I am happy to announce the belated availability of the general release of MediaWiki 1.35!
Tarballs have already been uploaded, and the git tag has been pushed.
Thanks to everyone who helped out with this release, especially thanks to those who tested out the release candidates and provided feedback, as well as the developers who worked hard to get several important fixes merged in time for the 1.35 final release. To see what's changed in 1.35, see the release notes below.
Please note that the PHP version requirement has been raised from 7.2.9 in MediaWiki 1.34 (and 7.0 in MediaWiki 1.31), to 7.3.19.
MediaWiki 1.35 is an LTS and is due to be supported until the end of September 2023.
As a reminder, 1.31 is due to become end of life in June 2021. 1.34 is due to become end of life in November 2020.
As per the pre-release announcement, 1.35.0 also includes some security fixes that weren't in the release candidates, which came out yesterday for the ther supported MediaWiki branches.
Known/outstanding issues: * VisualEditor and Parsoid are now bundled in the tarball and no longer need a separate Node.js service. The documentation for this still may still require some updates. Please report any bugs [2] if this affects you. * (T259685) Zeroconf (zero-configuration) VisualEditor/Parsoid doesn't work using SQLite as the database backend for MediaWiki. This is due to the lack of write concurrency in SQLite. If you wish to use this feature, it is recommended to use MySQL/MariaDB rather than SQLite. * Watchlist expiry (behind the $wgWatchlistExpiry flag) is currently still experimental. It should become stable in a later point release. Please report any issues/bugs [3].
== Security fixes == * (T232568, CVE-2020-25813) SECURITY: SpecialUserrights: If a viewer lacks `hideuser`, ignore hidden users. * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on Special:Contributions. * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within LogEventsList. * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking firejail's --output functionality. * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and 'style' attribute. * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in mw.message( ... ).parse(). * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct database. * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used. * (T251661, CVE-2020-25827) SECURITY: TOTP throttle not enforced cross-wiki.
== Links to all mentioned tasks == * https://phabricator.wikimedia.org/T232568 * https://phabricator.wikimedia.org/T255918 * https://phabricator.wikimedia.org/T256171 * https://phabricator.wikimedia.org/T258763 * https://phabricator.wikimedia.org/T86738 * https://phabricator.wikimedia.org/T115888 * https://phabricator.wikimedia.org/T260485 * https://phabricator.wikimedia.org/T251661
=== Changes since MediaWiki 1.35.0-rc.3 === * (T261258) Remove checks for ancient ImageMagick versions in BitmapHandler. * (T260232) Don't include null page ids in query list for category dumps. * (T260009) Check existing watchitem when saving action=watch. * (T259055) Correct success messages for action=watch. * mediawiki.page.ready: Simpler tablesorter/makeCollapsible call. * mediawiki.page.ready: Fix skin override config flags, wrong way round. * (T262175, T248512) Remove requirement for ApiWatchlistTrait to be in ApiBase. * (T259053, T260434) Watchlist: Fix updateWatchLink removing css class when action=watch. * (T261901, T261476) mediawiki.notification: Don't close notif when clicking <select> element. * (T251506) Sanitizer: Truncate IDs to a reasonable length. * (T259452) Parsoid updated to v0.12.0. * (T261970) watch.ajax: Add expiry support to watchpage.mw event. * (T262900) Fix failure of rebuildLocalisationCache.php due to ResourceLoader hook. * (T263014) Hard deprecate File::userCan() with $user=null. * (T262547) Use localized success message after watching via action=watch. * (T201491) Fix typo 'Watchlst' in `apihelp-edit-param-watchlistexpiry`. * (T261081) Installer: consistently reset Language objects. * (T250449, T250450) Installer: consistently reset Language objects. * Explicitly wrap some XML calls in libxml_disable_entity_loader(). * (T262934) Ensure dropdown label is always on its own line. * (T246855) resourceloader: Use a local HookRunner. * (T263604) Have findBadBlobs.php require Maintenance.php rather than cleanupTable.inc. * (T263606) Set fake time, to avoid flaky tests. * (T261325) Add FindMissingActors script. * (T262364) shell: Don't blacklist /run/firejail. * (T263655) NewPagesPager: Ignore nonexistent namespaces. * Update specialPageAliases and magicWords for Egyptian Arabic (arz). * (T261347) ParserOutput: don't throw on bad editsection. * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on Special:Contributions. * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within LogEventsList. * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking firejail's --output functionality. * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and 'style' attribute. * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in mw.message( ... ).parse(). * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct database. * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used. * Add Finnish special page aliases. * Fix GuzzleHttpRequest request headers. * Fix description for pruneFileCache.php. * emptyUserGroup.php: handle more than 5000 users. * Make ApiSandbox copyable URL absolute. * (T261087) Add a link from a deleted page to that page's logs.
