1 Security reminder: MediaWiki does not require PHP's register_globals. If you
2 have it on, turn it '''off''' if you can.
6 THIS IS NOT A RELEASE YET
8 MediaWiki 1.22 is an alpha-quality branch and is not recommended for use in
11 === Configuration changes in 1.22 ===
12 * $wgRedirectScript was removed. It was unused.
13 * Removed $wgLocalMessageCacheSerialized, it is now always true.
14 * $wgVectorUseIconWatch is now enabled by default.
15 * $wgCascadingRestrictionLevels was added.
16 * ftps, ssh, sftp, xmpp, sip, sips, tel, sms, bitcoin, magnet, urn, and geo
17 have been whitelisted inside of $wgUrlProtocols.
18 * $wgDocType and $wgDTD have been removed and are no longer used for the DOCTYPE.
19 * $wgHtml5 is no longer used by core. Setting it to false will no longer disable HTML5.
20 It is still set to true for extension compatibility but doing so in extensions is deprecated.
21 * $wgXhtmlDefaultNamespace is no longer used by core. Setting it will no longer change the
22 xmlns used by MediaWiki. Reliance on this variable by extensions is deprecated.
23 * $wgHandheldStyle was removed.
24 * $wgHandheldForIPhone was removed.
25 * $wgJsMimeType is no longer used by core. Most usage has been removed since
26 HTML output is now exclusively HTML5.
27 * $wgDBOracleDRCP added. True enables persistent connection with DRCP on Oracle.
28 * $wgLogAutopatrol added to allow disabling logging of autopatrol edits in the logging table.
29 default for $wgLogAutopatrol is true.
30 * The 'edit' right no longer allows for editing a user's own CSS and JS.
31 * New rights 'editmyusercss', 'editmyuserjs', 'viewmywatchlist',
32 'editmywatchlist', 'viewmyprivateinfo', 'editmyprivateinfo', and
33 'editmyoptions' restrict actions that were formerly allowed by default. They
34 have been added to the default for $wgGroupPermissions['*'].
35 * The 'editprotected' right no longer allows bypassing of all page protection
36 restrictions. Any group using it for this purpose will now need to have all
37 the individual rights listed in $wgRestrictionTypes for the same effect.
38 * The 'protect' and 'autoconfirmed' rights are no longer used for the default
39 page protection levels. The rights 'editprotected' and 'editsemiprotected'
40 are now used for this purpose instead.
41 * (bug 40866) wgOldChangeTagsIndex removed.
42 * $wgNoFollowDomainExceptions now only matches entire domains. For example,
43 an entry for 'bar.com' will still match 'foo.bar.com' but not 'foobar.com'.
45 === New features in 1.22 ===
46 * (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and attributes.
47 * (bug 33454) Language::sprintfDate now has a timezone parameter, and supports
48 the "eIOPTZ" formatting characters.
49 * EditWarning: A warning is shown when an editor leaves the edit form without
50 saving (enabled by default, users can opt-out via the 'useeditwarning'
51 preference). This feature was moved from the Vector extension, and is now part
52 of core for all skins. Take care when upgrading that you don't use an older
53 version of the Vector extension as this feature may conflict.
54 * New 'mediawiki.ui' CSS module providing mw-ui-* styles for buttons and a
55 compact vertical form layout.
56 * New versions of login (Special:UserLogin) and create account
57 (Special:UserLogin/signup) forms using the "vform" compact vertical form layout.
58 These forms use new messages that assume a "Help logging in" link, see
59 https://www.mediawiki.org/wiki/Manual:Page_customizations;
60 https://www.mediawiki.org/wiki/Account_creation_user_experience/Strings lists the
62 * (bug 23343) Implemented ability to apply IP blocks to the contents of X-Forwarded-For headers
63 by adding a new configuration variable $wgApplyIpBlocksToXff (disabled by default).
64 * The new hook 'APIGetPossibleErrors' to modify the list of possible errors was
66 * (bug 25592) LogEventsList::showLogExtract() will now ignore various
67 Pager-related WebRequest parameters by default, as this is overwhelmingly
68 likely to be what was intended by users of the method. If any caller wishes
69 to use these parameters, the new param 'useRequestParams' may be set to true.
