MediaWiki-announce

mediawiki-announce@lists.wikimedia.org

311 discussions

by Sam Reed

I would like to announce the availability of MediaWiki 1.39.2. This release primarily is to fix various issues around database upgrades that users have reported on both MySQL/MariaDB and PostgreSQL. In the case of MySQL/MariaDB, there may have been the chance of data loss (as always, please backup before upgrading!), and page views may have resulted in an error like "The revision #0 of the page named "x" does not exist." This was seen only when upgrading in a bigger jump between versions (for example 1.31 to 1.39). More information can be seen in https://phabricator.wikimedia.org/T326071. https://phabricator.wikimedia.org/T328169 has been filed to write a maintenance script to fix the issues caused by these upgrades. It is expected this will be included in a later point release. Various patches aimed at support for PHP 8.0, 8.1, and 8.2 have been back-ported. This should fix some log spam, and MediaWiki should work fully on versions PHP 8.0 and 8.1. Reports of bugs with PHP 8.0, 8.1, or 8.2 support are particularly welcome, and fixes will be back-ported when possible. Please see https://phabricator.wikimedia.org/tag/php_8.0_support/, https://phabricator.wikimedia.org/tag/php_8.1_support/ and https://phabricator.wikimedia.org/tag/php_8.2_support/ for the relevant work boards. The tarballs have already been uploaded as of this email; the git tag has also already been pushed. == Release notes == Full release notes for 1.39.2: https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_39/RELEASE-NOTES… https://www.mediawiki.org/wiki/Release_notes/1.39 == Changes since MediaWiki 1.39.1 == * Localisation updates. * (T325872) ChangeTags: Remove table name from condition. * (T324895) MWCallbackStream: Add explicit $stream property. * (T297031, T326039) PostgresUpdater: Move setDefault ahead of changeNullableField. * (T321319) Produce HTML for invalid JSON. * (T215466, T326071) MigrateActors: Write to revision table (Follow-up 24115a8). * (T223027) ReservedUsernames config: Add reserved names from maintenance scripts. * (T325000, T324896, T307631) Updated OOUI from v0.44.3 to v0.44.5. * Remove /images .htaccess rules that are no longer relevant. * Disable php in .htaccess of images directory as a hardening measure. * (T322583) Include missing message parameter in message. * LocalFileTest: use encodeBlob/decodeBlob for img_metadata. * DatabaseSqlite: fix null blobs. * rdbms: avoid pg_escape_bytea() call-style deprecation notices. * (T322278) Improve LocalisationCache post-merge validation check. * (T324408, T326367) Updated wikimedia/remex-html from 3.0.2 to 3.0.3. * (T322278) Fix the remaining Phan failures on PHP 8.1. * (T322278, T326367) Respond to some messages from Phan on PHP 8.1. * Fix phan error when Excimer is enabled. * (T326021) Add matrix: to $wgUrlProtocols. * (T314099) stream wrapper: Declare $context class property. * (T314099) libs\jsminplus: Declare JSNode::$expression. * (T314096) composer.json: Updated composer/spdx-licenses from 1.5.6 to 1.5.7. * (T326472) Upgrading cssjanus/cssjanus (v2.1.0 => v2.1.1). * (T308536) rdbms: Remove deprecation mark for $wgSharedDB. * (T215466, T326071) installer: Split drop action out of the SQL patch for actor migration. * (T322603) SqliteMaintenance.php: Fix fatally broken instanceof check. * (T326377) rdbms: Use DBConnRef in SelectQueryBuilder. * api/en.json: api-help-datatype-expiry add missing 'may'. * (T317329) OutputPage: Fix undefined ['host'] in ImagePreconnect code. * (T328222) Pass empty string to strlen() if schema is null for PostgresDatabase. * (T289926) SpecialRevisionDelete: Set default of '' for wpReason. * (T155582, T328503) Fix XML dumps for content types with non-string getNativeData(). * (T326886) PoolCounterRedis: Fix wrong cast, locks weren't being released. * (T314099) revisiondelete: Replace dynamic property Status::$itemStatuses * (T327821) skin: Restore default 'value' attribute in makeSearchButton(). * (T329198) ParamValidator: Improve paramvalidator-help-multi-max message. * (T329415) Clear the statsd data buffer regardless of StatsdServer config. * (T292348) WikiImporter: do not fail if upload entry in dump lacks 'text' tag. * (T330049) UnregisteredLocalFile: Don't call MimeAnalyzer if no path. * (T324894 TempFSFile: Use a WeakMap for reference tracking if available. * (T295637) Add no to fallback chain of nb and nn. ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.2.tar.gz https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.2.zip Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.2.tar.gz https://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.2.zip Patch to previous version (1.39.1): https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.2.patch.gz https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.2.patch.zip GPG signatures: https://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.2.tar.gz.… https://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.2.zip.sig https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.2.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.2.zip.sig https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.2.patch.gz.sig https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.2.patch.zip.sig Public keys: https://www.mediawiki.org/keys/keys.html