Open Bugs: [1] https://phabricator.wikimedia.org/project/board/4035/
Bug report form: [2] https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-R...
[3] https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-R...
********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz
Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz
Patch to previous version (1.35.0-rc.3): https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz
GPG signatures: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz.s... https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz.sig
Public keys: https://www.mediawiki.org/keys/keys.html
Release Notes https://www.mediawiki.org/wiki/Release_notes/1.35
This is great, thank you!
As an LTS user, does anybody know about an overview what has changed since 1.31 LTS?
Would be a great help to have some information about differences/new features/breakting changes between LTS versions and maybe also specific upgrade instructions.
regards, Bernhard
----- Am 25. Sep 2020 um 18:19 schrieb Sam Reed reedy@wikimedia.org:
I am happy to announce the belated availability of the general release of MediaWiki 1.35!
Tarballs have already been uploaded, and the git tag has been pushed.
Thanks to everyone who helped out with this release, especially thanks to those who tested out the release candidates and provided feedback, as well as the developers who worked hard to get several important fixes merged in time for the 1.35 final release. To see what's changed in 1.35, see the release notes below.
Please note that the PHP version requirement has been raised from 7.2.9 in MediaWiki 1.34 (and 7.0 in MediaWiki 1.31), to 7.3.19.
MediaWiki 1.35 is an LTS and is due to be supported until the end of September 2023.
As a reminder, 1.31 is due to become end of life in June 2021. 1.34 is due to become end of life in November 2020.
As per the pre-release announcement, 1.35.0 also includes some security fixes that weren't in the release candidates, which came out yesterday for the ther supported MediaWiki branches.
Known/outstanding issues:
- VisualEditor and Parsoid are now bundled in the tarball and no longer need a
separate Node.js service. The documentation for this still may still require some updates. Please report any bugs [2] if this affects you.
- (T259685) Zeroconf (zero-configuration) VisualEditor/Parsoid doesn't work
using SQLite as the database backend for MediaWiki. This is due to the lack of write concurrency in SQLite. If you wish to use this feature, it is recommended to use MySQL/MariaDB rather than SQLite.
- Watchlist expiry (behind the $wgWatchlistExpiry flag) is currently still
experimental. It should become stable in a later point release. Please report any issues/bugs [3].
== Security fixes ==
- (T232568, CVE-2020-25813) SECURITY: SpecialUserrights: If a viewer lacks
`hideuser`, ignore hidden users.
- (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on
Special:Contributions.
- (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within
LogEventsList.
- (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking
firejail's --output functionality.
- (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and
'style' attribute.
- (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in mw.message(
... ).parse().
- (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct
database.
- (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used.
- (T251661, CVE-2020-25827) SECURITY: TOTP throttle not enforced cross-wiki.
== Links to all mentioned tasks ==
https://phabricator.wikimedia.org/T232568 ]
https://phabricator.wikimedia.org/T255918 ]
https://phabricator.wikimedia.org/T256171 ]
https://phabricator.wikimedia.org/T258763 ]
https://phabricator.wikimedia.org/T86738 ]
https://phabricator.wikimedia.org/T115888 ]
=== Changes since MediaWiki 1.35.0-rc.3 ===
- (T261258) Remove checks for ancient ImageMagick versions in BitmapHandler.
- (T260232) Don't include null page ids in query list for category dumps.
- (T260009) Check existing watchitem when saving action=watch.
- (T259055) Correct success messages for action=watch.
- mediawiki.page.ready: Simpler tablesorter/makeCollapsible call.
- mediawiki.page.ready: Fix skin override config flags, wrong way round.
- (T262175, T248512) Remove requirement for ApiWatchlistTrait to be in ApiBase.
- (T259053, T260434) Watchlist: Fix updateWatchLink removing css class when
action=watch.
- (T261901, T261476) mediawiki.notification: Don't close notif when clicking
<select> element.
- (T251506) Sanitizer: Truncate IDs to a reasonable length.
- (T259452) Parsoid updated to v0.12.0.
- (T261970) watch.ajax: Add expiry support to [ http://watchpage.mw/ |
watchpage.mw ] event.
