sizes, for the default monobook skin.
25755 * Fix PHP notice and estimates for dumpBackup.php and friends
25756 * Improved register_globals paranoia checks
25757 * (bug 7545) Fix PHP version check on install
25758 * Disable PHP exception backtrace printing unless $wgShowExceptionDetails
25759 is set. Backtraces may contain sensitive information in function call
25761 * (bug 6164) Avoid smashing Cite state if message transformation triggers
25762 during bad image list check, by skipping message transformation.
25763 This isn't a good permanent fix.
25764 * (bug 6918) Stopped borders and backgrounds from showing through floated
25766 * (bug 6868) Un-hardcode section edit link style
25767 * (bug 3205) Stop right floats from stacking horizontally in non-Monobook skins
25768 * Added global $wgStyleVersion to centralize bumping CSS and JS file versions
25769 for cache-friendly style and script updating
25770 * (bug 7562) Fix non-ASCII namespaces on Windows/XAMPP servers
25771 * Friendlier check for PHP 5 in command-line scripts; it's common for parallel
25772 PHP 4 and 5 installations to interfere on the command-line.
25773 * Fix regression in autoconfirm permission check
25774 * (bug 3015) Add CSS ids to subcategory and page sections on category pages
25775 * (bug 7587) Fix erroneous id for specialpage tab, enabling informative popup
25776 * (bug 7599) Fix thumbnail purging, PHP notices on HTCP image page purge
25777 * (bug 7581) Update language name for cbk-zam
25778 * (bug 7444) Update namespace translations for Telugu (te), kept old values as
25779 alias for compatibility
25780 * (bug 4525) Move section links down visually to same level as headings
25781 (editsection links are now inside the heading elements)
25782 * Workaround for http://bugs.php.net/bug.php?id=31892 , PATH_INFO and hence
25783 URLs of the style /index.php/Main_Page were broken on some CGI installations.
25784 * (bug 7623) Validate custom HTML id's correctly in Monobook interface
25785 * (bug 2241) Fix collision of 'w' and 'd' accesskeys
25786 * (bug 5795) CSS class added to body based on page name for page-specific
25788 * (bug 6276) Stopped search field from getting too large in Cologne Blue
25789 * (bug 7644) User creations that are aborted by hooks shouldn't be counted
25790 against account creations per day limit
25791 * (bug 7636) Show Firefox 2 users correct accesskey prefix
25792 * (bug 6427) Block blocked IPs from using the mail password function
25793 to allow blocking of flooders
25794 * Include common.css from classic-style skins in main HTML with the bump URL
25795 * (bug 7607) Add Karakalpak (kaa) to Names.php and stub message file for
25797 * (bug 7582) Add 'tog-nolangconversion' to MessagesEn.php.
25798 This key is need for languages with variants (zh, sr, kk)
25799 * (bug 7606) MediaWiki messages for "rss" and "atom" missing
25800 * (bug 7609) Add some more '*-summary' messages to MessagesEn.php with empty
25801 strings to allow better localisation via Special:Allmessages. Mark this new
25802 messages as optional for localisation.
25803 * Fix user_newpass upgrade for prefixed tables (reported by Fyren)
25804 * (bug 7663) Include language variant switcher links on Nostalgia skin
25805 * (bug 6531) Fix PHP fatal error on installation page with bad username input.
25806 * (bug 6977) Remove 404 link for autogenerated database documentation.
25807 * (bug 7369) Allow "Show Changes" without requiring edit token.
25808 * (bug 7687) Fix movetalk box checks itself when confirming a delete and move.
25809 * (bug 7684) Obey watchcreated preference for Special:Upload watch checkbox
25810 * (bug 7686) Include id attribute on delete form confirmation button
25811 * Allow compound interwiki prefixes in $wgImportSources
25812 * (bug 7304) Added redirect table to store redirect targets.
25813 * Added querycachetwo table (similar to querycache but has two titles)
25814 * PageArchive can now return a Revision object for more convenient processing
25815 of deleted revision data
25816 * Added 'UndeleteShowRevision' hook in Special:Undelete
25817 * Error message on attempt to view invalid or missing deleted revisions
25818 * Remove unsightly "_" from namespace in Special:Allpages, Special:Prefixindex
25819 * (bug 3224) Allow minor edits by bots to skip new message notification on
25820 user talk pages. This can be disabled by adjusting the 'nominornewtalk'
25821 permission. Patch by Werdna.
25822 * (bug 7741) MATH: fixed broken syntax of underbrace etc. Fixed arrays
25823 * Fix purging for updated SVG files
25824 * (bug 7745) Add id attribute to search button in Monobook
25825 * (bug 7749) MATH: added some more LaTeX symbols, e.g. parallel, diamond, ast...
25826 * (bug 7304) Added code in Article.php to keep redirect table up to date.
25827 * Made special page names case-insensitive and localisable. Care has been taken
25828 to maintain backwards compatibility.
25829 * Used special page subpages in a few more places, instead of query parameters.
25830 * (bug 7758) Added wrapper span to "templates used" explanation to allow CSS
25831 styling (class="mw-templatesUsedExplanation").
25832 * Added {{#special:}} parser function, to give the local default title for
25834 * (bug 7766) Remove redundant / from AJAX requests, can break some servers
25835 * Add tab links from extensions to classic-based skins (SkinTemplateTab hook)
25836 Provides better cross-skin compatibility for extensions using the modern
25837 skin hooks, such as Oversight
25838 * Moved variant language links on Cologne Blue and Nostalgia to before the
25840 * Fix for parser tests with MySQL 5 in strict mode
25841 * Added block option "enable autoblocks"
25842 * Amend Special:Ipblocklist to note when a block has autoblock DISABLED.
25843 * (bug 7780) Fix regression in editing redirects
25844 * Add whitespace above "templates included on this page" using CSS, not
25845 hardcoded line break.
25846 * Remove entries from redirect table on article deletion
25847 * (bug 7788) Force section headers in new section links for users who have
25848 'prompt for blank edit summaries' on.
25849 * (bug 1133) Special:Emailuser: add an option to send yourself a copy of your
25851 * (bug 461) Allow "Categories:" link at bottom of pages to be customized via
25852 pagecategorieslink message.
25853 * Sort the list of skins in "My Preferences" -> Skins by alphabetical order.
25854 * (bug 7785) Postgres compatibility for timestamps in RC feeds
25855 * (bug 7550) Normalize user parameter normally on Special:Log
25856 * (bug 7294) Fix PATH search for diff3 on install
25857 * Various fixes related to the blocking change re: autoblocks. On inserting
25858 an IP block, the ipb_enable_autoblock field is now automagically blanked,
25859 because it doesn't make any sense for an IP. Additionally, IP blocks
25860 without the ipb_enable_autoblock option no longer show up as "autoblock
25861 disabled" on Special:Ipblocklist.
25862 * (bug 7774) MATH: aded more amstex functions
25863 * (bug 1182) MATH: fixed inconsistent rendering of upper case Greek letters in
25865 * Fix regression in streaming page dump generation
25866 * (bug 7801) Add support for parser function hooks in parser tests
25867 * checkUsernames.php now uses wfDebugLog instead of hardcoded path to log
25868 * (bug 7810) Update talk namespaces for Occitan
25869 * Allow case-sensitive URLs to be used for uploading from URLs.
25870 * (bug 1109) Correct fix for compressed 304 responses when additional output
25871 buffers have been installed within the compression handler
25872 * (bug 7819) Move automatic redirect edit summary after pre-save transform
25873 to work properly with subst: fun
25874 * (bug 7826) Fix typos in two English messages.
25875 * (bug 5365) Stop users being prompted to enter an edit summary for null edits,
25876 if they have selected that option in preferences.
25877 * (bug 5936) Show an 'm' to the left of the edit summary on diff pages for minor
25879 * (bug 7820) Improve error reporting for uploads via URL.
25880 * (bug 5149) When autoblocks are enabled, retroactively apply an autoblock to
25881 the most recently used IP of a user when they are blocked.
25882 * Add an index on (rc_user_text,rc_timestamp) on the recentchanges table. This
25883 will make CheckUser.php and the new retroactive autoblock functionality
25885 * Fix regression in Special:Undelete for revisions deleted under MediaWiki 1.4
25886 with compression or legacy encoding
25887 * (bug 6737) Fixes for MySQL 5 schema in strict mode
25888 * Approximate height for client-side scaling fallback instead of passing -1
25889 into the HTML output.
25890 * Make the DNSBL to check for proxy blocking configurable via $wgSorbsUrl
25891 * Add experimental recording/reporting mode to parser tests runner, to
25892 compare changes against the previous run.
25893 Additional tables 'testrun' and 'testitem' are in maintenance/testRunner.sql,
25894 source this and pass --record option to parserTests.php
25895 * Make the set of default parser test input files extensible via
25896 $wgParserTestFiles. This can now be appended to by extensions or local
25897 configuration files so that extension or custom tests can be automatically
25898 run along with the main batch.
25899 * Run PHP install version checks on update.php so command-line updaters see
25900 new version requirements
25901 * Do a check for the PHP 5.0.x 64-bit bug, since this is much more disruptive
25902 as of MW 1.8 than it used to be. Install or upgrade now aborts with a
25903 warning and a request to upgrade.
25904 * (bug 6440) Updated indexes to improve backlinking queries (links, templates,
25906 * Switched 'anon-only' block mode to default for IP blocks
25907 * (bug 3687, 7892) Add distinct heading for media files in category display,
25909 * (bug 1578) Add different icons for external links to audio, video, or PDF in
25911 * Made autoblocks block account creation if the user block has that option
25913 * Add auto-summaries to blankings and large removals without summaries.
25914 * (bug 7811) Allow preview of edit summaries.
25915 * (bug 6839) Wikibits.js minor changes to make JS-lint happier.
25916 * (bug 7932) Make sure that edit toolbar clears floats so it appears correctly.
25917 * (bug 6873) When viewing old revisions, add link to diff to current version.
25918 * (bug 3315) Provide rollback link directly on history page.
25919 * Replace 'old-revision-navigation' message with 'revision-info' and
25920 'revision-nav' messages, wrapped in divs with appropriate id's.
25921 * (bug 4178) MediaWiki:Common.js will now be included for all users if
25922 $wgUseSiteJs is enabled, in addition to (if applicable) MediaWiki:Monobook.js
25923 and user JS subpages.
25924 * (bug 7918) "Templates used on this page" changes during preview to reflect
25925 any added or removed templates, and works as expected for section edits.
25926 * (bug 7919) "Templates used on this page" is now shown for read-only pages.
25927 * (bug 7688) When viewing diff, section anchors in autosummary jump to section
25928 on current page instead of loading the latest version.
25929 * (bug 7970) Use current connection explicitly on Database::getServerVersion
25930 * (bug 2001) Tables with class="sortable" can now be dynamically sorted via
25932 * Added autosummary for new pages with 500 or less characters, and refactor
25933 the autosummary code so it's all done in one function. doEdit is getting too
25935 * (bug 7554) The correct MIME type for SVG images is now displayed on the
25936 image page (image/svg+xml, not image/svg).
25937 * (bug 7883) Added autoblock whitelisting feature, using which specific ranges
25938 can be protected from autoblocking. These ranges are specified, in list
25939 format, in the autoblock_whitelist system message.
25940 * Added placeholders for text injection by hooks to EditPage.php
25941 * (bug 8009) Automatic edit summary for redirects is not filled for edits in
25943 * Installer support for experimental MySQL 4.1/5.0 binary-safe schema
25944 * Use INSERT IGNORE for db-based BagOStuff add/insert, for more memcache-like
25945 behavior when keys already exist on add (instead of dying with an error...)
25946 * Add a hook 'UploadForm:initial' before the upload form is generated, and two
25947 member variable for text injection into the form, which can be filled by the
25949 * (bug 6295) Add a "revision patching" functionality, where an edit can be
25951 (with a functionality similar to diff rev1 rev2 | patch -R rev3 -o rev3).
25952 This is triggered by including &undo=revid in an edit URL. A link to a URL
25953 that will undo a given edit is shown on NEW revision headers on diff pages.
25954 The link leads to a "Show Changes" page showing what will be done to undo the
25956 * Fix display of link in "already rolled back" message for image/category pages
25957 * (bug 6016) Left-aligned images should stack vertically, like right-aligned
25958 images, not horizontally.
25959 * Patch from LeonWP: added UploadForm:BeforeProcessing hook in SpecialUpload.php
25960 * Add AuthPluginSetup hook to override $wgAuth after configuration
25961 * Fix regression in authentication hook auto-creation on login
25962 * (bug 8110) Allow spaces in ISBNs
25963 * (bug 8024) Introduce "send me copies of emails I send to others" preference
25964 * Added 'EditPage::attemptSave' hook before an article is saved.
25965 * (bug 8083) Applied patch for sk localisation
25966 * Add a backslash character to the edit token, to prevent edits via certain
25967 broken proxies that mangle such characters in form submissions
25968 * (bug 7461) Allow overwriting pages using importTextFile.php
25969 * (bug 7946) importTextFile.php doesn't perform pre-save transform
25970 * (bug 8117) {{REVISIONTIMESTAMP}} showed weird default if $wgLocalTZoffset set;
25971 now uses current time for previews and if timestamp can't be loaded from DB
25972 * {{REVISIONTIMESTAMP}} now uses site local timezone instead of user timezone
25973 to ensure consistent behavior
25974 * {{REVISIONTIMESTAMP}} and friends should now work on non-MySQL backends
25975 * (bug 7671) Observe canonical media namespace prefix in Linker::formatComment
25976 * Added js variable wgCurRevisionId to the output
25977 * (bug 8141) Cleanup of Parser::doTableStuff, patch by AzaTht
25978 * (bug 8042) Make miser mode caching limits settable via $wgQueryCacheLimit
25979 instead of hardcoding to 1000
25980 * Enable QueryPage classes to override list formatting
25981 * (bug 5485) Show number of intervening revisions in diff view
25982 * (bug 8100) Fix XHTML validity in Taiwanese localization
25983 * Added redirect to section feature. Use it wisely.
25984 * Added a configuration variable allowing the "break out of framesets" feature
25985 to be switched on and off ($wgBreakFrames). Off by default.
25986 * Allow Xml::check() $attribs parameter to override 'value' attribute
25987 * DB schema change: added two columns (rc_old_len and rc_new_len) to the
25988 recentchanges table to store the text lengths before and after the edit
25989 * (bug 1085) Made Special:Recentchanges show the character difference between
25990 the changed revisions
25991 * Removed a redundant <strong> tag from diff pages that was causing display
25992 issues for some users
25993 * (bug 8203) The keyboard shortcut for "log out" was removed, because users
25994 were pressing it when they intended to press the shortcut for "preview".
25995 * (bug 8148) Handle non-removable output buffers gracefully when cleaning
25996 buffers for HTTP 304 responses, StreamFile, and Special:Export.
25997 Duplicated code merged into wfResetOutputBuffers() and wfClearOutputBuffers()
25998 * Special:AllPages : 'next page' link now point to the first title of the next
25999 chunk instead of pointing to the last title of current chunk.
26000 * (bug 4673) Special:AllPages : add a 'previous' link (new message 'prevpage')
26001 * (bug 8121) wfRandom() was not between 0 and 1
26002 * Add static method Parser::createAssocArgs($args), so parser functions can
26003 use the same code to parse arguments as the templates do.
26004 * Change behavior of logins using the temporary e-mailed password (as stored
26005 in user_newpassword hash field). Instead of just logging in silently and
26006 leaving the previous user_password field in place indefinitely, the user
26007 is now prompted to set a new password.
26009 The password-changing form is at Special:Resetpass; currently it's only
26010 usable for changing from the temporary password during login, but it
26011 could perhaps be generalized, replacing the subform in preferences.
26013 Once the new password is set successfully, the temporary password is wiped
26014 so it cannot be used to login a second time, and the login process
26016 * Suppress 'mail new password' button on login form if $wgAuth forbids
26017 changing user passwords; it wouldn't work very well...
26018 * Consolidate password length checks and $wgAuth manipulation into
26019 User::setPassword() to avoid duplicate code in different places
26020 that set passwords.
26021 * User::setPassword() now throws PasswordError exceptions if the password
26022 is illegal or cannot be set via $wgAuth. These can be caught and a human-
26023 readable error message displayed by UI code.
26024 * Added Title::isSubpage()
26025 * (bug 8241) Don't consider user pages of User:Foo.css to be CSS subpages
26026 * Set an explicit class on framed thumbnail inner divs and images, changed some
26027 CSS to use these instead of using descendent selectors.
26028 * Accept null parameter to User::setPassword() as indicating the password
26029 field should be cleared to an unusable state. Login will only be possible
26030 after the password is reset, for instance by e-mail.
26031 * (bug 6394) Invalidate the password set for "by e-mail" account creations
26032 to avoid accidental empty password creations.
26033 * Made the show change size function work on page moves, page creations, and
26034 log entries. Also fixed it in the javascript recentchanges.
26035 * (bug 8239) correctly get 50 new contributions when clicking '(50 next)'
26036 * (bug 2259) Fix old regression where e-mail addresses were no longer
26037 confirmed on login with mailed password.
26038 * Add a notification about the confirmation mail sent during account
26039 creation, so people don't immediately go off to request a second one.
26040 * Add a warning on Special:Confirmemail if a code was already sent and has
26042 * Add user_editcount field to provide data for heuristics on account use.
26043 Incremented on edit, with lazy initialization from past revision data.
26044 Can batch-initialize with maintenance/initEditCount.php (not yet friendly
26045 to replication environments, this will do all accounts in one query).
26046 * Allow raw SQL subsections in Database::update() SET portion as well as
26047 for WHERE portion. Handy for increments and such.
26048 * User::getOption now accept a default value to override default user values
26049 this makes it consistent with WebRequest::get* methods. Corrected code in
26050 various places accordingly.
26051 * (bug 8264) Fix JavaScript global vars for XHTML mode
26052 * Make $wgSiteNotice value wikitext again, for consistency with editable
26053 MediaWiki:Sitenotice and MediaWiki:Anonnotice.
26054 * (bug 8044) When redirecting from the canonical name of the special page
26055 to the localised one, parameters/subpages are omitted
26056 * (bug 8164) Special:Booksources should use GET for form submission
26057 * Rewrite Special:Booksources to clean up interface and remove redundant code
26058 * (bug 7925) Change Special:Allmessages message name filter javascript to be
26059 a bit more responsive and easier on the CPU
26060 * (bug 4488) Support watching pages on deletion; introduces new user preference
26061 * Minor restructuring of Special:Preferences; "watch pages I edit" and "watch
26062 pages I create" options now accessible under "Watchlist" options
26063 * (bug 8153) <nowiki> doesn't work in site notice
26064 * (bug 6690) wfMsgNoTrans() transforms messages
26065 * (bug 8274) Wrap edit tools in a <div> with a specified class
26066 * Detect PHP 5.0.x 64-bit bug and abort in WebStart.php; too many things break
26067 mysteriously otherwise (detection code copied from install-utils.inc)
26068 * (bug 8295) Change handling of <center> tags in doBlockLevels() to match that
26070 * (bug 8110) Make magic ISBN linking stricter: only match ten-digit sequences
26071 (plus optional ISBN-13 prefix) with no immediately following alphanumeric
26072 character, disallow multiple consecutive internal redirects
26073 * (bug 2785) Accept optional colon prefix in links when formatting comments
26074 * Don't show "you can view and copy the source of this page" message for
26075 pages which don't exist
26076 * (bug 8310) Blank line added to top of 'post' when page is blank
26077 * (bug 8109) Template parameters ignored in "recentchangestext"
26078 * Gracefully skip redirect-to-fragment on WebKit versions less than 420;
26079 it messes up on current versions of Safari but is ok in the latest
26080 nightlies. Checking the version number will allow it to automatically
26081 work when new releases of Safari appear.
26082 * Fix regression in thumb styles; size and padding didn't match with
26084 * (bug 8333) Fix quick user data update on login password change on
26085 replication database setups. User data is now pulled from master
26086 instead of slave in User::loadFromDatabase, ensuring that it is
26087 fresh and accurate when read and then saved back into cache.
26088 This was breaking with the Special:Rename operation which
26089 automatically logs the user in with the new password after changing
26090 it; pulling from slave meant the record was often not the updated
26092 * (bug 8335) Set image width to the first valid parameter found.
26093 * (bug 8350) Fix watchlist viewing bug when using Postgres.
26094 * (bug 6603) When warning about invalid file extensions, output the bit
26095 of the extension we actually checked
26096 * (bug 7669) Drop defaults on BLOB/TEXT columns for better compatibility
26097 with MySQL's strict mode, often enabled by the Windows installer.
26098 The defaults are ignored anyway when strict mode is off...
26099 * (bug 7685) Use explicit values for ar_text and ar_flags when deleting,
26100 for better compatibility with MySQL's strict mode
26101 * Update default interwiki values to reflect changed location of ursine:
26102 * (bug 5411) Remove autopatrol preference
26103 * Users who have the "autopatrol" permission will have their edits marked as
26104 patrolled automatically
26105 * Users who do not have the "autopatrol" permission will no longer be able
26106 to mark their own edits as patrolled
26107 * Introduce 'PingLimiter' hook; see docs/hooks.txt for more information
26108 * (bug 532) Tweaked alt text for some interface messages
26109 * (bug 8231) Gave useful alt text to the main <img> on image pages
26110 * (bug 371) Remove alt text for "Enlarge" icon on thumbnails
26111 * Initialize user_editcount to 0 instead of NULL for newly created accounts
26112 * (bug 3696) Strip LRM and RLM characters from titles to work around the
26113 problem some people have where titles cut-and-pasted from lists include
26114 the bidi override characters appended to the lists.
26115 A more thorough blacklist for forbidden and translatable characters would
26116 be wise, though, as might a cleaner method for the lists in the first place.
26117 * Fix regression in email password resets on read-restricted sites
26118 * Set tabindex on fields in deletion form so you don't have to tab through
26119 the links in the sitenotice
26120 * (bug 8271) Show full time and date on viewer for individual deleted
26122 * (bug 8214) Output file size limit and actual file size in appropriate units
26124 * (bug 8016) Purge objectcache table during upgrade processes - use the
26125 --nopurge option to prevent this when running maintenance/update.php
26126 * (bug 7612) Remove superfluous link to Special:Categories from result items
26127 on Special:Mostcategories
26128 * {{PLURAL:}} now handles formatted numbers correctly
26129 * (bug 8331) Added the change size value to watchlists; therefore made
26130 watchlists use RecentChange::newFromRow() instead of newFromCurRow()
26131 * (bug 8351) Fix undo for simple reverts
26132 * (bug 6856) User::clearNotification() does not respect read-only mode
26133 * (bug 6853) Use a checkbox on the installer form to indicate that a superuser
26134 account should be used; this is clearer than the old check which relied on
26135 the password never being an obscure value
26136 * Remove old unused watchlist cache, which was a leftover from the old schema
26137 where watchlists were more expensive to generate
26138 * Minor cosmetic changes to Special:Userrights
26139 * Added wgCanonicalSpecialPageName to JavaScript variables
26140 * Fix image deleting when using Postgres.
26141 * Output both source and destination titles in maintenance/moveBatch.php
26142 * Added basic parser tests for language variants
26143 * Enable selflinks and categories to be written in some of the language variants
26144 * Prevent conversion of JavaScript code in language variants
26145 * Output software version number in maintenance/parserTests.php
26146 * (bug 7169) Use Ajax to watch/unwatch articles if enabled
26147 * Make variant table caching a little more robust, using main language code
26148 in cache key. Probably this is still a bit wonky, though. Was breaking
26149 parser tests when Chinese tables were getting loaded into Serbian code.
26150 * (bug 8380) Be nicer about blank lines in deleteBatch.php
26151 * (bug 8401) Fix regression in SORBS lookup for some DNS setups
26152 * Use raw file descriptor in posix_isatty() check to avoid warning on
26153 Linux systems with at least some versions of PHP
26154 * (bug 5908) Allow overriding the default category sort key for all items on
26155 a page using {{DEFAULTSORT}}
26156 * (bug 6449) Throw a more definitive error message when installation fails
26157 due to an invalid database name
26158 * (bug 5827) Use full text for option link labels on Special:Watchlist
26159 * (bug 8018) Allow hiding minor edits from the watchlist
26160 * (bug 8427) MonoBook RTL IE 7.0 tweaks failed when sidebar's navigation
26161 section is renamed; no longer relies on first section name
26162 * Stabilize client-side table sorting even if the underlying Javascript sort()
26163 implementation is unstable
26164 * Add hook for extensions to add user information to the panel in preferences,
26165 next to the user name and ID.
26166 * (bug 8392) Display protection status of transcluded pages in the edit page
26167 template list. Patch by Fyren, with i18n naming tweak.
26168 * Fix for interwiki transclusion where target wiki uses query string for title
26169 * Resolve namespaces on interwiki Title objects using canonical namespace names
26170 if possible (should not happen, though, outside interwiki transclusion... and
26171 maybe not even then, but it does)
26172 * (bug 8447) Fix SQL typo breaking non-default $wgHitcounterUpdateFreq
26173 * Do not allow previews of deleted images to be cached
26174 * Add global variable $wgDefaultLanguageVariant used to set the default language
26175 variant of a wiki to something different than the main language code
26176 * Add 'variant' option to parserTests - runs test with the given variant as
26177 preferred, utilize it for more parser tests of language variants code
26178 * (bug 6503) Fix bug that stopped certain irrelevant links from being hidden
26180 * Avoid PHP warning in Creative Commons metadata when a creative commons
26181 license is not actually set up
26182 * (bug 8463) Don't print external link icons for Monobook
26183 * (bug 8461) Support watching pages on move
26184 * (bug 8041) Work around bug with debug_backtrace when Zend Optimizer is
26185 loaded by skipping the function. Use wfDebugBacktrace() wrapper function.
26186 * Reduce config file clutter by setting various script and upload paths
26187 based on $IP or $wgScriptPath in Setup.php. They can still be explicitly
26188 overridden in LocalSettings.php if desired...
26189 * Attempt to detect redirect loops for the canonical title redirect, and
26190 give some hints to the poor confused administrator.
26191 * Introduce new flag 'R' - raw output for language variant escape tags
26192 * Advise users when updates for a query page have been disabled using
26193 $wgDisableQueryPageUpdate
26194 * (bug 8413) Improve comments for $wgNamespaceRobotPolicies
26195 * (bug 8330) Show "bytes" suffix on recent changes diff counter
26196 optionally... if set in rc-changes-size message (default empty for now)
26197 * (bug 8489) Support basic links in <gallery> caption attribute
26198 * (bug 8485) Correct Lingala number formatting
26199 * The MediaWiki namespace is no longer pre-filled with default messages on
26200 install. All default messages will be removed from the MediaWiki namespace
26202 * Recentchanges RSS/Atom feeds now use a separate message for the description
26203 to avoid cluttering it with useless wiki formatting
26204 * (bug 8417) Handle EXIF unknown dates
26205 * (bug 8372) Return nothing on empty <math> tags.
26206 * New maintenance script to show the cached statistics : showStats.php.
26207 * Count deleted edits when regenerating total edits in maintenance/initStats.php
26208 * (bug 3706) Allow users to be exempted from IP blocks. The ipblock-exempt
26209 permission key has been added to enable this behavior, by default assigned to
26211 * (bug 7948) importDump.php now warn that Recentchanges need to be rebuild.
26212 * (bug 7667) allow XHTML namespaces customization
26213 * (bug 8531) Correct local name of Lingála (patch by Raymond)
26214 * Fix regression with default lock file and cache directories; threw visible
26215 warning with open_basedir
26218 == 1.8 Compatibility changes ==
26220 === Zend Optimizer ===
26222 A bug in some versions of PHP 5 and Zend Optimizer which was triggered under
26223 MediaWiki 1.8.x has been worked around by disabling some internal debugging
26224 features when Zend Optimizer is loaded. This should solve some common
26225 "blank page" problems.
26227 === PHP 5.0 64-bit ===
26229 MediaWiki now checks for a condition where PHP 5.0.x corrupts array data
26230 on 64-bit systems and warns you to upgrade PHP to solve the problem. This
26231 bug causes Special: pages to fail on affected systems under MediaWiki 1.8
26232 and higher, and subtler data corruption on earlier versions.
26234 The only known workaround is to upgrade PHP to 5.1 or later, which you
26235 probably should do anyway for security reasons!
26239 MediaWiki should now install and run correctly on MySQL 5.0 and higher when
26240 MySQL's "strict mode" is enabled. (This is now the default for many Windows
26241 installations, though it seems to remain off by default on Unix.)
26243 This fixes errors about "cannot default default value for BLOB/TEXT fields".
26245 === ImageMagick ===
26247 Note that ImageMagick older than 6.x may no longer work for image resizing
26248 due to use of the -thumbnail option.
26251 == 1.8 Behavior changes ==
26253 === Localized special pages ===
26255 The names of Special: pages can now be localized, so links and URLs to them
26256 are more legible in languages that aren't English.
26258 Not all languages have included localized names yet.
26260 === E-mail password ===
26262 Users are now required to set a new password for themselves when they first
26263 log in with a newly generated e-mailed password.
26265 Requesting passwords frequently is prevented to reduce abusive mailbombing.
26267 === Undo revision ===
26269 An "undo" link now appears in diff view for easier reverting of older edits.
26270 When GNU diff3 is available for edit conflict merging, this can make it much
26271 easier to "undo" the changes of an older edit when there are surrounding
26272 changes elsewhere in the page.
26274 The changes must be manually reviewed and approved, as with conventional
26275 full-revision reverts.
26279 User blocks can be set to disable the automatic blocking of IP addresses the
26280 account logs in with.
26283 == 1.8 Database changes ==
26285 * new 'redirect' table stores data on page redirects
26286 * new 'querycachetwo' table used for some cached special pages
26287 * 'ipblocks' table adds 'ipb_enable_autoblock'
26288 * 'recentchanges' table adds 'rc_old_len', 'rc_new_len' for size tracking
26289 * 'user' table has added 'user_newpass_time' and 'user_editcount' fields
26290 * some indexes have been updated on 'recentchanges'
26292 == 1.8 Configuration changes ==
26294 Several configuration options have changed since 1.8:
26296 === $wgEnableAPI ===
26298 The experimental machine API interface is now enabled by default, read-only.
26299 You can disable it by setting $wgEnableAPI = false; in LocalSettings.php.
26301 === $wgPathInfo ===
26303 The use of PATH_INFO (the text after the script name in 'index.php/Blah')
26304 is controlled by the $wgUsePathInfo setting. This is now explicitly disabled
26305 for CGI, apache2filter, and ISAPI configurations of PHP, for more consistency
26306 with the autodetection from the installer.
26308 In some rarer configurations you may have to switch $wgUsePathInfo from false
26309 to true or, perhaps, from true to false to make things work properly if bad
26310 PATH_INFO data comes through the server.
26312 The wiki now tries to detect this condition and should show you an error
26313 message describing what to change instead of sending the browser into an
26314 infinite redirect loop.
26316 === $wgScript and other path settings ===
26318 The following configuration variables are now automatically set in Setup.php
26319 if they are not overridden in LocalSettings.php:
26321 from $wgScriptPath:
26323 | \- $wgArticlePath
26324 + $wgRedirectScript
26331 - $wgStyleDirectory
26332 + $wgUploadDirectory
26333 \- $wgMathDirectory
26336 Newly generated configuration files will by default include only $wgScriptPath
26337 (hardcoded from the installer) and $IP (detected at runtime).
26339 Old configuration files which specify all these values explicitly should
26340 continue to work just fine, but if you use the defaults you can remove them
26343 === $wgGroupPermissions ===
26345 The sysop group now holds the "autopatrol" and "ipblock-exempt" rights by
26348 "autopatrol" replaces the preference for marking ones own edits patrolled
26349 by default; users holding this permission will automatically have their
26350 edits patrolled, while others cannot mark their own edits as patrolled
26351 even if they have patrolling rights.
26353 "ipblock-exempt" excludes the user from IP blocks; accounts which are blocked
26354 explicitly by name will still be blocked, however. This is given to sysops
26355 to minimize annoyance from accidental "collateral damage"; remember that a
26356 sysop will be able to lift the block if they desire.
26358 The bot group now holds the "nominornewtalk" right. A user with this right
26359 will not trigger new message notifications when making minor edits to user
26360 talk pages. This is meant to minimize annoyance from maintenance bot
26363 === $wgUseWatchlistCache ===
26365 Watchlist caching has been removed. The feature was not maintained, and has
26366 been unnecessary since switching to the 'recentchanges' database table
26367 reduced server pressure for Wikipedia's watchlists.
26369 === $wgBreakFrames ===
26371 MediaWiki in the past attempted to detect when it was embedded in a frameset
26372 and "break out" of it, assuming it to be hostile.
26374 This behavior is now disabled by default, but can be reenabled by setting
26375 $wgBreakFrames to true in LocalSettings.php.
26378 == 1.8 New settings ==
26380 === $wgVariantArticlePath ===
26382 For languages with script variant support (Chinese, Serbian, and others),
26383 it's possible to use alternate URL paths to select the variant for article
26384 display, setting $wgVariantArticlePath.
26386 Documentation for this setting would be useful.
26388 === $wgMaxMsgCacheEntrySize ===
26390 The message cache can now skip items larger than a given size; this allows
26391 it to better handle the primary caching case when large CSS and JS blobs are
26394 === $wgStyleVersion ===
26396 When making significant changes to skin stylesheets and JavaScript files,
26397 you can append a string to this variable to tweak the generated URLs,
26398 forcing newly rendered pages to bring in a fresh version despite server-
26399 or browser-side caching.
26401 Normally this will be set in the course of MediaWiki development, but
26402 if doing development on a custom skin you may wish to poke it as well.
26404 === $wgRCShowChangedSize ===
26406 Special:Recentchanges and Special:Watchlist now show the number of bytes
26407 added or removed to an article to give an idea of the size of the edit.
26408 This information was previously available only in the IRC update feeds.
26410 To disable this site-wide, set $wgRCShowChangedSize to false.
26411 (Individual users can suppress the data in custom CSS.)
26413 Adjust $wgRCChangedSizeThreshold to trigger highlighting of particularly
26416 The formatting of the size figure can be adjusted through the
26417 [[MediaWiki:Rc-change-size]] message.
26419 === $wgQueryCacheLimit ===
26421 The number of rows stored for "expensive" special pages in miser mode
26422 can now be adjusted up or down from the default 1000.