4 weeks

MediaWiki Extensions and Skins Security Release Supplement (1.35.9/1.38.4/1.39.1)

by Manfredi Martorana

Greetings- With the security/maintenance release of MediaWiki 1.35.9/1.38.4/1.39.1, we would also like to provide this supplementary announcement of MediaWiki extensions and skins with now-public Phabricator tasks, security patches and backports [1]: CheckUser + (T311337 <https://phabricator.wikimedia.org/T311337>, CVE-2022-39193) - Edits with the performer suppressed still show the performer in results from the CheckUser extension https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/879167/ CheckUser + (T316414 <https://phabricator.wikimedia.org/T316414>, CVE-2022-39193) - Special:Investigate can expose supressed information in check results https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/879166/ CheckUser + (T318166 <https://phabricator.wikimedia.org/T318166>, CVE-2022-39193) - CheckUser API can expose the suppressed performer https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/879073/ GrowthExperiments + (T321733 <https://phabricator.wikimedia.org/T321733>, CVE-2023-22945) - Action=growthmanagementorlist makes it possible for blocked users to enroll as mentors https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/8… CheckUser + (T315123 <https://phabricator.wikimedia.org/T315123>, CVE-2023-22912) - CheckUser TokenManager insecurely uses AES-CTR encryption with repeated nonce, allowing an adversary to decrypt https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/879074/ MobileFrontend + (T320987 <https://phabricator.wikimedia.org/T320987>, CVE-2023-22909) - Mobile frontend's history makes really slow db queries https://gerrit.wikimedia.org/r/c/mediawiki/extensions/MobileFrontend/+/8577… Widgets + (T149488 <https://phabricator.wikimedia.org/T149488>, CVE-2023-22911) - Widgets does widget replacement in html attributes potentially leading to XSS https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Widgets/+/856035/ Wikibase + (T323592 <https://phabricator.wikimedia.org/T323592>, CVE-2023-22910) - XSS in Wikibase date formatting https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/879171/ The Wikimedia Security Team recommends updating these extensions and/or skins to the current master branch or relevant, supported release branch [2] as soon as possible. Some of the referenced Phabricator tasks above _may_ still be private. Unfortunately, when security issues are reported, sometimes sensitive information is exposed and since Phabricator is historical, we cannot make these tasks public without exposing this sensitive information. If you have any additional questions or concerns regarding this update, please feel free to contact security(a)wikimedia.org or file a security task within Phabricator [3]. [1] https://phabricator.wikimedia.org/T318974 [2] https://www.mediawiki.org/wiki/Version_lifecycle [3] https://www.mediawiki.org/wiki/Reporting_security_bugs

2 months, 1 week

Security and maintenance release: 1.35.9 / 1.38.5 / 1.39.1

by Sam Reed

3 months

MediaWiki 1.37 is End of Life

by Sam Reed

As per the MediaWiki version lifecycle[1], I would like to announce the formal end of life (EOL) of MediaWiki 1.37 as of today, Wednesday November 30, 2022. This means that MediaWiki 1.37 will no longer receive maintenance or security backports. It is therefore strongly discouraged that you continue to use it. It is recommended to upgrade either to MediaWiki 1.38, which will be supported until June 2023 or to 1.39 (released today), the next LTS after 1.35, which will be supported until November 2025. Thanks! Sam Reed [1] https://www.mediawiki.org/wiki/Version_lifecycle

