Hi all,
On Thursday we will be issuing a security and maintenance release to all
supported branches of MediaWiki.
The new releases will be:
- 1.35.12
- 1.39.5
- 1.40.1
This will resolve four security issues in MediaWiki core, two in a bundled
skin, along with bug fixes included for maintenance reasons. This includes
various patches for PHP 8.0, PHP 8.1 and PHP 8.2 support.
One issue in a bundled skin only affects MediaWiki 1.40 and master, the
other bundled skin issue affects MediaWiki 1.39, 1.40 and master.
A partial fix for one of the skin issues is already merged into the
relevant release branch.
One more minor security fix was merged in public after the releases of
1.35.11/1.38.7/1.39.4/1.40.0.
We will make the fixes available in the respective release branches and
master in git. Tarballs will be available for the above mentioned point
releases as well.
A summary of some of the security fixes that have gone into non-bundled
MediaWiki extensions will also follow later.
As a reminder, when 1.35 was released, it was originally due to become end
of life (EOL) at the end of September 2023. Due to 1.39 being released late
(November 2022), and to honor the commitment to the 1 year overlap of
MediaWiki LTS releases, this formal EOL process is being delayed till at
least the end of November 2023.
In practice, this may become sometime in December 2023, to coincide with
the security and maintenance release for that quarter. A formal EOL
announcement for 1.35 will come in advance of that point.
It is therefore expected that 1.35.13 in December 2023 will become the
final release for the 1.35 branch.
It is noted that support and CI for 1.35 is becoming more limited;
backports are becoming best-effort. Browser testing has been dropped for
1.35 in Wikimedia CI, due to the difficulties to support this.
It is strongly recommended to upgrade to 1.39 (the next LTS after 1.35),
which will be supported until November 2025, or 1.40, which will be
supported until June 2024.
[1] https://www.mediawiki.org/wiki/Version_lifecycle
As per the MediaWiki version lifecycle[1], I would like to announce the
formal end of life (EOL) of MediaWiki 1.38 as of today, Friday June 30,
2023.
1.38.7 is expected to be the last release for this branch.
This means that MediaWiki 1.38 will no longer receive maintenance or
security backports. It is therefore strongly discouraged that you continue
to use it.
It is recommended to upgrade either to MediaWiki 1.39 (LTS), which will be
supported until November 2025 or to 1.40 (released today), which will be
supported until June 2024.
Thanks!
Sam Reed
[1] https://www.mediawiki.org/wiki/Version_lifecycle
Hi all,
On Friday we will be issuing a security and maintenance release to all
supported branches of MediaWiki.
The new releases will be:
- 1.35.11
- 1.38.7
- 1.39.4
This will resolve three minor security issues in MediaWiki core, along with
bug fixes included for maintenance reasons. This includes various patches
for PHP 8.0, PHP 8.1 and PHP 8.2 support.
Due to the low severity of two of the patches, they already exist in the
respective release branches in git.
We will make the fixes available in the respective release branches (plus
1.40 which will also be released tomorrow) and master in git. Tarballs will
be available for the above mentioned point releases as well.
A summary of some of the security fixes that have gone into non-bundled
MediaWiki extensions will also follow later.
As a reminder, 1.38 becomes end of life (EOL) tomorrow, June 30, 2023.
1.38.7 is therefore expected to be the last release for this branch. It is
recommended to upgrade to 1.39 (the next LTS after 1.35), which will be
supported until November 2025, or the newly released 1.40, which will be
supported until June 2024.
[1] https://www.mediawiki.org/wiki/Version_lifecycle