26424 === $wgDisableQueryPageUpdate ===
26426 Individual "expensive" special pages can be skipped in processing by
26427 updateSpecialPages if added to this list.
26429 === $wgSorbsUrl ===
26431 The base hostname for the DNS-based proxy blacklist can now be overridden
26432 when $wgEnableSorbs is set, to use a different blacklist instead of SORBS.
26433 The blacklist would need to respond the same was as SORBS; any positive
26434 response will be taken as a proxy.
26436 === $wgAjaxWatch ===
26438 Experimental AJAX mode for the watch/unwatch tabs to execute inline.
26439 Does not include the UI messages describing how to reach the watchlist,
26440 so you may not want it on a general-audience site just yet.
26442 === $wgParserTestFiles ===
26444 MediaWiki's parser test suite can now be expanded with additional test
26445 files. Custom extensions can add their test files to this array, and
26446 they will be run along with the main tests by maintenance/parserTests.php
26450 == MediaWiki 1.8.5 ==
26454 This is a security fix update to the Fall 2006 quarterly release snapshot. A
26455 possible HTML/XSS injection vector in the API pretty-printing mode has been
26458 The vulnerability may be worked around in an unfixed version by simply
26459 disabling the API interface if it is not in use, by adding this to
26462 :[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;
26464 (This is the default setting in 1.8.x.)
26466 Not vulnerable versions:
26472 Vulnerable versions:
26473 * 1.11 <= 1.11.0rc1
26476 * 1.8 <= 1.8.4 (if $wgEnableAPI has been switched on)
26478 MediaWiki 1.7 and below are not affected as they do not include the faulty
26479 function, however the BotQuery extension is similarly vulnerable unless updated
26480 to the latest SVN version.
26482 == MediaWiki 1.8.4 ==
26486 This is a security and bug-fix update to the Fall 2006 quarterly release.
26488 An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7
26489 charset autodetection was located in the AJAX support module, affecting MSIE
26490 users on MediaWiki 1.6.x and up when the optional setting
26491 [[Manual:$wgUseAjax|$wgUseAjax]] is enabled.
26493 If you are using an extension based on the optional Ajax module, either disable
26494 it or upgrade to a version containing the fix:
26495 * 1.9: fixed in 1.9.3
26496 * 1.8: fixed in 1.8.4
26497 * 1.7: fixed in 1.7.3
26498 * 1.6: fixed in 1.6.10
26500 There is no known danger in the default configuration, with $wgUseAjax off.
26502 * (bug [[bugzilla:8819|8819]]) Fix full path disclosure with skins dependencies
26503 * Add 'charset' to Content-Type headers on various HTTP error responses to
26504 forestall additional UTF-7-autodetect XSS issues. PHP sends only 'text/html' by
26505 default when the script didn't specify more details, which some inconsiderate
26506 browsers consider a license to autodetect the deadly, hard-to-escape UTF-7.
26507 This fixes an issue with the Ajax interface error message on MSIE when
26508 [[Manual:$wgUseAjax|$wgUseAjax]] is enabled (not default configuration); this
26509 UTF-7 variant on a previously fixed attack vector was discovered by Moshe BA
26510 from BugSec: http://www.bugsec.com/articles.php?Security=24
26511 * Trackback responses now specify XML content type
26513 == MediaWiki 1.8.3 ==
26517 MediaWiki 1.8.3 fixes several issues in the Fall 2006 snapshot release:
26519 * ([[mediazilla:7831|7831]]) Regression in AutoAuthenticate hook
26520 * Run PHP install version checks on update.php so command-line updaters see new
26521 version requirements
26522 * Do a check for the PHP 5.0.x 64-bit bug, since this is much more disruptive
26523 as of MW 1.8 than it used to be. Install or upgrade now aborts with a warning
26524 and a request to upgrade.
26525 * XSS fix in AJAX module
26527 An XSS injection vulnerability was located in the AJAX support module,
26528 affecting MediaWiki 1.6.x and up when the optional setting $wgUseAjax is
26531 There is no danger in the default configuration, with $wgUseAjax off.
26533 If you are using an extension based on the optional AJAX module, either disable
26534 it or upgrade to a version containing the fix:
26536 == MediaWiki 1.8.2 ==
26540 MediaWiki 1.8.2 fixes several issues in the Fall 2006 snapshot release:
26542 * ([[mediazilla:7565|7565]]) Fixed typos in German localisation
26543 * ([[mediazilla:7562|7562]]) Fix non-ASCII namespaces on Windows/XAMPP servers
26545 == MediaWiki 1.8.1 ==
26549 MediaWiki 1.8.1 fixes several issues in the Fall 2006 snapshot release:
26551 * Fix PHP notice and estimates for dumpBackup.php and friends
26552 * Improved register_globals paranoia checks
26553 * ([[mediazilla:7545|7545]]) Fix PHP version check on install
26554 * Experimental web API disabled by default
26555 * Disable PHP exception backtrace printing unless $wgShowExceptionDetails is
26556 set. Backtraces may contain sensitive information in function call parameters.
26558 == MediaWiki 1.8.0 ==
26562 This is the quarterly release snapshot for Fall 2006. While the code has been
26563 running on Wikipedia for some time, installation and upgrade bits may be less
26564 well tested. Bug fix releases may follow in the coming days or weeks.
26566 MediaWiki is now using a "continuous integration" development model with
26567 quarterly snapshot releases. The latest development code is always kept "ready
26568 to run", and in fact runs our own sites on Wikipedia.
26570 Release branches will continue to receive security updates for about a year
26571 from first release, but nonessential bugfixes and feature development happen
26572 will be made on the development trunk and appear in the next quarterly release.
26574 Those wishing to use the latest code instead of a branch release can obtain it
26575 from source control: [[Download from SVN]]
26577 == Configuration changes ==
26578 * $wgUseETag, to enable/disable sending of HTTP ETag headers (default: disabled)
26579 * $wgLegalTitleChars now includes '+' by default for better compatibility with
26580 importing data dumps from Wikipedia
26581 * $wgDefaultUserOptions now includes all default option settings instead of
26584 == Major new features ==
26585 * ([[mediazilla:7098|7098]]) Add an option to disable/enable sending of HTTP
26586 ETag headers, as it seems to result in broken behaviour in combination with
26587 Squid 2.6 (disabled by default).
26588 * ([[mediazilla:550|550]]) Allow blocks on anonymous users only.
26589 * ([[mediazilla:6420|6420]]) Render thumbnails for DJVU images, support
26590 multipage DJVU display on image pages. Added new 'page=' thumbnail option to
26591 select a page from a multipage djvu for thumbnail generation.
26592 * Full Postgres support is now enabled. It requires version 8.1 or better, and
26593 needs to have both plpgsql and tsearch2 already installed.
26594 * ([[mediazilla:6386|6386]]) fix grammatical errors in danish naming of talk
26597 == Changes since 1.7 ==
26599 * Introduced AjaxResponse object, superceding AjaxCachePolicy
26600 * Changes to sajax_do_call: optionally accept an element to fill instead of a
26601 callback function; take the target function or element as a third parameter;
26602 pass the full XMLHttpRequest object to the handler function, instead of just
26603 the resultText value; use HTTP response codes to report errors.
26604 * (bug 6562) Removed unmaintained ParserXml.php for now
26605 * History paging overlap bug fixed
26606 * (bug 6586) Regression in "unblocked" subtitle
26607 * Don't put empty-page message into view-source when page text is blank
26608 * (bug 6587) Remove redundant "allnonarticles" message
26609 * Block improvements: Allow blocks on anonymous users only. Optionally allow
26610 or disallow account creation from blocked IP addresses. Prevent duplicate
26611 blocks. Fixed the problem of expiry and unblocking erroneously affecting
26612 multiple blocks. Fixed confusing lack of error message when a blocked user
26613 attempts to create an account. Fixed inefficiency of Special:Ipblocklist in
26614 the presence of large numbers of blocks; added indexes and implemented an
26616 * (bug 6448) Allow filtering of Special:Newpages according to username
26617 * (bug 6618) Improve permissions/error detection in Special:Lockdb
26618 * Quick hack for extension testing: parser test doesn't create new message
26620 * (bug 6299) Maintain parser's revision ID across recursive calls to fix
26621 {{REVISIONID}} when Cite extension is used
26622 * (bug 6622) Removed deprecated function Image::newFromTitle
26623 * (bug 6627) Fix regression in Special:Ipblocklist with table prefix
26624 * Removed forced dereferencements (new() returns a reference in PHP5)
26625 * Note about $wgUploadSizeWarning using byte
26626 * (bug 6592) Add most viewed pages summary to Special:Statistics
26627 * Pre-strip characters ignored in IDNs from URLs so they can't be used
26628 to break the blacklists for regular URLs
26629 * Fix regression in blocking of user accounts
26630 * (bug 6635) Fix regression searching for range blocks on Ipblocklist
26631 * Fix regression searching Ipblocklist with ugly URLs
26632 * (bug 6639) Use a consistent default for upload directories
26633 * Preserve entered reason when reporting unconfirmed lock on Special:Lockdb
26634 * (bug 6642) Don't offer to unlock the database when it isn't locked
26635 * cleanupTitles.php changed from --dry-run option to --fix, so default
26636 behavior is now a non-invasive check as with namespaceDupes.php
26637 * (bug 6660) Fix behavior of EditPage::blockedPage() when the article does
26638 not exist; now doesn't show the source box if the user hasn't provided it
26639 (blocked mid-edit) and the page doesn't exist
26640 * Improve default value of "blockedtext"
26641 * (bug 6680) Added localisation for Dutch bookstore list (nl)
26642 * Renamed maintainace script redundanttrans.php to unusedMessages.php - clearer
26644 * Fix regression which allowed some blocked users to create additional accounts
26645 * (bug 6657) Fix Hungarian linktrail
26646 * (bug 6751) Fix preview of blanked section with edit on first preview option
26647 * (bug 5456) Separate MediaWiki:Search into messages for both noun and verb,
26648 introduced 'MediaWiki:Searchbutton'
26649 * Made lines from initialiseMessages() appear as list items during installation
26650 * Moved the bulk of the localisation data from the Language*.php files to the
26651 Messages*.php files. Deleted most of the Languages*.php files.
26652 * Introduced "stub global" framework to provide deferred initialisation of core
26654 * Removed placeholder values for $wgTitle and $wgArticle, these variables will
26655 now be null during the initialisation process, until they are set by index.php
26656 or another entry point.
26657 * Added DBA cache type, for BDB-style caches.
26658 * Removed custom date format functions, replacing them with a format string in
26659 the style of PHP's date(). Used string identifiers instead of integer
26660 identifiers, in both the language files and user preferences. Migration should
26661 be transparent in most cases.
26662 * Simplified the initialisation API for LoadBalancer objects.
26663 * Removed the broken altencoding feature.
26664 * Moved default user options and toggles from Language to User. Language objects
26665 are still able to define default preference overrides and extra user toggles,
26666 via a slightly different interface.
26667 * Don't include the date option in the parser cache rendering hash unless
26668 $wgUseDynamicDates is enabled.
26669 * Merged LanguageUtf8 with Language. Removed LanguageUtf8.php.
26670 * Removed inclusion of language files from the bottom of Language.php. This is
26671 now consistently done from Language::factory().
26672 * Add the name of the executing maintenance script to the debug log. Start the
26673 profiler during maintenance scripts.
26674 * Added "serialized" directory, for storing precompiled data in serialized form.
26675 * Fix regression in auto-set NS_PROJECT_TALK namespace
26676 * Fix regression in ordering of namespaces
26677 * (bug 6806, 6030) Added several global JS variables for article path, user
26678 name, page title, etc.
26679 * hooks registered with addOnloadHook are now called at the one of the html body
26681 * Split ajax aided search from core ajax framework. Use wgUseAjax to enable the
26682 framework and wgAjaxSearch to enable the suggest feature for the search box.
26683 * Added experimental installer for extensions.
26684 See maintenance/installExtension.php
26685 * Added Tajic (tg) language file.
26686 * (bug 6903) Added Cantonese localisation (zh-yue)
26687 * Fix regression in Korean and Japanese date formatting (day of week)
26688 * (bug 6919) Add English alias magic words for Tatar (tt) language file.
26689 * (bug 6753) Fixed broken Kazakh linktrail (kk)
26690 * (bug 6700) Added Kazakh language variants to Names.php
26691 * (bug 6827) some i18n specific maintenance scripts fails after merge of
26692 localisation-work branch
26693 * Throwed an exception for the deprecated functions OutputPage::sysopRequired
26694 and OutputPage::developerRequired - use OutputPage::permissionRequired
26696 * Removed the deprecated functions User::isSysop, User::isBureaucrat and
26697 User::isDeveloper - use User::isAllowed instead.
26698 * (bug 769) OutputPage::permissionRequired() should suggest groups with the
26700 * (bug 6971) Fix regression in Special:Export history view
26701 * Revamped Special:Imagelist
26702 * (bug 7000) updated MessagesPl.php
26703 * (bug 6946) Fix unexpected behavior change with GET hits to Special:Export
26704 * (bug 1866) Improve navigation on Special:Listusers; user now a starting
26705 point as with Special:Allpages, rather than a pure limit.
26706 * Clean up tab order on Special:Blockip
26707 * (bug 5969) Clean up tab order on Special:Userlogin forms
26708 * (bug 3512) namespaceDupes now handles spaces and initial caps properly
26709 * (bug 7037) Fix regression in login tab order
26710 * (bug 7031) Report missing email on 'email password' instead of false success
26711 * (bug 7010) Don't send email notifications for watched talk pages when user
26712 has selected to receive only updates for their own talk page
26713 * Added {{CURRENTHOUR}}
26714 * Added [[:Image:Foo.png]] style links to the pagelinks table
26715 * Avoid duplicate revision imports with Special:Import
26716 * (bug 7054) Validate email address before sending email confirmation message
26717 * (bug 7061) Format title on "from (page)" links on Special:Allpages
26718 * (bug 7044) Introduce "padleft" and "padright" colon functions
26719 * Pass page title as parameters to "linkshere" and "nolinkshere" and update
26720 default message text
26721 * Allows to upload from publicy accessible URL. Set $wgAllowCopyUploads = true;
26722 in LocalSettings.php
26723 Limited to $wgMaxUploadSize (default:100MB); URL upload is limited to sysops
26724 by default, and displayed as a second line if appropriate
26725 * (bug 832) Return to user page after emailing a user
26726 * (bug 366) Add local-system-timezone equivalents for date/time variables
26727 * (bug 7109) Fix Atom feed version number in header links
26728 * (bug 7075) List registered parser function hooks on Special:Version
26729 * (bug 7059) Introduce "anchorencode" colon function
26730 * Include SVN revision number in {{CURRENTVERSION}} output, where applicable
26731 * Fix bug in wfRunHooks which caused corruption of objects in the hook list
26732 * (bug 4979) Use simplified email addresses when running on Windows
26733 * (bug 4434) Show block log fragment on Special:Blockip
26734 * [[MediaWiki:Disambiguationspage]] may optionally contain wiki links to any
26735 number of disambiguation templates.
26736 * [[Special:Disambiguations]] now shows pages in NS:0 that link to any pages
26737 that embed any of the templates listed at [[MediaWiki:Disambiguationspage]].
26738 * Fix formatting of titles on Special:Undelete
26739 * (bug 7026) Fix action=raw&templates=expand
26740 * (bug 6976) Add namespace and direction classes to classic skins
26741 * (bug 7144) Don't "return to main" from OutputPage::loginToUse() if the user
26742 can't read the main page in the first place
26743 * (bug 7188) Fix minor borkage in HTMLForm
26744 * (bug 6675) Replaced message 'watchthis' with new message 'watchthisupload in
26746 * Add a quickie script dumpSisterSites.php for generating a page list in the
26747 format for WSR-1 SisterSites support
26748 * (bug 7223) Monobook.js is used for site content, should not be localized
26749 * Set default disabled values for DjVu render options
26750 * Added Xml::option() for generating <option>s easily
26751 * Localized page numbers in drop-down for DjVu page selection
26752 * Fixed linktrail for vi
26753 * (bug 6893) "Call to a member function exists() on a non-object" on
26754 trackback.php with bad input
26755 * (bug 6886) PHP undefined offset on bad input to Special:Revisiondelete
26756 * (bug 6887) PHP error for call to getId() on bad input to
26757 Special:Revisiondelete
26758 * (bug 6888) PHP error for call to getTimestamp() on bad input to
26759 Special:Revisiondelete
26760 * (bug 7252) Use dvipng support in texvc math rastrization. dvipng is required
26761 if texvc is rebuilt.
26762 * (bug 7279) Use wfBaseName in place of basename() in more places
26763 * Clear newtalk marker on diff links with explicit current revision number
26764 * (bug 7064) Replace hard-coded empty message checks with wfEmptyMsg calls
26765 * (bug 6777) Remove some PHP 4 compat cruft
26766 * Add --user, --comment, and --license options to importImages.php
26767 * (bug 6216) The immobile namespace message does not mention the source page
26768 * (bug 7299) Normalize username filter on Special:Newpages
26769 * (bug 7306) RTL text in an LTR wiki breaks appearance of Special:Recentchanges
26770 * (bug 7312) Don't emit SET NAMES utf8 if connection failed
26771 * (bug 7305) Proper compare for bot check on RC notify, should fix overrides
26772 that force edits by non-bot users to bot mode
26773 * Set Vary: Cookie on action=raw generated CSS and JS, to ensure that user
26774 preferences don't get stuck in proxy caches for other people
26775 * (bug 7324) Fix error message for failure of Database::sourceFile()
26776 * (bug 7309) Plurals: use singular form for zero in French and Brazilian
26778 * Add page_no_title_convert field to support language variant conversion
26779 for page titles which shouldn't be converted on display/linking
26780 * Lazy extraction of text chunks in Revision objects, may reduce hits to
26781 external storage when actual text content is not used
26782 * Added experimental $wgRevisionCacheExpiry to cache extracted revision text
26783 in $wgMemc, to further reduce hits to external storage.
26784 Set to 0 (disabled) by default.
26785 * Minor changes to the installer.
26786 * Remove ":" for 'youremail' and 'yourrealname' in
26787 includes/templates/Userlogin.php so that ":" could be used in i18n for
26788 Special:Preferences (like 'username' and 'uid').
26789 * Fix layout for Special:Preferences->Date and Time (position for
26791 * Updates to language variant code for Serbian et al
26792 * (bug 6756) Enabling RTL direction for kk-cn
26793 * (bug 6701) Kazakh language variants in MessagesEn.php
26794 * (bug 7335) SVN revision check in Special:Version fails on SVN 1.4 working copy
26795 * (bug 6518) Replaced 'lastmodified' with 'lastmodifiedat' and 'lastmodifiedby'
26796 with 'lastmodifiedatby' with separated parameters for date and time to allow
26797 better localisation. Updated all message files to display the old format for
26799 * (bug 7357) Make supposedly static methods of Skin actually static
26800 * Added info text to Special:Deadendpages and Special:Lonelypages
26801 * Fix regression in cachability of generated CSS and JS for MonoBook skin,
26802 while avoiding clobbering of different users' cached data
26803 * (bug 6849) Block @ from usernames; interferes with multi-database tools and
26804 was meant to be banned years ago... For now existing accounts will not be
26805 prevented fromm login.
26806 * (bug 6092) Introduce magic words {{REVISIONDAY}}, {{REVISIONDAY2},
26807 {{REVISIONMONTH}}, {{REVISIONYEAR}} and {{REVISIONTIMESTAMP}}
26808 * (bug 7425) Preceeding whitespace in [[...]] breaks subpages
26809 * Try to reconnect after transitory database errors in dumpTextPass.php
26810 * (bug 6023) Fixed mismatch of 0/NULL for wl_notificationtimestamp; now
26811 notification mails are working after 'Mark all pages visited' button on
26812 Special:Watchlist is clicked
26813 * Made {{INT:}} a core parser function instead of a special case. The syntax
26814 and behavior is largely unchanged.
26815 * (bug 7448) Fixing the native name for Ewe (ee)
26816 * (bug 6864) Replace message 'editing' with new message 'editinguser' in
26817 Special:Userrights to allow better localisation
26818 * Add '*-summary' for special pages to MessagesEn.php to allow
26819 customizing/translation directly through Special:Allmessages
26820 * (bug 6130, bug 5818) Replaced message 'go' with the new message
26821 'searcharticle' in skins to allow better localisation
26822 * Add + to $wgLegalTitleChars by default. Some sites may have occasional
26823 problems with hard-to-reach pages, but it should be less trouble than
26824 "I can't import dumps from Wikipedia" complaints
26825 * (bug 7460) Revert broken patch for bug 7226 which slows down
26826 Special:Allmessages by a factor of 16
26827 * Committed a bunch of live hacks from Wikimedia servers
26828 * (bug 6889) PHP notices in thumb.php with missing params
26829 * Cleaner error behavior on thumb.php with invalid page selection
26830 * (bug 6617) Validate timestamps on Special:Undelete
26831 * Do fewer unnecessary full writes of user rows; only update user_touched
26832 for watch/unwatch, group membership change, and login operations
26833 * Restructured the languages directory, to avoid problems when people
26834 untar MW 1.8 over the top of a 1.7 installation.
26835 * (bug 6890) SQL query error on bad input to Pager lists
26836 due to negative LIMIT clause, caused by integer wraparound.
26837 * Fixed various bugs related to table prefixes, especially the interaction
26838 between table prefixes and memcached, which was formerly completely broken.
26839 * (bug 7004) PHP iconv() notice on bad password input to Special:Userlogin.
26840 * (bug 6826) Extend pre-save transform context link ("pipe trick")
26841 syntax to pages with commas in title
26842 * Use ImageMagick -thumbnail option instead of -resize to avoid including
26843 excessive metadata in thumbs (requires ImageMagick 6.0.0 or newer).
26844 * (bug 7499) Corrections to Swedish talk namespace names
26845 * (bug 7508) Added option to compress HTML pages by dumpHTML.php
26846 * (bug 7519) Add plural in SpecialWatchlist
26847 * (bug 7459) Magic word variables are always case sensitive
26848 * Replaced {{SERVER}}{{localurl:xxx}} with {{fullurl:xxx}} in localisation files
26849 * Fix regression in Special:Watchlist text header
26850 * (bug 7510) Update article counts etc on undelete
26851 * (bug 7520) Update article counts on XML import
26852 * (bug 7526) Make $wgDefaultUserOptions work again
26853 * (bug 7472) Localize Help namespace for Basque
26854 * (bug 7529) Including a non-existent category in an article places that article
26856 * (bug 4528) Lack of important LaTeX functions stackrel, rightleftharpoon
26857 * (bug 6721) missing symbols ulcorner, urcorner, llcorner, lrcorner,
26858 twoheadrightarrow, twoheadleftarrow
26859 * (bug 7367) Hyphens sometimes erroneously appended to equations when not
26861 * Add "title" to the opensearch link to allow automatic adding of the search
26862 engine in Firefox 2
26863 * (bug 7537) Add php5 to $wgFileBlacklist
26864 * (bug 6929) Restore AutoAuthenticate hook
26866 == Languages updated ==
26869 * Bavarian (bar) stub file
26871 * Bishnupriya (bpy) stub file
26872 * Brazilian Portuguese (pt-br)
26873 * Cantonese (zh-yue)
26890 * Mazandarani (mzn)
26904 == Compatibility ==
26905 MediaWiki 1.8 requires PHP 5 (5.1 recommended). PHP 4 is no longer supported.
26907 MySQL 3.23.x is no longer supported; some older hosts may need to upgrade. At
26908 this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases.
26911 Some minor database changes have been made since 1.7:
26912 * new fields and indexes on ipblocks
26913 * index change on recentchanges
26915 Several changes from 1.5 and 1.6 do require updates to be run on upgrade. To
26916 ensure that these tables are filled with data, run refreshLinks.php after the
26919 If you are upgrading from MediaWiki 1.4.x or earlier, some major database
26920 changes are made, and there is a slightly higher chance that things could
26921 break. Don't forget to always back up your database before upgrading!
26924 Some output, particularly involving user-supplied inline HTML, may not produce
26925 100% valid or well-formed XHTML output. Testers are welcome to set $wgMimeType
26926 = "application/xhtml+xml"; to test for remaining problem cases, but this is not
26927 recommended on live sites. (This must be set for MathML to display properly in
26932 == MediaWiki 1.7.3 ==
26936 This is a security and bug-fix update to the Summer 2006 quarterly release.
26938 An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7
26939 charset autodetection was located in the AJAX support module, affecting MSIE
26940 users on MediaWiki 1.6.x and up when the optional setting
26941 [[Manual:$wgUseAjax|$wgUseAjax]] is enabled.
26943 If you are using an extension based on the optional Ajax module, either disable
26944 it or upgrade to a version containing the fix:
26946 * 1.9: fixed in 1.9.3
26947 * 1.8: fixed in 1.8.4
26948 * 1.7: fixed in 1.7.3
26949 * 1.6: fixed in 1.6.10
26951 There is no known danger in the default configuration, with
26952 [[Manual:$wgUseAjax|$wgUseAjax]] off.
26954 * Add 'charset' to Content-Type headers on various HTTP error responses to
26955 forestall additional UTF-7-autodetect XSS issues. PHP sends only 'text/html' by
26956 default when the script didn't specify more details, which some inconsiderate
26957 browsers consider a license to autodetect the deadly, hard-to-escape UTF-7.
26958 This fixes an issue with the Ajax interface error message on MSIE when
26959 [[Manual:$wgUseAjax|$wgUseAjax]] is enabled (not default configuration); this
26960 UTF-7 variant on a previously fixed attack vector was discovered by Moshe BA
26961 from BugSec: http://www.bugsec.com/articles.php?Security=24
26962 * Trackback responses now specify XML content type
26964 == MediaWiki 1.7.2 ==
26968 * Note about $wgUploadSizeWarning using byte
26969 * Update to German bookstore list (de)
26970 * (bug [[bugzilla:6680|6680]]) Added localisation for Dutch bookstore list (nl)
26971 * (bug [[bugzilla:6708|6708]]) Minor updates to Russian translation (ru)
26972 * (bug [[bugzilla:6730|6730]]) Clearer usage of message 'titlematch' in German
26974 * Added direction mark to Special:Listredirects
26975 * XSS fix in AJAX module
26977 An XSS injection vulnerability was located in the AJAX support module,
26978 affecting MediaWiki 1.6.x and up when the optional setting
26979 [[Manual:$wgUseAjax|$wgUseAjax]] is enabled.
26981 There is no danger in the default configuration, with
26982 [[Manual:$wgUseAjax|$wgUseAjax]] off.
26984 If you are using an extension based on the optional AJAX module, either disable
26985 it or upgrade to a version containing the fix:
26987 * 1.9: fixed in 1.9.0rc2
26988 * 1.8: fixed in 1.8.3
26989 * 1.7: fixed in 1.7.2
26990 * 1.6: fixed in 1.6.9
26993 == MediaWiki 1.7.1 ==
26997 MediaWiki 1.7.1 is a security and bugfix maintenance release of the Summer 2006
27000 A potential HTML/JavaScript-injection vulnerability in a debugging script has
27001 been fixed. Only versions and configurations of PHP vulnerable to the $GLOBALS
27002 overwrite vulnerability are affected.
27004 As a workaround for existing installs, profileinfo.php may simply be deleted if
27005 it's not being used.
27007 * Fix for 'emailconfirmed' implicit user group
27008 * Fix for upgrades on some versions of MySQL 4.0.x
27009 * Fixed potential XSS in profileinfo.php
27010 * Installer now shows clear error message about old PHP versions rather than a
27011 confusing parse error
27013 == MediaWiki 1.7.0 ==
27016 This is the quarterly release snapshot for Summer 2006. While the code
27017 has been running on Wikipedia for some time, installation and upgrade
27018 bits may be less well tested. Bug fix releases may follow in the coming
27021 MediaWiki is now using a "[[w:en:Continuous_integration|continuous
27022 integration]]" development model with
27023 quarterly snapshot releases. The latest development code is always kept
27024 "ready to run", and in fact runs our own sites on Wikipedia.
27026 Release branches will continue to receive security updates for about a year
27027 from first release, but nonessential bugfixes and feature development happen
27028 will be made on the development trunk and appear in the next quarterly release.
27030 Those wishing to use the latest code instead of a branch release can obtain
27031 it from source control: [[Download from SVN]]
27033 == Changes since 1.6 ==
27035 * (bug 5458) Fix double-URL encoding in block log link in contribs and contribs
27037 * (bug 5462) Bogus missing patch warning in updater
27038 * (bug 5461) Use of deprecated "showhideminor" in Special:Recentchangeslinked
27039 * PHP warning when allow_call_time_pass_reference is off
27040 * Update to Finnish localization
27041 * (bug 5467) Link to page histories in watchlist edit mode
27042 * Further additions to Hebrew localisation
27043 * (bug 5476) Invalid xhtml in German localization
27044 * (bug 5479) Id translation for preferences tabs caption
27045 * (bug 5493) Id translation for special pages
27046 * Added skinname and style path parameters to CBT version of MonoBook
27047 * Include subversion revision number in Special:Version if available
27048 * (bug 5344) Fix regression that broke slashes in extension tag parameters
27049 * Improve Special:Log performance on big log sets
27050 * (bug 5507) Changed mediawiki:logouttext from plain to wikitext
27051 * (bug 4760) Prevent creation of entries in protection log when protection
27052 levels haven't changed
27053 * (bug 861) Show page protection/unprotection events in histories
27054 * (bug 5499) Don't clear the tag strip state when asked not to clear state.
27055 Fixes regression with use of <ref> in a template breaking <nowiki> etc.
27056 * Minor improvements to English language files
27057 * Display the anon talk page info message on anon talk pages again
27058 (moved outside the parser cache)
27059 * Optional {{DISPLAYTITLE|title with markup}} magic word
27060 Deactivated by default, set "$wgAllowDisplayTitle = true" in LocalSettings.php
27062 * Cleaned SpecialContributions a bit
27063 * Added a table to track interlanguage links
27064 * (bug 5544) Fix redirect arrow in Special:Listredirects for right-to-left
27066 * Replace "doubleredirectsarrow" with a content language check that picks the
27068 * (bug 5537) Add stub language file for Samogitian (bat-smg); inherits
27070 * Don't force edit summaries when a user is editing their own user/talk page
27071 * (bug 5510) Warning produced when using {{SUBPAGENAME}} in some namespaces
27072 * (bug 385) Installer support for PostgreSQL, fixes for PG compatibility
27073 * PersistentObject removed; it doesn't do anything and was broken besides.
27074 All extensions using it have been corrected.
27075 * Propagate ISBN number for Booksources in LanguageNo.php
27076 * (bug 5548) Improvements to Indonesian localisation [patch: Ivan Lanin]
27077 * Add TALKSPACE, SUBJECTSPACE, TALKPAGENAME, SUBJECTPAGENAME (and encoded forms
27078 for all) magic words
27079 * (bug 5403) Fix Special:Newpages RSS/Atom feeds
27080 * Reject malformed addresses in X-Forwarded-For entries
27081 * (bug 3359) Add hooks on completion of file upload
27082 * (bug 5559) Improve detection of ImageMagick [patch: Greg Turnquist]
27083 * (bug 5475) New pages feeds ignore "limit" argument
27084 * (bug 5184) CSS misapplied to elements in Special:Allmessages due to
27085 conflicting anchor identifiers
27086 * (bug 5519) Allow sidebar cache to be disabled; disable it by default.
27087 * Maintenance script to import the contents of a text file into a wiki page
27088 * Add $wgReservedUsernames configuration directive to block account creation/use
27089 * (bug 5576) Remove debugging hack in session check
27090 * (bug 5426) Lowercase treatment of titles in rights log leads to broken links
27092 * Minor improvements to French localisation files
27093 * (bug 5181) Update "nogomatch" for Slovak
27094 * (bug 5594) Id translation up to # Login and logout pages section
27095 * (bug 5536) Use content language for editing help link
27096 * Improvements to German localisation files
27097 * (bug 5570) Problems using <special page>/parameter link form for long titles
27098 * (bug 3884) Add $user parameter to AddNewUser hook, call it for by-email
27099 registrations as well as self-registrations.
27100 * (bug 4327) Report age of cached data sets in query pages
27101 * (bug 4662) Fix Safari check in wikibits.js
27102 * (bug 4663) Edit toolbar enabled in compatible versions of Safari
27103 * (bug 5572) Edit toolbar enabled in compatible versions of Konqueror (3.5+)
27104 * (bug 5235) Edit toolbar tooltips no longer show JavaScript junk in Opera
27105 * Edit toolbar now works in pure XHTML mode (application/xhtml+xml)
27106 * Add watchlist clear function to allow quick purging of all items
27107 * (bug 5625) Additional namespace translations for Welsh
27108 * Add meta tag and JavaScript variables to cached special pages which provides
27109 the timestamp of the last update, in YYYYMMDDHHMMSS format.
27110 * (bug 5628) More translations for MessagesHr.php
27111 * (bug 5595) Localisation for Bosnian language (bs)
27112 * (bug 2910) Default view preferences for watchlists
27113 * Add "hide bot edits from the watchlist" user preference
27114 * (bug 5250) Introduce Special:Unusedtemplates
27115 * Add user preference setting for an extended watchlist, showing all recent
27116 edits up to a certain edit, and not just the latest edit.
27117 * Made MessageRo.php more general
27118 * (bug 5640) Indonesian localisation improvements
27119 * (bug 5592) Actions are logged with the default language for the
27120 wiki, not the language of the user performing the operation.
27121 * (bug 5644) Error in LanguageBs.php file
27122 * (bug 5646) Compare for identical types in wfElement()
27123 * (bug 5472) Language::userAdjust()->minDiff not initialized on else condition
27124 * (bug 5386) LanguageMk.php: updated namespaces translations
27125 * (bug 5422) Stub for Romani (rmy) language which extends ro
27126 * Fix linktrail for LanguageSr
27127 * (bug 5664) Fix Bosnian linktrail
27128 * (bug 3825) Namespace filtering on Special:Newpages
27129 * (bug 1922) When Special:Wantedpages is cached, mark links to pages
27130 which have since been created
27131 * (bug 5659) Change grammar hacks for Bosnian Wikimedia namespaces.