3 months, 3 weeks

Announcing MediaWiki 1.39.0

by Sam Reed

I am happy to announce the availability of the general release of MediaWiki 1.39! Tarballs have already been uploaded, and the git tag has been pushed. Thanks to everyone who helped out with this release, especially thanks to those who tested out the release candidates and provided feedback, as well as the developers who worked hard to get several important fixes merged in time for the 1.39 final release. To see what's changed in 1.39, see the release notes below. Please note that the PHP version requirement has been raised from 7.3.19 in MediaWiki 1.38 (and 1.35) to 7.4.3. MediaWiki 1.39 is the first release of MediaWiki 'born' with PHP 8.0 and PHP 8.1 support included. We anticipate there may be some as-yet undiscovered bugs with PHP 8.x support, of which we'd love to hear reports so they can be fixed. We plan to back-port fixes to 1.38 and 1.35 to the extent possible. MediaWiki 1.39 is an LTS and is due to be supported until the end of November 2025. As a reminder, 1.35 LTS is due to become end-of-life in November 2023, and 1.38 is due to become end-of-life in June 2023. 1.37 is becoming end-of-life today, and will be formally announced in a separate email. === Changes since MediaWiki 1.39.0-rc.1 === * Localisation updates. * exception: Tolerate no service container when trying DB rollback. * (T320282) Upgrading wikimedia/xmp-reader (0.8.3 => 0.8.4). * objectcache: Deprecate WANObjectCache::reap() and ::reapCheckKey(). * (T320864) When calling mail(), use an array for headers. * Upgrading wikimedia/xmp-reader (0.8.4 => 0.8.5). * (T321154) Call setFormIdentifier() on LogEventsList form. * When importing revision with same timestamp as latest revision, treat it as the new latest. * (T320726) RandomImageGenerator::getImageSpec: Don't pass a float to mt_rand(), for PHP 8.1. * (T298485, T322360) WikiExporter: Avoid calling reload in processing every row. * (T321551) pager: Fix null used for foreach in Pager::getNavigationBar. * (T321551) pager: Remove unused AlphabeticPager::getOrderTypeMessages() support. * pager: Remove unused PagerNavigationBuilder::setExtra(). * PagerNavigationBuilder: Document that nulls in setLinkQuery() etc. are allowed. * (T322335) ApiQueryRevisionsBase: Fix 'rvdiffto' parameter handling on PHP 8.0. * (T314096) TestFileEditor: Fix string interpolation. * (T289926) api: Fix minor PHP 8.1 incompatibility in ApiOptions. * (T322803) SpecialBotPasswords: Don't pass null to trim(). * (T289926) Fix incomplete ITextFormatter mocks. * Language: Handle ronna and quetta. * (T72510) rdbms: make SqlitePlatform::tableName() apply double quotes. * (T323373) Parser: Fix extractSections() behavior for PHP >= 8.0. * .gitattributes: Ship docker-compose.yml to the tarball. Open Bugs: [1] https://phabricator.wikimedia.org/project/board/5694/ Bug report form: [2] https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.39-… ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0.tar.gz https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0.zip Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.0.tar.gz https://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.0.zip Patch to previous version (1.39.0-rc.1): https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0.patch.gz https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0.patch.zip GPG signatures: https://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.0.tar.gz.… https://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.0.zip.sig https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0.zip.sig https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0.patch.gz.sig https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0.patch.zip.sig Public keys: https://www.mediawiki.org/keys/keys.html Release Notes https://www.mediawiki.org/wiki/Release_notes/1.39

