Hey all,
This is a quick note to highlight that we've created the REL1_45 branch for
MediaWiki core and each of the extensions and skins in Wikimedia git [0].
This is the first step in the release process for MediaWiki 1.45.0, which
should be out in late November 2025, approximately six months after
MediaWiki 1.44.0.
The branches reflect the code as of the last 'alpha' branch for the
release, 1.45.0-wmf.25, which was deployed to Wikimedia wikis on Tuesday,
28 October 2025, for MediaWiki itself and those extensions and skins
available there.
From now on, patches that land in the main development branch of MediaWiki
and its bundled extensions and skins will be slated for the MediaWiki 1.46
release, unless specifically backported [1].
If you are working on a critical bug fix that will affect the code in the
release, once the patch has been merged into the development branch, you
should propose it for backporting by cherry-picking to the REL1_45 branch.
If you are working on a new feature, that should now not be backported. If
you have an urgent case where the work should block release for everyone
else, please file a task against the `mw 1.45-release` project on
Phabricator [2].
If you have tickets that are tagged for `mw-1.45-release`, please finish
them, untag them, or reach out to get them resolved in the next few days.
We hope to issue the first release candidate, 1.45.0-rc.0, in two weeks'
time, and if all goes well, to then release MediaWiki 1.45.0 a few weeks
after that.
[0]: https://www.mediawiki.org/wiki/Bundled_extensions_and_skins
[1]: https://www.mediawiki.org/wiki/Backporting_fixes
[2]: https://phabricator.wikimedia.org/tag/mw-1.45-release/
Best regards,
--
Mateus Santos (he/him)
Product Manager MediaWiki Engineering Group
Hey all,
This is a quick note to highlight that in three weeks' time, the REL1_45
branch will be created for MediaWiki core and each of the extensions and
skins in Wikimedia git, with some (the 'tarball') included as sub-modules
of MediaWiki itself[0]. This is the first step in the release process for
MediaWiki 1.45, which should be out in November 2025, approximately six
months
after MediaWiki 1.44.
The branches will reflect the code as of the last 'alpha' branch for the
release, 1.45.0-wmf.25, which will be deployed to Wikimedia wikis in the
week beginning 28 October 2025 for MediaWiki itself and those extensions
and skins available there.
After that point, patches that land in the main development branch of
MediaWiki and its bundled extensions and skins will be instead be slated
for the MediaWiki 1.45 release unless specifically backported[1].
If you are working on a new feature that you wish to land for the release,
you now have a few days to finish your work and land it in the development
branch; feature changes should not be backported except in an urgent case.
If your work might not be complete in time, and yet should block release
for everyone else, please file a task against the `mw-1.45-release` project
on Phabricator.[2]
If you have tickets that are already tagged for `mw-1.45-release`, please
finish them, untag them, or reach out to get them resolved in the next few
weeks.
We hope to issue the first release candidate, 1.45.0-rc.0, two weeks after
the branch point, and if all goes well, to release MediaWiki 1.45.0 a few
weeks after that.
[0]: <https://www.mediawiki.org/wiki/Bundled_extensions_and_skins>
[1]: <https://www.mediawiki.org/wiki/Backporting_fixes>
[2]: <https://phabricator.wikimedia.org/tag/mw-1.45-release/>
Hi all,
On Thursday we will be issuing a security and maintenance release to all
supported branches of MediaWiki.
The new releases will be:
- 1.39.14
- 1.43.4
- 1.44.1
This will also resolve security issues in bundled extensions, along with
bug fixes included for maintenance reasons.
These security issues also affect many unsupported versions of MediaWiki.
We will make the fixes available in the respective release branches and
master in git. Tarballs will be available for the above mentioned point
releases as well.
A summary of some of the security fixes that have gone into non-bundled
MediaWiki extensions will also follow later.
As a reminder, MediaWiki 1.35 became end of life (EOL) in December 2023,
MediaWiki 1.40 became EOL in June 2024, MediaWiki 1.41 became EOL in
December 2024 and MediaWiki 1.42 became EOL at the end of June 2025.
MediaWiki 1.39 (the old LTS before 1.43) becomes EOL in December 2025. It
is strongly recommended to upgrade to 1.43 (the next LTS after 1.39), which
will be supported until December 2027.
More information on these timelines can be viewed on the Version lifecycle
page at [1].
[1] https://www.mediawiki.org/wiki/Version_lifecycle
I am happy to announce the availability of the general release of MediaWiki
1.44!
Tarballs have already been uploaded, and the git tag has been pushed.
Thanks to everyone who helped out with this release, especially thanks to
those who tested out the release candidate and provided feedback, as well
as the developers who worked on fixes for the 1.44 final release. To see
what's changed in 1.44, see the release notes file.[0] If you encounter any
issues, please file a task.[1] You can see open tasks for the branch on
Phabricator.[2]
MediaWiki 1.44 is the first release of MediaWiki to formally drop PHP 7.4
and PHP 8.0 support; you should use PHP 8.1, 8.2, or 8.3. We also now have
dropped support for Composer 1.x, and require Composer 2.x for those
systems using it.
