MediaWiki-announce

mediawiki-announce@lists.wikimedia.org

1 participants
276 discussions

Security and maintenance release: 1.31.15 / 1.35.3 / 1.36.1

by Sam Reed

22 hours, 46 minutes

Security pre-release announcement: 1.31.15 / 1.35.3 / 1.36.1

by Sam Reed

Hi all, Tomorrow we will be issuing a security and maintenance release to all supported branches of MediaWiki. The new releases will be: - 1.31.15 - 1.35.3 - 1.36.1 This will resolve 1 minor issue in MediaWiki core and also includes some fixes previously committed to git, including minor security and hardening patches along with bug fixes included for maintenance reasons. We will make the fixes available in these respective release branches, and also master. Tarballs will be available for the above mentioned point releases as well. A summary of some of the security fixes that have gone into non-bundled MediaWiki extensions will also follow. As a reminder, 1.31 (the old LTS) was due to become end of life (EOL) in June 2021. 1.35 (the new LTS) is supported until September 2023. However, to try and meet our LTS-LTS overlap commitments (1.35 was late due to COVID), 1.31 will get best-efforts extra support until the end of September 2021. Practically, this will mean 1.31 is only tested on PHP 7.2, removing the burden of testing on PHP 7.0 and 7.1 which both became EOL in 2019. This will also mean 1.31 is eligible for one final security release in late September 2021 before formally becoming EOL. [1] https://www.mediawiki.org/wiki/Version_lifecycle

1 day, 21 hours

Announcing MediaWiki 1.36.0

by Sam Reed

I am happy to announce the availability of the general release of MediaWiki 1.36! Tarballs have already been uploaded, and the git tag has been pushed. Please note that MediaWiki 1.36 now requires the PHP internationalization extension, commonly referred to as Intl, ext-intl, or php-intl. As a reminder, 1.31 (the old LTS) is due to become end of life in June 2021. 1.35 (the new LTS) is supported until September 2023. However, to try and meet our LTS-LTS overlap commitments (1.35 was late due to COVID), 1.31 will get best-efforts extra support until the end of September 2021. Practically, this will mean 1.31 is only tested on PHP 7.2, removing the burden of testing on PHP 7.0 and 7.1 which both became EOL in 2019. It is also noted that the patch from MediaWiki 1.36.0-rc.0 to MediaWiki 1.36.0 (mediawiki-1.36.0.patch.gz/mediawiki-1.36.0.patch.zip) is larger than expected due to an issue with the initial importing of skins and extensions as submodules into the REL1_36 branch. A bug has been filed for this issue, but doesn't cause any practical issues otherwise. MediaWiki 1.36 will be supported until May 2022. MediaWiki 1.37 is due to be released in November 2021. === Changes since MediaWiki 1.36.0-rc.0 === * (T248481) rdbms: Use server time in DatabaseMysqlBase::getLagFromPtHeartbeat(). * (T281549) WebInstaller: Don't show the announce-l subscribe checkbox for now. * (T264214) Follow-ups for UserGroupManager. * (T282280) resourceloader: Fix path-only URLs in wiki modules when script path is docroot. * (T281972) UserIdentityValue: Introduce convenience static factory methods. * (T230428) Make page_is_redirect and page_is_new unsigned. * (T280292) Legacy feature should not load thumbnail style rules (only layout). * (T283247) Freenode -> Libera per wikimedia moving from freenode to libera. * (T280270) composer: Lock Parsoid version to specific 0.13.0 release. * (T142663) Add extension.json merge strategy "provide_default". * (T283540) HookContainer: Fix normalization of callback for static handler. * (T283464) registration: Fix array order for array_replace_recursive merge strategy. * (T283539) Interwiki: Fix calling "onInterwikiLoadPrefix" hook. * (T282594) Timeless: Re-branch to 40eb3dad1for REL1_36. Open Bugs: [1] https://phabricator.wikimedia.org/project/board/4555/ Bug report form: [2] https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.36-… ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.0.tar.gz https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.0.zip Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.36/mediawiki-core-1.36.0.tar.gz https://releases.wikimedia.org/mediawiki/1.36/mediawiki-core-1.36.0.zip Patch to previous version (1.36.0-rc.0): https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.0.patch.gz https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.0.patch.zip GPG signatures: https://releases.wikimedia.org/mediawiki/1.36/mediawiki-core-1.36.0.tar.gz.… https://releases.wikimedia.org/mediawiki/1.36/mediawiki-core-1.36.0.zip.sig https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.0.zip.sig https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.0.patch.zip.sig Public keys: https://www.mediawiki.org/keys/keys.html Release Notes https://www.mediawiki.org/wiki/Release_notes/1.36