3 months, 3 weeks

MediaWiki 1.39.0-rc.1 is ready for testing

by Sam Reed

I'm pleased to announce the immediate availability of MediaWiki 1.39.0-rc.1, the second release candidate for 1.39.0, the next LTS after MediaWiki 1.35. Download links are at the end of the e-mail. The tag has been signed and pushed to Git. This is not a final release, and should not be used for production websites. Known issues are tracked in Phabricator on the release workboard [1]. As with every release of MediaWiki, a large number of changes have landed in the last six months (over 1850 commits since 1.38.0 was cut), and you should read over the preliminary release notes as part of assuring yourself of areas that may have issues with your configuration, your skins, and/or your extensions. As always, please try out the release candidate in a test environment and do report any issues that you discover. Please use the #MW-1.39-Release [2] tag in Phabricator when reporting issues specific to this release, to make sure that we find them as quickly as possible. It is expected that MediaWiki 1.39 will become final in November 2022, though the date may slip if blockers are identified. Changes since MediaWiki 1.39.0-rc.0: * Localisation updates. * (T318481) composer: Drop symfony/php73-polyfill. * (T318460) SpecialChangeEmail: Set default for returntoquery. * (T318307) HTMLFormField::validate(): Update docs to permit all data types * (T306802) docker: update to latest published images. * (T318754) WebInstallerOptions::addPersonalizationOptions(): Close fieldset. * (T227047) Soft-deprecate the remainder of ActorMigration. * (T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results in an IP range check on Special:Contributions. * (T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence of hidden users. * (T307278, CVE-2022-41766) SECURITY: On action=rollback the message "alreadyrolled" can leak revision deleted user name. * (T319186) .phan/config.php: Update minimum_target_php_version. * Tests: Explicit cast to int in RandomImageGenerator test (php8 warnings). * (T319186) .phan/config.php: Update minimum_target_php_version. * (T310243) Deprecate use of 'wvui-search' package. * utils: Fix return doc about false/null for UrlUtils::expand. * (T319000) WebInstaller: Don't try and run trim() on null. * In the event of preg failure in MagicWordArray throw exception. * (T318753) Installer: Disable logo dropper for now. Preliminary release notes: https://gerrit.wikimedia.org/g/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39 https://www.mediawiki.org/wiki/Release_notes/1.39 Open Bugs: [1] https://phabricator.wikimedia.org/tag/mw-1.39-release/ Bug report form: [2] https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.39-… ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0-rc.1.tar.gz https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0-rc.1.zip Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.0-rc.1.ta… https://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.0-rc.1.zip Patch to previous version (1.39.0-rc.0): https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0-rc.1.patch.gz https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0-rc.1.patch.z… GPG signatures: https://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.0-rc.1.ta… https://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.0-rc.1.zi… https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0-rc.1.tar.gz.… https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0-rc.1.zip.sig https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0-rc.1.patch.g… https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0-rc.1.patch.z… Public keys: https://www.mediawiki.org/keys/keys.html

5 months, 2 weeks

MediaWiki Extensions and Skins Security Release Supplement (1.35.8/1.37.5/1.38.3)

by Maryum Styles

Greetings- With the security/maintenance release of MediaWiki 1.35.8/1.37.5/1.38.3, we would also like to provide this supplementary announcement of MediaWiki extensions and skins with now-public Phabricator tasks, security patches and backports [1]: OAuth + (T308861 <https://phabricator.wikimedia.org/T308861>, CVE-2022-39191) - OAuth debug log includes consumer secrets https://gerrit.wikimedia.org/r/c/mediawiki/extensions/OAuth/+/839460/ GrowthExperiments + (T313205 <https://phabricator.wikimedia.org/T313205>, CVE-2022-39194) - Growth's Community configuration makes it possible for rogue admin to take down a site https://gerrit.wikimedia.org/r/q/I9b3766a71ee403b3a72c8af995e70c3017abe12e IPInfo + (T310763 <https://phabricator.wikimedia.org/T310763>, CVE-2022-39192) - IP Info tool shows whether an IP is autoblocked, potentially allowing unmasking of users by correlation https://gerrit.wikimedia.org/r/q/Ib1fdac6b2db70fc33f6d9e9f3e9108b6d65961b4 PageTriage + (T314245 <https://phabricator.wikimedia.org/T314245>, CVE-2022-41344) - Someone with patrol user right can mark own article as reviewed if they use api.php?action=pagetriageaction https://gerrit.wikimedia.org/r/q/I9a3c9dafc634c59d7dbf1d6d62da389046a0e22e OAuth + (T312820 <https://phabricator.wikimedia.org/T312820>, CVE-2022-41346) - Special:OAuth/rest_redirect does unrestricted redirects https://gerrit.wikimedia.org/r/q/I789fb7384d89fbf42df22dc7b1953fb9087d95b1 Translate + (T302479 <https://phabricator.wikimedia.org/T302479>, CVE-2022-41345) - Blocked users with "translation administrator" right are able to mark pages for translation https://gerrit.wikimedia.org/r/q/Ic206021 The Wikimedia Security Team recommends updating these extensions and/or skins to the current master branch or relevant, supported release branch [2] as soon as possible. Some of the referenced Phabricator tasks above _may_ still be private. Unfortunately, when security issues are reported, sometimes sensitive information is exposed and since Phabricator is historical, we cannot make these tasks public without exposing this sensitive information. If you have any additional questions or concerns regarding this update, please feel free to contact security(a)wikimedia.org or file a security task within Phabricator [3]. [0] https://w.wiki/5nN3 [1] https://phabricator.wikimedia.org/T311785 [2] https://www.mediawiki.org/wiki/Version_lifecycle [3] https://www.mediawiki.org/wiki/Reporting_security_bugs