- (T262900) Fix failure of rebuildLocalisationCache.php due to ResourceLoader
hook.
- (T263014) Hard deprecate File::userCan() with $user=null.
- (T262547) Use localized success message after watching via action=watch.
- (T201491) Fix typo 'Watchlst' in `apihelp-edit-param-watchlistexpiry`.
- (T261081) Installer: consistently reset Language objects.
- (T250449, T250450) Installer: consistently reset Language objects.
- Explicitly wrap some XML calls in libxml_disable_entity_loader().
- (T262934) Ensure dropdown label is always on its own line.
- (T246855) resourceloader: Use a local HookRunner.
- (T263604) Have findBadBlobs.php require Maintenance.php rather than
cleanupTable.inc.
- (T263606) Set fake time, to avoid flaky tests.
- (T261325) Add FindMissingActors script.
- (T262364) shell: Don't blacklist /run/firejail.
- (T263655) NewPagesPager: Ignore nonexistent namespaces.
- Update specialPageAliases and magicWords for Egyptian Arabic (arz).
- (T261347) ParserOutput: don't throw on bad editsection.
- (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on
Special:Contributions.
- (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within
LogEventsList.
- (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking
firejail's --output functionality.
- (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and
'style' attribute.
- (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in mw.message(
... ).parse().
- (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct
database.
- (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used.
- Add Finnish special page aliases.
- Fix GuzzleHttpRequest request headers.
- Fix description for pruneFileCache.php.
- emptyUserGroup.php: handle more than 5000 users.
- Make ApiSandbox copyable URL absolute.
- (T261087) Add a link from a deleted page to that page's logs.
Open Bugs: [1] [ https://phabricator.wikimedia.org/project/board/4035/ | https://phabricator.wikimedia.org/project/board/4035/ ]
Bug report form: [2] [ https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-R... | https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-R... ]
[3] [ https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-R... | https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-R... ]
Download: [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz | https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz ]
Download without bundled extensions: [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz | https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz ]
Patch to previous version (1.35.0-rc.3): [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz | https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz ]
GPG signatures: [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz.s... | https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz.s... ] [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz.sig | https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz.sig ] [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz.sig | https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz.sig ]
Public keys: [ https://www.mediawiki.org/keys/keys.html | https://www.mediawiki.org/keys/keys.html ]
Release Notes [ https://www.mediawiki.org/wiki/Release_notes/1.35 | https://www.mediawiki.org/wiki/Release_notes/1.35 ]
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On Wed, Sep 30, 2020 at 2:51 AM Krabina Bernhard krabina@kdz.or.at wrote:
This is great, thank you!
As an LTS user, does anybody know about an overview what has changed since 1.31 LTS?
Would be a great help to have some information about differences/new features/breakting changes between LTS versions and maybe also specific upgrade instructions.
From https://www.mediawiki.org/wiki/Release_notes you can find these links:
* https://www.mediawiki.org/wiki/Release_notes/1.32 * https://www.mediawiki.org/wiki/Release_notes/1.33 * https://www.mediawiki.org/wiki/Release_notes/1.34 * https://www.mediawiki.org/wiki/Release_notes/1.35
Bryan
Hello,
Apologies in advance if this has been discussed. I have just subscribed to this list.
A number of users have complained about VisualEditor not working out-of-the-box for MW 1.35.0 (even on fresh install). [1][2][3]
Is this a known issue (i.e. actually a bug)? And has a solution been shared yet?
Sorry if this is the wrong place. It just seems (to me) like it is not accepted as an actual bug yet, despite a number of feedbacks. Feel free to reply to the onsite pages.
[1] https://phabricator.wikimedia.org/T263928 [2] https://www.mediawiki.org/wiki/Extension_talk:VisualEditor [3] https://www.mediawiki.org/wiki/Project:Support_desk
Yours truly,
Rehmanhttps://en.wikipedia.org/wiki/User:Rehman
________________________________ From: MediaWiki-announce mediawiki-announce-bounces@lists.wikimedia.org on behalf of Sam Reed reedy@wikimedia.org Sent: 25 September 2020 21:49 To: MediaWiki announcements and site admin list mediawiki-l@lists.wikimedia.org; mediawiki-announce@lists.wikimedia.org mediawiki-announce@lists.wikimedia.org; wikitech-l@lists.wikimedia.org wikitech-l@lists.wikimedia.org Subject: [MediaWiki-announce] Announcing MediaWiki 1.35.0
I am happy to announce the belated availability of the general release of MediaWiki 1.35!