3 weeks, 6 days

MediaWiki 1.31 will soon be End-of-Life

by Sam Reed

Hello all, I wanted to send a heads-up to various places that MediaWiki 1.31, the legacy LTS release, will be End-of-Life as of next month, June 2021.[0] There will be a final release to follow-on from the current latest version 1.31.14 coming out soon, but it may have slipped people's mind that this deadline is approaching so swiftly. System administrators still using 1.31 are encouraged to start their migration to the current LTS release, 1.35. MediaWiki 1.35, released in September 2020, will be supported until September 2023. If you don't require LTS support, you will be able to upgrade to 1.36 which will be supported till May 2022 once it is released, before the end of the month. As always, please be mindful of the upgrade instructions, especially including making a back-up of your database, and testing extension compatibility. Thanks! [0] https://www.mediawiki.org/wiki/Version_lifecycle

1 month

MediaWiki 1.36.0-rc.0 is ready for testing

by Tyler Cipriani

I'm pleased to announce the immediate availability of MediaWiki 1.36.0-rc.0, the first release candidate for 1.36.x. Download links are at the end of the e-mail. The tag has been signed and pushed to Git. Please note that MediaWiki 1.36 now requires the PHP internationalization extension, commonly referred to as Intl, ext-intl, or php-intl. This is not a final release, and should not be used for production websites. Known issues are tracked in Phabricator on the release workboard [1]. As always, please try out the release candidate in a test environment and do report any issues that you discover. Please use the #MW-1.36-Release [2] tag in Phabricator when reporting issues specific to this release, to make sure that we find them as quickly as possible. It is expected that MediaWiki 1.36 will become final in May 2021, though the date may slip if blockers are identified. Preliminary release notes: https://gerrit.wikimedia.org/g/mediawiki/core/+/REL1_36/RELEASE-NOTES-1.36 https://www.mediawiki.org/wiki/Release_notes/1.36 Public keys: https://www.mediawiki.org/keys/keys.html Open Bugs: [1] https://phabricator.wikimedia.org/project/board/3386/ Bug report form: [2] https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.36-… ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.0-rc.0.tar.gz https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.0-rc.0.zip Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.36/mediawiki-core-1.36.0-rc.0.ta… https://releases.wikimedia.org/mediawiki/1.36/mediawiki-core-1.36.0-rc.0.zip GPG signatures: https://releases.wikimedia.org/mediawiki/1.36/mediawiki-core-1.36.0-rc.0.ta… https://releases.wikimedia.org/mediawiki/1.36/mediawiki-core-1.36.0-rc.0.zi… https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.0-rc.0.tar.gz.… https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.0-rc.0.zip.sig Public keys: https://www.mediawiki.org/keys/keys.html

1 month, 3 weeks

MediaWiki Extensions and Skins Security Release Supplement (1.31.13/1.35.2)