27132 This sort of special casing should be removed and fixed properly.
27133 * Remove useless whitespace from Special:Brokenredirects header
27134 * Treat "allmessagesnotsupporteddb" as wikitext when echoing; change default
27136 * (bug 5497) Regression in HTML normalization in 1.6 (unclosed <li>,<dd>,<dt>)
27137 * (bug 5709) Allow customisation of separator for categories
27138 * (bug 5684) Introduce Special:Randomredirect
27139 * (bug 5611) Add a name attribute to the text box containing source text in
27141 * Indicate when a protected page is an interface message ("protectedinterface")
27142 * (bug 4259) Indicate when a protected page being edited is an interface message
27143 ("editinginterface")
27144 * (bug 4834) Fix XHTML output when using $wgMaxTocLevel
27145 * Pass login link to "whitelistedittext" containing 'returnto' parameter
27146 * (bug 5728): mVersion missing from User::__sleep() leading to constant cache
27148 * Updated maintenance/transstat.php so it can show duplicate messages
27149 * Improvements to update scripts; print out the version, check for superuser
27150 credentials before attempting a connection, and produce a friendlier error if
27151 the connection fails
27152 * (bug 5005) Fix XHTML <gallery> output.
27153 * (bug 5315) "Expires: -1" HTTP header made strictly valid (using 1970 date).
27154 * (bug 4825) note in DefaultSettings.php about 'profiling' table creation
27155 * Remove unneeded extra whitespace at top of Special:Categories
27156 * (bug 5679) time units are now using local numerals
27157 * (bug 5751) Updates to Portuguese localisation files
27158 * (bug 5741) Introduce {{NUMBEROFUSERS}} magic word
27159 * (bug 93) <nowiki> tags and tildes in templates
27160 * The returnto parameter is now actually used by SpecialUserlogin.php
27161 * Parser can now know that it is parsing an interface message
27162 * (bug 4737) MediaWiki:Viewcount supports {{PLURAL}} now
27163 * Fix bug in wfMsgExt under PHP 5.1.2
27164 * (bug 5761) Project talk namespace broken in Xal, Os, Udm and Cv
27165 * Rewrite reassignEdits script to be more efficient; support optional updates to
27166 recent changes table; add reporting and silent modes
27167 * Cleaned up formatNum usage in langfiles
27168 * (bug 5716) Warn when a user tries to upload a file which was previously
27170 * (bug 5565) Add a class attribute to the table on Special:Allpages
27171 * "lang=xx" option for parser test cases to set content language
27172 * (bug 5764) Friulian translation updated
27173 * (bug 5757) Fix premature cutoff in LanguageConverter with extra end markers
27174 * (bug 5516) Show appropriate "return to" link on blocked page
27175 * (bug 5377) Do not auto-login when creating an account as another user
27176 * (bug 5284) Special redirect pages should remember parameters
27177 * Suppress 7za output on dumpBackup
27178 * (bug 5338) Reject extra initial colons in title
27179 * (bug 5487) Escape self-closed HTML pair tags
27180 * Add "raw suffix" magic word for some magic words, e.g. {{NUMBEROFUSERS|R}}
27181 will produce a count minus formatting
27182 * Fix Parser::cleanSig() to use Parser::startExternalParse() and choose an
27183 appropriate output format given the scope of the clean
27184 * (bug 5593) Change "bureaucrat log" to "rights log"
27185 * Show a boilerplate "(none)" in place of a blank within the log action text for
27187 * (bug 137) Commented out translations for copyrightwarning which mention GNU
27189 * (bug 5723) Don't count pages linked to from the MediaWiki namespace as
27191 * (bug 5696) Add a third parameter, $3, to "rcnote", passing the current time
27192 formatted according to the current user's settings
27193 * (bug 5780) Thousands and decimal separators for Norwegian
27194 * Updated initStats maintenance script
27195 * (bug 5767) Fix date formats in Vietnamese locale
27196 * (bug 361) URL in URL, they were almost fixed. Now they are.
27197 * (bug 4876) Add __NEWSECTIONLINK__ magic word to force the "new section"
27198 link/tab to show up on specific pages on demand
27199 * Bidi-aid on list pages
27200 * (bug 5782) Allow entries in the bad image list to use canonical namespace
27202 * (bug 5789) Treat "loginreqpagetext" as wikitext
27203 * Sanitizer: now handles nested <li> in <ul> or <ol>
27204 * (bug 5796) We require MySQL >=4.0.14
27205 * Add 'EmailConfirmed' hook
27206 * New findhooks.php script to find undocumented hooks.
27207 * Silently ignore errors on profiling table update.
27208 * (bug 5801) Correct handling of underscores in Special:Listusers
27209 * Clean up Special:Listusers; add an "(all)" label to the group selection box
27210 * (bug 5812) Use appropriate link colour in Special:Mostlinked
27211 * (bug 5802) {{CURRENTMONTHNAME}} variable broken in Vietnamese locale
27212 * (bug 5817) Appropriate handling for Special:Recentchangeslinked where the
27213 target page doesn't exist
27214 * Special:Randompage now additionally accepts English namespace name as
27216 * (bug 2981) Really fixed linktrail for Tamil (ta)
27217 * Disallow substituting Special pages when included into a page
27218 * (bug 5587) Clean up the languages from references to the Groups special page
27219 * Added new group-X and group-X-member messages
27220 * Rewritten removeUnusedAccounts to be more efficient, print names of inactive
27222 * Redirect Special:Userlist to Special:Listusers
27223 * Introduce $wgAllowTitlesInSVG, which allows the <title> attribute in uploaded
27224 files bearing the image/svg MIME type. Disabled by default due to the vast
27225 majority of web servers being hideously misconfigured. See DefaultSettings.php
27227 * Changed default LocalSettings.php to append the previous include path when
27229 * (bug 5837) Use "members" for the value descriptor in Special:Categories,
27230 Special:Wantedcategories and Special:Mostlinkedcategories.
27231 * (bug 3309) Allow comments when undeleting pages
27232 * Clean up Special:Undelete a bit
27233 * (bug 5805) messages nbytes, ncategories can now use {{plural:}}
27234 * Clean up Special:Imagelist a bit
27235 * (bug 5838) Namespace names for Nds-NL
27236 * (bug 5749) Added Tyvan language files
27237 * (bug 5791) Fix SQL syntax in Special:BrokenRedirects, was causing incorrect
27239 * (bug 5839) Prevent access to Special:Confirmemail for logged-out users
27240 * (bug 5853) Update for Portuguese messages (pt)
27241 * (bug 5851) Use Cyrillic for Kirghiz language name
27242 * (bug 5841) Allow the 'EditFilter' hook to return a non-fatal error message
27243 * (bug 5846) Link to individual group description pages in Special:Listusers
27244 * (bug 5857) Update for German localisation (de)
27245 * (bug 5858) Update for Russian language (ru)
27246 * (bug 5860) Update for Indonesian language (id)
27247 * (bug 1120) Update for Czech language (Cs)
27248 * Added many missing formatNum calls
27249 * Added grammar function to Belarusian (be)
27250 * (bug 5819) Add 'PersonalUrls' hook
27251 * (bug 5862) Update of Belarusian language (be)
27252 * (bug 5886) Update for Portuguese messages (pt)
27253 * (bug 5586) <gallery> treated text as links
27254 * (bug 5878) Update for Indonesian language (id)
27255 * (bug 5697) Update for Malay language (ms)
27256 * (bug 5890) Update for German language (de)
27257 * (bug 5889) Name for Sindhi language should appear as سنڌي
27258 * --force-normal parameter on dump scripts to force check for ICU extension
27259 * (bug 5895) Update for Dutch language (nl)
27260 * (bug 5891) Linktrail for Polish language (pl)
27261 * User::isBureaucrat , User::isDeveloper , User::isSysop deprecated in
27262 v1.6 now die with a backtrace. They will be removed in v1.8
27263 * dumpTextPass now skips goes to database for entries that were blank in the
27264 previous dump, as this may indicate a broken dump.
27265 * dumpTextPass progress includes percentage of items prefetched
27266 * dumpTextPass can now use 7zip files for prefetch
27267 * (bug 5915) Update to Indonesian localisation (id)
27268 * (bug 5913) Update for German localisation (de)
27269 * (bug 5905) Plural support for Bosnian localisation (bs)
27270 * Groups which won't hit the rate limiter now configurable with
27271 $wgRateLimitsExcludedGroups
27272 * (bug 5806) {{plural:}} support instead of "twin" MediaWiki messages
27273 * (bug 5931) Update for Polish language (pl)
27274 * Ignore the user and user talk namespaces on Special:Wantedpages
27275 * Introduce NUMBEROFPAGES magic word
27276 * (bug 5833) Introduce CURRENTVERSION magic word
27277 * (bug 5370) Allow throttling of password reminder requests with the rate
27279 * (bug 5683) Respect parser output marked as uncacheable when saving
27280 * (bug 5918) Links autonumbering now work for all defined protocols
27281 * (bug 5935) Improvement to German localisation (de)
27282 * (bug 5937) Register links from gallery captions with the parent parser output
27283 object so that link tables receive those updates too
27284 * (bug 5845) Introduce BASEPAGENAME and BASEPAGENAMEE magic words
27285 * (bug 5941) Use content language when getting the administrator page title for
27287 * (bug 5949) Update to Indonesian localisation (id)
27288 * (bug 5862) Update of Belarusian translation (be)
27289 * (bug 5950) Improvements to French localisation
27290 * (bug 5805) {{plural:}} support for counters in some special pages
27291 * (bug 5952) Improvement to German localisation (de)
27292 * Rename conflicting metadata help message to "metadata_help" (was "metadata")
27293 and treat it as wiki text
27294 * Improve preferences input filtering
27295 * Maintenance script to import multiple files into the wiki
27296 * (bug 5957) Update for Hebrew language (he)
27297 * (bug 5962) Update for Italian language (it)
27298 * (bug 5961) Update for Portuguese localisation (pt)
27299 * (bug 5849) Remove some hard-coded references to "Wikipedia" in messages
27300 * (bug 5967) Improvement to German localisation (de)
27301 * (bug 5962) Update for Italian language (it)
27302 * Suppress images in galleries which appear on the bad image list (when
27303 rendering for a wiki page; galleries in special pages and categories are
27305 * Maintenance script to remove orphaned revisions from the database
27306 * (bug 5991) Update for Russian language (ru)
27307 * (bug 6001) PAGENAMEE and FULLPAGENAMEE don't work in FULLURL and LOCALURL
27309 * (bug 5958) Switch Uzbek language name to use latin script
27310 * (bug 839) Add URLENCODE magic word
27311 * (bug 6004) Update for Polish language (pl)
27312 * (bug 5971) Improvement to German localisation (de)
27313 * (bug 4873) Don't overwrite the subtitle navigation when viewing a redirect
27314 page that isn't current
27315 * (bug 2203) Namespace updates for Thai
27316 * Fix breakage in parser test suite which caused incorrect reporting of the
27317 failure of {{NUMBEROFFILES}}. Now initialises the site_stats table with some
27318 dumb data. Updated the expected output for {{NUMBEROFARTICLES}} to reflect
27320 * (bug 6009) Use {{ns:project}} in messages where appropriate
27321 * (bug 6012) Update to Indonesian localisation (id)
27322 * (bug 6017) Update list of bookstores in German localisation files
27323 * (bug 5187) Allow programmatically bypassing username validation, for scripts
27324 * (bug 6025) SpecialImport: wrong message when no file selected
27325 * (bug 6015) EditPage: add spacing in the boxes "edit is minor" and "watch this"
27326 * (bug 6018) Userrights: new message when no user specified ('nouserspecified')
27327 * (bug 2015) Add "\sim" to ~ conversion for HTML rendering
27328 * (bug 6029) Improvement to German localisation (de)
27329 * (bug 5015) Update be: magic words
27330 * (bug 3974) Add parameter for site URL to "passwordremindertext"
27331 * (bug 6039) Update for Portuguese localisation (pt)
27332 * (bug 764) Add CREATE TEMPORARY TABLES to default database permissions
27333 * Big update to Swedish localisation (sv)
27334 * Use appropriate HTML functions to create the tool links on image pages, so
27335 they don't look garbled when tidy isn't on
27336 * (bug 5511) Fix URL-encoding of usernames in links on Special:Ipblocklist
27337 * (bug 6046) Update to Indonesian localisation (id) #15
27338 * (bug 5523) $wgNoFollowNsExceptions to allow disabling rel="nofollow" in
27339 specially-selected namespaces.
27340 * (bug 6055) Fix for HTML/JS injection bug in variable handler (found by Nick
27342 * Reordered wiki table handling and __TOC__ extraction in the parser to better
27343 handle some overlapping tag cases.
27344 * Only the first __TOC__ is now turned into a TOC
27345 * (bug 4610) Indicate patrolled status on watchlists and allow users to mark
27346 changes as patrolled using the diff links there
27347 * Add 'DiffViewHeader' hook called before diff page output
27348 * (bug 6051) Improvement to German localisation (de)
27349 * (bug 6054) Update to Indonesian localisation (id) #16
27350 * Add {{CURRENTTIMESTAMP}} magic word
27351 * (bug 6061) Improper escaping in some html forms
27352 * (bug 6065) Remove underscore when using NAMESPACE and TALKSPACE magics.
27353 * (bug 6074) Correct squid purging of offsite upload URLs
27354 * To simplify the lives of extension developers, the logging type arrays
27355 can now be appended to directly by an extension setup function. It is
27356 no longer necessary to write four separate functions just to add a
27358 * (bug 6057) Count "licenses" as a message (and show it in Special:Allmessages)
27359 * Added $wgGrammarForms global
27360 * Fixed hardcoded 'done.' when removing watchlist entries.
27361 * (bug 5962) Update for Italian language (it)
27362 * (bug 6086) Remove vestigial attempt to call Article::validate()
27363 * wfHostname() function for consistent server hostname use in debug messages
27364 * Send thumbnailing error messages to 'thumbnail' log group
27365 * wfShellexec() now accepts an optional parameter to receive the exit code
27366 * Failed, but not zero-length, thumbnail renderings are now removed.
27367 Should help clean up when rsvg fails in weird ways.
27368 * (bug 6081) Change description for Turkmen language
27369 * Increase robustness of parser placeholders; fixes some glitches when
27370 adjacent to identifier-ish constructs such as URLs.
27371 * Shut up the parser test whining about files in a temp directory.
27372 * (bug 6098) Add Aragonese language support (an)
27373 * (bug 6101) Update for Russian language (ru)
27374 * Add $wgIgnoreImageErrors to suppress error messages for thumbnail rendering
27375 problems. If errors are transitory, this should reduce annoying messages
27376 making it into cached display.
27377 * (bug 6103) Wrap self-links in a CSS class ("selflink")
27378 * (bug 6102) For consistency with other markup, normalize all HTML-encoded
27379 character entities in URLs, not just ampersands. This allows use of eg
27380 = when making URLs for template parameters.
27381 * Markup anality: escape </ as <\/ in toolbar javascript for pure correctness
27382 under HTML-compatible browsers.
27383 * (bug 5077) Added hook 'BeforePageDisplay' to SkinTemplate::outputPage
27384 * Replace fatally changed 'uploadnewversion' with 'uploadnewversion-linktext'
27385 * (bug 472) Syndication feeds for the last few edits of page history
27386 * Format edit comments in Recent Changes feed
27387 * Switch incorrectly ordered column headers on Recent Changes feed diffs
27388 * (bug 6117) Use message for history feed description, add German localization
27389 * (bug 1017) fixed thumbnails of animated gifs.
27390 * Add APC as object caching option
27391 * Update to Albanian localization (sq)
27392 * (bug 6099) Introduce {{DIRECTIONMARK}} magic word (with {{DIRMARK}} as an
27394 * Use optimized php5-only microtime()
27395 * Add possibility to store local message cache as PHP executable script
27396 * Fix profiling table definition
27397 * (bug 6040) Run pre-save transform before calculating the diff. when doing a
27398 "show changes" operation in the editor
27399 * (bug 4033) Respect $wgStyleDirectory when checking available skins
27400 * Remove hideous backslashes from MessagesBr.php
27401 * Fix APC object cache issues, add functionality to installer
27402 * (bug 6133) Update strip state as we work. This mostly fixes extensions
27403 used in Cite.php <ref> tags when Tidy is on.
27404 * (bug 6139) Workaround for transclusion oddities in Vietnamese upload text
27405 * (bug 6136) Update to Catalan language (ca)
27406 * Update to Japanese localization (ja)
27407 * Add /usr/local/bin to the diff3 search paths in the installer
27408 * (bug 6106) Update to Indonesian localisation (id) #17
27409 * (bug 6125) Add links to edit old versions to diff views
27410 * (bug 5127) Auto edit summary when creating/editing redirect page
27411 * (bug 3926) Introduce {{#language:}} magic word
27412 * Fix section links from edit comments for [[:Image:Bla.jpg]] in section titles
27413 * (bug 6126) Allow fallback to customized primary language when user language
27414 message contains '-'; fixes licenses selector on Commons configuration after
27415 recent addition of the message to Messages.php
27416 * (bug 5527) Batch up job queue insertions for, hopefully, better survivability
27417 of lock contention etc. Duplicates are now removed at pop time instead of
27419 * When showing the "blah has been undeleted" page, make sure it's a blue link
27420 * parserTests.php accepts a --file parameter to run an alternate test sutie
27421 * parser tests can now test extensions using !!hooks sections
27422 * Fix oddity with open tag parameters getting stuck on </li>
27423 * (bug 5384) Fix <!-- comments --> in <ref> extension
27424 * Nesting of different tag extensions and comments should now work more
27425 consistently and more safely. A cleaner, one-pass tag strip lets the
27426 'outer' tag either take source (<nowiki>-style) or pass it down to
27427 further parsing (<ref>-style). There should no longer be surprise
27428 expansion of foreign extensions inside HTML output, or differences
27429 in behavior based on the order tags are loaded.
27430 * (bug 885) Pre-save transform no longer silently appends close tags
27431 * Pre-save transform no longer changes the case of close tags
27432 * (bug 6164) Fix regression with <gallery> resetting <ref> state
27433 * Hackaround for IE 7 wrapping bug in MonoBook footer
27434 * New message sp-newimages-showfrom replaces rclistfrom on special:newimages
27435 * Improve handling of ;: definition list construct with overlapping or
27437 * (bug 6171) Fix sanitizing of HTML-elements with an optional closing
27438 tag. The sanitizer still needs to learn how to make well-formed XML
27440 * Fix fatal error when specifying illegal name for manual thumbnail
27441 * (bug 6184) Use shinier Linker::userLink() to make user links in
27443 * (bug 6170) Update for Kashubian translation (csb)
27444 * (bug 6191) Update to Indonesian translation (id) #18
27445 * (bug 6114) Update to Walloon localization (wa)
27446 * Added $wgNamespaceRobotPolicies to allow customisation of robot policies on a
27447 per-namespace basis.
27448 * Add <ol> to the list of block elements for doBlockLevels; avoids <p>s being
27449 interspersed into your ordered lists.
27450 * (bug 5021) Transcluding the same special page twice now works
27451 * Add 'SiteNoticeBefore' and 'SiteNoticeAfter' hooks
27452 * (bug 6182) Date passed in "sp-newimages-showfrom" not adjusted to user time
27454 * (bug 2587) Fix for section editing with comment prefix
27455 * (bug 2607) Fix for section editing with mix of wiki and HTML headings
27456 * (bug 3342) Fix for section editing with headings wrapped in <noinclude>
27457 * (bug 3476) Fix for section editing with faux headings in extensions
27458 * (bug 5272) Fix for section editing with HTML-heading subsections
27459 * Fix for bogus wiki headings improperly detected with following text
27460 * Fix for HTML headings improperly not detected with preceding/following text
27461 * Section extraction and replacement functions merged into one implementation
27462 on the Parser object, so they can't get out of sync with each other.
27463 * Edit security precautions in raw HTML mode, etc
27464 * (bug 6197) Update to Indonesian translation (id) #19
27465 * (bug 6175) Improvement to German translation (de)
27466 * Redirect Special:Logs to Special:Log
27467 * (bug 6206) Linktrail for Swedish localization (se)
27468 * (bug 3202) Attributes now allowed on <pre> tags
27469 * Sanitizer::validateTagAttributes now available to discard illegal/unsafe
27470 attribute values from an array.
27471 * (bug 3837) Leave <center> as is instead of doing an unsafe text replacement
27472 to <div class="center">. <center> is perfectly valid in the target doctype
27473 (XHTML 1.0 Transitional), while the replacement didn't catch all cases and
27474 could even result in invalid output from valid input.
27475 * (bug 4280) Use 'noindex,nofollow' instead of 'noindex,follow' for default
27476 meta robots tag on diff view and special pages. Should reduce impact of
27477 robots on scrolling special pages, diffs etc on sites where robots.txt
27478 doesn't forbid access.
27479 * Regression fix: suppress warning about session failure when clicking to
27480 edit with 'preview on first edit' enabled.
27481 * (bug 6230) Regression fix: <nowiki> in [URL link text]
27482 * Added AutoLoader.php, which loads classes without need of require_once()
27483 * (bug 5981) Add plural function Slovenian (sl)
27484 * (bug 5945) Introduce {{CONTENTLANGUAGE}} magic word
27485 * {{PLURAL}} can now take up to five forms
27486 * (bug 6243) Fix email for usernames containing dots when using PEAR::Mail
27487 * Remove a number of needless {{ns:project}}-type transforms from messages
27488 files. These usages already have separate label text. Such transforms are
27489 wasteful on each page view.
27490 * Update to Yiddish localization (yi)
27491 * (bug 6254) Update to Indonesian translation (id) #20
27492 * (bug 6255) Fix transclusions starting with "#" or "*" in HTML attributes
27493 * Whitespace now normalized more or less properly in HTML attributes
27494 * Fix regression(?) in behavior of initial-whitespace-pre in <center>
27495 * (bug 6260) Update to Interlingua localization (ia)
27496 * Update to Vlax Romany localization (rmy)
27497 * Update to Latin translation (la)
27498 * Update to Dutch translation (nl)
27499 * Avoid some notices in page history with bad input
27500 * Use double quoted consistently on attributes in linker output; preparing
27501 for new normalization code when tidy not in use
27502 * Replace "nogomatch" with "noexactmatch" and place the magic colon in the
27503 messages themselves. Some minor tweaks to the actual message content.
27504 * Introduce $wgContentNamespaces which allows for articles to exist in
27505 namespaces other than the main namespace, and still be counted as valid
27506 content in the site statistics.
27507 * (bug 5932) Introduce {{PAGESINNAMESPACE}} magic word
27508 * Disable $wgAllowExternalImages by default.
27509 * (bug 2700) Nice things like link completion and signatures now work in
27511 * Cancel output buffering in StreamFile; when used inside gzip buffering this
27512 could cause funny timeout behavior as the Content-Length was wrong.
27513 * Return correct content-type header with 304 responses for StreamFile;
27514 it confuses Safari if you let it return "text/html".
27515 * (bug 6280) Correct GRAMMAR for Slovenian localisation (sl)
27516 * (bug 6162) Change date format for Dutch Low Saxon (nds-nl)
27517 * (bug 6296) Update to Indonesian localisation (id) #21
27518 * Introduce EditFormPreloadText hook, see docs/hooks.txt for more information
27519 * (bug 4054) Add "boteditletter" to recent changes flags
27520 * Update to Catalan localization (ca)
27521 * (bug 2099) Deleted image files can now be archived and undeleted.
27522 Set $wgSaveDeletedFiles on and an appropriate directory path in
27523 $wgFileStore['deleted']['directory']
27524 * (bug 6324) Fix regression in enhanced RC alignment
27525 * Introduce {{NUMBEROFADMINS}} magic word
27526 * Update to Slovak translation (sk)
27527 * Update to Alemannic localization (gsw)
27528 * (bug 6300) Bug fixes for sr: variants
27529 * namespaceDupes.php can now accept an arbitrary prefix, for checking rogue
27530 interwikis and such. Not yet fully automated.
27531 * (bug 6344) Add Special:Uncategorizedimages page
27532 * (bug 6357) Update to Russian translation (ru)
27533 * Workaround possible bug in Firefox nightlies by properly removing the
27534 Content-Encoding header instead of sending explicit 'identity' value
27536 * (bug 6304) Show timestamp for current revision in diff pages
27537 * Vertically align current version with old version header in diff display
27538 * (bug 6174) Remove redundant "emailforlost" message
27539 * (bug 6189) Show an error to an unprivileged user trying to create account
27540 * (bug 6365) Show user information in the "old revision" navigation links
27541 * Introduce 'FetchChangesList' hook; see docs/hooks.txt for more information
27542 * (bug 6345) Update to Indonesian localisation (id) #22
27543 * (bug 6279) Add genitive month names to Slovenian localisation
27544 * (bug 6351) Update to German translation (de)
27545 * Respect language directionality when displaying arrow in
27546 Special:Brokenredirects
27547 * Remove unused "validation" table definitions from the schema files
27548 * (bug 6398) Work around apparent PCRE bug breaking section editing when
27549 massively-indented preformatted text immediately followed a header
27550 * (bug 6392) Fix misbehaving <br /> in preferences form
27551 * Add translated magic words to Hebrew localization
27552 * (bug 6396) Change name for Chuvash language
27553 * Introduce optional (off by default) language selector bar for user login
27554 and registration. Customisable via the "loginlanguagelinks" message, the
27555 links will preserve "returnto" values. If the user creates an account while
27556 using such a link, then the language in use will be saved as their language
27558 * Make sure '~~~' '~~~~' '~~~~~' are removed in Nickname preference.
27559 * Rename "ipusuccess" to "unblocked", change the format (now wiki text)
27560 * (bug 2316) Add "caption" attribute to <gallery> tag
27561 * Allow setting the skin object that ImageGallery will use; needed during parse
27562 operations (the skin must come from the ParserOptions, not $wgUser)
27563 * Fix notice in MacBinary detection debug data for files of certain lengths
27564 * (bug 6131) Add type detection for DjVu files, allowing them to be uploaded
27565 with validity checking and size detection. No inline thumbnailing yet,
27566 but could be added in the future.
27567 * (bug 6423) Don't update newtalk flag if page content didn't change (null edits
27568 were causing the newtalk flag to trigger inappropriately)
27569 * Parser functions are now set using magic words.
27570 * (bug 6428) Incorrect form action URL on Special:Newimages with hidebots = 0
27572 * (bug 4990) Show page source to blocked users on edits, or their modified
27573 version if blocked during an edit
27574 * (bug 5903) When requesting the raw source of a non-existent message page,
27575 return blank content (as opposed to the message key)
27576 * Improve default blank content of MediaWiki:Common.css and
27577 MediaWiki:Monobook.css
27578 * (bug 6434) Allow customisation of submit button text on Special:Export
27579 * (bug 6314) Add user tool links on page histories
27580 * Fix display of file-type icons in galleries when $wgIgnoreImageErrors is off
27581 * (bug 6438) Update to Indonesian translation (id) #23
27582 * Adding the language code parameter to the hook "LanguageGetMagic", to allow
27583 localizble extensions magic words.
27584 * Update to Romanian translation (ro)
27585 * Update to Esperanto translation (eo)
27586 * Check for preg_match() existence when installing and die out whining about
27587 PCRE if it's not there, instead of throwing a fatal error
27588 * (bug 672) Add MathAfterTexvc hook
27589 * Update to Piedmontese localization (pms)
27590 * dumpBackup can optionally compress via dbzip2
27591 * (bug 2483) Run link updates on change via XML import
27592 * (bug 2481) List imported pages during Special:Import
27593 * (bug 2482) Log and RC entries for Special:Import events
27594 * Allow fetching all revisions from transwiki Special:Import
27595 * Allow fetching all revisions from Special:Export GET request
27596 * Disable output buffering on Special:Export; should help with streaming
27597 large numbers of history items.
27598 * Allow setting a maximum number of revisions for history Special:Export;
27599 pages with more than $wgExportMaxHistory revisions are excluded from
27600 export when history is requested.
27601 * Fix transwiki import of pages with space in name
27602 * Save null edit when importing pages through Special:Import
27603 * Update to Korean translation (ko)
27604 * Show a more specific message when an anonymous user tries to access
27606 * (bug 3278) Paging links in Special:Prefixindex
27607 * Added Latvian localization (lv)
27608 * (bug 6472) Fix regression in Special:Export with multiple pages
27609 * Update to Macedonian translation (mk)
27610 * Allow page moves over historyless self-redirects. Such are usually created
27611 as part of namespace rearrangements, and it's easier to clean them up if
27612 we can move over them.
27613 * Show some error results in moveBatch.php
27614 * (bug 6479) Allow specification of the skin to use during HTML dumps
27615 * (bug 6461) Link to page histories in Special:Newpages
27616 * (bug 6484) Don't do message transformations when preloading messages for
27618 * (bug 6201) Treat spaces as underscores in parameters to {{ns:}}
27619 * (bug 6006) Allow hiding the password change fields using an authentication
27621 * (bug 6489) Use appropriate link colour on Special:Shortpages
27622 * Added formatnum magic word
27623 * Added Javanese localization (jv)
27624 * (bug 6491) Apply bad image list in category galleries
27625 * (bug 6488) Show relevant log fragment in Special:Movepage
27626 * Fix potential PHP notice in Special:Blockme when $wgBlockOpenProxies is true
27627 * Use mysql_real_escape_string instead of addslashes for string escaping in
27628 the MySQL Database class. This may fix some rare breakage with binary fields.
27629 Note that MediaWiki does not support the multibyte character sets where a
27630 "dumb" byte replacement can be actively dangerous; UTF-8 is always safe
27631 in this regard due to the bit patterns which make head and tail bytes
27633 * (bug 6497) Use $wgMetaNamespaceTalk for Esperanto if set
27634 * (bug 6498) Use localized forms for image size in Special:Undelete
27635 * (bug 6485) Update to Indonesian translation (id) #24
27636 * Extension messages translation is now possible.
27637 * Add target namespace override selector for transwiki imports.
27638 $wgImportTargetNamespace specifies the default, to be used for
27639 Wiktionary's 'Transwiki:' namespace etc.
27640 * (bug 6506) Update to German localisation (de)
27641 * (bug 502) Avoid silly tabs on bad title by using virtual special page
27642 * (bug 6511) Add diff links to old revision navigation bar
27643 * (bug 6511) Replace 'oldrevisionnavigation' message with
27644 'old-revision-navigation'
27645 * Fix regression in Polish genitive month forms
27646 * (bug 4037) Make input handling in Special:Allpages and Special:Prefixindex
27647 more consistent: Accept just a namespace prefix and a colon, reject input
27648 with interwiki prefixes, otherwise do what Title::makeTitleSafe() does.
27649 * (bug 6516) Update to Russian translation
27650 * New 'allpagesbadtitle' message for Special:Allpages, based on 'badtitletext'.
27651 * Rename "searchquery" to "searchsubtitle" and support wiki text in it
27652 * Introduce updateArticleCount maintenance script which uses a better check that
27653 reflects what Article::isCountable() tests for
27654 * Introduce 'BadImage' hook; see docs/hooks.txt for more information
27655 * Add "searchsubtitleinvalid" message for searches that are not valid titles.
27656 * (bug 5962) Update to Italian localisation
27657 * (bug 6530) Update to Indonesian localisation (id) #25
27658 * (bug 6523) Fix SVG issue in rebuildImages.php
27659 * (bug 6512) Link to page-specific logs on page histories
27660 * (bug 6504) Allow configuring session name with $wgSessionName
27661 * (bug 6185) Add standard user tool links to log page views
27662 * Update to Venetian translation (vec)
27663 * Update to Slovenian translation (sl)
27664 * Add standard user tool links to deleted revision list
27665 * Separate out EditPage's getContent bits from regular Article getContent.
27666 Cleans up read-only-mode warning on empty pages and neats up some code.
27667 * (bug 6565) Strict JavaScript writing
27668 * (bug 6570) Update to Indonesian localisation (id) #26
27669 * Added Telugu translation (te)
27670 * Update to Catalan translation (ca)
27671 * (bug 6560) Avoid PHP notice when trimming ISBN whitespace
27672 * Added namespace translation to Kannada (ka)
27673 * (bug 6566) Improve input validation on timestamp conversion
27674 * Implicit group "emailconfirmed" for all users whose email addresses are
27676 * (bug 6577) Avoid multiline parser breakage on <pre> with newline in attribute
27677 * (bug 6771) Make old revisions of MediaWiki pages available with action=raw
27680 == Compatibility ==
27681 MediaWiki 1.7 requires PHP 5 (5.1 recommended). PHP 4 is no longer supported.
27683 If you are unable to run PHP 5, you may have to stick with 1.6 for now.
27685 MySQL 3.23.x is no longer supported; some older hosts may need to upgrade.
27686 At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases.
27688 Experimental Oracle support has been dropped as it is unmaintained.
27691 Several changes to the database have been made from 1.6:
27693 * A new "langlinks" table tracks interlanguage links
27694 * A new "filearchive" table stores information on deleted files
27695 * A new "querycache_info" table stores information on query page updates
27697 To ensure that these tables are filled with data, run refreshLinks.php after
27700 If you are upgrading from MediaWiki 1.4.x or earlier, some major database
27701 changes are made, and there is a slightly higher chance that things could
27702 break. Don't forget to always back up your database before upgrading!
27704 == Configuration changes ==
27706 Some configuration options have changed:
27707 * $wgAllowExternalImages now defaults to off for increased security.
27708 * $wgLocalTZoffset was in hours, it is now using minutes.
27709 * Extensions may register special pages via the $wgSpecialPages array without
27710 forcing an early load of the SpecialPage.php class file.
27712 == Major new features ==
27714 * Deleted files can now be archived and undeleted, if you set up an appropriate
27715 non-web-accessible directory. Set $wgSaveDeletedFiles on and an appropriate
27716 directory path in $wgFileStore['deleted']['directory']
27717 * Experimental PostgreSQL support has been updated. It may or may not be in
27718 usable shape; those interested in PostgreSQL are encouraged to follow 1.8
27722 Some output, particularly involving user-supplied inline HTML, may not
27723 produce 100% valid or well-formed XHTML output. Testers are welcome to
27724 set $wgMimeType = "application/xhtml+xml"; to test for remaining problem
27725 cases, but this is not recommended on live sites. (This must be set for
27726 MathML to display properly in Mozilla.)
27730 == MediaWiki 1.6.12 ==
27734 This is a security update to the Spring 2006 quarterly release.
27736 A number of cross-site scripting (XSS) security vulnerabilities were discovered
27737 in the web-based installer (config/index.php). These vulnerabilities all
27738 require a live installer -- once the installer has been used to install a
27739 wiki, it is deactivated.