70 * mw.util.addPortletLink: Tooltip is no longer required to be plain (without
71 an accesskey in it already). As such it now rountrips. Creating a link with a
72 message as tooltip, grabbing the title attribute and using it to create
73 another portlet will work as expected.
74 * (bug 6747) {{ROOTPAGENAME}} introduced, contains the name of the topmost
75 page without namespace.
76 * BREAKING CHANGE: (bug 41729) Display editsection links next to headings. Also
77 change their class name from .editsection to .mw-editsection and place them at
78 the end of the heading element instead of the beginning. Client-side code and
79 screen-scrapers will have to be adjusted to handle both cases (old HTML will
80 still be visible on cached page renders until they are purged); extensions
81 using the DoEditSectionLink or EditSectionLink hooks might need adjustments as
83 * (bug 45535) introduced the new 'LanguageLinks' hook for manipulating the
84 language links associated with a page before display.
85 * Chosen (http://harvesthq.github.io/chosen/) was added as module 'jquery.chosen'
86 * HTMLForm will turn multiselect checkboxes into a Chosen interface when setting cssclass 'mw-chosen'
87 * rebuildLocalisationCache learned --lang option. Let you rebuild l10n caches
88 of the specified languages instead of all of them.
89 * New GetNewMessagesAlert hook allowing extensions to disable or modify the new
91 * New wgUserNewMsgRevisionId JS global for logged in users. This will be null
92 if the user has no new talk page messages. Otherwise it will be set to the
93 revision ID of the oldest new talk page message. This will allow gadgets and
94 extensions to create their own new message alerts on the client side.
95 * mediawiki.log: Added log.warn wrapper (uses console.warn and console.trace).
96 * mediawiki.log: Implemented log.deprecate. This method defines a property and
97 uses ES5 getter/setter to emit a warning when they are used.
98 * $wgCascadingRestrictionLevels was added, allowing one to specify restriction levels
99 which can be cascading (previously 'sysop' was hard-coded as the only one).
100 * XHTML5 support has been improved. If you set $wgMimeType = 'application/xhtml+xml'
101 MediaWiki will try outputting markup acording to XHTML5 rules.
102 * New hook 'TitleSquidURLs' for manipulating the list of URLs to be purged from
103 HTTP caches when a page is changed.
104 * Changed the patrolling system to always show the link for patrolling in case the
105 current revision is patrollable. This also removed the usage of the rcid URI parameters.
106 * Oracle DB backend now supports Database Resident Connection Pooling (DRCP).
107 Can be enabled by setting $wgDBOracleDRCP=true.
108 Requires Oracle DB 11gR1 or above, enabled DRCP inside the DB itself and a
109 propper connect string.
110 More about DRCP can be found at:
111 http://www.oracle-base.com/articles/11g/database-resident-connection-pool-11gr1.php
112 * Add a new parameter $patrolFooterShown to hook ArticleViewFooter so the hook
113 handlers can take further action based on the status of the patrol footer
114 * A new hook TitleQuickPermissions was added to allow overriding of quick
115 permissions in the Title class.
116 * LinkCache singleton can now be altered or cleared, letting one to specify
117 another instance that does not rely on a database backend.
118 * MediaWiki's PHPUnit tests can now use PHPUnit installed using composer --dev.
119 * (bug 43689) The lists of templates used on the page and hidden categories it
120 is a member of, shown below the edit form, are now collapsible (and collapsed
122 * New user rights have been added to increase granularity in rights management
123 for extensions such as OAuth:
124 ** editmyusercss controls whether a user may edit their own CSS subpages.
125 ** editmyuserjs controls whether a user may edit their own JS subpages.
126 ** viewmywatchlist controls whether a user may view their watchlist.
127 ** editmywatchlist controls whether a user may edit their watchlist.
128 ** viewmyprivateinfo controls whether a user may access their private
129 information (e.g. registered email address, real name).
130 ** editmyprivateinfo controls whether a user may change their private
132 ** editmyoptions controls whether a user may change their preferences.
133 * Add new hook AbortTalkPageEmailNotification, this will be used to determine
134 whether to send the regular talk page email notification
135 * (bug 46513) Vector: Add the collapsibleTabs script from the Vector extension.