by Scott Bassett

Greetings- With the security/maintenance release of MediaWiki 1.31.13/1.35.2 [0], we would also like to provide this supplementary announcement of MediaWiki extensions and skins with now-public Phabricator tasks, security patches and backports [1]: == CommentBox == + (T270767, CVE-2021-31550) - Wg variables aren't validated by CommentBox - possible raw html insertion risk <https://gerrit.wikimedia.org/r/651934> == AbuseFilter == + (T272333, CVE-2021-31548) - Disallow the edit if blocking the user didn't succeed <https://gerrit.wikimedia.org/r/657092> == WikiLove == + (T270142, CVE-2021-31557) - mw.config.get( 'wikilove-anon' ) leaks the existence of hidden users <https://gerrit.wikimedia.org/r/q/Ibcd87abe01719222beadcfc0de13038c3021adef> == PageForms == + (T259433, CVE-2021-31551) - XSS issue in Extension:PageForms <https://gerrit.wikimedia.org/r/q/I5e0abbc2f80e6bda255b3b32a4df39a7fe7d3793> <https://gerrit.wikimedia.org/r/q/Ibe68b070ee791cd0c8e7f50eb04ac4e066b1512c> <https://gerrit.wikimedia.org/r/q/I20b63bd38779d2ccbe2d86f9879df85ca3b685f6> == AbuseFilter == + (T71617, CVE-2021-31546) - AbuseFilter logs suppression deletions <https://gerrit.wikimedia.org/r/q/I38a0a24fa32ca7a052b6940864a32b3856e84553> == AbuseFilter == + (T223654, CVE-2021-31547) - AbuseFilterCheckMatch API reveals suppressed edits and usernames <https://gerrit.wikimedia.org/r/q/I4900b1be73323599d74e3164447f81eded094d75> <https://gerrit.wikimedia.org/r/q/I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d> == AbuseFilter == + (T71367, CVE-2021-31545) - page_recent_contributors leaks revdeleted user names <https://gerrit.wikimedia.org/r/q/I8d5ed9ca84282ee50832035af86123633fc88293> == AbuseFilter == + (T274152, CVE-2021-31549) - Special:AbuseFilter/examine reveals suppressed usernames <https://gerrit.wikimedia.org/r/q/I6063c02fa261c4cc0e6dbbb2db4e111eb85912c2> <https://gerrit.wikimedia.org/r/q/I71a6d521bd12931ce60eec4d2dc35af19146000f> == CheckUser == + (T275669, CVE-2021-31553) - Checkuser stores users to cu_log with trailing spaces, allowing all CUs to turn off Special:CheckuserLog at will <https://gerrit.wikimedia.org/r/666963> <https://gerrit.wikimedia.org/r/666964> == AbuseFilter == + (T152394, CVE-2021-31552) - AbuseFilter privacy concerns on action == 'createaccount' and 'accountname' <https://gerrit.wikimedia.org/r/q/I8bae477ad7e4d0190335363ac2decf28e4313da1> == AbuseFilter == + (T272244, CVE-2021-31554) - AbuseFilter blocks not working for account autocreations <https://gerrit.wikimedia.org/r/q/Ie1f4333d5b1c9d17fb2236fe38a31de427a4cc48> == OAuth == + (T277380, CVE-2021-31556) - OAuth doesn't validate length of oarc_rsa_key <https://gerrit.wikimedia.org/r/q/I13ff0350a9a0a3cd5ab3e1f82dd0d8d9c13cf9e9> == OAuth == + (T277388, CVE-2021-31555) - OAuth doesn't validate length of oarc_version <https://gerrit.wikimedia.org/r/q/I222c053b4b14ac1ad0f5b3a51565b1b9cd4c139d> The Wikimedia Security Team recommends updating these extensions and/or skins to the current master branch or relevant, supported release branch [2] as soon as possible. Some of the referenced Phabricator tasks above _may_ still be private. Unfortunately, when security issues are reported, sometimes sensitive information is exposed and since Phabricator is historical, we cannot make these tasks public without exposing this sensitive information. If you have any additional questions or concerns regarding this update, please feel free to contact security(a)wikimedia.org or file a security task within Phabricator [3]. [0] https://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000272.… [1] https://phabricator.wikimedia.org/T270466 [2] https://www.mediawiki.org/wiki/Version_lifecycle [3] https://www.mediawiki.org/wiki/Reporting_security_bugs -- Scott Bassett sbassett(a)wikimedia.org

2 months

Maintenance release: 1.31.14

by Sam Reed

The 1.31.14 version fixes an issue with the backports in the 1.31.13 release. The patches linked here need applying on top of the previous patches for 1.31.12. See the previous email for those patches. The full downloads here contain all the previous fixes from the security and maintenance release. Once again, I apologise for the inconvenience of the issues with the previous release. Going forward, we're going to be looking to run more testing on the tarballs (in this case, static analysis via Phan) to hopefully prevent these issues in future. ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.14.tar.gz https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.14.zip Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.14.tar.gz https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.14.zip Patch to previous version (1.31.13): https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.14.patch.gz https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.14.patch.zip GPG signatures: https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.14.tar.gz… https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.14.zip.sig https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.14.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.14.zip.sig https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.14.patch.gz.sig https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.14.patch.zip.s… Public keys: https://www.mediawiki.org/keys/keys.html