27741 Note that cross-site scripting vulnerabilities can be used to attack any
27742 website in the same cookie domain. So if you have an uninstalled copy of
27743 MediaWiki on the same site as an active web service, MediaWiki could be used to
27744 attack the active service.
27746 If you are hosting an old copy of MediaWiki that you have never installed, you
27747 are advised to remove it from the web.
27749 == MediaWiki 1.6.11 ==
27753 This is a security update to the Spring 2006 quarterly release.
27755 David Remahl of Apple's Product Security team has identified a number of
27756 security issues in previous releases of MediaWiki. Subsequent analysis by the
27757 MediaWiki development team expanded the scope of these vulnerabilities. The
27758 issues with a significant impact are as follows:
27760 * An XSS vulnerability affecting Internet Explorer clients for all MediaWiki
27761 installations with uploads enabled. [CVE-2008-5250]
27762 * An XSS vulnerability affecting clients with SVG scripting capability (such as
27763 Firefox 1.5+), for all MediaWiki installations with SVG uploads enabled.
27765 * A CSRF vulnerability affecting the Special:Import feature, for all MediaWiki
27766 installations since the feature was introduced in 1.3.0. [CVE-2008-5252]
27768 XSS (cross-site scripting) vulnerabilities allow an attacker to steal an
27769 authorised user's login session, and to act as that user on the wiki. The
27770 authorised user must visit a web page controlled by the attacker in order to
27771 activate the attack. Intranet wikis are vulnerable if the attacker can
27772 determine the intranet URL, even if the attacker cannot access it.
27774 CSRF vulnerabilities allow an attacker to act as an authorised user on the
27775 wiki, but unlike an XSS vulnerability, the attacker can only act as the user in
27776 a specific and restricted way. The present CSRF vulnerability allows pages to
27777 be edited, with forged revision histories. Like an XSS vulnerability, the
27778 authorised user must visit the malicious web page to activate the attack.
27780 Rather than backport our SVG validation code to this ancient branch, we have
27781 instead disabled SVG uploads. To enable SVG uploads, please upgrade to
27782 MediaWiki 1.13.3 or later.
27784 The other two issues have been fixed.
27786 == MediaWiki 1.6.10 ==
27790 This is a security and bug-fix update to the Spring 2006 quarterly release.
27792 An XSS injection vulnerability based on Microsoft Internet Explorer's UTF-7
27793 charset autodetection was located in the AJAX support module, affecting MSIE
27794 users on MediaWiki 1.6.x and up when the optional setting $wgUseAjax is enabled.
27796 If you are using an extension based on the optional Ajax module, either disable
27797 it or upgrade to a version containing the fix:
27799 * 1.9: fixed in 1.9.3
27800 * 1.8: fixed in 1.8.4
27801 * 1.7: fixed in 1.7.3
27802 * 1.6: fixed in 1.6.10
27804 There is no known danger in the default configuration, with $wgUseAjax off.
27806 * ([[mediazilla:8819|bug 8819]]) Fix full path disclosure with skins
27808 * Add 'charset' to Content-Type headers on various HTTP error responses to
27809 forestall additional UTF-7-autodetect XSS issues. PHP sends only 'text/html' by
27810 default when the script didn't specify more details, which some inconsiderate
27811 browsers consider a license to autodetect the deadly, hard-to-escape UTF-7.
27812 This fixes an issue with the Ajax interface error message on MSIE when
27813 $wgUseAjax is enabled (not default configuration); this UTF-7 variant on a
27814 previously fixed attack vector was discovered by Moshe BA from BugSec:
27815 http://www.bugsec.com/articles.php?Security=24
27816 * Trackback responses now specify XML content type
27818 == MediaWiki 1.6.9 ==
27822 * ([[mediazilla:6621|bug 6621]]) Backported German translation for
27825 * ([[mediazilla:6680|bug 6680]]) Added localisation for Dutch bookstore list
27827 * ([[mediazilla:6730|bug 6730]]) Clearer usage of message 'titlematch' in
27828 German translation (de)
27829 * XSS fix in AJAX module
27831 An XSS injection vulnerability was located in the AJAX support module,
27832 affecting MediaWiki 1.6.x and up when the optional setting $wgUseAjax is
27835 There is no danger in the default configuration, with $wgUseAjax off.
27837 If you are using an extension based on the optional AJAX module, either disable
27838 it or upgrade to a version containing the fix:
27840 * 1.9: fixed in 1.9.0rc2
27841 * 1.8: fixed in 1.8.3
27842 * 1.7: fixed in 1.7.2
27843 * 1.6: fixed in 1.6.9
27845 == MediaWiki 1.6.8 ==
27849 MediaWiki 1.6.8 is a security and bugfix maintenance release of the Spring 2006
27852 A potential HTML/JavaScript-injection vulnerability in a debugging script has
27853 been fixed. Only versions and configurations of PHP vulnerable to the $GLOBALS
27854 overwrite vulnerability are affected.
27856 As a workaround for existing installs, profileinfo.php may simply be deleted if
27857 it's not being used.
27859 * ([[mediazilla:5957|bug 5957]]) Updates to Hebrew translation (he)
27860 * Respect language directionality when displaying arrow in
27861 Special:Brokenredirects
27862 * ([[mediazilla:6415|bug 6415]]) Typo in Parser.php
27863 * Fixed potential XSS in profileinfo.php
27865 == MediaWiki 1.6.7 ==
27869 MediaWiki 1.6.7 is a security and bugfix maintenance release of the Spring 2006
27872 An HTML/JavaScript-injection vulnerability in the edit form has been closed.
27873 This vulnerability was new in 1.6.0; MediaWiki versions 1.5.x or earlier are
27876 Extensions, comments, and <nowiki><nowiki></nowiki> sections are now handled in
27877 a one-pass way which is more reliable and safer. Under earlier versions of
27878 MediaWiki, certain extensions could be abused to inject HTML/JavaScript into
27881 Additional precautions are made against offsite form submissions when the
27882 restricted raw HTML mode is enabled.
27884 Some small localization and user interface updates are also included.
27886 *([[MediaZilla:6051|bug 6051]]) Improvement to German localisation (de)
27887 *([[MediaZilla:6017|bug 6017]]) Update bookstore list for German language (de)
27888 *([[MediaZilla:6138|bug 6138]]) Minor grammar tweak in "loginreqlink"
27889 *([[MediaZilla:5957|bug 5957]]) Update for Hebrew language (he)
27890 *Increase robustness of parser placeholders; fixes some glitches when adjacent
27891 to identifier-ish constructs such as URLs.
27892 *([[MediaZilla:5384|bug 5384]]) Fix <nowiki><!-- comments --> in <ref></nowiki>
27894 *Nesting of different tag extensions and comments should now work more
27895 consistently and more safely. A cleaner, one-pass tag strip lets the 'outer'
27896 tag either take source (<nowiki><nowiki></nowiki>-style) or pass it down to
27897 further parsing (<nowiki><ref></nowiki>-style). There should no longer be
27898 surprise expansion of foreign extensions inside HTML output, or differences in
27899 behavior based on the order tags are loaded.
27900 *([[MediaZilla:885|bug 885]]) Pre-save transform no longer silently appends
27902 *Pre-save transform no longer changes the case of close tags
27903 *Edit security precautions in raw HTML mode, etc
27905 == MediaWiki 1.6.6 ==
27909 MediaWiki 1.6.6 is a security and bugfix maintenance release.
27911 An XSS injection vector in brace replacement has been fixed, as have some
27912 potential problems with table parsing. Upgrading is strongly recommended for
27913 all users of 1.6. MediaWiki versions 1.5 and earlier are not affected.
27915 Additionally some localization and user interface updates are included.
27917 * Correct "revertpage" message in English
27918 * ([[MediaZilla:5507|bug 5507]]) Logouttext now uses wiki markup
27919 * (bugs [[MediaZilla:5857|5857]], [[MediaZilla:5957|5957]]) Update for German
27921 * ([[MediaZilla:5586|bug 5586]]) <nowiki><gallery></nowiki> treated text as
27923 * ([[MediaZilla:5957|bug 5957]]) Update for Hebrew language (he)
27924 * ([[MediaZilla:6025|bug 6025]]) SpecialImport: wrong message when no file
27926 * ([[MediaZilla:6015|bug 6015]]) EditPage: add spacing in the boxes "edit is
27927 minor" and "watch this"
27928 * ([[MediaZilla:6018|bug 6018]]) Userrights: new message when no user specified
27929 ('nouserspecified')
27930 * ([[MediaZilla:6055|bug 6055]]) Fix for HTML/JS injection bug in variable
27931 handler (found by Nick Jenkins)
27932 * Reordered wiki table handling and <nowiki>__TOC__</nowiki> extraction in the
27933 parser to better handle some overlapping tag cases.
27934 * Only the first <nowiki>__TOC__</nowiki> is now turned into a TOC.
27935 * ([[MediaZilla:361|bug 361]]) URL in URL, they were almost fixed. Now they are.
27937 == MediaWiki 1.6.5 ==
27941 * Rolled back the buggy patch for [[MediaZilla:5497|bug 5497]].
27943 == MediaWiki 1.6.4 ==
27947 * Further improvements to Hebrew localisation
27948 * ([[MediaZilla:5544|bug 5544]]) Fix redirect arrow in Special:Listredirects
27949 for right-to-left languages
27950 * Replace "doubleredirectsarrow" with a content language check that picks the
27952 * Remove live debugging hack which caused errors with certain database names
27953 * ([[MediaZilla:5510|bug 5510]]) Warning produced when using
27954 <nowiki>{{SUBPAGENAME}}</nowiki> in some namespaces
27955 * ([[MediaZilla:5548|bug 5548]]) Improvements to Indonesian localisation
27956 [patch: Ivan Lanin]
27957 * ([[MediaZilla:5403|bug 5403]]) Fix Special:Newpages RSS/Atom feeds
27958 * ([[MediaZilla:3359|bug 3359]]) Add hooks on completion of file upload
27959 * ([[MediaZilla:5184|bug 5184]]) CSS misapplied to elements in
27960 Special:Allmessages due to conflicting anchor identifiers
27961 * ([[MediaZilla:5519|bug 5519]]) Allow sidebar cache to be disabled; disable it
27963 * Add $wgReservedUsernames configuration directive to block account creation/use
27964 * ([[MediaZilla:5576|bug 5576]]) Remove debugging hack in session check
27965 * ([[MediaZilla:5181|bug 5181]]) Update "nogomatch" for Slovak
27966 * ([[MediaZilla:5594|bug 5594]]) Id translation up to '# Login and logout
27968 * ([[MediaZilla:5536|bug 5536]]) Use content language for editing help link
27969 * Minor improvements to English language files
27970 * Improvements to German localisation files
27971 * ([[MediaZilla:5628|bug 5628]]) Translations for MessagesHr.php
27972 * (bugs [[MediaZilla:5595|5595]], [[MediaZilla:5644|5644]]) Localisation for
27973 Bosnian language (bs)
27974 * ([[MediaZilla:5592|bug 5592]]) Actions are logged with the default language
27975 for the wiki, not the language of the user performing the operation.
27976 * ([[MediaZilla:5646|bug 5646]]) Compare for identical types in wfElement()
27977 * Fix for concurrency problem in job queue (image description page invalidation)
27978 * ([[MediaZilla:5497|bug 5497]]) regeression in HTML normalization in 1.6
27979 (unclosed <nowiki><li>,<dd>,<dt></nowiki>)
27980 * ([[MediaZilla:5709|bug 5709]]) Allow customisation of separator for categories
27981 * ([[MediaZilla:4834|bug 4834]]) Fix XHTML output when using $wgMaxTocLevel
27982 * Improvements to update scripts; print out the version, check for superuser
27983 credentials before attempting a connection, and produce a friendlier error if
27984 the connection fails
27985 * ([[MediaZilla:5005|bug 5005]]): Fix XHTML <nowiki><gallery></nowiki> output.
27986 * ([[MediaZilla:5315|bug 5315]]) "Expires: -1" HTTP header made strictly valid
27988 * ([[MediaZilla:4825|bug 4825]]): note in DefaultSettings.php about 'profiling'
27990 * Remove unneeded extra whitespace at top of Special:Categories
27991 * Rewrite reassignEdits script to be more efficient; support optional updates
27992 to recent changes table; add reporting and silent modes
27993 * Updated initStats maintenance script
27994 * ([[MediaZilla:5723|bug 5723]]) Don't count pages linked to from the MediaWiki
27995 namespace as "wanted"
27996 * ([[MediaZilla:5789|bug 5789]]) Treat "loginreqpagetext" as wikitext
27997 * ([[MediaZilla:5796|bug 5796]]) We require MySQL >=4.0.14
27999 == MediaWiki 1.6.3 ==
28003 * Fix disappearing red-linked items in the watchlist editing view
28004 * ([[MediaZilla:5512|bug 5512]]) Spacing in "page has a history" deletion
28006 * ([[MediaZilla:5508|bug 5508]]) Switch ENGINE in table statements back to
28007 TYPE; fixes regression where some versions of MySQL 4.0.x wouldn't work
28008 * Added note about [[Manual:$wgUrlProtocols|$wgUrlProtocols]] format change
28010 == MediaWiki 1.6.2 ==
28014 * Further improvements to Hebrew localisation
28015 * Fix 'copyright' message for Romanian
28016 * ([[MediaZilla:5476|bug 5476]]) Invalid xhtml in German localization
28017 * ([[MediaZilla:5479|bug 5479]]) Id translation for preferences tabs caption
28018 * ([[MediaZilla:5493|bug 5493]]) Id translation for special pages
28019 * Additional path fixes in the updater
28020 * ([[MediaZilla:5344|bug 5344]]) Fix regression that broke slashes in extension
28023 == MediaWiki 1.6.1 ==
28027 Some minor issues in the 1.6.0 release have been corrected:
28028 * ([[MediaZilla:5458|bug 5458]]) Fix double-URL encoding in block log link in
28029 contribs and contribs link in block log
28030 * ([[MediaZilla:5462|bug 5462]]) Bogus missing patch warning in updater
28031 * ([[MediaZilla:5461|bug 5461]]) Use of deprecated "showhideminor" in
28032 Special:Recentchangeslinked
28033 * PHP warning when allow_call_time_pass_reference is off
28034 * Update to Finnish localization
28036 == MediaWiki 1.6.0 ==
28040 MediaWiki is now using a "continuous integration" development model with
28041 quarterly snapshot releases. The latest development code is always kept "ready
28042 to run", and in fact runs our own sites on Wikipedia.
28044 Release branches will continue to receive security updates for about a year
28045 from first release, but nonessential bugfixes and feature development will take
28046 place on the development trunk and will appear in the next quarterly release.
28048 Those wishing to use the latest code instead of a branch release can [[Download
28049 from SVN|obtain it from source control]].
28051 === What's new in 1.6 ===
28053 '''User interface:'''
28054 * The account creation form has been separated from the user login form.
28055 * Page protection/unprotection uses a new, expanded form
28058 * Categories and "what links here" now update as expected when adding or
28059 removing links in a template.
28060 * Template parameters can now have default values, as <nowiki>{{{name|default
28064 * Optional support for rasterizing SVG images to PNG for inline display
28067 * Feed generation upgraded to Atom 1.0
28068 * Diffs in RSS and Atom feeds are now colored for improved readability.
28071 * MySQL 3.23.x support dropped; 4.0 or later required
28072 * Experimental support for Unicode mode of MySQL 4.1/5.0 (moderately tested)
28073 * Experimental Oracle support (not well tested!)
28075 '''Anti-spam extension support:'''
28076 * [[meta:SpamBlacklist extension|SpamBlacklist extension]] now has support for
28078 * Support for a [[meta:ConfirmEdit extension|captcha extension]] to restrict
28079 automated spam edits.
28081 Numerous bug fixes and other behind-the-scenes changes have been made; see the
28082 file HISTORY for a complete change list.
28084 == Changes since 1.5 ==
28086 * (bug 2885) More PHP 5.1 fixes: skin, search, log, undelete
28089 * Use strval() to make sure we don't accidentally get null on bad revision
28090 text loads or other fields mucking up XML export output
28091 * Clean up duplicate code for selection of changeslist style
28092 * Correct blob caching to reduce redundant blob loads on backups
28093 * (bug 3182) Clear link cache during import to prevent memory leak
28094 * Fixed possible infinite loop in formatComment
28095 * Wrap message page insertions in a transaction to speed up installation
28096 * Avoid notice warning on edit with no User-Agent header
28097 * (bug 3649) Remove obsolete, broken moveCustomMessages script
28098 * Avoid numerous redundant latest-revision lookups in history
28099 * Require PHP 4.3.2 or higher strictly now.
28100 * Tweak infinite-template-handling loop for PHP 5.1.1 string handling change
28101 * Remove unused OutputPage::addCookie()
28102 * Fix for short_open_tag off again; please don't break this, guys
28103 * (bug 4507) Adjust FULLPAGENAMEE escaping to standard form
28104 * (bug 5302) Merge the two #p-search .pBody statements in monobook css.
28107 * Finally dropped MySQL 3.23.x support
28109 * (bug 3056) MySQL 3 compatibility fix: USE INDEX instead of FORCE INDEX
28110 * Update all stats fields on recount.sql
28111 * (bug 3227) Fix SQL injection introduced in experimental code
28112 * Fix table prefix usage in Block::enumBlocks
28113 * (bug 3448) Set page_len on undelete
28114 * (bug 3506) Avoid MySQL error when Listusers returns no results
28115 * Skip update of disused 'rc_cur_time' field (todo: discard the field)
28116 * (bug 3735) Fix to run under MySQL 5's strict mode
28117 * (bug 3786) Experimental support for MySQL 4.1/5.0 utf8 charset mode
28118 NOTE: Enabling this may break existing wikis, and still doesn't
28119 work for all Unicode characters due to MySQL limitations.
28120 * MySQL 5.0 strict mode fix for moving unwatched pages
28121 * Ability to set the table name for external storage servers
28122 * Update ipblocks table in MySQL 5 table defs
28123 * Removed FulltextStoplist.php, no longer used (was for MySQL 3.x workaround)
28124 * Added templatelinks table, to track template inclusions. User-visible effects
28126 * (inclusion) tag for inclusions in Special:Whatlinkshere
28127 * More accurate list of used templates on the edit page
28128 * More reliable cache invalidation when templates outside the template
28129 namespace are changed
28130 * Respect database prefix in dumpHTML.inc
28131 * Removed read-only check from Database::query()
28132 * Added externallinks table, to track links to arbitrary URLs
28133 * Added job table, for deferred processing of jobs. The immediate application is
28134 to complete the link table refresh operation when templates are changed.
28135 * Don't change the password of the MySQL root user.
28138 * (bug 3306) Document $wgLocalTZoffset
28141 (list not complete)
28142 * Move ArticleSave hook execution into Article insert/update functions,
28143 so they get called on non-EditPage actions that use these functions
28144 to create or update pages.
28145 * Added EditFilter hook, and output callback on EditPage::showEditForm()
28146 for a place to add in captcha-type extensions in the edit flow
28147 * (bug 3684) Fix typo in fatal error backtraces in Hooks.php
28148 * Fix for hook callbacks on objects containing no fields
28149 * Add a hook for additional user creation throttle / limiter extensions
28150 * Use $wgOut->parse() in wfGetSiteNotice() instead of creating a new parser
28151 instance. This allows use of extension hooks if required.
28152 * Added AutoAuthenticate hook for external User object suppliers
28153 * Added 'PageRenderingHash' hook for changing the parser cache hash key
28154 from an extension that changes rendering based on nonstandard options.
28155 * Add 'GetInternalURL' hook to match the GetFullURL and GetLocalURL ones
28156 * (bug 4456) Add hook for marking article patrolled
28157 * Add UserRights hook, fires after a user's group memberships are changed
28160 * Support SVG rendering with rsvg
28161 * Cap arbitrary SVG renders to given image size or $wgSVGMaxSize pixels wide
28162 * (bug 3127) Render large SVGs at image page size correctly
28163 * Fix scaling of non-integer SVG unit sizes
28164 * (bug 2800) Don't scale up small images on |thumb| without explicit size
28165 * Use the real file link instead of the default-size rasterized version for
28166 large SVG images on image description page
28167 * Include the file name/type/size line for non-resized images
28168 * (bug 3489) PHP 5.1 compat problem with captioned images
28169 * (bug 3643) Fix image page display of large images with resizing disabled
28170 * Added a limit to the size of image files which can be thumbnailed
28171 * (bug 3806) Gracefully fall back to client-side scaling on |thumb| image
28172 that passes $wgMaxImageArea
28173 * (bug 153) Adjust thumbnail size calculations to match consistently;
28174 patch by David Benbennick
28175 * (bug 4162) Add $wgThumbnailEpoch timestamp to force old thumbs to
28176 be rerendered on demand, sitewide
28177 * (bug 1850) Additional fixes so existing local and remote images
28178 get a blue link even if there's no local description page
28179 * Avoid FATAL ERROR when creating thumbnail of non-existing image
28180 * (bug 4207) Wrong image size when using 100x200px syntax to scale image up
28181 patch by David Benbennick
28182 * Don't delete thumbnails when refreshing exif metadata. This caused thumbs
28183 to vanish mysteriously from time to time for files that didn't have metadata.
28184 * (bug 4426) Add link to user_talk page on image pages
28185 * Support a custom convert command for thumbnailing. See DefaultSettings.php
28186 and the comments for $wgCustomConvertCommand, for more information.
28187 * UserCan hook now allows advisory return values, rather than mandatory ones.
28190 * (bug 3782) Throw fatal installation warning if mbstring.func_overload on.
28191 Why do people invent these crazy options that change language semantics?
28192 * Fixed installer bugs 921 and 3914 (issues with using root and so forth)
28193 * (bug 4258) Use ugly urls for ISAPI by default
28194 patch by Rob Church
28195 * Improve installer
28196 * Use a superuser account (such as root), if specifed, to create tables
28197 * Don't overwrite conservative permissions on the mySQL user with ALL
28198 permissions, if said user exists
28199 * Changes to some of the wording of explanations for fields
28200 * (bug 1734) granting db permissions failed with db usernames containg '-'
28201 * Add basic check for session support in PHP and die if not present
28204 * Fix problem reported on mailing list where re-initialising stats didn't work
28205 (can't insert duplicate rows with the same id field)
28206 * Added --conf option to command line scripts, allowing the user to specify a
28207 different LocalSettings.php.
28208 * Maintenance script to delete unused text records
28209 * Maintenance script to delete non-current revisions
28210 * Maintenance script to wipe a page and all revisions from the database
28211 * Maintenance script to reassign edits from one user to another
28212 * Maintenance script to find and remove links to a given domain
28214 * Fix --report interval option for dumpTextPass
28217 * Partial support for Basque language (from wikipedia and meta)
28218 * (bug 3141) Partial support for Breton language (thanks Fulup).
28219 * Support for venitian language
28220 * (bug 1334) LanguageGa.php update
28221 * Finnish date format was hardcoded, now implemented properly
28222 * (bug 3190) Added some date format choices for language sr
28223 * (bug 2753) Some namespaces were not translated in LanguageTa.php (Tamil)
28224 * (bug 3204) Fix typo breaking special pages in fy localization
28225 * (bug 3177) Estonian date formats not implemented in LanguageEt.php
28226 * (bug 1020) Changing user interface language does not work immediately
28227 * (bug 3271) Updated LanguageNn.php for HEAD
28228 * Experimental feature to allow translation of block expiry times
28229 Implementation only for Finnish currently
28230 * (bug 3304) Language file for Croatian (LanguageHr.php)
28231 * (bug 2143) Update Vietnamese interface
28232 * (bug 3063) Remove some hardcodings from Hebrew localisation
28233 * (bug 3408) Bulgarian formatNum corrected
28234 * (bug 1512) Disable x-code interp on Esperanto URLs for now, it does more
28235 harm than good under current system by breaking incoming URLs with "ux".
28236 (Editing is not affected, just URLs.)
28237 * (bug 1423) LanguageJa.php update
28238 * Fix language name for dv
28239 * (bug 3503) Update LanguageSq.php from sq.wikipedia.org messages
28240 * (bug 3629) Fix date & time format for Frisian
28241 * (bug 3334) Namespace changes for Polish
28242 * (bug 3580) Change default Dutch language file to more neutral
28243 * (bug 3656) LanguageHr.php - added convertPlural
28244 * (bug 3414) LanguageBe.php - added convertPlural
28245 * (bug 3163) Full translation of LanguageBr
28246 * (bug 3617) Update for portuguese language (pt)
28247 * Namespaces hacks on LanguagePl
28248 * (bug 3682) LanguageSr.php - added convertPlural
28249 * (bug 3694) LanguageTr.php update
28250 * (bug 3711) Removed invisible unicode characters from LanguageHu
28251 * (bug 2981) Linktrail for Tamil (ta)
28252 * (bug 3722) Update of Arabic language (ar) Namespace changes
28253 * Removed hardcoded Norwegian (no) project namespaces
28254 * (bug 2324) image for redirects should be without text and oriented according
28255 to content language
28256 * (bug 3666) Don't spew PHP warnings in prefs on unrecognized site language
28257 * (bug 3817) Use localized date formats in preferences; 'no preference' option
28258 localizable as 'datedefault' message. Tweaked lots of languages files...
28259 * (bug 2721) Regression: Use European number separators for vi: wikis
28260 * (bug 3961) minor languageDe changes
28261 * (bug 1984) LanguageKo.php (Korean) update
28262 * (bug 3804) update of LanguageWa.php file
28263 * (bug 3886) Update for Portuguese language (pt)
28264 * (bug 4020) Update namespaces for ms
28265 * (bug 3922) bidi embedding overrides on category links
28266 * (bug 4061) Update of Slovene namespace names (LanguageSl.php)
28267 * (bug 4064) LanguageDe comma changes
28268 * (bug 3922) Further tweaks to bidi overrides in category list for old
28269 versions of Safari and Konqueror
28270 * Fix custom namespaces on wikis set for Portuguese
28271 * (bug 4153) Fix block length localizations in Greek
28272 * (bug 3844) ab: av: ba: ce: & kv: now inherit from LanguageRu.php
28273 ii: & za: now inherit from LanguageZn_cn.php
28274 * (bug 4165) Correct validation for user language selection (data taint)
28275 * (bug 4192) Remove silly 'The Free Encyclopedia' default sitesubtitle
28276 * Use content-lang for sitenotice
28277 * (bug 4233) Update LanguageJa.php
28278 * (bug 4279) Small correction to LanguageDa.php
28279 * (bug 4108, 4336) Remove trailing whitespace from various messages, which
28280 mucks up message updating to create dupe entries
28281 * (bug 4389) Fix math options on zh-hk and zh-tw (but not localized)
28282 * (bug 4392) Update of LanguageSr.php
28283 * (bug 4382) Frisian numeric format
28284 * (bug 4424) Update for Spanish language (es) 100% messages translated
28285 * (bug 4425) Typos in Polish translation
28286 * (bug 4436) Update for Turkish language (tr)
28287 * (bug 4413) Update of Farsi language file (LanguageFa.php)
28288 * Update for LanguageSr (Serbian): magic words
28289 * (bug 137) MediaWiki:Copyrightwarning hardcoding
28290 * (bug 4457) Update for Portuguese language (pt)
28291 * convertPlural breakage fixed a little
28292 * (bug 4144) Support for Sudanese language (Basa Sunda)
28294 - Removed obsolote, badly or untranslated messages
28295 - Removed references to wikipedia/wikimedia etc in messages
28296 - Other cleanup, like removing html and javascript and extension calls
28297 - Removed hardcoded namespaces: Tt, Ms, Ia, Ga, Fo, Bn, Csb, He, Nv, Oc, Tlh
28298 - Removed some useless backwards compatibility hacks
28299 - Fixed formatnum on many languages
28300 * wgAmericanDates check produced incorrect results in languages that don't have
28302 * (bug 4548) Update for Portuguese language (pt): time format
28303 * (bug 4530) Use consistent name for Kurdish
28304 * Tweak default "upload disabled" text
28305 * (bug 4504) Use site language for namespace name resolution
28306 * (bug 4510) Correct Barnes & Noble bookstore URLs
28307 * (bug 3991) Allow the operation of wikicode on Protect move only text
28308 * (bug 4267) Switch dv sd ug ks arc languages to RTL
28309 * Default main page content improved per bug 4690
28310 * (bug 4615) Update for Portuguese language (pt)
28311 * Separated MessagesSl.php as the other languages.
28312 * (bug 4960) Add additional namespaces variants to Yiddish for compatibility
28313 * (bug 4805) Removed more wikipedia-references from MessagesUk.php
28314 * (bug 5015) Update magic words translation in LanguageBe.php
28315 * (bug 4859) Update for Portuguese messages (pt)
28316 * (bug 4788) One string for MessagesPl
28317 * Restriction types now use restriction-* messages instead of ui messages
28318 * (bug 4685) Slovenian LanguageSl.php hardcodes project namespace
28319 * (bug 5097) Fix Hungarian language (hu): thousands separator
28320 * (bug 5098) Update for Portuguese messages (pt)
28321 * (bug 5113) Spelling error in French language file
28322 * (bug 5105) Magic words for LanguageAr.php
28323 * (bug 3993) Variants for Serbian language
28324 * Typo in English messages file
28325 * (bug 4114) Spacing in watchlist rows (in editing mode)
28326 * Update default "exporttext" to reflect that Special:Import exists
28327 * (bug 4960) Add additional namespaces variants to Yi projects: Yiddish Wikinews
28329 * (bug 5357) Add the icon near the user name also in RTL interfaces
28330 * (bug 5156) Update for Hebrew language (he)
28331 * (bug 4497,4704,5010) Added some new language codes.
28332 * (bug 5362) Piedmontese added
28333 * (bug 5349) Update for Portuguese messages (pt)
28334 * (bug 3573) Finished full Greek translation: namespaces
28335 * (bug 5288) Initial localisation for Az
28336 * (bug 4361) Fix "allmessagesnotsupportedui" so it doesn't refer to nonexisting
28338 * Tweak wording of "allmessagesnotsupporteddb"
28341 * (bug 2522) {{CURRENTDAY2}} now shows the current day number with two digits
28342 * (bug 3210) Fix Media: links with remote image URL path
28343 * (bug 3405) Don't use raw letters as aliases of MSGNW: and SUBST:
28344 * (bug 3412) Clean up date format handling so ~~~~-sigs work with default
28345 format as designed. Documentation comments updated.
28346 * Fix Parser::unstrip on PHP 5.1.0RC4
28347 * (bug 3797) Don't expand variables and sigs in comments
28348 * Allow parser cache on redirect targets
28349 * Run wikitext-escaping on plaintext sigs (no wiki markup, just name)
28350 * Check for unbalanced HTML tags on raw sigs (markup allowed, but show
28351 a warning in prefs and use default sig if not balanced)
28352 * Respect <noinclude> and <includeonly> during {{subst:}} expansion as well as
28353 ordinary templates.
28354 * Support <includeonly> in templates loaded through preload= parameter
28355 * (bug 3979) Save correct {{REVISIONID}} into parser cache on edit
28356 * Substitute {{REVISIONID}} correctly in diff display
28357 * (bug 1850) Allow red-links on image pages linked with [[:image:foo]]
28358 * Fix XML validity checks in parser tests on PHP 5.1
28359 * (bug 4377) "[" is not valid in URLs
28360 * (bug 4453) fix for __TOC__ dollar-number breakage
28361 * Convert unnecessary URL escape codes in external links to their equivalent
28362 character before doing anything with them. This prevents certain kinds of
28363 spam filter evasion.
28364 * (bug 4783) : Fix for "{{ns:0}} does not render"
28365 * Improved support for interwiki transclusion
28366 * (bug 1850) Image link to nonexistent file fixed.
28367 * (bug 5167) Add {{SUBPAGENAME}} and {{SUBPAGENAMEE}} variables
28368 * (bug 4949) Missing : in "addedwatchtext" for English and Spanish
28369 * Allow user-defined functions, which work in a similar way to {{GRAMMAR:}}
28370 etc. Registered via an interface similar to tag hooks.
28373 * (bug 2527) Always set destination filename when new file is selected
28374 * (bug 3076) Support MacBinary-encoded uploads from IE/Mac
28375 * (bug 2554) Tell users they are uploading too large file
28376 * Support for a license selection box on Special:Upload, configurable from
28378 * Add 'reupload' and 'reupload-shared' permission keys to restrict new uploads
28379 overwriting existing files; default is the old behavior (allowed).
28382 * (bug 3244) Fix remote image loading hack, JavaScript injection on MSIE
28383 * (bug 3280) Respect 'move' group permission on page moves
28384 * (bug 2613) Clear saved passwords from the form
28385 * IP privacy fix for blocklist search on autoblocks
28386 * Security fix for <math>
28387 * Security fix for tables
28388 * Security fix for Special:Upload license selection list
28389 * Add UploadVerification hook for custom file upload validation/security checks
28390 * Blacklist additional MSIE CSS safety tricks
28391 * Fix meta robots tag on Special:Version again to avoid listing vulnerable
28392 versions for convenient harvesting by automated worms
28393 * Sanitizer CSS comment processing order fix
28394 * Forbid usernames that can be interpreted as titles with namespaces, as that
28395 leads to hard-to-manage names.
28396 * (bug 4071) Generate passwords long enough for $wgMinimalPasswordLength
28397 * Add createpage and createtalk permission keys, allowing a quick
28398 switch to disable page creation for anonymous users.
28399 * (bug 675) Add page protection level for unregistered/new accounts
28400 * User::isNewbie now uses the registration date and $wgAutoconfirmAge
28401 * Add 'deletedhistory' permission key for ability to view deleted history
28402 list via Special:Undelete. Default is off, replicating the 1.5 behavior,
28403 but it can be turned back on for random users to replicate the previous
28405 * Set cookies to secure mode based on use of HTTPS or $wgCookieSecure
28406 * (bug 4371) Disallow tilde character in signatures
28407 * Removed broken wgAllowAnonymousMinor and added new group right minoredit
28408 * Added detection for WMF files (application/x-msmetafile), added this
28409 MIME type to the default blacklist. Prevented inline display of images
28410 which are not of known image types. This is in response to
28411 https://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
28412 * Blocked users can no longer roll back, change the protection of, or
28413 delete/undelete pages
28414 * Protect against spoofing of X-Forwarded-For header
28415 * XSS issue : now sanitize search query input (fixed in 1.5rc3)
28416 * Remove deprecated $wgOnlySysopsCanPatrol references; use
28417 User::isAllowed( 'patrol' )
28418 per bug 5282. Patch by Alan Harder.