5 months, 2 weeks

Maintenance release: MediaWiki 1.37.6 and 1.38.4

by Sam Reed

I would like to announce the availability of MediaWiki 1.37.6 and 1.38.4. This fixes an issue identified in the MediaWiki 1.37.5 and 1.38.3 releases. The patch for T307278 was incorrectly back-ported, which would result in an error when rollbacks happened. To try and reduce the likelihood of this happening again in future, I have filed <https://phabricator.wikimedia.org/T318976> which when resolved will mean we're running both PHPCS and Phan proactively as part of the release and tarballing process. As a reminder, 1.37 is due to become end of life (EOL) in November 2022. 1.37.6 is expected to be the last release for this branch. It is recommended to upgrade to 1.38, or to 1.39 (the next LTS after 1.35) due to be released in November 2022. ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.38/mediawiki-1.38.4.tar.gz https://releases.wikimedia.org/mediawiki/1.38/mediawiki-1.38.4.zip Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.38/mediawiki-core-1.38.4.tar.gz https://releases.wikimedia.org/mediawiki/1.38/mediawiki-core-1.38.4.zip Patch to previous version (1.38.3): https://releases.wikimedia.org/mediawiki/1.38/mediawiki-1.38.4.patch.gz https://releases.wikimedia.org/mediawiki/1.38/mediawiki-1.38.4.patch.zip GPG signatures: https://releases.wikimedia.org/mediawiki/1.38/mediawiki-core-1.38.4.tar.gz.… https://releases.wikimedia.org/mediawiki/1.38/mediawiki-core-1.38.4.zip.sig https://releases.wikimedia.org/mediawiki/1.38/mediawiki-1.38.4.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.38/mediawiki-1.38.4.zip.sig https://releases.wikimedia.org/mediawiki/1.38/mediawiki-1.38.4.patch.gz.sig https://releases.wikimedia.org/mediawiki/1.38/mediawiki-1.38.4.patch.zip.sig Public keys: https://www.mediawiki.org/keys/keys.html ********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.6.tar.gz https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.6.zip Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.37/mediawiki-core-1.37.6.tar.gz https://releases.wikimedia.org/mediawiki/1.37/mediawiki-core-1.37.6.zip Patch to previous version (1.37.5): https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.6.patch.gz https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.6.patch.zip GPG signatures: https://releases.wikimedia.org/mediawiki/1.37/mediawiki-core-1.37.6.tar.gz.… https://releases.wikimedia.org/mediawiki/1.37/mediawiki-core-1.37.6.zip.sig https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.6.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.6.zip.sig https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.6.patch.gz.sig https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.6.patch.zip.sig Public keys: https://www.mediawiki.org/keys/keys.html

5 months, 3 weeks

Security and maintenance release: 1.35.8 / 1.37.4 / 1.38.3

by Sam Reed

5 months, 3 weeks

Security pre-release announcement: 1.35.8 / 1.37.5 / 1.38.3

by Sam Reed

Hi all, On Thursday we will be issuing a security and maintenance release to all supported branches of MediaWiki. The new releases will be: - 1.35.8 - 1.37.5 - 1.38.3 This will resolve three low priority issues in MediaWiki core along with bug fixes included for maintenance reasons. This includes various patches for PHP 8.0 and PHP 8.1 support. We will make the fixes available in the respective release branches (plus 1.39 which is currently in release candidate status) and master in git. Tarballs will be available for the above mentioned point releases as well. A summary of some of the security fixes that have gone into non-bundled MediaWiki extensions will also follow later. As a reminder, 1.37 is due to become end of life (EOL) in November 2022. 1.37.5 is expected to be the last release for this branch. It is recommended to upgrade to 1.38, or to 1.39 (the next LTS after 1.35) due to be released in November 2022. [1] https://www.mediawiki.org/wiki/Version_lifecycle

5 months, 3 weeks

Jump to page:

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

MediaWiki-announce