MediaWiki 1.44 is due to be supported until the end of June 2026.
It is noted that MediaWiki 1.42 is end-of-life as of June 30th 2025. A
formal announcement was made this week, and will co-incide with the next
security and maintenance release which was also scheduled for June 2025.
=== Changes since MediaWiki 1.44.0-rc.0 ===
* Localisation updates.
* (T379445) debug: Migrate E_USER_ERROR to throw Error in DeprecationHelper.
* (T379445) Setup: Switch vendor error from echo+E_USER_ERROR to echo+exit.
* Setup: Update error message for composer dependencies check.
* (T381341, T379445) widget: Remove outdated try/catch wrapper from
SpinnerWidget.
* (T379445) phpunit: Remove unused trigger_error from TestLogger.
* (T396766) ApiQueryRevisionsBase: Cast ctype_digit() param to string.
* (T356451) logger: Add void as return type on setLogger.
* (T328921, T359868) Drop PHP 7.4/8.0 support from master
(forward-port from MW 1.42).
* Drop a few phan PhanImpossibleTypeComparison suppressions now we've
dropped
PHP 7.4.
* Clean up resource type and phan suppression in postgres code.
* structure tests: allow PHP 8.1 syntax and autoload enums.
* (T379508, T381291) composer.json: Updated nikic/php-parser from
^5.3.1 to ^5.5.0.
* (T351055) SpecialBrokenRedirects: Batch and preload destination title
info.
* Pass fname to LinkBatch->setCaller in more places.
* SpecialBrokenRedirects: Dedupe logic via private getRedirectTarget helper.
* (T351055) SpecialBrokenRedirects: Load redirect data in batch from
database
* (T388406) RefreshLinksJob: Check hasText before comparing HTML.
* (T397521) Api: Fix permission checks in action=compare.
* (T397472) [REST Sandbox] Remove SwaggerUI from MediaWiki Releases.
* (T397883, T397643) htmlform: fix min/max validations on empty input in
int/float fields
* specials: SpecialTalkPage: Use config from request context.
* (T387408) exception: Skip use of HookRunner when not autoloaded.
* (T391343, CVE-2025-6589) SECURITY: BlockList: Hide rows containing
suppressed
users.
* (T392746, CVE-2025-6590) SECURITY: Escape usernames in HTMLUserTextField
validation errors.
* (T392276, CVE-2025-6591) SECURITY: API: Escape i18n messages in
action=feedcontributions.
* (T396230, CVE-2025-6593) SECURITY: fix IP leak to unverified email.
* (T389009, CVE-2025-6597) SECURITY: Do not treat autocreation as login
for reauthentication.
* (T389010, CVE-2025-6926) SECURITY: Allow extensions to supress the reauth
flag on login.
* (T397595, CVE-2025-6927) SECURITY: Fix autoblocks visibility when
bl_deleted=1.
* (T397595, CVE-2025-6927) SECURITY: Fix leak of hidden usernames via
autoblocks of those users.
* (T395063, CVE-2025-6594) SECURITY: apisandbox: Fix reflected XSS when
invalid 'format' is provided.
* (T398269) Replace away symfony php polyfills for PHP8/8.1.
* Rest: Move ModuleConfigurationException into correct folder.
* Cache: Move MessageCache hook interfaces into correct folder.
* (T394556) uppercaseTitlesForUnicodeTransition: Add missing return.
* installer: Always check return of IDatabase::fieldInfo in postgres.
* autoload: Expand Autoloader::CORE_NAMESPACES.
Release notes:
[0]
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/refs/heads/…
Bug report form:
[1]
https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.44-…
Open Bugs:
[2] https://phabricator.wikimedia.org/tag/mw-1.44-release/
**********************************************************************
Download:
https://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.0.tar.gzhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.0.zip
Download without bundled extensions:
https://releases.wikimedia.org/mediawiki/1.44/mediawiki-core-1.44.0.tar.gzhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-core-1.44.0.zip
Patch to previous version (1.44.0-rc.0):
https://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.0.patch.gzhttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.0.patch.zip
GPG signatures for the above:
https://releases.wikimedia.org/mediawiki/1.44/mediawiki-core-1.44.0.tar.gz.…https://releases.wikimedia.org/mediawiki/1.44/mediawiki-core-1.44.0.zip.sighttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.0.tar.gz.sighttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.0.zip.sighttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.0.patch.gz.sighttps://releases.wikimedia.org/mediawiki/1.44/mediawiki-1.44.0.patch.zip.sig
Public keys:
https://www.mediawiki.org/keys/keys.html
As per the MediaWiki version lifecycle[1], I would like to announce the
formal end of life (EOL) of MediaWiki 1.42 as of Monday June 30, 2025.
1.42.7 is expected to be the last release for this branch.
This means that MediaWiki 1.42 will no longer receive maintenance or
security backports. It is therefore strongly discouraged that you continue
to use it.
It is recommended to upgrade either to the next LTS, 1.43, which will be
supported until December 2027, or to the soon to be released MediaWiki
1.44, which will be supported until at least June 2026.
Thanks!
[1] https://www.mediawiki.org/wiki/Version_lifecycle