28419 * Prevent registration/login with the username "MediaWiki default"
28422 * Rearranged Special:Movepage form to reduce confusion between destination
28423 title and reason input boxes
28424 * (bug 1956) Hide bot uploads from Special:Newimages
28425 * (bug 3220) Fix escaping of block URLs in Recentchanges
28426 * (bug 3284) Ipblocklist paging, substring search
28427 * Allow filtering of robot edits in Special:Watchlist by setting
28428 $wgFilterRobotsWL = true.
28429 * Fix interlanguage links on special pages when extra namespaces configured
28430 * (bug 3475) anon contrib links on Special:Newpages
28431 * Special:Import/importDump fixes: report XML parse errors, accept <minor/>
28432 * (bug 2369) Add separate message for input box on Special:Prefixindex
28433 * (bug 3798) DoubleRedirects no longer has hard coded arrows
28434 * (bug 3803) Fix links on Special:Wantedcategories with miser mode off
28435 * Fix Special:BrokenRedirects on MySQL 5.0
28436 * (bug 3807) Fix 'all' in namespaces drop-down on contribs, rc
28437 * Fail gracefully on invalid namespace in Special:Newpages
28438 * (bug 3762) Define missing Special:Import UI messages
28439 * (bug 3761) Avoid deprecation warnings in Special:Import
28440 * (bug 2894) Enhanced Recent Changes link fixes
28441 * (bug 4059) fix 'hide minor edits' on Recentchangeslinked
28442 * (bug 146) List number of category members in Special:Categories
28443 (patch by Joel Nothman)
28444 * (bug 4090) Fix diff links in Special:Recentchangeslinked
28445 * (bug 4093) '&bot=1' in Special:Contributions now propagate to other links
28446 * Fix display of old recentchanges records for page moves
28447 * (bug 360) Let Whatlinkshere track [[:image:foo]] links
28448 * (bug 3073) Keep search parameter on paging in Special:Newimages
28449 * Removed Special:Validate, it's been superseded by the Review extension
28450 * (bug 4359) red [[user:#id]] links generated in [[special:Log]]
28451 * (bug 1996) Special page to list redirects
28452 * (bug 4334) Add "watch" links to Special:Unwatchedpages
28453 * Generate target user page links in Special:Ipblocklist where appropriate
28454 (i.e. not an autoblock)
28455 * Generate link to talk page of the blocker in Special:Ipblocklist, move
28456 contribs. link of the target next to their name
28457 * (bug 2714) Backlink from special:whatlinkshere was hard set as 'existing'
28458 * Move parentheses out of <a> link in Special:Contributions
28459 * (bug 3192): properly check 'limit' parameter on Special:Contributions
28460 * (bug 3187) watchlist text refer to unexistent "Stop watching" action
28461 * Add block, block log and general log links to Special:Contributions
28462 * Add contributions link to block log items
28463 * Added optional "hide own edits" feature to Special:Recentchanges
28464 * (bug 5018) Anchors for each message in Special:Allmessages
28465 * Introduce $wgWantedPagesThreshold per bug 5011; Special:Wantedpages will not
28466 list pages with less than this number of links. Defaults to 1.
28467 * (bug 4319) Don't show a "create account" link on the login form when
28468 account creation is disabled.
28469 * JavaScript filter for Special:Allmessages
28470 * (bug 3047) Don't mention talk pages on Special:Movepage when there isn't one
28471 * Show links to user page, talk page and contributions page on Special:Newpages
28472 * Special:Export can now export a list of all contributors to an article (off by
28474 * (bug 5372) Add number of files to Special:Statistics
28475 * (bug 2871) Links to talk pages in watchlist editing view
28476 * (bug 5385) Allow hiding anonymous edits on Special:Recentchanges
28477 * (bug 2544) Illogical error reporting order in Special:Userlogin
28478 * (bug 5409) Hide "show/hide patrolled edits" in Special:Recentchanges if
28479 patrolling is disabled
28480 * (bug 5447) Convert first letter of username to uppercase before searching in
28482 * (bug 759) Wrap redirects on the watchlist editing page in a span, class
28484 * (bug 1862) Namespace filtering in watchlists
28487 * PHP 4.1 compatibility fix: don't use new_link parameter to mysql_connect
28488 if running prior to 4.2.0 as it causes the call to fail
28489 * (bug 3117) Fix display of upload size and type with tidy on
28490 * (bug 2323) Remove "last" tabindex from history page
28491 * (bug 3116) Division by zero on [[Image:Foo.png|123x123px|]]
28492 * Fix display of read-only lockfile message
28493 * Include software-visible client IP address in Special:Version comment
28494 as a proxy debugging aid
28495 * (bug 3170) Page Title failed to obey MediaWiki:Pagetitle.
28496 wikititlesuffix was removed
28497 * Add ability to break off certain debug topics into additional log files;
28498 use $wgDebugLogGroups to configure and wfDebugLog() to log.
28499 * Edit conflict on recreation of deleted page
28500 * (bug 3216) Don't show empty warning page when no warnings.
28501 * (bug 3218) Use proper quoting on history Compare Revisions button
28502 * Fix upgrade from 1.4 due to version number check breakage [for rc future]
28503 * Fix upgrade from 1.4 with no old revisions
28504 * Remove "info" editing toolbar that was shown in browsers which do not
28505 fully support the editing toolbar, but was found to be too confusing.
28506 * Don't override edit conflict suppression on section edits; section merging
28507 should provide the expected transparency here and fits usage patterns better.
28508 * (bug 3292) Fix move-over-redirect test when current entries are not plaintext
28509 * (bug 2078) Don't hide watch tab on preview
28510 * Fix regressions in ChangesList traditional layout
28511 * Fix edit on double-click for move-protected pages in Classic skin
28512 * (bug 3485) Fix bogus warning about filename capitalization when off
28513 * (bug 2570) Add 'watch this page' checkbox on uploads, watch uploads
28514 by default when 'watchdefault' option is on
28515 * Add options to dumpBackup.php for making split/partial dumps by page id
28516 * Added filter options, compression piping, and multiple output streams for
28518 * (bug 3595) Warn and abort if importDump.php called in read-only mode.
28519 * (bug 3598) Update message cache on message page deletion, patch by Tietew
28520 * Added separate noarticletext and newarticletext messages for logged in and
28522 * (bug 3332) Installation now uses Monobook, validates, plus usability
28524 * (bug 3660) Update diff3 detection to work with Windows/Cygwin
28525 * (bug 2330) Don't do funny thinks with "links" in MediaWiki:Undeletedtext
28526 * Two-pass data dump for friendliness to the DB (--stub, then dumpTextPass.php)
28527 * Data dump 'prefetch' mode to read normalized text from a prior dump
28528 (requires PHP 5, XMLReader extension)
28529 * (bug 2773) Print style sheet no longer overrides RTL text direction
28530 * (bug 2938) Update MediaWiki:Exporttext to be more general
28532 * Fix wfMsg*() replacements; args containing literal $[2-9] were wiped
28533 * Added @import for [[MediaWiki:Common.css]] to all skins
28534 * Edit box now remembers scrollbar position on preview
28535 * (bug 3816) Throw edit conflict instead of fatal error when a page is
28536 moved or deleted during section edit
28537 * (bug 3771) Handle internal functions in backtrace in wfAbruptExit()
28538 * (bug 3291) 'last' diff link for last history line when not at end
28539 * (bug 3667) Add missing global in page move code
28540 * (bug 2885) Remove unnecessary reference parameter which broke classic skin
28541 talk notification on PHP 5.0.5
28542 * (bug 3852) "Redirected from" link no longer obscured on double-redirects
28543 * changed directory hierarchy in images/math/. System upgrades from old to
28544 new hierarchy on the fly.
28545 * (bug 3487) Fix category edit preview with preview-on-bottom
28546 * (bug 918) Search index incorrectly joined words at == headings ==
28547 * (bug 3877) Render math images into temp directory, then move to hashed
28548 subdir so you can render new math images and have them work
28549 * (bug 2392) Fix Atom items content type, upgrade to Atom 1.0
28550 * Allow $wgFeedCacheTimeout of 0 to disable feed caching
28551 * Fix WebRequest::getRequestURL() to strip off the host bits squid prepends
28552 * Require POST for action=purge, to stop bots from purging the cache
28553 * Added local message cache feature ($wgLocalMessageCache), to reduce bandwidth
28554 requirements to the memcached server.
28555 * (bug 3562) for go search, try Caps-Variants-Broken-At-Non-Whitespace
28556 * (bug 2569) Use PATH_SEPARATOR instead of trying to guess based on
28557 DIRECTORY_SEPARATOR (was wrong on NetWare)
28558 * (bug 2740) Accept image deletions on 'enter' submit from MSIE
28559 * (bug 3939) Don't try to load text for interwiki redirect target
28560 * (bug 3948) Avoid notice warning in debug statement in bad search
28561 * Recognize Special:Search consistently so read whitelist works
28562 * (bug 3999) Change atom 1.0 feed id; had been unnecessarily complex due to
28563 unclear language in the spec. Now using the URL, same as the permalink,
28564 which someone else will probably whine about because it's not 'perma'
28565 enough or something.
28566 * (bug 4014) Fix include mode for Allpages on small page sets
28567 * (bug 3996) Fix text for new entries in RC RSS/Atom feed
28568 * (bug 3065) Update both watched namespaces when renaming pages
28569 * Changed mail form to have a bigger message entry box (like for editing
28571 * Fix ulimit parameters for wfShellExec when memory_limit is specified in 'm'
28572 * (bug 2111) Collapsable exif metadata table, clean up display
28573 * Reduce fractions in display of exif exposure time
28574 * (bug 4048) Optional footer link to site privacy policy
28575 * Don't die() when update.php reaches the end of the warning count
28576 * (bug 1915) Fix edit links when 'direction' used with 'oldid';
28577 using revision ID reported via OutputPage; Skin::editUrlOptions()
28578 * Remove obsolete 'redirect=no' on some edit links
28579 * Include oldid for the second revision on edit link on diff view
28580 * (bug 4035) Fix prev/next revision links on edit page
28581 * (bug 4100, 3049) Add 'edittools' message to hold edit tools, put it
28582 on Special:Upload as well as edit, rearrange edit page pieces a bit.
28583 Copyright warning now above the buttons to ensure it's visible,
28584 template list at the bottom so it can grow.
28585 * Optional summary parameter to action=rollback, for user javascript
28586 * (bug 4167) Fix regression caused by patch for bug 153
28587 * (bug 4169) Use $wgLegalTitleChars in pipe trick conversions
28588 * (bug 4170) Decode HTML character escapes in sort key
28589 * (bug 4201) Fix user-talk mode for Enotif, and general code cleanup
28590 * (bug 4214) Skip redundant action text inserts into the HTML <title>
28591 * (bug 4212) Skip redundant meta-robots tag for default settings
28592 * Fix regression: old version missing from edit links in Nostalgia skin
28593 * (bug 1600) Trigger edit conflict on duplicate section=new submissions
28594 * (bug 4001) Use local variables properly in wikibits.js akeytt()
28595 * Fix regression: old version missing from edit links on CSS/JS pages
28596 * (bug 3211) Include Date, To mail headers when using PEAR::Mail
28597 * (bug 3407) Fix encoding of subject and from/to headers on notification
28598 mails; userMailer() now takes a MailAddress wrapper object instead of
28599 a raw string to abstract things a level.
28600 * Fixed --server override on dumpTextPass.php
28601 * Added plugin interface for dumpBackup, so additional filters and output
28602 sink types can be registered at runtime from an extension
28603 * (bug 349) Fix for some numeric differences not being highlighted
28604 patch by Andrius Ramanauskas
28605 * (bug 4298) Include rc_id on enhanced RC singleton diff links for patrolling
28606 * Did some refactoring on ChangesList.php merging dupe code
28607 * (bug 1586) Fix interwiki generator for wikimedia obscure domains
28608 * (bug 3493) Mark edits patrolled when they are reverted
28609 patch by Leon Planken
28610 * Removed experimental Amethyst skin from default set
28611 * Upgrade old skin preferences properly at Special:Preferences
28612 (used to spontaneously switch to Classic skin for old numeric pref records)
28613 * (bug 3424) Update page_touched for category members on category page creation
28614 * Log views show message when no matches
28615 * Fix raw sitenotice display on database error
28616 * Fix autoconfirm check for old accounts
28617 * (bug 4368) Don't show useless empty preview on new section creation
28618 * Don't show useless empty preview on new page creation
28619 * (bug 4411) Fix messages diff link for classic skin
28620 * (bug 4385) Separate parser cache entries for non-editing users, so section
28621 edit links don't vanish / appear unwanted on protected pages
28622 * (bug 2726, 3397) Fix [[Special:]] and [[:Image]] links in action=render
28623 * (bug 4419) Remove obsolete magnify.png.old
28624 * Removed $wgUseCategoryMagic option, categories are now enabled unconditionally
28625 * (bug 3318) UI workarounds for disabled items in license selector
28626 MSIE/Win: items now grayed out, JS will revert to 'non selected' if clicked
28627 Safari: JS will revert to 'non selected' if clicked (but not gray)
28628 MSIE/Mac: indented items now visible (JS hack)
28629 * (bug 714) "plainlinks" class issues in IE, Opera
28630 * (bug 4317) Inconsistent "broken redirects" messages
28631 * Default interface text for "selflinks" tweaked
28632 * (bug 3194) default implementation of translateBlockExpiry
28633 which uses ipboptions
28634 * (bug 4446) $wgExportAllowHistory option to explicitly disable history in
28635 Special:Export form, 'exportnohistory' message to translate live hack.
28636 * Maintenance script to delete unused user accounts
28637 * (bug 912) Search box easier to reach in text browsers (lynx, links)
28638 * $wgParserCacheExpireTime added
28639 * Skip loading of RecentChange.php except where needed
28640 * Enforce $wgSVGMaxSize when rendering, even for SVGs with a very large source
28641 size. This is necessary to limit server memory usage.
28642 * Cleanup and error checking on Special:Listredirects
28643 * Clear up some instances of old OutputPage::sysopRequired() function usage
28644 * Improve "upload disabled" notice
28645 * Move parts of index.php to include/Wiki.php in an attempt to both cleanup
28646 index.php and create a MediaWiki-class mediaWiki base object
28647 * (bug 4104) Added OutputPageBeforeHTML hook for tweaking primary wiki output
28648 HTML on final output (cached or not)
28649 * Avoid PHP notice on command-line scripts if empty argument is passed ('')
28650 * (bug 4571) Partial fix hack for {{fulllurl:}} in action=render
28651 * (bug 3502) Bowtie symbol for TeX
28652 * (bug 4000) Support for \textstyle et al. in <math>
28653 * (bug 1663) support color in TeX formulas
28654 * (bug 2026) missing glue around \not= (TeX)
28655 * (bug 4576) Missing '>' broke license selector's first option in IE, Opera
28656 * Override $wgLocaltimezone in parser tests for us outside Iceland and UK
28657 * Fix extra whitespace at end of Wiki.php, DESTROYS XML OUTPUT
28658 * Remove redundant 'echo' statements from MonoBook.php
28659 * (bug 1103) Fix up redirect handling for images, categories
28660 Redirects are now followed from the top-level, outside of the Article
28661 content loading and viewing, for clarity and consistency.
28662 * (bug 4104) 'OutputPageBeforeHTML' hook to postprocess article HTML on
28663 page view (comes after parser cache, if used). Patch by ThomasV.
28664 * Linker::formatComment corrupted the passed title object on PHP 5
28665 if the comment included a section link. Use clone() to make a safe copy.
28666 * Add wfClone() wrapper since we're still using PHP 4 on some servers.
28667 * Remove obsolete killthread.php
28668 * Added wfDie() wrapper, and some manual die(-1), to force the return code
28669 to the shell to return nonzero when we crap out with an error.
28670 * Allow input of the stub from a compressed file instead of stdin
28671 for dumpTextPass.php; easier to get errors back on the shell
28672 * Added an attractive space on the namespace selector on contribs
28673 * Move PHP 5-friendly XHTML doctype hack to Sanitizer, use for sig checks.
28674 Fixes use of named entities in sigs on PHP 5
28675 * (bug 4482) Include move comment on the null edit as well as the redirect
28676 * (bug 3990) Use existing session name if session.auto_start is on
28677 Fixes checks for open sessions, such as the cookie warning on login.
28678 Patch by Zbigniew Braniecki.
28679 * Add cache-safe alternate sitenotice for anonymous users.
28680 (MediaWiki:Anonnotice) This is displayed instead of the regular sitenotice,
28681 if it exists. If not, the regular sitenotice shows. If that doesn't exist,
28682 the value of $wgSiteNotice is used, and if that's null, then nothing is shown.
28683 * Spit the generated LocalSettings code out during the installer as an aid
28684 to debugging issues. (Keep this?)
28685 * Use __FILE__ to form path in new LocalSettings.php, so it stays accurate
28686 when the directory is relocated for typical usage.
28687 * Auto-update $wgCacheEpoch when LocalSettings.php changes on new installs.
28688 For typical usage this will be a light burden and should reduce confusion
28689 when the configuration is edited.
28690 * Fix $wgCacheEpoch's effect on client-side caching.
28691 * (bug 1122) gray out 'older revision' when viewing first article revision.
28692 * Clearer message in DefaultSettings.php: edit LocalSettings.php instead
28693 * MonoBook skin top link id changed from "contentTop" to "top" (shared with
28695 * (bug 3350) Missing label for move talk page checkbox.
28696 * (bug 2108) Sort entries when using category browser
28697 * (bug 2393) Fix MIME type for Atom feeds ( application/rss+atom )
28698 * Add ".deps.php" include-file preloaders for some dynamically-loaded
28699 language and skin classes. Should help with the broken base-class
28700 problem under PHP 5 with APC as opcode cache. See details:
28701 https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/4NVSC4LAZX6ACO77QVLRQYAWULAJCKJ2/
28702 * Small changes to tabs in Monobook skin c/o Chris Ware
28703 * (bug 4679) Work around buggy basename() function in PHP5, which breaks
28704 uploads of files starting with multibyte characters on Linux.
28705 wfBaseName() doesn't suffer this bug, and understands backslash on
28706 both Unix and Windows.
28707 * (bug 3603) headscripts variable not hooked up to MonoBook skin
28708 * Allow local cdb-based interwiki cache
28709 * Use the "block", not the "protect" permission, when determining whether to
28710 show a "block user" link in the toolbox
28711 * Fix backup dump text prefetch for XMLReader constant changes in PHP 5.1
28712 * Suppress useless percentage indicator on output from 7za during dumps
28713 * (bug 4633) Add (previous 200) (next 200) also above catlinks
28714 * (bug 4686) Fix regression where ?diff=0&oldid=0 caused fatal error on
28715 pages with only one revision. Fixes message diff link on first edit.
28716 * Fix dependence on hardcoded UNIQ_PREFIX in LanguageConverter.php
28717 * Do not check lag on external storage servers
28718 * Do not tidy interface messages (unless full tidy is set)
28719 * Do not trust equality propagation and give more hints to MySQL
28720 optimizer for revision fetches (avoids index scans)
28721 * Use revision rate for ETA in dump generation; it tends to be more stable
28722 than the per-page count for full-history dumps.
28723 * Include timestamp in wfDebugLog breakouts
28724 * (bug 4469) Namespace-specific notice to be displayed below site-notice
28725 Edit messages like "MediaWiki:Namespacenotice-" plus namespace name
28726 which is blank for main namespace, or like e.g. "User_talk"
28727 * Adjust user login/creation form hooks to work with a captcha plugin
28728 * (bug 1284) Inline styles for diffs in Recent Changes RSS/Atom feeds
28729 * (bug 4824) IE7 beta 2 broke compatibility with PNG logo workarounds,
28730 and seems to work ok with other bits. No longer including the IE
28731 workarounds JavaScript for IE 7 and above.
28732 * Fix extra namespace for Bulgarian
28733 * (bug 4303) Add $wgFavicon to change the shorticon icon link from
28734 the default /favicon.ico or disable it (if set to false)
28735 * (bug 3347) strip linebreaks in math error source
28736 * (bug 4841) Warning for non-logged-in edits
28737 * (bug 4867) Leave invalid EXIF date fields unformatted instead of
28738 showing a bogus current timestamp
28739 * Reset $wgActionPaths during parser test; corrects some false failures
28740 in the automated test report.
28741 * (bug 4875) Define a div containing the shared image description
28742 * (bug 4860) Expose Title->userCan() as Hooks
28743 * (bug 4828) Fix genitive month-name variable for cs, pl, uk
28744 * (bug 4842) Fix 'show number of watching users' with enhanced RC
28745 * (bug 4889) Fix image talk namespace for Tamil
28746 * (bug 4147) Added cleanupWatchlist.php to clear out bogus watchlist entries
28747 * (partial bug 3456) Disable auto redirect to Main Page after account creation
28748 * (bug 4824) Separate out IE7 CSS compat hacks, fix for RTL pages
28749 * Added support for wikidiff2 and similar external diff engines.
28750 * Allow cookies to be shared between multiple wikis with a shared user database
28751 * Blocking some Unicode whitespace characters in usernames. Should check
28752 if some or all should be blocked from all page titles.
28753 * Unknown log types no longer throw notices everywhere in RecentChanges
28754 * (bug 4502, 5017) Don't render potentially hostile deleted page contents
28755 on Special:Undelete by default; show source, with an optional preview.
28756 The revisions list no longer shows the latest text by default, so it can
28757 still be operated if the text is hostile.
28758 * (bug 5013) Check for existence on "return to" links
28759 * Removed trailing whitespace on a bunch more messages.
28760 * Fix missing bad title check in Special:Booksources
28761 * Remove empty booksources string in fy
28762 * Avoid corrupting <gallery> inside <!-- comment -->
28763 * Remove legacy PHPTal code, hasn't been maintained in ages.
28764 * Tweak Userlogin include order for APC issue
28765 * Don't try to link to current page on protection tab
28766 * More exact checking in Title::equals() to fox moves of numerically similar
28767 page titles. (Odd hex title bug on 64-bit.)
28768 * Fix explicit s-maxage=0 on raw pages; should help with proxy issues in
28769 generated stylesheets... hopefully...
28770 * (bug 4685) More fixes for Slovenian project namespace
28771 * Fixed and enhanced a little the Live Preview, which had been broken for some
28773 * Added article size limit, $wgMaxArticleSize
28774 * (bug 4974) Don't follow redirected talk page on "new messages" link
28775 * (bug 4970) Make category paging limits configurable
28776 * (bug 4535) Warn user when editing CSS or JS subpage of a skin that doesn't
28778 * Make Live Preview an user preference, still controllable by the global
28780 * Rename the stub LanguageAls / LanguageGem_alsation to LanguageGsw to follow
28781 updated language code assignments
28782 * (bug 5081) Remove bogus fix for invalid characters in links which simply
28783 broke use of legitimate multiple whitespace characters in bracketed link.
28784 * (bug 4838) Add relative oldids (prev, next, cur) for raw pages
28786 * (bug 5086) Force image resize dimensions on ImageMagick, as for instance
28787 "-resize 100x35!"; some thumbs were off due to differences in rounding and
28788 would be generated smaller than expected.
28789 * (bug 5062) Width sometimes one pixel short when using maximum heights
28790 * Purge thumbnails and metadata cache for action=purge on an image page
28791 * (bug 4273) Bounce back with a message when attempting to submit a new comment
28792 with an empty main textbox (user probably hit Enter in subject field)
28793 * (bug 5141) Gracefully handle the new account link when createaccount off
28794 * (bug 5150 and related) Fix missing ID attribute in HTML namespace selector
28795 * (bug 5152) Proper HTML escaping on subpage breadcrumbs
28796 * (bug 4855) Section edit links now have the section name in the title
28798 * (bug 2115) Support shift-selecting multiple checkboxes with JavaScript.
28799 * (bug 5161) Don't try to load template list for nonexistent pages
28800 * (bug 5228) Workaround for broken LanguageConverter title overrides; avoid
28801 unnecessary hidden UI work when watch/unwatch is performed on edit
28802 * Fixed bogus master fallback in external storage
28803 * (bug 5246) Add speak:none to "hiddenStructure" class in main.css
28804 * Further work on rev_deleted; changed to a bitfield with several data-hiding
28805 options. Not yet ready for production use; Special:Revisiondelete is
28806 incomplete, and the flags are not preserved across page deletion/undeletion.
28807 To try it; add the 'deleterevision' permission to a privileged group.
28808 * (bug 5270) Fix broken linktrail for br, cv, fr, hr, nn, oc, ta, wa
28809 * Add a clickable contribs link in user tool links (rc, watchlist, diff view)
28810 to see how people like it. (There was one in the old hacked-up diff view.)
28811 * (bug 5236) Load wikibits.js before site-customized javascript
28812 * (bug 4119) Workaround for <nowiki> following link in Walloon; remove capitals
28813 from linktrail, as they're not used anywhere else.
28814 * (bug 4781) Output links with the percent-encoding they're supplied with;
28815 save the normalization for internal link storage. The normalization is a bit
28816 buggy and can make incorrect foldings in the query string and such, so isn't
28817 reliable beyond the hostname where it's used for the spam bulk checker.
28818 * Don't URL-decode in the title attribute for URL links; it can produce false
28819 results that don't code back to their original values.
28820 * (bug 4611) Add user preference (default on) to add new pages to creators's
28822 * (bug 5286) Fix regression in display of missing/bad revision IDs
28823 * (bug 4729) Add user preference that marks a user's edits as patrolled if user
28825 * (bug 4630) Add user preference to prompt users when entering blank edit
28827 * Added optional suggest feature for the search box. Set wgUseAjax to true to
28829 * (bug 5277) Use audio/midi rather that audio/mid
28830 * (bug 5410) Use namespace name when a custom namespace's nstab-NS message is
28832 * (bug 5432) Fix inconsistencies in cookie names when using table prefixes
28833 * Additional protections against HTML breakage in table parsing
28834 * (bug 5355) Include skin name and style JS settings in page source;
28835 fixes regression where Opera 6/7 and KHTML CSS fixes weren't applied
28836 when wikibits.js was moved up before user JS inclusion.
28837 * Added $wgColorErrors: if set, database error messages will be highlighted
28838 when running command-line scripts in a Unix terminal.
28839 * (bug 5195) rebuildrecentchanges.php works again; Database::insertSelect now
28840 has a parameter for select options.
28841 * Fix updateSearchIndex.php for new schema
28842 * Fix bogus "filename too short" error when uploading files with a period in the
28843 base name, e.g. "Mr. Zee.png"
28844 * (bug 2139) Show page title in subtitle when viewing "read only" page
28845 * (bug 5452) Update language name for Cree
28847 == Compatibility ==
28849 Older PHP 4.2 and 4.1 releases are no longer supported; PHP 4 users must
28850 upgrade to 4.3 or later.
28852 MediaWiki 1.6 is the last major version to support PHP 4; future versions will
28855 MySQL 3.23.x is no longer supported; some older hosts may need to upgrade.
28856 At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases.
28860 Several changes to the database have been made from 1.5; these are relatively
28861 minor but do require that the update process be run before the new code will
28864 * A new "templatelinks" table tracks template inclusions.
28865 * A new "externallinks" table tracks URL links; this can be used by a mass
28866 spam-cleanup tool in the SpamBlacklist extension.
28867 * A new "jobs" table stores a queue of pages to update in the background; this
28868 is used to update links in including pages when templates are edited.
28870 To ensure that these tables are filled with data, run refreshLinks.php after
28873 If you are upgrading from MediaWiki 1.4.x or earlier, some major database
28874 changes are made, and there is a slightly higher chance that things could
28875 break. Don't forget to always back up your database before upgrading!
28879 Some output, particularly involving user-supplied inline HTML, may not produce
28880 100% valid or well-formed XHTML output. Testers are welcome to set $wgMimeType
28881 = "application/xhtml+xml"; to test for remaining problem cases, but this is not
28882 recommended on live sites. (This must be set for MathML to display properly in
28888 == MediaWiki 1.5.9 ==
28889 * (bug 3359) Add hooks on completion of file upload
28891 == MediaWiki 1.5.8 ==
28895 MediaWiki 1.5.8 is a security and bugfix maintenance release.
28897 A bug in decoding of certain encoded links could allow injection of raw
28898 HTML into page output; this could potentially lead to XSS attacks.
28900 Some minor UI fixes were also made, see the change log at the bottom of
28904 == MediaWiki 1.5.7 ==
28908 MediaWiki 1.5.7 is a bugfix maintenance release.
28910 Most importantly, a security issue in the installer has been fixed. The bug
28911 affects new installations of 1.5.6 only. If the user specified the MySQL root
28912 password, to allow the installer to create an unprivileged account, the
28913 installer would not only create the new account but also change the root
28914 password to be equal to the password of the new account.
28916 Anyone affected by this bug will need to change the root password back
28917 manually. For information about how to change passwords in MySQL please see:
28918 http://dev.mysql.com/doc/refman/5.1/en/passwords.html
28920 This version includes fixes for compatibility with Internet Explorer 7
28921 beta 2, and various other bugs; see the full changelog at the end of
28925 == MediaWiki 1.5.6 ==
28929 MediaWiki 1.5.6 is a security and bugfix maintenance release.
28931 A bug in edit comment formatting could send PHP into an infinite loop
28932 if certain malformed links were included. In most installations, this
28933 would cause the script to fail after PHP's 30-second failsafe timeout.
28935 Some improvements have been made to the installer which should make
28936 installation possible on a system with a broken MySQL "root" account.
28938 For several other minor fixes, see the complete changelog at the end
28942 == MediaWiki 1.5.5 ==
28946 MediaWiki 1.5.5 is a security and bugfix maintenance release.
28948 Detection for uploads of Windows Metafile (.wmf) images has been added
28949 to help protect against a client-side vulnerability in unpatched Microsoft
28950 Windows operating systems.
28952 Sites which have enabled uploads and added non-standard file types
28953 (such as .ogg, .doc, or .pdf) should upgrade to this release to ensure
28954 that malicious .wmf files can't be uploaded with a fake extension;
28955 such files could put visitors to the site at risk.
28957 For more details on this, see:
28958 https://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
28960 Additionally, a maintenance script removeUnusedAccounts.php has been added;
28961 this replaces an older Perl script which had not been updated for the new
28965 == MediaWiki 1.5.4 ==
28969 MediaWiki 1.5.4 is a security and bugfix maintenance release.
28971 A hardcoded internal placeholder string has been replaced with a random
28972 one. This closes a hole where security checks in inline style attributes
28973 could be bypassed, injecting JavaScript code that could execute in
28974 Microsoft Internet Explorer.
28976 Other browsers would not be vulnerable.
28978 Several minor fixes are included in this release, most notably a fix
28979 to clear the "you have new messages" flag properly for usernames
28980 containing spaces when e-mail notification is enabled.
28982 See the changelog at the end of the release notes for a full list of
28986 == MediaWiki 1.5.3 ==
28990 MediaWiki 1.5.3 is a security and bugfix maintenance release.
28992 Validation of the user language option was broken by a code change in
28993 May 2005, opening the possibility of remote code execution as this
28994 parameter is used in forming a class name dynamically created with
28997 The validation has been corrected in this version. All prior 1.5 release
28998 and prelease versions are affected; 1.4 and earlier and not affected.
29000 Additionally several bugs have been fixed; see the changelog later in
29001 this file for a complete list.
29004 == MediaWiki 1.5.2 ==
29008 MediaWiki 1.5.2 is a bugfix maintenance release.
29010 A change in PHP 4.4.1 and PHP 5.1.0RC broke handling of extension and
29011 <pre> sections, causing garbage data to be inserted in output and saved
29012 edits. This version works around the change.
29014 Several other glitches with MySQL 5.0 and PHP 5.0.5 were also fixed;
29015 see the change log below for a complete list.
29018 == MediaWiki 1.5.1 ==
29022 MediaWiki 1.5.1 is a bugfix and security maintenance release, and is a
29023 recommended upgrade for all installations.
29025 This release includes further corrections to the inline CSS style sanitation
29026 which works around a JavaScript "feature" on Microsoft Internet Explorer.
29027 Users of Microsoft Internet Explorer for Windows may be vulnerable to
29028 XSS injections on prior versions; users of standards-compliant browsers
29029 are not vulnerable.
29031 Major fixes include:
29032 * Image pages work again with resizing disabled
29033 * Works in MySQL 5.0 strict mode
29035 There is experimental support in this release for explicitly declaring
29036 the UTF-8 charset in the database; this has been tested with MySQL 5.0.15
29037 but should work on 4.1 as well.
29039 IMPORTANT: Changing this setting on an existing wiki may produce interesting
29040 data corruption, depending on server configuration. Page contents should,
29041 usually, be unaffected, but page titles and other items may be. Limitations
29042 in MySQL's Unicode support mean that characters outside the BMP cannot be used
29043 in page titles or various other fields when using this mode.
29045 Table definitions are in maintenance/mysql5/tables.sql, and the runtime
29046 option to send 'SET NAMES utf8' is set by $wgDBmysql5 = true.
29048 (MySQL 3.23.x and 4.0.x do not support character set declarations; on these
29049 versions MediaWiki simply works with UTF-8 data and MySQL is blissfully
29054 == MediaWiki 1.5.0 final ==
29058 MediaWiki 1.5.0 is the new stable release branch of MediaWiki, and is
29059 recommended for all new installations.
29061 Any wikis running a 1.5 beta or release candidate are strongly recommended
29062 to upgrade to the final release, which includes a number of bug fixes and
29063 a security fix for CSS bugs in Microsoft Internet Explorer.
29065 IMPORTANT: Running a 1.3 or 1.4 wiki and don't want to jump to 1.5 yet?
29066 Be sure to upgrade to 1.3.17 or 1.4.11, also released today. Versions
29067 prior to 1.3.16 and 1.4.10 have a serious data corruption bug which is
29068 triggered by a spambot known to operate in the wild.
29071 === What's new in 1.5? ===
29074 The core table schema has changed significantly. This should make better
29075 use of the database's cache and disk I/O, and make significantly speed up
29076 rename and delete operations on pages with very long edit histories.