2 months, 2 weeks

Security and maintenance release: 1.31.13 / 1.35.2

by Sam Reed

I would like to announce the release of MediaWiki 1.31.13 and 1.35.2! These releases also serve as a maintenance release for these branches. Numerous fixes have been backported into 1.35, including some for PHP 8.0 support (though we are not declaring full PHP 8.0 support yet). This is the first MediaWiki release where zip files are included too. This is due to some issues with the tarballs for some users with certain extraction applications. Composer 2.0 is also now supported on MediaWiki 1.35.2. MediaWiki also has a new logo as of these releases. T270453 does not apply to MediaWiki 1.31.13, as VisualEditor is not bundled. However the patch will be backported to the 1.31 branch if you use VisualEditor, and you should pick up the update from the usual places. T279451 also does not apply to MediaWiki 1.31.13, as Parsoid is not bundled. If you use the node.js service, it is recommended to update this. T276843 has been fixed in different ways on MediaWiki 1.31.13 and MediaWiki 1.35.2. On the former, we have just disabled the known vulnerable lexers. On 1.35.2, we have upgraded pygments from 2.5.2 to 2.7.4. While tarballs have already been uploaded, git tags will follow later on today. An "MediaWiki Extensions Security Release Supplement" email will follow this one. == Security fixes == * (T270453, CVE-2021-30153) SECURITY: ApiVisualEditor leaks info about hidden users. * (T270713, CVE-2021-30152) SECURITY: Allow user to only apply protection they have right to do so via action=protect. * (T270988, CVE-2021-30155) SECURITY: ContentModelChange: Check that user can create pages. * (T272386, CVE-2021-30159) SECURITY: Non-admin deleted enwiki page in fast double move. * (T276843, CVE-2021-20270, CVE-2021-27291) SECURITY: Various SyntaxHighlight lexers are vulnerable to DoS. * (T277009, CVE-2021-30158) SECURITY: Allow blocked users to access Special:ResetTokens. * (T278014, CVE-2021-30154) SECURITY: Escape mediastatistics-header-* messages on Special:NewFiles. * (T278058, CVE-2021-30157) SECURITY: Escape rcfilters-filter-* messages onChangesList pages. * (T279451, CVE-2021-30458) SECURITY: Parsoid comment fostering allows for inserting mostly arbitrary <meta> tags. == Links to all mentioned tasks == * https://phabricator.wikimedia.org/T270453 * https://phabricator.wikimedia.org/T270713 * https://phabricator.wikimedia.org/T270988 * https://phabricator.wikimedia.org/T272386 * https://phabricator.wikimedia.org/T276843 * https://phabricator.wikimedia.org/T277009 * https://phabricator.wikimedia.org/T278014 * https://phabricator.wikimedia.org/T278058 * https://phabricator.wikimedia.org/T279451 == Release notes == Full release notes for 1.31.13: https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_31/RELEASE-NOTES… https://www.mediawiki.org/wiki/Release_notes/1.31 Full release notes for 1.35.2: https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_35/RELEASE-NOTES… https://www.mediawiki.org/wiki/Release_notes/1.35 For information about how to upgrade, see <https://www.mediawiki.org/wiki/Manual:Upgrading> ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.13.tar.gz https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.13.zip Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.13.tar.gz https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.13.zip Patch to previous version (1.31.12): https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.13.patch.gz https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.13.patch.zip GPG signatures: https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.13.tar.gz… https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.13.zip.sig https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.13.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.13.zip.sig https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.13.patch.gz.sig https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.13.patch.zip.s… Public keys: https://www.mediawiki.org/keys/keys.html ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.2.tar.gz https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.2.zip Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.2.tar.gz https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.2.zip Patch to previous version (1.35.1): https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.2.patch.gz https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.2.patch.zip GPG signatures: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.2.tar.gz.… https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.2.zip.sig https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.2.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.2.zip.sig https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.2.patch.gz.sig https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.2.patch.zip.sig Public keys: https://www.mediawiki.org/keys/keys.html