136 * Added $wgRecentChangesFlags for defining new flags for RecentChanges and
138 * (bug 40518) mw.toolbar: Implemented mw.toolbar.addButtons for adding multiple
139 button objects in one call.
140 * Rights used for the default protection levels ('sysop' and 'autoconfirmed')
141 are now used just for that purpose, instead of overloading other rights. This
142 allows easy granting of the ability to edit sysop-protected pages without
143 also granting the ability to protect and unprotect.
144 * (bug 48256) Make brackets in section edit links accessible to CSS.
145 They are now wrapped in <span class="mw-editsection-bracket" />.
146 * (bug 8480) Allow handler specific parameters in galleries (like page number)
147 * jquery.client: Add detection for Opera 15 and Internet Explorer 11.
148 * Change tags (used by the AbuseFilter extension) are now shown on diff pages.
149 * Change tag lists (shown on recent changes, watchlist, user contributions,
150 history pages, diff pages) now include a link to Special:Tags to distinguish
151 them from edit summaries.
152 * Added a new method and hook, User::isEveryoneAllowed() and
153 UserIsEveryoneAllowed, for use in situations where a "does everyone have this
154 right?" check is used to avoid more expensive checks.
155 * Display "(No difference)" instead of an empty diff (when comparing revisions
156 in the history or when previewing changes while editing).
157 * New hook 'IsUploadAllowedFromUrl' is added which can be used to intercept uploads by
158 URL, useful for blacklisting specific URLs
159 * (bug 21912) Watchlist token implementation has been refactored and
160 Special:ResetTokens was added to allow users to reset their tokens
161 instead of presenting them in Preferences.
162 * Special:PrefixIndex now lets you strip the searched prefix from the displayed
163 titles. Given a list of articles named Bug1, Bug2, you can now transclude the
164 list of bug numbers using: {{Special:PrefixIndex/Bug|stripprefix=1}}.
165 The special page form received a new checkbox matching that option.
166 * (bug 23580) Implement javascript callback interface "mw.hook".
167 * (bug 30713) New mw.hook "wikipage.content".
168 * (bug 40430) jquery.placeholder gets a new parameter to set the attribute value
170 * $wgHTCPMulticastRouting renamed $wgHTCPRouting since it accepts unicast.
171 * $wgHTCPRouting rules can now be passed an array of hosts/ports to send purge
172 too. Can be used whenever several multicast group could be interested by a
174 * (bug 25931) Add Special:RandomInCategory.
175 * mediawiki.util: addPortletLink now supports passing a jQuery object as nextnode.
176 * <wbr> can now be used inside WikiText.
178 === Bug fixes in 1.22 ===
179 * Disable Special:PasswordReset when $wgEnableEmail is false. Previously one
180 could still navigate to the page by entering the URL directly.
181 * (bug 47138) Fixed a fatal error when a blocked user tries to automatically
182 create an account on login due external authentication in some circumstances.
183 * (bug 23393) HTML <hN> headings containing line breaks are now handled
185 * (bug 45803) Whitespace within == Headline == syntax and within <hN> headings
186 is now non-significant and not preserved in the HTML output.
187 * (bug 47218) Special:BlockList now handles correctly user names with spaces
188 when passed as subpage.
189 * Pager's properly validate which fields are allowed to be sorted on.
190 * mw.util.tooltipAccessKeyRegexp: The regex now matches "option-" as well.
191 Support for Mac "option" was added in 1.16, but the regex was never updated.
192 * (bug 46768) Usernames of blocking users now display correctly, even if numeric.
193 * (bug 39590) {{PAGESIZE}} for the current page and self-transclusions now
194 show the most up to date result always instead of being a revision behind.
195 * A bias in wfRandomString() toward digits 1-7 has been corrected. Generated
196 strings will now start with digits 0 and 8-f as often as they should.
197 * (bug 45371) Removed Parser_LinkHooks and CoreLinkFunctions classes.
198 * (bug 41545) Allow <kbd>, <samp>, and <var> to be nested like allowed in html.
199 * PLURAL magic word no longer causes a PHP notice when no matching form exists.
200 * (bug 36641) Patrol page links no longer show on non-existent revisions.
201 * (bug 35810) Pages not linked from Special:RecentChanges or Special:NewPages
203 * (bug 30213) JavaScript for search suggestions is now disabled when the API
204 is disabled, and AJAX patrolling and watching are now disabled when use of
205 the write API is not allowed.