29078 Unfortunately this does mean upgrading a wiki of size from 1.4 will require
29079 some downtime for the schema restructuring, but future storage backend
29080 changes should be able to integrate into the new system more easily.
29083 The current revision of a page now has a permanent 'oldid' number assigned
29084 immediately, and the id numbers are now preserved across deletion/undeletion.
29085 A permanent reference to the current revision of a page is now just a matter
29086 of going to the 'history' tab and copying the first link in the list.
29089 Renames of pages are now recorded in Special:Log and the page history.
29090 A handy revert link is available from the log for sysops.
29093 Ever lost track of what you'd done so far during an edit? A 'Show diff'
29094 button on the edit page now makes it easy to remember.
29097 It's now possible to specify the final filename of an upload distinct
29098 from the original filename on your disk.
29100 An image link for a missing file will now take you straight to the upload
29103 More metadata is pre-extracted from uploaded images, which will ease pressure
29104 on disk or NFS volumes used to store images. EXIF metadata is displayed on
29105 the image description page if PHP is configured with the necessary module.
29107 If .svg files are added to the upload whitelist, you can choose to render
29108 them to rasterized .png images for inline display using one of several
29109 external helper programs. See DefaultSettings.php for SVG options.
29112 There are some changes to the user permissions system, with assignable
29113 groups. Note that this does *not* allow you to make pages which are only
29114 accessible to certain groups.
29116 For details see: https://www.mediawiki.org/wiki/Manual:User_rights
29119 User-to-user e-mail can now be restricted to require a mail-back confirmation
29120 first to reduce potential for abuse with false addresses.
29122 Updates to user talk pages and watchlist entries can optionally send e-mail
29126 A somewhat experimental interface for hooking in an external editor
29127 application is included.
29130 A bunch of stuff we forgot to mention.
29133 === What's gone? ===
29136 Wikis must now be encoded in Unicode UTF-8; this has been the default for
29137 some time, but some languages could optionally be installed in Latin-1 mode.
29138 This is no longer supported.
29140 You can check if your current wiki is in Latin-1 mode by using your browser's
29141 "view source"; look for a line like this:
29143 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
29145 If it says charset=utf-8, you're ready. If it says charset=iso8859-1,
29146 you may need to convert your data. (English-language wikis avoiding
29147 any accented characters may be able to get away without conversion.)
29150 Some optimization hacks for MySQL 3.x have been removed as part of the schema
29151 clean-up (specifically, the inverse_timestamp fields).
29153 MediaWiki 1.5 may still run on 3.x, but wikis of non-trivial size should
29154 very seriously consider upgrading to a more modern release. MySQL 3.x support
29155 will probably be entirely dropped in the next major release.
29157 Special:Maintenance
29158 These tools were, ironically enough, not really maintained. This special
29159 page has been removed; insofar as some of its pieces were useful and haven't
29160 already been supplanted by other special pages they should be rewritten in
29161 an efficient and safe manner in the future.
29167 Wikis in Latin-1 encoding are no longer supported; only Unicode UTF-8.
29168 A new option $wgLegacyEncoding is provided to allow on-the-fly recoding of
29169 old page text entries, but other metadata fields (titles, comments etc) need
29170 to be pre-converted. The standard upgrade process does not yet fully automate
29171 this, but you can try the alternate partial-upgrader in upgrade1_5.php.
29173 The upgrade from 1.4 to 1.5 schema has not been tested for all cases, so
29174 it's possible you may experience problems in some combinations.
29177 The text entries of deleted pages are no longer removed from the main
29178 text table on deletion. If you provide public backup dumps of your databases,
29179 you will probably want to use the new XML-format dump generator, available
29180 as maintenance/dumpBackup.php.
29182 For more information on how we run our own public data dumps at Wikimedia,
29183 see http://meta.wikimedia.org/wiki/Data_dumps
29186 The table definitions for PostgreSQL install are out of date. PostgreSQL
29187 support may return in later releases, pending appropriate patches.
29190 Some users may encounter installation problems with MySQL 4.1 or higher
29191 due to strange charset encoding / collation configurations. Try setting
29192 to 'latin1' or 'utf8' if you encounter problems.
29196 == MediaWiki 1.5 release candidate 4 ==
29200 MediaWiki 1.5rc4 is a preview release of the new 1.5 release series.
29201 It fixes compatibility with PHP 5.1, and corrects two cross-site scripting
29204 * <math> tags were handled incorrectly when TeX rendering support is off,
29205 as in the default configuration.
29206 * Extension or <nowiki> sections in Wiki table syntax could bypass HTML
29207 style attribute restrictions for cross-site scripting attacks against
29208 Microsoft Internet Explorer
29210 Wikis where the optional math support has been *enabled* are not vulnerable
29211 to the first, but are vulnerable to the second.
29215 == MediaWiki 1.5 release candidate 3 ==
29219 MediaWiki 1.5rc3 is a preview release of the new 1.5 release series.
29220 It fixes several major problems in 1.5rc2:
29222 * Fixed a cross-site scripting injection in the search form
29223 (broken since 1.5beta1)
29225 * Fixed upgrades from 1.4 database schema
29226 (broken since 1.5rc2)
29228 1.3 and 1.4 releases are not vulnerable to the XSS bug, but anyone
29229 running an earlier 1.5 beta or release candidate should upgrade
29233 == MediaWiki 1.5 release candidate 2 ==
29237 MediaWiki 1.5rc2 is a preview release of the new 1.5 release series.
29238 Numerous bug fixes since last beta, plus a security fix; see change
29239 log below for full details.
29241 A flaw in the interaction between extensions and HTML attribute
29242 sanitization was discovered which could allow unauthorized use
29243 of offsite resources in style sheets, and possible exploitation
29244 of a JavaScript injection feature on Microsoft Internet Explorer.
29246 This version expands the returned text and properly checks it
29249 A 1.5rc1 release was mistakenly made from the incorrect source code
29250 branch; 1.5rc2 is identical to the actual 1.5rc1 in revision control
29251 except for version number.
29254 == MediaWiki 1.5 beta 4 ==
29258 MediaWiki 1.5 beta 4 is a preview release of the new 1.5 release series.
29259 A number of bugs have been fixed since beta 3; see the full changelist below.
29262 == MediaWiki 1.5 beta 3 ==
29266 MediaWiki 1.5 beta 3 is a preview release of the new 1.5 release
29267 series, with a security update over beta 2.
29269 Incorrect escaping of a parameter in the page move template could
29270 be used to inject JavaScript code by getting a victim to visit a
29271 maliciously constructed URL. Users of vulnerable releases are
29272 recommended to upgrade to this release.
29274 Vulnerable versions:
29275 * 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3
29276 * 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6
29277 * 1.3 legacy series: not vulnerable
29279 This release also includes several bug fixes and localization updates.
29280 See the changelog at the end of this file for a detailed list.
29284 == MediaWiki 1.5 beta 2 ==
29288 MediaWiki 1.5 beta 2 is a preview release of the new 1.5 release series.
29289 While most exciting new bugs should have been ironed out at this point,
29290 third-party wiki operators should probably not run this beta release
29291 on a public site without closely following additional development.
29293 Anyone who _has_ been running beta 1 is very very strongly advised to
29294 upgrade to beta 2, as it fixes many bugs from the previous beta including
29295 a couple of HTML and SQL injections.
29297 This release should be followed by one or two release candidates and
29298 a 1.5.0 final within the next few weeks.
29300 Beta upgraders, note there are some minor database changes. For upgrades
29301 from 1.4, see the file UPGRADE for details on significant database and
29302 configuration file changes.
29304 Beta 2 includes a preliminary command-line XML wiki dump importer tool,
29305 maintenance/importDump.php, paired with maintenance/dumpBackup.php.
29306 These use the same format as Special:Export and Special:Import, able
29307 to package a wiki's entire page set independent of the backend database
29308 and compression format.
29311 == MediaWiki 1.5 beta 1 ==
29315 MediaWiki 1.5 beta 1 is a preview release, pretty much feature complete,
29316 of the new 1.5 release series. There are several known and likely a number
29317 of unknown bugs; it is not recommended to use this release in a production
29318 environment but would be recommended for testing in mind of an upcoming
29321 A number of significant changes have been made since the alpha releases,
29322 including database changes and a reworking of the user permissions settings.
29323 See the file UPGRADE for details of upgrading and changing your prior
29324 configuration settings for the new system.
29328 == MediaWiki 1.5 alpha 2 ==
29332 MediaWiki 1.5 alpha 2 includes a lot of bug fixes, feature merges,
29333 and a security update.
29335 Incorrect handling of page template inclusions made it possible to
29336 inject JavaScript code into HTML attributes, which could lead to
29337 cross-site scripting attacks on a publicly editable wiki.
29339 Vulnerable releases and fix:
29340 * 1.5 prerelease: fixed in 1.5alpha2
29341 * 1.4 stable series: fixed in 1.4.5
29342 * 1.3 legacy series: fixed in 1.3.13
29343 * 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended
29346 == MediaWiki 1.5 alpha 1 ==
29350 This is a testing preview release, being put out mainly to aid testers in
29351 finding installation bugs and other major problems. It is strongly recommended
29352 NOT to run a live production web site on this alpha release.
29354 ** WARNING: USE OF THIS ALPHA RELEASE MAY INFEST YOUR HOUSE WITH **
29355 ** TERMITES, ROT YOUR TEETH, GROW HAIR ON YOUR PALMS, AND PASTE **
29356 ** INNUENDO INTO YOUR C.V. RIGHT BEFORE A JOB INTERVIEW! **
29357 ** DON'T SAY WE DIDN'T WARN YOU, MAN. WE TOTALLY DID RIGHT HERE. **
29360 === Smaller changes since 1.4 ===
29362 Various bugfixes, small features, and a few experimental things:
29364 * 'live preview' reduces preview reload burden on supported browsers
29365 * support for external editors for files and wiki pages:
29366 https://www.mediawiki.org/wiki/Manual:External_editors
29367 * Schema reworking:
29368 https://www.mediawiki.org/wiki/Proposed_Database_Schema_Changes/October_2004
29369 * (bug 15) Allow editors to view diff of their change before actually submitting
29371 * (bug 190) Hide your own edits on the watchlist
29372 * (bug 510): Special:Randompage now works for other namespaces than NS_MAIN.
29373 * (bug 1015) support for the full wikisyntax in <gallery> captions.
29374 * (bug 1105) A "Destination filename" (save as) added to Special:Upload Upload.
29375 * (bug 1352) Images on description pages now get thumbnailed regardless of
29376 whether the thumbnail is larger than the original.
29377 * (bug 1662) A new magicword, {{CURRENTMONTHABBREV}} returns the abbreviation of
29379 * (bug 1668) 'Date format' supported for other languages than English, see:
29380 https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/5SH5IDCNYZTRBQQZ33GS7WYDEJ3PSEZE/
29381 * (bug 1739) A new magicword, {{REVISIONID}} give you the article or diff
29382 database revision id, useful for proper citation.
29383 * (bug 1998) Updated the Russian translation.
29384 * (bug 2064) Configurable JavaScript mimetype with $wgJsMimeType
29385 * (bug 2084) Fixed a regular expression in includes/Title.php that was accepting
29386 invalid syntax like #REDIRECT [[foo] in redirects
29387 * It's now possible to invert the namespace selection at Special:Allpages and
29388 Special:Contributions
29389 * No longer using sorbs.net to check for open proxies by default.
29390 * What was $wgDisableUploads is now $wgEnableUploads, and should be set to true
29391 if one wishes to enable uploads.
29392 * Supplying a reason for a block is no longer mandatory
29393 * Language conversion support for category pages
29394 * $wgStyleSheetDirectory is no longer an alias for $wgStyleDirectory;
29395 * Special:Movepage can now take parameters like Special:Movepage/Page_to_move
29396 (used to just be able to take parameters via a GET request like
29397 index.php?title=Special:Movepage&target=Page_to_move)
29398 * (bug 2151) The delete summary now includes editor name, if only one has edited
29400 * (bug 2105) Fixed from argument to the PHP mail() function. A missing space
29401 could prevent sending mail with some versions of sendmail.
29402 * (bug 2228) Updated the Slovak translation
29406 === Changes since 1.5alpha1 ===
29408 * (bug 73) Category sort key is set to file name when adding category to
29409 file description from upload page (previously it would be set to
29410 "Special:Upload", causing problems with category paging)
29411 * (bug 419) The contents of the navigation toolbar are now editable through
29412 the MediaWiki namespace on the MediaWiki:navbar page.
29413 * (bug 498) The Views heading in MonoBook.php is now localizable
29414 * (bug 898) The wiki can now do advanced sanity check on uploaded files
29415 including virus checks using external programs.
29416 * (bug 1692) Fix margin on unwatch tab
29417 * (bug 1906) Generalize project namespace for Latin localization, update
29419 * (bug 1975) The name for Limburgish (li) changed from "Lèmburgs" to "Limburgs
29420 * (bug 2019) Wrapped the output of Special:Version in <div dir='ltr'> in order
29421 to preserve the correct flow of text on RTL wikis.
29422 * (bug 2067) Fixed crash on empty quoted HTML attribute
29423 * (bug 2075) Corrected namespace definitions in Tamil localization
29424 * (bug 2079) Removed links to Special:Maintenance from movepagetext message
29425 * (bug 2094) Multiple use of a template produced wrong results in some cases
29426 * (bug 2095) Triple-closing-bracket thing partly fixed
29427 * (bug 2110) "noarticletext" should not display on Image page for "sharedupload"
29429 * (bug 2150) Fix tab indexes on edit form
29430 * (bug 2152) Add missing bgcolor to attribute whitelist for <td> and <th>
29431 * (bug 2176) Section edit 'show changes' button works correctly now
29432 * (bug 2178) Use temp dir from environment in parser tests
29433 * (bug 2217) Negative ISO years were incorrectly converted to BC notation
29434 * (bug 2234) allow special chars in database passwords during install
29435 * Deprecated the {{msg:template}} syntax for referring to templates, {{msg: is
29436 now the wikisyntax representation of wfMsgForContent()
29437 * Fix for reading incorrectly re-gzipped HistoryBlob entries
29438 * HistoryBlobStub: the last-used HistoryBlob is kept open to speed up
29439 multiple-revision pulls
29440 * Add $wgLegacySchemaConversion update-time option to reduce amount of
29441 copying during the schema upgrade: creates HistoryBlobCurStub reference
29442 records in text instead of copying all the cur_text fields. Requires
29443 that the cur table be left in place until/unless such fields are migrated
29444 into the main text store.
29445 * Special:Export now includes page, revision, and user id numbers by
29446 default (previously this was disabled for no particular reason)
29447 * dumpBackup.php can dump the full database to Export XML, with current
29448 revisions only or complete histories.
29449 * The group table was renamed to groups because "group" is a reserved word in
29450 SQL which caused some inconveniances.
29451 * New fileicons for c, cpp, deb, dvi, exe, h, html, iso, java, mid, mov, o,
29452 ogg, pdf, ps, rm, rpm, tar, tex, ttf and txt files based on the KDE
29454 * Fixed a bug in Special:Newimages that made it impossible to search for '0'
29455 * Added language variant support for Icelandic, now supports "Íslenzka"
29456 * The #p-nav id in MonoBook is now #p-navigation
29457 * Putting $4 in msg:userstatstext will now give the percentage of
29458 admnistrators out of normal users.
29459 * links and brokenlinks tables merged to pagelinks; this will reduce pain
29460 dealing with moves and deletes of widely-linked pages.
29461 * Add validate table and val_ip column through the updater.
29462 * Simple rate limiter for edits and page moves; set $wgRateLimits
29463 (somewhat experimental; currently needs memcached)
29464 * (bug 2262) Hide math preferences when TeX is not enabled
29465 * (bug 2267) Don't generate thumbnail at the same size as the source image.
29466 * Fix rebuildtextindex.inc for new schema
29467 * Remove linkscc table code, no longer used.
29468 * (bug 2271) Use faster text-only link replacement in image alt text
29469 instead of rerunning expensive link lookup and HTML generation.
29470 * Only build the HTML attribute whitelist tree once.
29471 * Replace wfMungeToUtf8 and do_html_entity_decode with a single function
29472 that does both numeric and named chars: Sanitizer::decodeCharReferences
29473 * Removed some obsolete UTF-8 converter functions
29474 * Fix function comment in debug dump of SQL statements
29475 * (bug 2275) Update search index more or less right on page move
29476 * (bug 2053) Move comment whitespace trimming from edit page to save;
29477 leaves the whitespace from the section comment there on preview.
29478 * (bug 2274) Respect stub threshold in category page list
29479 * (bug 2173) Fatal error when removing an article with an empty title from the
29481 * Removed -f parameter from mail() usage, likely to cause failures and bounces.
29482 * (bug 2130) Fixed interwiki links with fragments
29483 * (bug 684) Accept an attribute parameter array on parser hook tags
29484 * (bug 814) Integrate AuthPlugin changes to support Ryan Lane's external
29485 LDAP authentication plugin
29486 * (bug 2034) Armor HTML attributes against template inclusion and links munging
29488 === Changes since 1.5alpha2 ===
29490 * (bug 2319) Fix parse hook tag matching
29491 * (bug 2329) Fix title formatting in several special pages
29492 * (bug 2223) Add unique index on user_name field to prevent duplicate accounts
29493 * (bug 1976) fix shared user database with a table prefix set
29494 * (bug 2334) Accept null for attribs in wfElement without PHP warning
29495 * (bug 2309) Allow templates and template parameters in HTML attribute zone,
29496 with proper validation checks. (regression from fix for 2304)
29497 * Disallow close tags and enforce empty tags for <hr> and <br>
29498 * Changed user_groups format quite a bit.
29499 * (bug 2368) Avoid fatally breaking PHP 4.1.2 in a debug line
29500 * (bug 2367) Insert correct redirect link record on page move
29501 * (bug 2372) Fix rendering of empty-title inline interwiki links
29502 * (bug 2384) Fix typo in regex for IP address checking
29503 * (bug 650) Prominently link MySQL 4.1 help page in installer if a possible
29504 version conflict is detected
29505 * (bug 2394) Undo incompatible breakage to {{msg:}} compatibility includes
29506 * (bug 1322) Use a shorter cl_sortkey field to avoid breaking on MySQL 4.1
29507 when the default charset is set to utf8
29508 * (bug 2400) don't send confirmation mail on account creation if
29509 $wgEmailAuthentication is false.
29510 * (bug 2172) Fix problem with nowiki beeing replaced by marker strings
29511 when a template with a gallery was used.
29512 * Guard Special:Userrights against form submission forgery
29513 * (bug 2408) page_is_new was inverted (whoops!)
29514 * Added wfMsgHtml() function for escaping messages and leaving params intact
29515 * Fix ordering of Special:Listusers; fix groups list so it shows all groups
29516 when searching for a specific group and can't be split across pages
29517 * (bug 1702) Display a handy upload link instead of a useless blank link
29518 for [[media:]] links to nonexistent files.
29519 * (bug 873) Fix usage of createaccount permission; replaces $wgWhitelistAccount
29520 * (bug 1805) Initialise $wgContLang before $wgUser
29521 * (bug 2277) Added Friulian language file
29522 * (bug 2457) The "Special page" href now links to the current special page
29524 * (bug 1120) Updated the Czech translation
29525 * A new magic word, {{SCRIPTPATH}}, returns $wgScriptPath
29526 * A new magic word, {{SERVERNAME}}, returns $wgServerName
29527 * A new magic word, {{NUMBEROFFILES}}, returns the number of rows in the image
29529 * Special:Imagelist displays titles with " " instead of "_"
29530 * Less gratuitous munging of content sample in delete summary
29531 * badaccess/badaccesstext to supercede sysop*, developer* messages
29532 * Changed $wgGroupPermissions to more cut-n-paste-friendly format
29533 * 'developer' group deprecated by default
29534 * Special:Upload now uses 'upload' permission instead of hardcoding login check
29535 * Add 'importupload' permission to disable direct uploads to Special:Import
29536 * (bug 2459) Correct escaping in Special:Log prev/next links
29537 * (bug 2462 etc) Taking out the experimental dash conversion; it broke too many
29538 things for the current parser to handle cleanly
29539 * (bug 2467) Added a Turkish language file
29540 * Fixed a bug in Special:Contributions that caused the namespace selection to
29541 be forgotten between submits
29542 * Special:Watchlist/edit now has namespace subheadings
29543 * (bug 1714) the "Save page" button now has right margin to separate it from
29544 "Show preview" and "Show changes"
29545 * Special:Statistics now supports action=raw, useful for bots designed to
29546 harwest e.g. article counts from multiple wikis.
29547 * The copyright confirmation box at Special:Upload is now turned off by default
29548 and can be turned back on by setting $wgCopyrightAffirmation to a true value.
29549 * Restored prior text for password reminder button and e-mail, replacing
29550 the factually inaccurate text that was there.
29551 * (bug 2178) Fix temp dir check again
29552 * (bug 2488) Format 'deletedtext' message as wikitext
29553 * (bug 750) Keep line endings consistent in LocalSettings.php
29554 * (bug 1577) Add 'printable version' tab in MonoBook for people who don't
29555 realize you can just hit print to get a nicely formatted printable page.
29556 * Trim whitespace from option values to weather line-ending corruption problems
29557 * Fixed a typo in the Romanian language file (NS_MESIA => NS_MEDIA)
29558 * (bug 2504) Updated the Finnish translation
29559 * (bug 2506, 2512) Updated the Nynorsk translation
29560 * (bug 996) Replace $wgWhitelistEdit with 'edit' permission; fixup UPGRADE
29561 documentation about edit and read whitelists.
29562 * (bug 2515) Fix incremental link table update
29563 * Removed some wikipedia-specifica from LanguageXx.php's
29564 * (bug 2496) Allow MediaWiki:edithelppage to point to external page
29565 * Added a versionRequired() function to OutputPage, useful for extension
29566 writers that want to control what version of MediaWiki their extension
29568 * Serialized user objects now checked for versioning
29569 * Fix for interwiki link regression
29570 * Printable link shorter in monobook
29571 * Experimental Latin-1-and-replication-friendly upgrader script
29572 * (bug 2520) Don't show enotif options when disabled
29574 == Changes since 1.5beta1 ==
29576 * (bug 2531) Changed the interwiki name for sh (Serbocroatian) to
29577 Srpskohrvatski/Српскохрватски (was Српскохрватски (Srbskohrvatski))
29578 * Nonzero return code for command-line scripts on wfDebugDieBacktrace()
29579 * Conversion fix for empty old table in upgrade1_5.php
29580 * Try reading revisions from master if no result on slave
29581 * (bug 2538) Suppress notice on user serialized checks
29582 * Fix paging on Special:Contributions
29583 * (bug 2541) Fix unprotect tab
29584 * (bug 1242) category list now show on edit page
29585 * Skip sidebar entries where link text is '-'
29586 * Convert non-UTF-8 URL parameters even if referer is local
29587 * (bug 2460) <img> width & height properly filled when resizing image
29588 * (bug 2273) deletion log comment used user interface language
29589 * Try reading revision _text_ from master if no result on slave
29590 * Use content-language message cache for raw view of message pages
29591 * (bug 2530) Not displaying talk pages on Special:Watchlist/edit
29592 * Fixed a bug that would occour if $wgCapitalLinks was set to false, a user
29593 agent could create a username that began with a lower case letter that was
29594 not in the ASCII character set ( now user $wgContLang->ucfirst() instead of
29596 * Moved the user name / password validity checking from
29597 LoginForm::addNewAccountInternal() to two new functions,
29598 User::isValidUserName() and User::isValidPassword(), extensions can now do
29599 these checks without rewriting code.
29600 * Fix $wgSiteNotice when MediaWiki:Sitenotice is set to default '-'
29601 * Fixed a bug where the watchlist count without talk pages would be off by a
29603 * upgrade1_5.php uses insert ignore, allows to skip image info initialization
29604 * Fix namespaces in category list.
29605 * Add rebuildImages.php to update image metadata fields
29606 * Special:Ancientpages is expensive in new schema for now
29607 * (bug 2568) Fixed a logic error in the Special:Statistics code which caused
29608 the displayed percentage of admins to be totally off.
29609 * (bug 2560) Don't show blank width/height attributes for missing size
29610 * Don't show bogus messages about watchlist notifications when disabled
29611 * Don't show old debug messages in watchlist
29612 * (bug 2576) Fix recording of transclusion links
29613 * (bug 2577) Allow sysops to enter non-standard block times
29614 * Fixed a bug where Special:Contributions wouldn't remember the 'invert'
29615 status between next/previous buttons.
29616 * Move MonoBook printable link from tab to sidebar
29617 * (bug 2567) Fix HTML escaping on category titles in list
29618 * (bug 2562) Show rollback link for current revisions on diff pages
29619 * (bug 2583) Add --missinig option on rebuildImages.php to add db entries
29620 for uploaded files that don't have them
29621 * (bug 2572) Fix edit conflict handling
29622 * (bug 2595) Show "Earlier" and "Latest" links on history go to the first/last
29623 page in the article history pager.
29624 * Don't show empty-page text in 'Show changes' on new page
29625 * (bug 2591) Check for end, fix limits on Whatlinkshere
29626 * (bug 2584) Fix output of subcategory list
29627 * (bug 2597) Don't crash when undeleting an image description page
29628 * (bug 2564) Don't show "editingold" warning for recent revision
29629 * Various code cleanup and HTML escaping fixlets
29630 * Copy IRC-over-UDP update option from REL1_4
29631 * (bug 2548) Keep summary on 'show changes' of section edit
29632 * Move center on toc to title part to avoid breaking .toc style usage
29633 * HTML sanitizer: correct multiple attributes by keeping last, not first
29634 * (bug 2614) Fix section edit links on diff-to-current with oldid set
29635 Also fix navigation links on current-with-oldid view.
29636 * (bug 2620) Return to prior behavior for some more things (such as
29637 subpage parent links) on current-diff view.
29638 * (bug 2618) Fix regression from another fix; show initial preview for
29639 categories only if the page does not exist.
29640 * (bug 2625) Keep group & user settings when paging in Listusers
29641 * (bug 2627) Fix regression: diff radio button initial selection
29642 * Copy fix for old search URLs with Lucene search plugin from REL1_4
29643 * (bug 619) Don't use incompatible diff3 executable on non-Linux systems.
29644 * (bug 2631) Fix Hebrew namespaces.
29645 * (bug 2630) Indicate no-longer-valid cached entries in BrokenRedirects list
29646 * (bug 2644, 2645) "cur" diff links in page history, watchlist and
29647 recentchanges should specify current ID explicitly.
29648 * (bug 2609) Fix text justification preferenced with MonoBook skin.
29649 * (bug 2594) Display article tab as red for non-existent articles.
29650 * (bug 2656) Fix regression: prevent blocked users from reverting images
29651 * (bug 2629) Automatically capitalize usernames again instead of
29652 rejecting lowercase with a useless error message
29653 * (bug 2661) Fix link generation in contribs
29654 * Add support for &preload=Page_name (load text of an existing page into
29655 edit area) and &editintro=Page_name (load text of an existing page instead
29656 of MediaWiki:Newpagetext) to &action=edit, if page is new.
29657 * (bugs 2633, 2672, 2685, 2695) Fix Estonian, Portuguese, Italian, Finnish and
29658 Spanish numeric formatting
29659 * Fixed Swedish numeric formatting
29660 * (bug 2658) Fix signature time, localtime to match timezone offset again
29661 * Files from shared repositories (e.g. commons) now display with their
29662 image description pages when viewed on local wikis.
29663 * Restore compatibility namespace aliases for French Wikipedia
29664 * Fix diff order on Enhanced RC 'changes' link
29665 * (bug 2650) Fix national date type display on wikis that don't support
29666 dynamic date conversion.
29667 * FiveUpgrade: large table hacks, install iw_trans update before links
29668 * (bug 2648) Rename namespaces in Afrikaanse
29669 * Special:Booksources checks if custom list page exists before using it
29670 * (bug 1170) Fixed linktrail for da: and ru:
29671 * (bug 2683) Really fix apostrophe escaping for toolbox tips
29672 * (bug 923) Fix title and subtitle for rclinked special page
29673 * (bug 2642) watchdetails message in several languages used <a></a> instead of
29675 * (bug 2181) basic CSB language localisation by Tomasz G. Sienicki (thanks for
29677 * Fix correct use of escaping in edit toolbar bits
29678 * Removed language conversion support from Icelandic
29679 * (bug 2616) Fix proportional image scaling, giving correct height
29680 * (bug 2640) Include width and height attributes on unscaled images
29681 * Workaround for mysterious problem with bogus epoch If-Last-Modified reqs
29682 * (bug 1109) Suppress compressed output on 304 responses
29683 * (bug 2674) Include some site configuration info in export data:
29684 namespaces definitions, case-sensitivity, site name, version.
29685 * Use xml:space="preserve" hint on export <text> elements
29686 * Make language variant selection work again for zh
29688 == Changes since 1.5beta2 ==
29690 * Escaped & correctly in Special:Contributions
29691 * (bug 2534) Hide edit sections with CSS to make right click to edit section
29693 * (bug 2708) Avoid undefined notice on cookieless login attempt
29694 * (bug 2188) Correct template namespace for Greek localization
29695 * Fixed number formatting for Dutch
29696 * (bug 1355) add class noprint to commonPrint.css
29697 * (bug 2350) Massive update for Limburgish (li) language using Wikipédia
29698 * Massive update for Arab (ar) language using Wikipédia
29699 * (bug 1560) Massive update for Kurdish (ku) language using Wikipédia
29700 * (bug 2709) Some messages were not read from database
29701 * (bug 2416) Don't allow search engine robots to index or follow nonexisting
29703 * Fix escaping in page move template.
29704 * (bug 153) Discrepancy between thumbnail size and <img> height attribute
29706 == Changes since 1.5beta3 ==
29708 * Fix talk page move handling
29709 * (bug 2721) New language file for Vietnamese with the Vietnamese number
29711 * (bug 2749) would appear as a literal in image galleries for Cs, Fr,
29713 * (bug 787) external links being rendered when they only have one slash
29714 * Fixed a missing typecast in Language::dateFormat() that would cause some
29715 interesting errors with signitures.
29716 * (bug 2764) Number format for Nds
29717 * (bug 1553) Stop forcing lowercase in Monobook skin for German language.
29718 * (bug 1064) Implements Special:Unusedcategories
29719 * (bug 2311) New language file for Macedonian
29720 * Fix nohistory message on empty page history
29721 * Fix fatal error in history when validation on
29722 * Cleaned up email notification message formatting
29723 * Finally fixed Special:Disambiguations that was broke since SCHEMA_WORK
29724 * (bug 2761) fix capitalization of "i" in Turkish
29725 * (bug 2789) memcached image metadata now cleared after deletion
29726 * Add serialized version number to image metadata cache records
29727 * (bug 2780) Fix thumbnail generation with GD for new image schema
29728 * (bug 2791) Slovene numeric format
29729 * (bug 655) Provide empty search form when searching for nothing
29730 * Nynorsk numeric format fix
29731 * (bug 2825) Fix regression in newtalk notifications for anons w/ enotif off
29732 * (bug 2833) Fix bug in previous fix
29733 * With $wgCapitalLinks off, accept off-by-first-letter-case in 'go' match
29734 * Optional parameters for [[Special:Listusers]]
29735 * (bug 2832) [[Special:Listadmins]] redirects to [[Special:Listusers/sysop]]
29736 * (bug 785) Parser did not get out of <pre> with list elements
29737 * Some shared upload fixes
29738 * (bug 2768) section=new on nonexistent talk page does not add heading
29739 * support preload= parameter for section=new
29740 * show comment subject in preview when using section=new
29741 * use comment form when creating a new talk page
29742 * (bug 460) Properly handle <center> tags as a block.
29743 * Undo inconsistent editing behavior change
29744 * (bug 2835) Back out fix for bug 2802, caused regressions in category sort
29745 * PHP 4.1.2 compatibility fix: define floatval() equivalent if missing
29746 * (bug 2901) Number format for Catalan
29747 * Special:Allpages performance hacks: index memcached caching, removed
29748 inverse checkbox, use friendlier relative offsets in index build
29749 * Bring back "Chick" skin for mobile devices. It needs testing.
29750 * Fix spelling of $wgForwardSearchUrl in DefaultSettings.php
29751 * Specify USE INDEX on Allpages chunk queries, sometimes gets lost
29752 due to bogus optimization
29753 * (bug 275) Section duplication fix
29754 * Remove unused use of undefined variable in UserMailer
29755 * Fix notice on search index update due to non-array
29756 * (bug 2885) Fix fatal errors and notices in PHP 5.1.0beta3
29757 * (bug 2931) Fix additional notices on reference use in PHP 4.4.0
29758 * (bug 2774) Add three new $wgHooks to LogPage which enable extensions to add
29759 their own logtypes, see extensions/Renameuser/SpecialRenameuser.php for an
29761 * (bug 740) Messages from extensions now appear in Special:Allmessages
29762 * (bug 2857) fixed parsing of lists in <pre> sections
29763 * (bug 796) Trackback support
29764 * Fix 1.5 regression: weird, backwards diff links on new pages in enhanced RC
29765 are now suppressed as before.
29767 * "uselang" and "useskin" URL parameters can now be used in the URL when
29768 viewing a page, to change the language and skin of a page respectively.
29769 * Skins can now be previewed in preferences
29770 * (bug 2943) AuthPlugin::getCanonicalName() name canonicalization hook,
29772 * Wrap revision insert & page update in a transaction, rollback on late
29774 * (bug 2953) 'other' didn't work in Special:Blockip when localized
29775 * (bug 2958) Rollback and delete auto-summary should be in the project's
29777 * Removed useless protectreason message
29778 * Spelling fix: $wgUrlProtcols -> $wgUrlProtocols
29779 * Switch Moldovan local name to cyrillic
29780 * Fix typo in undefined array index access prevention
29781 * (bug 2947) Update namespaces for sr localization
29782 * (bug 2952) Added Asturian language file with translated namespaces
29783 * (bug 2676) Apply a protective transformation on editing input/output
29784 for browsers that hit the Unicode blacklist. Patch by plugwash.
29785 * (bug 2999) Fix encoding conversion of pl_title in upgrade1_5.php
29786 * compressOld.php disabled, as it's known to be broken.