2 months, 2 weeks

Security pre-release announcement: 1.31.13 / 1.35.2

by Sam Reed

Hi all, Tomorrow we will be issuing a security and maintenance release to all supported branches of MediaWiki. This has been delayed by a week versus the usual schedule, as making a security last week on 1st April ("April Fools") was deemed not a great idea. The new releases will be: - 1.31.13 - 1.35.2 This will resolve 3 issues in MediaWiki core, 2 issues in bundled extensions (one of which doesn't apply to REL1_31), and also includes some fixes previously committed to git, including minor security and hardening patches along with bug fixes included for maintenance reasons. We will make the fixes available in these respective release branches, and also master. Tarballs will be available for the above mentioned point releases as well. A summary of some of the security fixes that have gone into non-bundled MediaWiki extensions will also follow. [1] https://www.mediawiki.org/wiki/Version_lifecycle

2 months, 2 weeks

MediaWiki Extensions and Skins Security Release Supplement (1.31.11/1.35.1)

by Scott Bassett

Greetings- With the security/maintenance release of MediaWiki 1.31.11/1.35.1 [0], we would also like to provide this supplementary announcement of MediaWiki extensions and skins with now-public Phabricator tasks, security patches and backports [1]: == Cosmos Skin == + (T265440, CVE-2020-27620) - Mix used of wfMessage() calls with no output mode and Html::rawElement < https://gerrit.wikimedia.org/r/q/I738471981be4b394caf65de615e8ee4ab36a9782 > == FileImporter == + (T265810, CVE-2020-27621) - uses a WMF IP address, does not include XFF for users using this extension < https://gerrit.wikimedia.org/r/q/I24a240253c7a5c66dd493a68e8c23d95a17e1b21 > == RandomGameUnit == + (T266400, CVE-2020-27957) - Stored XSS < https://gerrit.wikimedia.org/r/q/I497d2076038f75c9eb77e0e250f2af56f5bd2bfc > == PollNY == + (T266508, CVE-2020-29003) - Stored XSS < https://gerrit.wikimedia.org/r/q/Ic5b8f579c303e9666a0b7d815230e4ce08557027 > = CologneBlue == + (T267278, CVE-2020-29002) - XSS vulnerability < https://gerrit.wikimedia.org/r/q/Ie798a4f16d0ac2a4871aefeb593d962966aeb6b0 > == Push == + (T262724, CVE-2020-29004, CVE-2020-29005) - Push extension exposes login credentials < https://gerrit.wikimedia.org/r/q/I15d76536a6cf256417d7e28838e4cdb66245adf5 > == PushToWatch == + (T268641, CVE-2020-35626) - classic CSRF < https://gerrit.wikimedia.org/r/q/I3f41d8087af2ae22581836f7c32baac97f348044 > == SecurePoll == + (T268794, CVE-2020-35624) - SecurePoll should not show the exact time of cast votes publicly < https://gerrit.wikimedia.org/r/q/If8e15eb8ce9ec652c06816cbff52bb084fd50e73 > == GlobalUsage == + (T268341, CVE-2020-35622) - XSS in SpecialGlobalUsage < https://gerrit.wikimedia.org/r/q/I3d4689529c976cff14c9ab218eab67d0c7b9cad6 > == Widgets == + (T269718, CVE-2020-35625) - RCE in Widgets extension < https://gerrit.wikimedia.org/r/q/Ic899a8b15bc510e61cdacb5c024af2d226a2dbeb > == CASAuth == + (T263498, CVE-2020-35623) - Logins to MW with at least one SSO client extension allows masquerading as another user < https://github.com/CWRUChielLab/CASAuth/pull/10 > The Wikimedia Security Team recommends updating these extensions and/or skins to the current master branch or relevant, supported release branch [2] as soon as possible. Some of the referenced Phabricator tasks above _may_ still be private. Unfortunately, when security issues are reported, sometimes sensitive information is exposed and since Phabricator is historical, we cannot make these tasks public without exposing this sensitive information. If you have any additional questions or concerns regarding this update, please feel free to contact security(a)wikimedia.org or file a security task within Phabricator [3]. [0] https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/0002… [1] https://phabricator.wikimedia.org/T263810 [2] https://www.mediawiki.org/wiki/Version_lifecycle [3] https://www.mediawiki.org/wiki/Reporting_security_bugs -- Scott Bassett sbassett(a)wikimedia.org

6 months

Jump to page:

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

MediaWiki-announce