206 * (bug 48294) API: Fix chunk upload async mode.
207 * (bug 46749) Broken files tracking category removed from pages if an image
208 with that name is uploaded.
209 * (bug 14176) System messages that are empty were previously incorrectly treated
210 as non-existent, causing a fallback to the default. This stopped users from
211 overriding system messages to make them blank.
212 * (bug 48319) action=parse no longer returns an error if passed none of 'oldid',
213 'pageid', 'page', 'title', and 'text' (e.g. if only passed 'summary'). A
214 warning will instead be issued if 'title' is non-default, unless no props are
216 * Special:Recentchangeslinked will now include upload log entries
217 * (bug 41281) Fixed ugly output if file size could not be extracted for multi-page media.
218 * (bug 50315) list=logevents API module will now output log entries by anonymous users.
219 * (bug 38911) Handle headers with rowspan in jquery.tablesorter
220 * (bug 658) Converted the table of contents on wiki pages from <table> to <div>
221 and adjusted skin CSS accordingly. The CSS was carefully crafted to be
222 backwards-compatible in all reasonable cases (uses of the __TOC__ magic word,
223 the #toc CSS id and the .toc CSS class). However, particularly bad abuse of
224 the id or the class can possibly break.
225 * CSSJanus now supports rgb, hsl, rgba, and hsla color syntaxes.
226 * Special:Listfiles can no longer be sorted by image name when filtering
227 by user in miser mode.
228 * (bug 49074) CSSJanus: Handle values of border-radius correctly.
229 * Handle relative inclusions ({{../name}}) in main namespace with subpages
230 enabled correctly (previously MediaWiki tried to include Template:Parent/name
231 instead of just Parent/name).
232 * Added $wgAPIUselessQueryPages to allow extensions to flag their query pages
233 for non-inclusion in ApiQueryQueryPages.
234 * (bug 50870) mediawiki.notification: Notification area should remain visible
236 * (bug 13438) Special:MIMESearch no longer an expensive special page.
237 * (bug 48342) Fixed a fatal error when $wgValidateAllHtml is set to true and
238 the function apache_request_headers() function is not available.
239 * (bug 33399) LivePreview: Re-run wikipage content handlers
240 (jquery.makeCollapsible, jquery.tablesorter) after preview content is loaded.
241 * (bug 51891) Fixed PHP notice on Special:PagesWithProp when no properties
243 * (bug 52006) Corrected documentation of $wgTranscludeCacheExpiry.
244 * (bug 52077) The APIEditBeforeSave hook is giving the content of the whole
245 revision as second argument now, rather than just the current section.
246 * (bug 49694) $wgSpamRegex is now also applied on the new section headline text
247 adding a new topic on a page
248 * (bug 6200) line breaks in <blockquote> are handled like they are in <div>
250 === API changes in 1.22 ===
251 * (bug 25553) The JSON output formatter now leaves forward slashes unescaped
252 to improve human readability of URLs and similar strings. Also, a "utf8"
253 option is now provided to use UTF-8 encoding instead of hex escape codes
254 for most non-ASCII characters.
255 * (bug 46626) xmldoublequote parameter was removed. Because of a bug, the
256 parameter has had no effect since MediaWiki 1.16, and so its removal is
257 unlikely to impact existing clients.
258 * (bug 47216) action=query&meta=siteinfo&siprop=skins will now indicate which
259 skin is the default and which are unusable (e.g. listed in $wgSkipSkins).
260 * (bug 25325) Added support for wlshow filtering (bots/anon/minor/patrolled)
261 to action=feedwatchlist.
262 * WDDX formatted output will actually be formatted (and normal output will no
263 longer be), and will no longer choke on booleans.
264 * action=opensearch no longer silently ignores the format parameter.
265 * action=opensearch now supports format=jsonfm.
266 * list=usercontribs&ucprop=ids will now include the parent revision id.
267 * BREAKING CHANGE: action=parse no longer returns all langlinks for the page
268 with prop=langlinks by default. The new effectivelanglinks parameter will
269 request that the LanguageLinks hook be called to determine the effective
271 * BREAKING CHANGE: list=allpages, list=langbacklinks, and prop=langlinks do not
272 apply the new LanguageLinks hook, and thus only consider language links
273 stored in the database.