29789 === Changes since 1.5beta4 ===
29791 * Fix Special:Allmessages under PHP 5
29792 * (bug 2911) Special:Watchlist allowed only one type of limit at a time
29793 * (bug 693) Special:Allmessages is excessively wide and redundant
29794 * (bug 3001) Updated and applied live hack for recentchanges-based watchlist
29795 * (bug 145) Finish 'exclude redirect' implementation in search form
29796 * Rearranged Special:Movepage form to reduce confusion between destination
29797 title and reason input boxes
29798 * (bug 2527) Always set destination filename when new file is selected
29799 * (bug 3056) MySQL 3 compatibility fix: USE INDEX instead of FORCE INDEX
29800 * PHP 4.1 compatibility fix: don't use new_link parameter to mysql_connect
29801 if running prior to 4.2.0 as it causes the call to fail
29802 * (bug 3117) Fix display of upload size and type with tidy on
29803 * (bug 1487) invalid html on empty list in banlist
29804 * (bug 3017) Hotkey conflict for delete and show changes
29805 * made pixel unit translateable and blocklistline now eats infiniteblock
29807 * (bug 3092) Wrong numerical separator for big numbers in Serbian.
29808 * (bug 2855) Credit for a uniq author showed its realname even with
29809 $wgAllowRealName=false.
29810 * New special page: SpecialMostlinked
29811 * (bug 2393) Fix MIME type for Atom feeds ( application/rss+atom )
29812 * Fix display of read-only lockfile message
29813 * Added a new hook, 'AddNewAccount', which is run after account creation
29814 * Update all stats fields on recount.sql
29815 * Include software-visible client IP address in Special:Version comment
29816 as a proxy debugging aid
29817 * (bug 3162) Fix 'undefined property page_is_new' error on watchlist
29818 * (bug 1734) granting db permissions failed with db usernames containg '-'
29819 * (bug 3170) wikititlesuffix was removed, use pagetitle instead
29820 * (bug 3187) watchlist text refer to unexistent "Stop watching" action
29821 * (bug 3190) Added some date format choices for language sr
29822 * (bug 1334) LanguageGa.php update
29823 * (bug 1020) Changing user interface language does not work immediately
29824 * (bug 2753) Some namespaces were not translated in LanguageTa.php (Tamil)
29825 * (bug 3204) Fix typo breaking special pages in fy localization
29826 * (bug 3210) Fix Media: links with remote image URL path
29827 * (bug 3220) Fix escaping of block URLs in Recentchanges
29828 * (bug 3238): Updated LanguageNn.php for 1_5 branch
29829 * (bug 3192): properly check 'limit' parameter on Special:Contributions
29830 * (bug 3244) Fix remote image loading hack, JavaScript injection on MSIE
29831 * Fix URL sanitization in HTML attributes, which broke in this branch
29832 * (bug 3475) anon contrib links on Special:Newpages
29835 === Changes since 1.5rc2 ===
29837 * Fix upgrade from 1.4 due to version number check breakage
29838 * Fix upgrade from 1.4 with no old revisions
29839 * (bug 2108) Sort entries when using category browser
29840 * XSS issue : now sanitize search query input
29843 === Changes since 1.5rc3 ===
29845 * (bug 3280) Respect 'move' group permission on page moves
29846 * (bug 2885) More PHP 5.1 fixes: skin, search, log, undelete
29847 * Security fix for <math>
29848 * Security fix for tables
29851 === Changes since 1.5rc4 ===
29853 * (bug 3292) Fix move-over-redirect test when current entries are not plaintext
29854 * (bug 2078) Don't hide watch tab on preview
29855 * (bug 3306) Document $wgLocalTZoffset
29856 * Support SVG rendering with rsvg
29857 * Cap arbitrary SVG renders to given image size or $wgSVGMaxSize pixels wide
29858 * (bug 3127) Render large SVGs at image page size correctly
29859 * (bug 3448) Set page_len on undelete
29860 * (bug 2800) Don't scale up small iamges on |thumb| without explicit size
29861 * Use the real file link instead of the default-size rasterized version for
29862 large SVG images on image description page
29863 * Include the file name/type/size line for non-resized images
29864 * (bug 3412) Clean up date format handling so ~~~~-sigs work with default
29865 format as designed. Documentation comments updated.
29866 * (bug 1423) LanguageJa.php update
29867 * (bug 3405) Don't use raw letters as aliases of MSGNW: and SUBST:
29868 * (bug 3485) Fix bogus warning about filename capitalization when off
29869 * (bug 2792) Update rebuildrecentchanges.inc for new schema
29870 * Special:Import/importDump fixes: report XML parse errors, accept <minor/>
29871 * (bug 3489) PHP 5.1 compat problem with captioned images
29872 * (bug 3350) Missing label for move talk page checkbox.
29873 * (bug 2570) Add 'watch this page' checkbox on uploads, watch uploads
29874 by default when 'watchdefault' option is on
29875 * (bug 3182) Clear link cache during import to prevent memory leak
29876 * (bug 3573) Full Greek Translation
29877 * (bug 3595) Warn and abort if importDump.php called in read-only mode.
29878 * (bug 3598) Update message cache on message page deletion, patch by Tietew
29879 * Blacklist additional MSIE CSS safety tricks
29882 === Changes since 1.5.0 ===
29884 * (bug 3629) Fix date & time format for Frisian
29885 * (bug 3641) Fix handling of unrecognized file uploads with known extensions
29886 * (bug 3643) Fix image page display of large images with resizing disabled
29887 * Fix meta robots tag on Special:Version again to avoid listing vulnerable
29888 versions for convenient harvesting by automated worms
29889 * (bug 3684) Fix typo in fatal error backtraces in Hooks.php
29890 * Backport fix for reference usage notice in Special:Search on PHP 4.4.0
29891 * Backport database connect error display fix from HEAD
29892 * (bug 2773) Print style sheet no longer overrides RTL text direction
29893 * MonoBook skin top link id changed from "contentTop" to "top" (shared with
29895 * Wrap message page insertions in a transaction to speed up installation
29896 * Fix Special:MovePage invalid HTML attribute for reason textarea
29897 * Avoid notice warning on edit with no User-Agent header
29898 * (bug 3734) Swapped out obsolete recount.sql with initStats.php
29899 * (bug 3735) Fix to run under MySQL 5's strict mode
29900 * (bug 3786) Experimental support for MySQL 4.1/5.0 utf8 charset mode
29901 NOTE: Enabling this may break existing wikis, and still doesn't
29902 work for all Unicode characters due to MySQL limitations.
29903 * Sanitizer CSS comment processing order fix
29906 === Changes since 1.5.1 ===
29908 * Fix Special:BrokenRedirects on MySQL 5.0
29909 * (bug 3809) Backport fix for detecting diff3 failure
29910 * MySQL 5.0 strict mode fix for moving unwatched pages
29911 * (bug 3782) Throw fatal installation warning if mbstring.func_overload on.
29912 Why do people invent these crazy options that change language semantics?
29913 * (bug 3762) Define missing Special:Import UI messages
29914 * (bug 3771) Handle internal functions in backtrace in wfAbruptExit()
29915 * (bug 3649) Remove obsolete, broken moveCustomMessages script
29916 * (bug 3667) Add missing global in page move code
29917 * (bug 3761) Avoid deprecation warnings in Special:Import
29918 * (bug 2885) Remove unnecessary reference parameter which broke classic skin
29919 talk notification on PHP 5.0.5
29920 * (bug 3845) Update attribute.php for 1.5 schema
29921 * Fix Parser::unstrip on PHP 4.4.1 and PHP 5.1.0RC4
29924 === Changes since 1.5.2 ===
29926 * (bug 3612) Remove old broken version of maintenance/compressOld.php
29927 The working version is in maintenance/storage/compressOld.php
29928 * (bug 2740) Accept image deletions on 'enter' submit from MSIE
29929 * (bug 3933) specify XML namespace for Atom 0.3 feeds
29930 * (bug 3939) Don't try to load text for interwiki redirect target
29931 * (bug 3948) Avoid notice warning in debug statement in bad search
29932 * Recognize Special:Search consistently so read whitelist works
29933 * (bug 4013) typo in fr
29934 * (bug 3996) Fix text for new entries in RC RSS/Atom feed
29935 * (bug 2894) Enhanced Recent Changes link fixes
29936 * (bug 3065) Update both watched namespaces when renaming pages
29937 * Move parentheses out of <a> link in Special:Contributions
29938 * (bug 4071) Generate passwords long enough for $wgMinimalPasswordLength
29939 * (bug 4035) Fix prev/next revision links on edit page
29940 * (bug 4165) Correct validation for user language selection (data taint)
29941 * Clearer message in DefaultSettings.php: edit LocalSettings.php instead
29944 === Changes since 1.5.3 ===
29946 * (bug 3805) Clear 'new messages' flag properly in enotif mode
29947 for usernames containing spaces
29948 * (bug 2714) Backlink from special:whatlinkshere was hard set as 'existing'
29949 * (bug 4249) Typo in entities2literals.pl
29950 * (bug 4233) Update for japanese language
29951 * (bug 4279) Small correction to LanguageDa.php
29952 * (bug 4267) Switch dv sd ug ks arc languages to RTL
29953 * (bug 3991) Allow the operation of wikicode on Protect move only text
29954 * Added AutoAuthenticate hook for external User object suppliers
29955 * Parser internal placeholder string now fully randomized for safety
29957 === Changes since 1.5.4 ===
29959 * Maintenance script to delete unused user accounts
29960 * Added detection for WMF files (application/x-msmetafile), added this
29961 MIME type to the default blacklist. Prevented inline display of images
29962 which are not of known image types. This is in response to
29963 https://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
29965 === Changes since 1.5.5 ===
29967 * (bug 4258) When installing under IIS, $wgArticlePath = "$wgScript?title=$1"
29969 * (bug 4510) Correct Barnes & Noble bookstore URLs
29970 * (bug 4504) Use site language for namespace name resolution
29971 * Installer fixes from HEAD backported; now uses a more sensible method of
29972 establishing which mySQL user to use, which clears up bug 921 et al. Minor
29973 changes to installer.
29974 * Fix problem reported on mailing list where re-initialising stats didn't work
29975 (can't insert duplicate rows with the same id field)
29976 * (bug 1122) gray out 'older revision' when viewing first article revision.
29977 * Respect database prefix in dumpHTML.inc
29978 * Minor improvements to removeUnusedAccounts.php maintenance script
29979 * Fix for single-digit week numbers from {{CURRENTWEEK}}, broken by PHP 4.4.1
29980 * Removed read-only check from Database::query()
29981 * Added --conf option to command line scripts, allowing the user to specify a
29982 different LocalSettings.php.
29984 === Changes since 1.5.6 ===
29986 * Default main page content improved per bug 4690
29987 * Fix dependence on hardcoded UNIQ_PREFIX in LanguageConverter.php
29988 * Fixed Special:Unlockdb
29989 * Maintenance script to delete unused text records
29990 * Maintenance script to delete non-current revisions
29991 * Maintenance script to wipe a page and all revisions from the database
29992 * (bug 4768) Wrong Russian translation (typo)
29993 * Performance bugfix: propagate equality manually for Revision fetches
29994 * (bug 4773) PHP fatal error when invalid title passed to Special:Export
29995 * Added missing table defs. for transcache to installer schemas
29996 * (bug 4824) IE7 beta 2 broke compatibility with PNG logo workarounds,
29997 and seems to work ok with other bits. No longer including the IE
29998 workarounds JavaScript for IE 7 and above.
29999 * (bug 2532) Image directory structure migration bug
30000 * (bug 4881) Correction to the fix for 1487; Ipblocklist showed 'no blocks'
30001 message at the end of the list even if there were blocks.
30002 * (bug 4805) Removed more wikipedia-references from LanguageUk.php
30003 * Introduce $wgWantedPagesThreshold per bug 5011; Special:Wantedpages will not
30004 list pages with less than this number of links. Defaults to 1.
30005 * Allow customisation of paging limits for items in categories using the
30006 $wgCategoryPagingLimit global, per bug 4970.
30007 * Improve "nogomatch" text to make it more obvious that a page can be created.
30008 * (bug 5113) Spelling error in French language file
30009 * Don't change the password of the MySQL root user.
30011 === Changes since 1.5.7 ===
30013 * (bug 5180) User login page shows inappropriate email blurb
30014 * Add the "AbortNewAccount" hook on account creation; see hooks.txt for more
30016 * Update default "exporttext" to reflect that Special:Import exists
30017 * Add links to useful material to the default main page content
30018 * Fix fragment HTML injection
30020 === Changes since 1.5.8 ===
30022 * Fixed obvious mistakes in Finnish (fi) translation
30023 * Fixed obvious mistakes in Kurdish (ku) translation
30024 * Merge two #p-search .pBody statements i monobook/main.css
30025 * (bug 5156) Update for Hebrew language (he) translation
30026 * Add the "UserRights" hook on user group changes; see hooks.txt for more info.
30027 * Translated "listingcontinuesabbrev" for German
30031 Some output, particularly involving user-supplied inline HTML, may not
30032 produce 100% valid or well-formed XHTML output. Testers are welcome to
30033 set $wgMimeType = "application/xhtml+xml"; to test for remaining problem
30034 cases, but this is not recommended on live sites. (This must be set for
30035 MathML to display properly in Mozilla.)
30039 == MediaWiki 1.4.15 ==
30041 (released March 26, 2006) MediaWiki 1.4.15 is a security maintenance release. A
30042 bug in decoding of certain encoded links could allow injection of raw HTML into
30043 page output; this could potentially lead to XSS attacks. Additionally, this
30044 release may display more correctly in IE7 betas.
30046 == MediaWiki 1.4.14 ==
30047 (released January 19, 2006) MediaWiki 1.4.14 is a security and bugfix
30048 maintenance release. A bug in edit comment formatting could send PHP into an
30049 infinite loop if certain malformed links were included. In most installations,
30050 this would cause the script to fail after PHP's 30-second failsafe timeout. For
30051 several other minor fixes, see the complete changelog at the end of this file.
30053 == MediaWiki 1.4.13 ==
30054 (released January 5, 2006) MediaWiki 1.4.13 is a security maintenance
30055 release.Detection for uploads of Windows Metafile (.wmf) images has been added
30056 to help protect against a client-side vulnerability in unpatched Microsoft
30057 Windows operating systems. Sites which have enabled uploads and added
30058 non-standard file types (such as .ogg, .doc, or .pdf) should upgrade to this
30059 release to ensure that malicious .wmf files can't be uploaded with a fake
30060 extension; such files could put visitors to the site at risk. For more details
30061 on this, see: https://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
30063 == MediaWiki 1.4.12 ==
30064 (released 2005-11-02) MediaWiki 1.4.12 is a bugfix and security maintenance
30065 release. A change in PHP 4.4.1 broke handling of extension and
30066 <nowiki><pre></nowiki> sections, causing garbage data to be inserted in output
30067 and saved edits. This version works around the change. This release includes
30068 further corrections to the inline CSS style sanitation which works around a
30069 JavaScript "feature" on Microsoft Internet Explorer. Users of Microsoft
30070 Internet Explorer for Windows may be vulnerable to XSS injections on prior 1.4
30071 releases; users of standards-compliant browsers are not vulnerable.
30073 == MediaWiki 1.4.11 ==
30074 (released 2005-10-05) MediaWiki 1.4.11 is a security maintenance release.
30075 Unsafe handling of CSS by Microsoft Internet Explorer could be exploited to
30076 produce cross-site scripting attacks by JavaScript injection to clients running
30077 that browser. This release blacklists several additional variants from use in
30078 HTML inline style attributes. All publicly accessible wikis are recommended to
30079 upgrade to reduce the risk to visitors using Microsoft web browsers. Note: the
30080 MediaWiki 1.4.x series is not compatible with PHP 5.0.5 or higher. Upgrade to
30081 the 1.5.0 release if you require this version of PHP 5.
30083 == MediaWiki 1.4.10 ==
30084 (released 2005-09-21) MediaWiki 1.4.10 is a security maintenance release. A bug
30085 in edit submission handling could cause corruption of the previous revision in
30086 the database if an abnormal URL was used, such as those used by some spambots.
30088 * 1.4.x <= 1.4.9; fixed in 1.4.10
30089 * 1.3.x <= 1.3.15; fixed in 1.3.16
30090 1.5 release candidates are not affected by this problem. All publicly editable
30091 wikis are strongly recommended to upgrade immediately.
30092 1.4 releases can be manually patched by changing this bit in EditPage.php:
30094 <syntaxhighlight lang="php">
30095 function importFormData( &$request ) {
30096 if( $request->wasPosted() ) {
30099 <syntaxhighlight lang="php">
30100 function importFormData( &$request ) {
30101 if( $request->getVal( 'action' ) == 'submit' && $request->wasPosted() )
30104 == MediaWiki 1.4.9 ==
30105 (released 2005-08-29) MediaWiki 1.4.9 is a security maintenance release. It
30106 corrects two cross-site scripting security bugs:
30107 * <nowiki><math></nowiki> tags were handled incorrectly when TeX rendering
30108 support is off, as in the default configuration.
30109 * Extension or <nowiki><nowiki></nowiki> sections in Wiki table syntax could
30110 bypass HTML style attribute restrictions for cross-site scripting attacks
30111 against Microsoft Internet Explorer Wikis where the optional math support has
30112 been *enabled* are not vulnerable to the first, but are vulnerable to the
30115 == MediaWiki 1.4.8 ==
30116 (released 2005-08-23) MediaWiki 1.4.8 is a bug fix and security maintenance
30117 release. A flaw in the interaction between extensions and HTML attribute
30118 sanitization was discovered which could allow unauthorized use of offsite
30119 resources in style sheets, and possible exploitation of a JavaScript injection
30120 feature on Microsoft Internet Explorer. This version expands the returned text
30121 and properly checks it before output. Additionally, an update to
30122 skins/MonoBook.php ensures that sites using the default MonoBook skin will
30123 display correctly in the Internet Explorer 7 beta. (1.3 and 1.5 are not
30124 affected by this bug.)
30126 == MediaWiki 1.4.7 ==
30127 (released 2005-07-16)
30128 MediaWiki 1.4.7 is a bug fix release. Those affected by the following problems
30129 in 1.4.6 should upgrade:
30130 * Watchlist breakage on MySQL 3.23.x and with table prefix enabled
30131 * Possible breakage in watchlist, some image resizing modes on PHP 4.1.2 1.4.6
30132 included a fix for a cross-site scripting vulnerability, so anyone running
30133 older 1.4 releases is very strongly encouraged to upgrade as well. Note to
30134 upgraders: this version of MediaWiki is known to produce a large number of
30135 notice-level warnings under the newly released PHP 4.4.0. These appear however
30136 to be harmless; if you encounter them add this to your LocalSettings.php to
30137 suppress the notices: error_reporting( E_ALL & ~E_NOTICE ); PHP 5.1.0beta3 is
30138 known to be incompatible at this time.
30140 == MediaWiki 1.4.6 ==
30141 (released 2005-07-07) MediaWiki 1.4.6 is a bug fix and security update release.
30142 Incorrect escaping of a parameter in the page move template could
30143 be used to inject JavaScript code by getting a victim to visit a maliciously
30144 constructed URL. Users of vulnerable releases are recommended to upgrade to
30145 this release. Vulnerable versions:
30146 * 1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3
30147 * 1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6
30148 * 1.3 legacy series: not vulnerable This release also includes fixes for some
30149 rare bug annoying HTTP errors, a PHP 4.1.2 breakage bug, and works around some
30150 template limitations introduced in 1.4.5. See the changelog at the end of this
30151 file for a detailed list of bugs fixed.
30153 == MediaWiki 1.4.5 ==
30154 (released 2005-06-03) MediaWiki 1.4.5 is a security update and bugfix release.
30155 Incorrect handling of page template inclusions made it possible to inject
30156 JavaScript code into HTML attributes, which could lead to cross-site scripting
30157 attacks on a publicly editable wiki. Vulnerable releases and fix:
30158 * 1.5 prerelease: fixed in 1.5alpha2
30159 * 1.4 stable series: fixed in 1.4.5
30160 * 1.3 legacy series: fixed in 1.3.13
30161 * 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended This
30162 release also includes a number of bug fixes (see changelog below) and merges
30163 some large-server load balancing patches from Wikipedia. An experimental rate
30164 limiter for page edits and moves can be enabled with global, per-IP,
30165 per-subnet, or per-user bases. See configuration options in
30166 includes/DefaultSettings.php
30168 == MediaWiki 1.4.4 ==
30169 (released 2005-05-04) MediaWiki 1.4.4 is a bugfix release for the 1.4 stable
30170 release series. Some bugs in the installer/updater and refreshLinks maintenance
30171 script were introduced in the last release and have been corrected.
30173 == MediaWiki 1.4.3 ==
30175 (released 2005-04-28)
30177 MediaWiki 1.4.3 is a bugfix release for the 1.4 stable release series.
30179 Chiefly, this fixes a compatibility problem with PHP 5 and a minor link
30180 table corruption bug on initial page save.
30183 == MediaWiki 1.4.2 ==
30185 (released 2005-04-20)
30187 MediaWiki 1.4.2 is a security and bug fix release for the 1.4 stable release
30190 A cross-site scripting injection vulnerability was discovered, which
30191 affects only MSIE clients and is only open if MediaWiki has been
30192 manually configured to run output through HTML Tidy ($wgUseTidy).
30194 Several other bugs are fixed in this release, see the changelog below.
30196 All new installations are highly recommended to use 1.4.2 instead of
30197 1.3.x; 1.3.x users should consider upgrading for bug fixes and new
30198 features. Ealier 1.4.x release and beta users should upgrade to this
30199 release for relevant bug fixes; see the changelog later in this file.
30202 If you have trouble, remember to read this whole file and the online FAQ page
30203 before asking for help:
30205 https://www.mediawiki.org/wiki/Manual:FAQ
30208 === READ THIS FIRST: Upgrading ===
30210 If upgrading from an older release, see the notes in the file UPGRADE.
30211 There are a couple of minor database changes from the beta releases,
30212 and somewhat larger changes from 1.3.x.
30214 Upgrading from a previous 1.4.x stable release installation should
30215 generally only require copying the new files over the old ones.
30218 ==== READ THIS FIRST, TOO: MySQL 4.1 AND 5.0 ====
30220 MySQL 5.0 is a beta release, not yet ready for production use. If you
30221 are using it, the notes below about 4.1 apply to you too.
30223 If you have the choice of MySQL 4.0 or MySQL 4.1 and don't need 4.1 for
30224 some other application, you should consider sticking with 4.0 for the
30225 moment. 4.1 may require you to do extra fiddling to get things to work
30226 due to changes that aren't fully backwards-compatible.
30228 MySQL 4.1 has changed the authentication protocol in an incompatible
30229 way; many PHP installations still use the older client libraries and
30230 CANNOT CONNECT TO THE SERVER WITH A PASSWORD without some changes.
30232 See: http://dev.mysql.com/doc/mysql/en/Old_client.html
30234 If MySQL is set with utf-8 as the default character set, installation
30235 may fail with "key too long" errors. Set the default charset to 'latin1'
30236 for installation and it should work.
30238 The mysqldump backup generator now applies an automatic conversion to
30239 UTF-8, which may irretrivably corrupt your data. Pass the -charset option
30240 with the original default charset (eg 'latin1') to skip the conversion.
30243 ==== READ THIS FIRST IF RUNNING ON A WINDOWS SERVER ====
30245 MediaWiki is tested and deployed primarily under the Apache web server
30246 on Linux Unix systems. There are known to be problems running on
30247 Microsoft's IIS which are not fully resolved. If you have a choice,
30248 try running under Apache on Windows, or on a Unix/Linux box instead.
30250 If you're having trouble with blank pages on IIS and can't switch,
30251 try the workaround suggested in this bug report:
30252 http://bugzilla.wikimedia.org/show_bug.cgi?id=1763
30255 === New features ===
30257 * 'Recentchanges Patrol' to mark new edits that haven't yet been viewed.
30258 * New, searchable deletion/upload/protection logs
30259 * Image gallery generation (Special:Newimages and <gallery> tag)
30260 * SVG rasterization support (requires external support tools)
30261 * Users can select from the available localizations to override the
30262 default user interface language.
30263 * Traditional/Simplified Chinese conversion support
30264 * rel="nofollow" support to combat linkspam
30266 The current implementation adds this attribute to _all_ external URL
30267 links in wiki text (but not internal [[wiki links]] or interwiki links).
30268 To disable the attribute for _all_ external links, add this line to your
30271 $wgNoFollowLinks = false
30273 For background information on nofollow see:
30275 http://www.google.com/googleblog/2005/01/preventing-comment-spam.html
30278 === Installation and compatibility ===
30280 * The default MonoBook theme now works with PHP 5.0
30281 * Installation on systems with PHP's safe mode or other oddities
30282 should work more reliably, as MonoBook no longer needs to
30283 create a compiled template file for the wiki to run.
30284 * A table prefix may be specified, to avoid conflicts with other
30285 web applications forced to share a database.
30286 * More thorough UTF-8 input validation; fixes non-ASCII uploaded
30287 filenames from Safari.
30288 * Command-line database upgrade script.
30291 === Customizability ===
30293 * Default user options can now be overridden in LocalSettings.
30294 * Skins system more modular: templates and CSS are now in /skins/
30295 New skins can be dropped into this directory and used immediately.
30296 * More extension hooks have been added.
30297 * Authentication plugin hook.
30298 * More internal code documentation, generated with phpdoc:
30299 https://doc.wikimedia.org/mediawiki-core/master/php/html/
30302 === Optimization ===
30304 * For many operations, MediaWiki 1.4 should run faster and use
30305 less memory than MediaWiki 1.3. Page rendering is up to twice
30306 as fast. (Use a PHP accelerator such as Turck MMCache for best
30307 results with any PHP application, though!)
30308 * The parser cache no longer requires memcached, and is enabled
30309 by default. This avoids a lot of re-rendering of pages that
30310 have been shown recently, greatly speeding longer page views.
30311 * Support for compiled PHP modules to speed up page diff and
30312 Unicode validation/normalization. (Requires ability to compile
30313 and load PHP extensions).
30316 === What isn't ready yet ===
30318 * A new user/groups permissions scheme has been held back to 1.5.
30319 * An experimental SOAP interface will be made available as an extension
30320 * PostgreSQL support is largely working, minus search and the installer.
30321 You can perform a manual installation.
30322 * E-mail notification of watched page changes and verification of
30323 user-submitted e-mail addresses is not yet included.
30324 * Log pages are not automatically imported into the new log table
30325 at upgrade time. A script to import old text log entries is
30326 incomplete, but may be available in later point releases.
30327 * Some localizations are still incomplete.
30333 === Important security updates ===
30335 A security audit found and fixed a number of problems. Users of MediaWiki
30336 1.3.10 and earlier should upgrade to 1.3.11; users of 1.4 beta releases
30337 prior to 1.4rc1 should upgrade immediately.
30339 ==== Cross-site scripting vulnerability ====
30341 XSS injection points can be used to hijack session and authentication
30342 cookies as well as more serious attacks.
30344 * Media: links output raw text into an attribute value, potentially
30345 abusable for JavaScript injection. This has been corrected.
30346 * Additional checks added to file upload to protect against MSIE and
30347 Safari MIME-type autodetection bugs.
30349 As of 1.3.10/1.4beta6, per-user customized CSS and JavaScript is disabled
30350 by default as a general precaution. Sites which want this ability may set
30351 $wgAllowUserCss and $wgAllowUserJs in LocalSettings.php.
30354 ==== Cross-site request forgery ====
30356 An attacker could use JavaScript-submitted forms to perform various
30357 restricted actions by tricking an authenticated user into visiting
30358 a malicious web page. A fix for page editing in 1.3.10/1.4beta6 has
30359 been expanded in this release to other forms and functions.
30361 Authors of bot tools may need to update their code to include the
30365 ==== Directory traversal ====
30367 An unchecked parameter in image deletion could allow an authenticated
30368 administrator to delete arbitrary files in directories writable by the
30369 web server, and confirm existence of files not deletable.
30372 ==== Older issues ====
30374 Note that 1.4 beta releases prior to beta 5 include an input validation
30375 error which could lead to execution of arbitrary PHP code on the server.
30376 Users of older betas should upgrade immediately to the current version.
30379 Beta 6 also introduces the use of rel="nofollow" attributes on external
30380 links in wiki pages to reduce the effectiveness of wiki spam. This will
30381 cause participating search engines to ignore external URL links from wiki
30382 pages for purposes of page relevancy ranking.
30385 === Misc bugs fixed in beta 1 ===
30387 * (bug 95) Templates no longer limited to 5 inclusions per page
30388 * New user preference for limiting the image size for images on image
30390 * (bug 530) Allow user to preview article on first edit
30391 * (bug 479) [[RFC 1234]] will now make an internal link
30392 * (bug 511) PhpTal skins shown bogus 'What links here' etc on special pages
30393 * (bug 770) Adding filter and username exact search match for Special:Listusers
30394 * (bug 733) Installer die if it can not write LocalSettings.php
30395 * (bug 705) Various special pages no more show the rss/atom feed links
30396 * (bug 114) use category backlinks in Special:Recentchangeslinked
30398 === Beta 2 fixes ===
30400 * (bug 987) Reverted bogus fix for bug 502
30401 * (bug 992) Fix enhanced recent changes in PHP5
30402 * (bug 1009) Fix Special:Makesysop when using table prefixes
30403 * (bug 1010) fix broken Commons image link on Classic & Cologne Blue
30404 * (bug 985) Fix auto-summary for section edits
30405 * (bug 995) Close <a> tag
30406 * (bug 1004) renamed norsk language links (twice)
30407 * Login works again when using an old-style default skin
30408 * Fix for load balancing mode, notify if using old settings format
30409 * (bug 1014) Missing image size option on old accounts handled gracefully
30410 * (bug 1027) Fix page moves with table prefix
30411 * (bug 1018) Some pages fail with stub threshold enabled
30412 * (bug 1024) Fix link to high-res image version on Image: pages
30413 * (bug 1016) Fix handling of lines omitting Image: in a <gallery> tag
30414 * security fix for image galleries
30415 * (bug 1039) Avoid error message in certain message cache failure modes
30416 * Fix string escaping with PostgreSQL
30417 * (bug 1015) [partial] -- use comment formatter on image gallery text
30418 * Allow customization of all UI languages
30419 * use $wgForceUIMsgAsContentMsg to make regular UI messages act as content
30420 * new user option for zh users to disable language conversion
30421 * Defer message cache initialization, shaving a few ms off file cache hits
30422 * Fixed Special:Allmessages when using table prefixes
30423 * (bug 996) Fix $wgWhitelistRead to work again
30424 * (bug 1028) fix page move over redirect to not fail on the unique index
30426 === Beta 3 fixes ===
30428 * Hide RC patrol markers when patrol is disabled or not allowed to patrol.
30429 * Fix language selection for upgraded accounts
30430 * (bug 1076) navigation links in QueryPage should be translated by wgContLang.
30431 * (bug 922) bogus DOS line endings in LanguageEl.php
30432 * Fix index usage in contribs
30433 * Caching and load limiting options for Recentchanges RSS/Atom feed
30434 * (bug 1074) Add stock icons for non-image files in gallery/Newimages
30435 * Add width and height attributes on thumbs in gallery/Newimages
30436 * Enhance upload extension blacklist to protect against vulnerable
30437 Apache configurations
30439 === Beta 4 fixes ===
30441 * (bug 1090) Fix sitesupport links in CB/classic skins
30442 * Gracefully ignore non-legal titles in a <gallery>
30443 * Fix message page caching behavior when $wgCapitalLinks is turned off
30444 after installation and the wiki is subsequently upgraded
30445 * Database error messages include the database server name/address
30446 * Paging support for large categories
30447 * Fix image page scaling when thumbnail generation is disabled
30448 * Select the content language in prefs when bogus interface language is set
30449 * Fix interwiki links in edit comments
30450 * Fix crash on banned user visit
30451 * Avoid PHP warning messages when thumbnail not generated
30452 * (bug 1157) List unblocks correctly in Special:Log
30453 * Fix fatal errors in LanguageLi.php
30454 * Undo overly bright, difficult to read colors in Cologne Blue
30455 * (bug 1162) fix five-tilde date inserter
30456 * Add raw signatures option for those who simply must have cute sigs
30457 * (bug 1164) Let wikitext be used in Loginprompt and Loginend messages
30458 * Add the dreaded <span> to the HTML whitelist
30459 * (bug 1170) Fix Russian linktrail
30460 * (bug 1168) Missing text on the bureaucrat log
30461 * (bug 1180) Fix Makesysop on shared-user-table sites
30462 * (bug 1178) Fix previous diff link when using 'oldid=0'
30463 * (bug 1173) Stop blocked accounts from reverting/deleting images
30464 * Keep generated stylesheets cache-separated for each user
30465 * (bug 1175) Fix "preview on first edit" mode
30466 * Fix revert bug caused by bug 1175 fix
30467 * Fix CSS classes on minor, new, unpatrolled markers in enhanced RC
30468 * Set MySQL 4 boolean search back to 'and' mode by default
30469 * (bug 1193) Fix move-only page protection mode
30470 * Fix zhtable Makefile to include the traditional manual table
30471 * Add memcache timeout for the zh conversion tables
30472 * Allow user customization of the zh conversion tables through
30473 MediaWiki:zhconversiontable
30474 * Add zh-min-man (back) to language names list
30475 * Ported $wgCopyrightIcon setting from REL1_3A
30476 * (bug 1218) Show the original image on image pages if the thumbnail would be
30477 bigger than the original image
30478 * (bug 1213) i18n of Special:Log labels
30479 * (bug 1013) Fix jbo, minnan in language names list
30480 * Added magic word MAG_NOTITLECONVERT to indicate that the title of the page
30481 do not need to be converted. Useful in zh:
30482 * (bug 1224) Use proper date messages for date reformatter
30483 * (bug 1241) Don't show 'cont.' for first entry of the category list
30484 * (bug 1240) Special:Preferences was broken in Slovenian locale when
30485 $wgUseDynamicDates is enabled
30486 * Added magic word MAG_NOCONTENTCONVERT to suppress the conversion of the
30487 content of an article. Useful in zh:
30488 * write-lock for updating the zh conversion tables in memcache
30489 * recursively parse subpages of MediaWiki:Zhconversiontable
30490 * (bug 1144) Fix export for fy language
30491 * make removal of an entry from zhconversiontable work
30492 * (bug 752) Don't insert newline in link title for url with %0a
30493 * Fix missing search box contents in MonoBook skin
30494 * Add option to forward search directly to an external URL (eg google)
30495 * Correctly highlight the fallback language variant when the selected
30496 variant is disabled. Used in zh: only for now.