274 * (bug 47219) Allow specifying change type of Wikipedia feed items
275 * prop=imageinfo now allows setting iiurlheight without setting iiurlwidth
276 * prop=info now adds the content model and page language of the title.
277 * New upload log entries will now contain information on the relevant
278 image (sha1 and timestamp).
279 * (bug 49239) action=parse now can parse in preview and section preview modes.
280 * (bug 49259) action=patrol now accepts revision ids.
281 * (bug 48129) list=blocks&bkip= now correctly handles IPv6 CIDR ranges and
282 honors $wgBlockCIDRLimit. Note any clients passing invalid values to bkip
283 will now receive an error, rather than the previous behavior listing all
285 * (bug 48201) action=parse&text=foo now assumes wikitext if no title is given,
286 rather than using the content model of the page "API".
287 * action=watch may now return errors.
288 * (bug 50785) action=purge with forcelinkupdate=1 no longer queues refreshLinks
289 jobs in the job queue for link table updates of pages that use the given page
290 as a template. Instead, forcerecursivelinkupdate=1 is introduced and should
291 be used if that behaviour is desirable.
292 * The 'debugLog' property (enabled by $wgDebugToolbar) no longer sets the log
293 entry values through ApiResult::content but directly. This changes the JSON
294 output from an array of objects with content in '*' to an array of strings
296 * (bug 51342) prop=imageinfo iicontinue now contains the dbkey, not the text
297 version of the title.
298 * (bug 52538) action=edit will now use empty text instead of the contents
299 of section 0 when passed prependtext or appendtext with section=new.
301 === Languages updated in 1.22===
303 MediaWiki supports over 350 languages. Many localisations are updated
304 regularly. Below only new and removed languages are listed, as well as
305 changes to languages because of Bugzilla reports.
307 * Batak Toba (bbc-latn) added.
308 * (bug 46751) Made Buryat (Russia) (буряад) (bxr) fallback to Russian.
310 === Other changes in 1.22 ===
311 * BREAKING CHANGE: Implementation of MediaWiki's JS and JSON value encoding
313 ** MediaWiki no longer supports PHP installations in which the native JSON
314 extension is missing or disabled.
315 ** XmlJsCode objects can no longer be nested inside objects or arrays.
316 (For Xml::encodeJsCall(), this individually applies to each argument.)
317 ** The sets of characters escaped by default, along with the precise escape
318 sequences used, have changed (except for the Xml::escapeJsString()
319 function, which is now deprecated).
320 * BREAKING CHANGE: The Services_JSON class has been removed. If necessary,
321 be sure to upgrade affected extensions at the same time (e.g. Collection).
322 * redirect.php was removed. It was unused.
323 * ClickTracking integration was dropped from the mediaWiki.user.bucket
324 JavaScript function. The 'tracked' option is now ignored.
325 * BREAKING CHANGE: Legacy skins Simple, MySkin, Chick, Standard and Nostalgia
326 were all removed. (Nostalgia was moved to an extension.) The SkinLegacy and
327 LegacyTemplate classes that supported them were removed as well and are now a
328 part of the Nostalgia extension.
329 * Event namespace used by jquery.makeCollapsible has been changed from
330 'mw-collapse' to 'mw-collapsible' for consistency with the module name.
331 * BREAKING CHANGE: The "ExternalAuth" authentication subsystem was removed, along
332 with its associated globals of $wgExternalAuthType, $wgExternalAuthConf,
333 $wgAutocreatePolicy and $wgAllowPrefChange. Affected users are encouraged to
334 use AuthPlugin for external authentication/authorization needs.
335 * The Quickbar feature of the legacy skin model and the last remnants of it
336 throughout the code base have been removed.
337 * Externaledit/externaldiff preference was removed. Very few users used this
338 feature, and improper configuration can actually prevent a user from editing
339 * Calling Linker methods using a skin will now output deprecation warnings.
340 * (bug 46680) "Return to" links are no longer tagged with rel="next".
341 * BREAKING CHANGE: mw.util.tooltipAccessKeyRegexp: The match group for the
342 accesskey character is now $6 instead of $5.