30498 === Beta 5 fixes ===
30500 * (bug 1124) Fix ImageGallery XHTML compliance
30501 * (bug 1186) news: in the middle of a word
30502 * (bug 1283) Use underlining and borders to highlight additions/deletions
30504 * Use user's local timezone in Special:Log display
30505 * Show filename for images in gallery by default (restore beta 3 behavior)
30506 * (bug 1201) Double-escaping in brokenlinks, imagelinks, categorylinks,
30508 * When using squid reverse proxy, cache the redirect to the Main_Page
30509 * (bug 1302) Fix Norwegian language file
30510 * (bug 1205) Fix broken article saving in PHP 5.1
30511 * (bug 1206) Implement CURRENTWEEK and CURRENTDOW magic keyword (will give
30512 number of the week and number of the day).
30513 * (bug 1204) Blocks do not expire automatically
30514 * (bug 1184) expiry time of indefinite blocks shown as the current time
30515 * (bug 1317) Fix external links in image captions
30516 * (bug 1084) Fix logo not rendering centrally in IE
30517 * (bug 288) Fix tabs wrapping in IE6
30518 * (bug 119) Fix full-width tabs with RTL text in IE
30519 * (bug 1323) Fix logo rendering off-screen in IE with RTL language
30520 * Show "block" link in Special:Recentchanges for logged in users, too, if
30521 wgUserSysopBans is true.
30522 * (bug 1326) Use content language for '1movedto2' in edit history
30523 * zh: Fix warning when HTTP_ACCEPT_LANGUAGE is not set
30524 * zh: Fix double conversion for zh-sg and zh-hk
30525 * (bug 1132) Fix concatenation of link lists in refreshLinks
30526 * (bug 1101) Fix memory leak in refreshLinks
30527 * (bug 1339) Fix order of @imports in Cologne Blue CSS
30528 * Don't try to create links without namespaces ([[Category:]] link bug)
30529 * Memcached data compression fixes
30530 * Several valid XHTML fixes
30531 * (bug 624) Fix IE freezing rendering whilst waiting for CSS with MonoBook
30532 * (bug 211) Fix tabbed preferences with XHTML MIME type
30533 * Fix for script execution vulnerability.
30535 === Beta 6 fixes ===
30537 * (bug 1335) implement 'tooltip-watch' in Language.php
30538 * Fix linktrail for nn: language
30539 * (bug 1214) Fix prev/next links in Special:Log
30540 * (bug 1354) Fix linktrail for fo: language
30541 * (bug 512) Reload generated CSS on preference change
30542 * (bug 63) Fix displaying as if logged in after logout
30543 * Set default MediaWiki:Sitenotice to '-', avoiding extra database hits
30544 * Skip message cache initialization on raw page view (quick hack)
30545 * Fix notice errors in wfDebugDieBacktrace() in XML callbacks
30546 * Suppress notice error on bogus timestamp input (returns epoch as before)
30547 * Remove unnecessary initialization and double-caching of parser variables
30548 * Call-tree output mode for profiling
30549 * (bug 730) configurable $wgRCMaxAge; don't try to update purged RC entries
30550 * Add $wgNoFollowLinks option to add rel="nofollow" on external links
30552 * (bug 1130) Show actual title when moving page instead of encoded one.
30553 * (bug 925) Fix headings containing <math>
30554 * (bug 1131) Fix headings containing interwiki links
30555 * (bug 1380) Update Nynorsk language file
30556 * (bug 1232) Fix sorting of cached Special:Wantedpages in miser mode
30557 * (bug 1217) Image within an image caption broke rendering
30558 * (bug 1384) Make patrol signs have the same width for page moves as for edits
30559 * (bug 1364) fix "clean up whitespace" in Title:SecureAndSplit
30560 * (bug 1389) i18n for proxyblocker message
30561 * Add fur/Furlan/Friulian to language names list
30562 * Add TitleMoveComplete hook on page renames
30563 * Allow simple comments for each translation rules in MW:Zhconversiontable
30564 * (bug 1402) Make link color of tab subject page link on talk page indicate
30565 whether article exists
30566 * (bug 1368) Fix SQL error on stopword/short word search w/ MySQL 3.x
30567 * Translated Hebrew namespace names
30568 * (bug 1429) Stop double-escaping of block comments; fix formatting
30569 * (bug 829) Fix URL-escaping on block success
30570 * (bug 1228) Fix double-escaping on & sequences in [enclosed] URLs
30571 * (bug 1435) Fixed many CSS errors
30572 * (bug 1457) Fix XHTML validation on category column list
30573 * (bug 1458) Don't save if edit form submission is incomplete
30574 * Logged-in edits and preview of user CSS/JS are now locked to a session token.
30575 * Per-user CSS and JavaScript subpage customizations now disabled by default.
30576 They can be re-enabled via $wgAllowUserJs and $wgAllowUserCss.
30577 * Removed .ogg from the default uploads whitelist as an extra precaution.
30578 If your web server is configured to serve Ogg files with the correct
30579 Content-Type header, you can re-add it in LocalSettings.php:
30580 $wgFileExtensions[] = 'ogg';
30584 * Fix notice error on nonexistent template in wikitext system message
30585 * (bug 1469) add missing <ul> tags on Special:Log
30586 * (bug 1470) remove extra <ul> tags from Danish log messages
30587 * Fix notice on purge w/ squid mode off
30588 * (bug 1477) hide details of SQL error messages by default
30589 Set $wgShowSQLErrors = true for debugging.
30590 * (bug 1430) Don't check for template data when editing page that doesn't exist
30591 * Recentchanges table purging fixed when using table prefix
30592 * (bug 1431) Avoid redundant objectcache garbage collection
30593 * (bug 1474) Switch to better-cached index for statistics page count
30594 * Run Unicode normalization on all input fields
30595 * Fix translation for allpagesformtext2 in LanguageZh_cn and LanguageZh_tw
30596 * Block image revert without valid login
30597 * (bug 1446) stub Bambara (bm) language file using French messages
30598 * (bug 1432) Update Estonian localization
30599 * (bug 1471) unclosed <p> tag in Danish messages
30600 * convertLinks script fixes
30601 * Corrections to template loop detection
30602 * XHTML encoding fix for usernames containing & in Special:Emailuser
30603 * (for zh) Search for variant links even when conversion is turned off,
30604 to help prevent duplicate articles.
30605 * Disallow ISO 8859-1 C1 characters and "no-break space" in user names
30607 * Correct the name of the main page it LanguageIt
30608 * Allow Special:Makesysop to work for usernames containing SQL special
30610 * Fix annoying blue line in Safari on scaled-down images on description page
30611 * Increase upload sanity checks
30612 * Fix XSS bug in Media: links
30613 * Add cross-site form submission protection to various actions
30614 * Fix fatal error on some dubious page titles
30615 * Stub threshold displays correctly again
30618 === 1.4.0 final fixes ===
30620 * (bug 65) Fix broken interwiki link encoding on Latin-1 wikis; force to UTF-8
30621 * (bug 563) Fix UTF-8 interwiki URL redirects via Latin-1 wikis
30622 * (bug 1536) Fix page info
30623 * Support os (Ossetic) as language code, using Russian localization base
30624 * (bug 1610) Support non (Old Norse) as language code, using Icelandic
30626 * (bug 1618) Properly list custom namespaces in Special:Allpages
30627 * (bug 1622) Remove trailing' >' when using category browser
30628 * (bug 1570) Fix php 4.2.x error on conflict merging
30629 * (bug 1585) Fix page title on post-login redirection page
30630 * Run UTF-8 validation on old text in Recentchanges RSS diffs
30631 * (bug 1642) fix a mime type typo in img_auth.php
30632 * Automated interwiki redirects only for local interwikis
30633 * Respect read-only mode on block removals
30634 * Trim old illegal characters from syndication feeds
30635 * Reduce message cache outage recovery delay from 1 day to 5 minutes
30636 * (bug 1403) Update Finnish localization
30637 * (bug 1478) Punjabi localization
30638 * (bug 1667) Update script 5 second countdown.
30639 * (bug 1057) Fix logging table encoding (error on MySQL 4.1)
30640 * (bug 1680) Fix linktrail for fo
30641 * (bug 1653) Removing hardcoded messages in Special:Allmessages
30642 * (bug 1594) Render a hyphen in a formula as − in HTML
30643 * (bug 1495) Fall back to default language MediaWiki: for custom messages
30644 * (bug 1617) Show different error messages for "user does not
30645 exist" and "wrong password" when using AuthPlugin
30646 * (bug 1532), (bug 1544) Changed language names for
30647 'bn', 'bo', 'dv', 'dz', 'ht', 'ii', 'li', 'lo', 'ng', 'or', 'pa', 'si',
30649 * Fix editing on non-Esperanto wiki with user language pref set to Esperanto
30650 * Make conversion table for zh-sg default to zh-cn, and zh-hk default to zh-tw
30651 * Fix PHP notice in MonoBook when counters disabled
30652 * (bug 1696) Update namespaces, dates in uk localization
30653 * (bug 551) Installer warns about magic_quotes_runtime and magic_quotes_sybase
30654 instead of trying to install with corrupt table files
30655 * Installer no longer tries to move non-default MediaWiki: pages into Template:
30656 * User-to-user email disabled by default ($wgEnableUserEmail)
30659 === 1.4.1 fixes ===
30661 * (bug 1720) fix genitive month names for uk
30662 * (bug 1704) fixed untranslateable string in Special:Log
30663 * (bug 1638) Added Belrusian language file
30664 * (bug 1736) typo in SpecialValidate.php
30665 * (bug 73) Upload doesn't run edit updates on description page (links,
30666 search index and categories)
30667 * (bug 646) <math> fails to recognize \ll and \gg
30668 * (bug 926) \div element from TeX not supported in <math> element
30669 * (bug 1147) add \checkmark to whitelist in texutil.ml
30670 * (bug 937) \limits function from LaTeX not supported in <math> element
30671 * Support for manually converting article title to different Chinese
30673 * (bug 1488, bug 1744) Fix encoding for preferences, dates in Latin-1 mode
30674 * (bug 1042) Fix UTF-8 case conversion for PHP <4.3 with mbstring extension
30675 * Fix code typo that broke article credits display
30676 * Installation fixes for running under IIS
30677 * (bug 1556) login page tab order. "remember" checkbox now come after password.
30678 * SQL debug log fixlets
30679 * (bug 1815) Fix namespace in old revision display with mismatched title
30680 * (bug 1788) Fix link duplication when edit/upload comment includes newlines
30681 * Change default on $wgSysopUserBans and $wgSysopRangeBans to true
30682 * Fix link conversion for URL request
30683 * (bug 1851) Updated download URL for the SCIM packages used by zhtable
30684 * (bug 1853) Try stripping quotes from term for 'go' title match
30685 * Fix missing function in Latin1 mode
30686 * (bug 1860) Anchors of interwiki links did not get normalized
30687 * (bug 1847) accept lowercase x in ISBN, do not accept invalid A-W,Y,Z
30688 * Fix link conversion for URL request, hopefully without breaking the wiki
30689 * (bug 1849) New option allows to consider categorized images as used on
30690 Special:Unusedimages
30691 * Localized category namespace for ka (Georgian)
30692 * (bug 1107) Work around includes problem in installer when parent dir is not
30693 readable by the web server
30694 * (bug 1927) Incorrect escaping on wikitext message in Blockip
30697 === 1.4.2 fixes ===
30699 * Fix math options in Finnish localization
30700 * Use in-process Tidy extension if available when $wgUseTidy is on
30701 * (bug 1933) Fix PATH_INFO usage under IIS with PHP ISAPI module
30702 * (bug 1188) <nowiki> in {{subst:}} includes fixed
30703 * (bug 1936) <!-- comments --> in {{subst:}} includes fixed
30704 * Fix a potential MSIE JavaScript injection vector in Tidy mode
30707 === 1.4.3 fixes ===
30709 * (bug 1636) Refs like ţ were misinterpreted as octal in some places
30710 * (bug 1163) Special:Undelete showed oldest revision instead of newest
30711 * (bug 1938) Fix escaping of illegal character references in link text
30712 * (bug 1997) Fix for error on display of renamed items in Recentchanges on PHP5
30713 * (bug 1949) Profiling typo in rare error case
30714 * (bug 1963) Fix deletion log link when $wgCapitalLinks is off
30715 * (bug 1970) Don't show move tab for immobile pages
30716 * (bug 1770) Page creation recorded links from the 'newarticletext' message
30717 * Optional change to the site_stats table. When applied, this removes the need
30718 for expensive queries in Special:Statistics.
30721 === 1.4.4 fixes ===
30723 * (bug 725) Let dir="ltr" attribute work again in MonoBook on RTL languages
30724 * (bug 2024) Skip JavaScript error for custom skins where .js message not set
30725 * (bug 2025) Updated Indonesian localization
30726 * (bug 2039) Updated Lithuanian localization
30731 Some output, particularly involving user-supplied inline HTML, may not
30732 produce 100% valid or well-formed XHTML output. Testers are welcome to
30733 set $wgMimeType = "application/xhtml+xml"; to test for remaining problem
30734 cases, but this is not recommended on live sites. (This must be set for
30735 MathML to display properly in Mozilla.)
30738 For notes on 1.3.x and older releases, see HISTORY.
30741 === Online documentation ===
30743 Documentation for both end-users and site administrators is currently being
30744 built up on MediaWiki.org, and is covered under the GNU Free Documentation
30747 https://www.mediawiki.org/
30750 === Mailing list ===
30752 A MediaWiki-l mailing list has been set up distinct from the Wikipedia
30755 http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
30757 A low-traffic announcements-only list is also available:
30758 http://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
30760 It's highly recommended that you sign up for one of these lists if you're
30761 going to run a public MediaWiki, so you can be notified of security fixes.
30766 There's usually someone online in #mediawiki on irc.freenode.net
30770 == MediaWiki 1.3.18 ==
30771 (released 2005-11-02)
30772 MediaWiki 1.3.18 is a bugfix and security maintenance release. A change in PHP
30773 4.4.1 broke handling of extension and <nowiki><pre></nowiki> sections, causing
30774 garbage data to be inserted in output and saved edits. This version works
30775 around the change. This release includes further corrections to the inline CSS
30776 style sanitation which works around a JavaScript "feature" on Microsoft
30777 Internet Explorer. Users of Microsoft Internet Explorer for Windows may be
30778 vulnerable to XSS injections on prior 1.3 releases; users of
30779 standards-compliant browsers are not vulnerable.
30781 == MediaWiki 1.3.17 ==
30782 (released 2005-10-05)
30783 MediaWiki 1.3.17 is a security maintenance release. Unsafe handling of CSS by
30784 Microsoft Internet Explorer could be exploited to produce cross-site scripting
30785 attacks by JavaScript injection to clients running that browser. This release
30786 blacklists several additional variants from use in HTML inline style
30787 attributes. All publicly accessible wikis are recommended to upgrade to reduce
30788 the risk to visitors using Microsoft web browsers.Note: the MediaWiki 1.3.x
30789 series is not compatible with PHP 5.0.5 or higher. Upgrade to the 1.5.0 release
30790 if you require this version of PHP 5.
30792 == MediaWiki 1.3.16 ==
30793 (released 2005-09-21)
30794 MediaWiki 1.3.16 is a security maintenance release. A bug in edit submission
30795 handling could cause corruption of the previous revision in the database if an
30796 abnormal URL was used, such as those used by some spambots. Affected releases:
30797 * 1.4.x <= 1.4.9; fixed in 1.4.10
30798 * 1.3.x <= 1.3.15; fixed in 1.3.16
30799 1.5 release candidates are not affected by this problem. All publicly editable
30800 wikis are strongly recommended to upgrade immediately.
30801 1.3 releases can be manually patched by changing this bit in
30802 {{manual|EditPage.php}}:
30803 <syntaxhighlight lang="php">
30804 if( $this->tokenOk( $request ) ) {
30805 $this->save = $request->wasPosted() && !$this->preview;
30809 <syntaxhighlight lang="php">
30810 if( $this->tokenOk( $request ) ) {
30811 $this->save = $request->getVal( 'action' ) == 'submit' &&
30812 $request->wasPosted() && !$this->preview;
30816 == MediaWiki 1.3.15, 2005-08-29 ==
30817 MediaWiki 1.3.15 is a security maintenance release. It corrects across-site
30818 scripting security bug:
30819 * <nowiki><math></nowiki> tags were handled incorrectly when TeX rendering
30820 support is off, as in the default configuration. Wikis where the optional math
30821 support has been *enabled* are not vulnerable. The 1.3.x series is no longer
30822 maintained except for security fixes; new users and those seeking bug fixes
30823 should upgrade to 1.4.9 or 1.5.0.
30825 == MediaWiki 1.3.14, 2005-08-23 ==
30826 MediaWiki 1.3.14 is a security maintenance release. A flaw in the interaction
30827 between extensions and HTML attribute sanitization was discovered which could
30828 allow unauthorized use of offsite resources in style sheets, and possible
30829 exploitation of a JavaScript injection feature on Microsoft Internet Explorer.
30830 The 1.3.x series is no longer maintained except for security fixes; new users
30831 and those seeking bug fixes should upgrade to 1.4.8 or 1.5.0. Existing 1.3.x
30832 installations not willing to upgrade to the current stable release should apply
30833 the change manually:
30834 In includes/Parser.php, function {{code|inline=y|lang=php|fixTagAttributes()}}
30836 <syntaxhighlight lang="php">
30837 # Any placeholder items should have been unstripped already before
30838 # we got to this point. Raw text inserted later could be dangerous.
30839 if( strpos( $t, UNIQ_PREFIX ) !== false ) {
30840 wfDebug( "Parser::fixTagAttributes found stripped data placeholder;
30841 dropping attributes\n" );
30845 If you are actively using extensions to generate HTML attribute values, upgrade
30846 to 1.4 or 1.5 for a more thorough fix.
30848 == MediaWiki 1.3.13, 2005-06-03 ==
30849 MediaWiki 1.3.13 is a security maintenance release. Incorrect handling of page
30850 template inclusions made it possible to inject JavaScript code into HTML
30851 attributes, which could lead to cross-site scripting attacks on a publicly
30852 editable wiki. Vulnerable releases and fix:
30853 * 1.5 prerelease: fixed in 1.5alpha2
30854 * 1.4 stable series: fixed in 1.4.5
30855 * 1.3 legacy series: fixed in 1.3.13
30856 * 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended The
30857 1.3.x series is no longer maintained except for security fixes; new users and
30858 those seeking general bug fixes should install 1.4.5. Existing 1.3.x
30859 installations not willing or able to upgrade to the current stable relase
30860 should update the installation to 1.3.13; only includes/Parser.php has changed
30863 == MediaWiki 1.3.12, 2005-02-20 ==
30864 MediaWiki 1.3.12 is a security maintenance release. A cross-site scripting
30865 injection vulnerability was discovered, which affects only MSIE clients and is
30866 only open if MediaWiki has been manually configured to run output through HTML
30867 Tidy ($wgUseTidy). The 1.3.x series is no longer maintained except for security
30868 fixes; new users and those seeking bug fixes should upgrade to 1.4.2. Existing
30869 1.3.x installations using Tidy not willing to upgrade to the current stable
30870 relase should either turn off Tidy or update the installation to 1.3.12.
30872 == MediaWiki 1.3.11, 2005-02-20 ==
30873 MediaWiki 1.3.11 is a security release.
30874 A security audit found and fixed a number of problems. Users of MediaWiki
30875 1.3.10 and earlier should upgrade to 1.3.11; users of 1.4 beta releases should
30878 === Cross-site scripting vulnerability ===
30879 XSS injection points can be used to hijack session and authentication cookies
30880 as well as more serious attacks.
30881 * Media: links output raw text into an attribute value, potentially abusable
30882 for JavaScript injection. This has been corrected.
30883 * Additional checks added to file upload to protect against MSIE and Safari
30884 MIME-type autodetection bugs.
30885 As of <code>1.3.10/1.4beta6</code>, per-user customized CSS and JavaScript is
30886 disabled by default as a general precaution. Sites which want this ability may
30887 set {{wg|AllowUserCss}} and {{wg|AllowUserJs}} in LocalSettings.php.
30889 === Cross-site request forgery ===
30890 An attacker could use JavaScript-submitted forms to perform various restricted
30891 actions by tricking an authenticated user into visiting a malicious web page. A
30892 fix for page editing in 1.3.10/1.4beta6 has been expanded in this release to
30893 other forms and functions. Authors of bot tools may need to update their code
30894 to include the additional fields.
30896 === Directory traversal ===
30897 An unchecked parameter in image deletion could allow an authenticated
30898 administrator to delete arbitrary files in directories writable by the web
30899 server, and confirm existence of files not deletable.
30901 == MediaWiki 1.3.10, 2005-02-03 ==
30902 MediaWiki 1.3.10 is a security release.
30903 An attacker could craft a URL which, when visited by a particular logged-in
30904 user, would execute arbitrary JavaScript code on the user's browser in the
30905 wiki's site context. This attack has been blocked, and as an extra precaution
30906 the user CSS and JavaScript subpage support is now disabled by default. Sites
30907 which want this ability may set {{wg|AllowUserCss}} and {{wg|AllowUserJs}} in
30908 {{manual|LocalSettings.php}}. Additional protections have been added against
30909 off-site form submissions
30910 hijacking user credentials. Authors of bot tools may need to update their code
30911 to include additional fields. All wikis running 1.3.x are strongly urged to
30913 Changes from 1.3.9:
30914 * Logged-in edits and preview of user CSS/JS are now locked to a session token.
30915 * Per-user CSS and JavaScript subpage customizations now disabled by default.
30916 They can be re-enabled via {{wg|AllowUserJs}} and {{wg|AllowUserCss}}.
30917 * Removed .ogg from the default uploads whitelist as an extra precaution. If
30918 your web server is configured to serve Ogg files with the correct Content-Type
30919 header, you can re-add it in LocalSettings.php: {{wg|FileExtensions}}<code>[] =
30922 == MediaWiki 1.3.9, 2004-12-12 ==
30923 MediaWiki 1.3.9 is a security and bug fix release.
30924 A flaw in upload handling has been found which may allow upload and execution
30925 of arbitrary scripts with the permissions of the web server. Only wikis that
30926 have enabled uploads and have a vulnerable Apache configuration will be
30927 affected, but to be safe all wikis should upgrade. Wikis with uploads available
30928 should either disable uploads or upgrade to 1.3.9 immediately; if other files
30929 are customized and require merging changes,
30930 includes/{{manual|SpecialUpload.php}} may be replaced individually to add the
30931 fix. (It is also recommended to configure your web server to disable script
30932 execution in the 'images' subdirectory where uploads are placed, which prevents
30933 most attacks even if the wiki fails.)
30934 Changes from 1.3.8:
30935 * Backported "Templates used in this page"-feature of EditPage
30936 * Allow "MySkin" as a default skin.
30937 * ({{bugzilla|938}}) Parse namespaces correctly on self-interwiki links
30938 * ({{bugzilla|1010}}) fix broken Commons image link on [[Skin:Classic|Classic]]
30939 & [[Skin:Cologne Blue|Cologne Blue]]
30940 * ({{bugzilla|1004}}) Norsk language names for interwiki links changed, Nauruan
30941 language name changed
30942 * Enhance upload extension blacklist to protect against vulnerable Apache
30945 == MediaWiki 1.3.8, 2004-11-15 ==
30946 MediaWiki 1.3.8 is a bugfix release. Those running wikis with uploads enabled
30947 are strongly recommended to upgrade as this fixes several problems with
30948 overwriting previously-uploaded files.
30949 Changes from 1.3.7:
30950 * ({{bugzilla|506}}) fix {{code|inline=y|lang=html|array_key_exists()}} warning
30951 for IIS servers using ISAPI mode
30952 * ({{bugzilla|718}}) fix bad charset in (file) cached pages
30953 * use local numerals in category page (for Hindi et al)
30954 * alias month abbreviations to month names in Hindi
30955 * add localized numerals for Gujarati and Kannada
30956 * fix Category and project namespaces for Hindi
30957 * Don't output bogus timestamp on [[Special:RecentChanges]] if no entries
30958 * Correct template include path which broke some but not all Windows installs
30959 * Fix edit form submission problem with some PHP versions
30960 * Disallow unreachable titles with %XX hex codes
30961 * Allow page [[0]] to be renamed
30962 * ({{bugzilla|774}}) when saving with <code>section=new</code>, return to the
30963 anchor as with existing numbered section edits
30964 * Experimental shared upload overlay area (disabled by default)
30965 * ({{bugzilla|806}}) Removed some "Wikipedia" hardcoding in German localization
30966 * User option localization fix for some extensions
30967 * ({{bugzilla|809}}) now try to load the mysql php extension if it isn't loaded
30968 * ({{bugzilla|848}}) fix error message in [[Special:Newpages]] RSS and Atom
30970 * ({{bugzilla|26}}) fix cache headers on anon talk page notification
30971 * ({{bugzilla|874}}) added 'cgi' to {{wg|FileBlacklist}}
30972 * ({{bugzilla|862}}) localize date and time format for Finnish
30973 * ({{bugzilla|548}}) Don't overwrite images until the user confirms it
30975 == MediaWiki 1.3.7, 2004-10-18 ==
30976 Changes from 1.3.6:
30977 * Fix protected-page related security issue.
30979 == MediaWiki 1.3.6, 2004-10-14 ==
30980 Changes from 1.3.5:
30981 * ({{bugzilla|296}}) Variables in user interface messages are no longer
30982 substituted at install time, so changes to the site name etc should be easier
30984 * ({{bugzilla|149}}) [[Special:RecentChanges]] "changes from" link preserves
30986 * ({{bugzilla|433}}) tooltip for "Undelete" tab now labeled correctly
30987 * ({{bugzilla|439}}) unclickable "Move" tab no longer displays on protected
30989 * ({{bugzilla|484}}) graceful deletion of images where the actual file is
30991 * ({{bugzilla|686}}) fixed [[plural]]s in Catalan localization
30992 * Fixed potential HTML/JavaScript injection attack in the
30993 [[Extension:UnicodeConverter|UnicodeConverter]] extension. (This extension is
30994 not enabled by default.)
30995 * Fixed potential HTML/JavaScript injection attack via raw page views to a
30996 maliciously crafted wiki page.
30997 * ({{bugzilla|187}}, {{bugzilla|669}}) Fixed centered thumbnails, using
30998 {{code|inline=y|lang=html|<div>}} instead of {{code|inline=y|lang=html|<span>}}.
30999 * catch MySQL error 2000 during installation.
31000 * ({{bugzilla|704}}) Removed misleading LocalSettings.sample
31001 * Fix cross site scripting bugs in [[Special:Ipblocklist]],
31002 [[Special:EmailUser]]
31003 * Fix SQL injection and cross site scripting bugs in Special:Maintenance
31004 * Fix cross site scripting bugs and possible filename validation vulnerability
31006 * and more of that sort
31008 == MediaWiki 1.3.5, 2004-09-30 ==
31009 Changes from 1.3.4:
31010 * Clean up input validation in 'raw' page output mode which was a potential
31011 cross-site scripting opportunity.
31013 == MediaWiki 1.3.4, 2004-09-28 ==
31014 === SECURITY NOTE ===
31015 As of 1.3.4, MediaWiki performs some screening of newly uploaded files for
31016 validity. (Some) corrupt image files, and HTML files mistakenly or maliciously
31017 masquerading as images, should now be rejected. These checks protect against
31018 Internet Explorer security holes relating to type autodetection which are a
31019 potential cross-site scripting attack vector, and also rejects at least one
31020 known version of the "JPEG virus" which might attack unpatched clients. If you
31021 already have invalid files uploaded this will not protect against them. If you
31022 have expanded the <code>filetype</code> whitelist or disabled the strict type
31023 checking, other dangerous file types may still get through. You should always
31024 be careful when allowing uploads!
31025 Changes from 1.3.3:
31026 * Fixed lots of template-related bugs, esp. for cases where template variables
31027 are used for links, images, etc.
31028 * Fixed transformation of page messages when viewing [[Special:Allmessages]]
31029 * Handle "ISBN ISBN 1234" correctly
31030 * Fixed warning on Category pages
31031 * Fixed some bad error messages on login page
31032 * Fixed history entry for initial main page on install
31033 * Removed problematic <code>{</code> and <code>}</code> from legal title
31035 * Strip leading blank from output in preformatted text.
31036 * Fixed problem when moving pages to titles with '#' in
31037 * Optional {{wg|RawHtml}} for raw {{code|inline=y|lang=html|<html>}} sections.
31038 Use only on limited- participation 'trusted' wikis, as it does not protect
31039 against cross-site scripting attacks. For security, this option can only be
31040 enabled if in {{wg|WhitelistEdit}} mode.
31041 * Fixed problem where pages which were created as a redirect following a move
31042 never showed on [[Special:Randompage]].
31043 * Fixed line spacing on printed table of contents
31044 * Allow links to pages with names of the form [[RFC 1234]]
31045 * Fixed broken edit links being shown for sections from included templates
31046 * Verify that uploaded image files are of the claimed type.
31048 == MediaWiki 1.3.3, 2004-09-09 ==
31049 Changes from 1.3.2:
31050 * Fix for long numeric page titles
31051 * Fix Go search for "0", numeric almost-self-links
31052 * Avoid caching of pages with "You have new messages" headers
31053 * Fix for upgrades as non-root users from 1.2 command-line installs.
31054 * Fix for {{wg|DebugDumpSql}} debug mode.
31055 * {{wg|ExtraNamespaces}} setting for configuring additional namespaces (see
31056 note in {{manual|DefaultSettings.php}})
31057 * 'recache' on query pages now disabled when miser mode is on; special case the
31058 global settings in your {{manual|LocalSettings.php}} to do automatic updates.
31059 * Don't block UTF-8 titles containing byte 0xA0 (bug added in 1.3.2)
31060 * Watch/unwatch tabs now shown on edit pages in MonoBook.
31061 * Fix default skin in Irish localization (ga)
31062 * Add Traditional Chinese localization (zh-tw)
31063 * Changed default sortkey of subcategories. Don't include "Category:"-prefix
31065 * More helpful info on spam catcher.
31066 * Allow larger offsets for queries such as [[Special:Listusers]]
31067 * Semicolon (;) added to French non-break space rules
31068 * Possible fix for some install errors with path names permission problems.
31069 * Removed [[Project:All system messages]], which has been superseded by the
31070 much faster [[Special:Allmessages]]. This speeds up installation considerably.
31072 == MediaWiki 1.3.2, 2004-08-30 ==
31073 Changes from 1.3.1:
31074 * Fix namespaced page creation links when no go match
31075 * When cookies are disabled, don't show login screen twice
31076 * Install should no longer die when PHP is pre-configured to compress output
31077 * Fixed bug that caused long Japanese pages to time out with Tidy active
31078 * When session.handler is set incorrectly, try automatic override to 'files'
31079 * Watch/Unwatch links back to the affected page instead of Main Page
31080 * Upload link no longer displayed on Monobook if uploading is disabled
31081 * Special:Allmessages faster, shows correct original text, works in safe mode
31083 == MediaWiki 1.3.1, 2004-08-14 ==
31084 Changes from 1.3.0:
31085 * Watchlist parameters now work with register_globals off
31086 * Fixed parsing of ''italics'' and '''bold''' mark-up (again)
31087 * Special:Allpages display is more sensible on smaller wikis
31088 * Fixed XHTML parsing error in classic skins
31089 * Moved pages update watchlist correctly
31090 * Fixed rebuildall.php on case-sensitive Unix filesystems
31091 * Disabled file cache compression by default due to incompatibility with output
31092 buffer compression (ob_gzhandler)
31093 * New magic word {{code|inline=y|PAGENAMEE}} (URL-escaped version of
31094 {{code|inline=y|PAGENAME}})
31095 * Installation avoids blank username; better message on missing XML module
31096 * {{wg|WhitelistAccount}} no longer breaks all logins.
31098 == MediaWiki 1.3.0, 2004-08-11 ==
31100 * New default layout '[[Skin:MonoBook|MonoBook]]' (available on PHP4 only
31102 * Print stylesheet now built-in to every page
31103 * More or less correct XHTML 1.0 (served as text/html by default)
31105 * Image captions can now include links and other basic formatting
31106 * Image bounding box can be specified instead of width, e.g. as 100x100px,
31107 making the image not wider than 100px and not higher than 100px, keeping aspect
31109 * Templates have been expanded with parameters, and separated from the
31110 MediaWiki: localization scheme.
31111 * Categories more or less work
31112 * added a special page for listing users with sysop rights.
31114 * Automatic merging of edit conflicts that don't directly interfere
31115 * Edit summaries can now include basic formatting and links
31116 Metadata and output:
31117 * Linked Creative Commons copyright metadata (optional)
31118 * RSS 2.0 & Atom 0.3 feeds for Recent Changes, New Pages
31120 * WikiHiero hieroglyphic module can be added (separate download)
31121 * Timeline module can be added (separate download). Requires ploticus.
31122 * TeX now has an experimental MathML output mode (incomplete!)
31123 Installation and upgrading:
31124 * The old install.php and update.php have been removed. In-place installation
31125 introduced in 1.2 is now the standard installation and upgrade method, see
31126 INSTALL and UPGRADE for directions.
31128 * The links table has been changed to use a cur_id for l_from. The link tables
31129 must be converted on upgrade, which may entail some downtime.
31130 Code and compatibility:
31131 * Should now run clean with error reporting set to E_ALL.
31132 * register_globals hack from 1.2 has been replaced with safer code
31133 * Bundled PHPTAL 0.7.0 from http://phptal.sourceforge.net/ (with some patches)
31134 * Most image-related code moved to Image.php
31135 * More fixes for PHP 4.1.2 (thanks to Asheesh Laroia)
31136 * URL encoding fix for anchors
31137 * All languages now available in UTF-8 mode
31138 * Various other fixes
31141 Some output, particularly involving user-supplied inline HTML, may not produce
31142 100% valid or well-formed XHTML output. Testers are welcome to set $wgMimeType
31143 = "application/xhtml+xml"; to test for remaining problem cases, but this is not
31144 recommended on live sites. (This must be set for MathML to display properly in
31145 Mozilla.) The new 'MonoBook' skin is not compatible with PHP 5 due to bugs in
31146 the underlying PHPTAL library. It will be automatically disabled when running
31147 on PHP5; the older look and feel will be used instead.