343 * HipHop compiler (hphpc) support was removed. HipHop VM support (hhvm) was
345 * A new Special:Redirect page was added, providing lookup by revision ID,
346 user ID, or file name. The old Special:Filepath page was reimplemented
347 to redirect through Special:Redirect.
348 * Monobook: Removed the old conditional stylesheets for Opera 6, 7 and 9.
349 * Support for XHTML 1.0 has been removed. MediaWiki now only outputs (X)HTML5.
350 * wikibits: User-agent related globals have been deprecated. The following
351 properties now default to false and emit mw.log.warn: is_gecko, is_chrome_mac,
352 is_chrome, webkit_version, is_safari_win, is_safari, webkit_match, is_ff2,
353 ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs, opera7_bugs, opera6_bugs,
354 is_opera_95, is_opera_preseven, is_opera, and ie6_bugs.
355 * (bug 48276) MediaWiki will now flash a confirmation message upon successfully
357 * (bug 40785) mediawiki.legacy.ajax has been marked as deprecated. The following
358 properties now emit mw.log.warn when accessed: sajax_debug, sajax_init_object,
359 sajax_do_call and wfSupportsAjax.
360 * BREAKING CHANGE: meta keywords are no longer supported. A <meta name="keywords"
361 will no longer be output and OutputPage::addKeyword no longer exists.
362 * Methods Title::userCanEditCssSubpage and Title::userCanEditJsSubpage,
363 deprecated since 1.19, have been removed.
364 * (bug 50134) Hook functions are no longer required to return a value. When a
365 hook function does not return a value (or when it returns an explicit null),
366 processing continues. To abort the hook, a hook function must return an
367 explicit, boolean false or a string error message. Other falsey values are
368 tantamount to a 'return true' in earlier versions of MediaWiki.
369 * BREAKING CHANGE: The EditSectionLink hook was removed after being
370 deprecated since MediaWiki 1.14. Use DoEditSectionLink instead.
371 * (bug 48256) The 'editsection-brackets' optional message was removed.
372 Section edit links' brackets can now be customized using CSS by
373 styling span.mw-editsection-bracket.
374 * The usePatrol function in ChangesList has been marked as deprecated.
375 * (bug 50785) A "null edit", that is, a save action in which no changes to the
376 page text are made and no revision recorded, will no longer send refreshLinks
377 jobs to the job table to update pages which use the edited page as a template.
378 * The LivePreviewPrepare and LivePreviewDone events triggered on "jQuery( mw )"
379 have been deprecated in favour of using mw.hook.
380 * The 'showjumplinks' user preference has been removed, jump links are now
385 MediaWiki 1.22 requires PHP 5.3.2 or later.
387 MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but
388 support for them is somewhat less mature. There is experimental support for
391 The supported versions are:
393 * MySQL 5.0.2 or later
394 * PostgreSQL 8.3 or later
395 * SQLite 3.3.7 or later
396 * Oracle 9.0.1 or later
400 1.22 has several database changes since 1.21, and will not work without schema
401 updates. Note that due to changes to some very large tables like the revision
402 table, the schema update may take quite long (minutes on a medium sized site,
403 many hours on a large site).
405 If upgrading from before 1.11, and you are using a wiki as a commons
406 repository, make sure that it is updated as well. Otherwise, errors may arise
407 due to database schema changes.
409 If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
410 new database fields are filled with data.
412 If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to
413 1.5 first. The upgrade script maintenance/upgrade1_5.php has been removed
416 Don't forget to always back up your database before upgrading!
418 See the file UPGRADE for more detailed upgrade instructions.
420 For notes on 1.21.x and older releases, see HISTORY.
422 == Online documentation ==
424 Documentation for both end-users and site administrators is available on
425 MediaWiki.org, and is covered under the GNU Free Documentation License (except
426 for pages that explicitly state that their contents are in the public domain):
428 https://www.mediawiki.org/wiki/Documentation
432 A mailing list is available for MediaWiki user support and discussion:
434 https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
436 A low-traffic announcements-only list is also available:
438 https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
440 It's highly recommended that you sign up for one of these lists if you're
441 going to run a public MediaWiki, so you can be notified of security fixes.
445 There's usually someone online in #mediawiki on irc.freenode.net.