Tarballs have already been uploaded, and the git tag has been pushed.
Thanks to everyone who helped out with this release, especially thanks to those who tested out the release candidates and provided feedback, as well as the developers who worked hard to get several important fixes merged in time for the 1.35 final release. To see what's changed in 1.35, see the release notes below.
Please note that the PHP version requirement has been raised from 7.2.9 in MediaWiki 1.34 (and 7.0 in MediaWiki 1.31), to 7.3.19.
MediaWiki 1.35 is an LTS and is due to be supported until the end of September 2023.
As a reminder, 1.31 is due to become end of life in June 2021. 1.34 is due to become end of life in November 2020.
As per the pre-release announcement, 1.35.0 also includes some security fixes that weren't in the release candidates, which came out yesterday for the ther supported MediaWiki branches.
Known/outstanding issues: * VisualEditor and Parsoid are now bundled in the tarball and no longer need a separate Node.js service. The documentation for this still may still require some updates. Please report any bugs [2] if this affects you. * (T259685) Zeroconf (zero-configuration) VisualEditor/Parsoid doesn't work using SQLite as the database backend for MediaWiki. This is due to the lack of write concurrency in SQLite. If you wish to use this feature, it is recommended to use MySQL/MariaDB rather than SQLite. * Watchlist expiry (behind the $wgWatchlistExpiry flag) is currently still experimental. It should become stable in a later point release. Please report any issues/bugs [3].
== Security fixes == * (T232568, CVE-2020-25813) SECURITY: SpecialUserrights: If a viewer lacks `hideuser`, ignore hidden users. * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on Special:Contributions. * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within LogEventsList. * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking firejail's --output functionality. * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and 'style' attribute. * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in mw.message( ... ).parse(). * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct database. * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used. * (T251661, CVE-2020-25827) SECURITY: TOTP throttle not enforced cross-wiki.
== Links to all mentioned tasks == * https://phabricator.wikimedia.org/T232568 * https://phabricator.wikimedia.org/T255918 * https://phabricator.wikimedia.org/T256171 * https://phabricator.wikimedia.org/T258763 * https://phabricator.wikimedia.org/T86738 * https://phabricator.wikimedia.org/T115888 * https://phabricator.wikimedia.org/T260485 * https://phabricator.wikimedia.org/T251661
=== Changes since MediaWiki 1.35.0-rc.3 === * (T261258) Remove checks for ancient ImageMagick versions in BitmapHandler. * (T260232) Don't include null page ids in query list for category dumps. * (T260009) Check existing watchitem when saving action=watch. * (T259055) Correct success messages for action=watch. * mediawiki.page.ready: Simpler tablesorter/makeCollapsible call. * mediawiki.page.ready: Fix skin override config flags, wrong way round. * (T262175, T248512) Remove requirement for ApiWatchlistTrait to be in ApiBase. * (T259053, T260434) Watchlist: Fix updateWatchLink removing css class when action=watch. * (T261901, T261476) mediawiki.notification: Don't close notif when clicking <select> element. * (T251506) Sanitizer: Truncate IDs to a reasonable length. * (T259452) Parsoid updated to v0.12.0. * (T261970) watch.ajax: Add expiry support to watchpage.mw event. * (T262900) Fix failure of rebuildLocalisationCache.php due to ResourceLoader hook. * (T263014) Hard deprecate File::userCan() with $user=null. * (T262547) Use localized success message after watching via action=watch. * (T201491) Fix typo 'Watchlst' in `apihelp-edit-param-watchlistexpiry`. * (T261081) Installer: consistently reset Language objects. * (T250449, T250450) Installer: consistently reset Language objects. * Explicitly wrap some XML calls in libxml_disable_entity_loader(). * (T262934) Ensure dropdown label is always on its own line. * (T246855) resourceloader: Use a local HookRunner. * (T263604) Have findBadBlobs.php require Maintenance.php rather than cleanupTable.inc. * (T263606) Set fake time, to avoid flaky tests. * (T261325) Add FindMissingActors script. * (T262364) shell: Don't blacklist /run/firejail. * (T263655) NewPagesPager: Ignore nonexistent namespaces. * Update specialPageAliases and magicWords for Egyptian Arabic (arz). * (T261347) ParserOutput: don't throw on bad editsection. * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on Special:Contributions. * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within LogEventsList. * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking firejail's --output functionality. * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and 'style' attribute. * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in mw.message( ... ).parse(). * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct database. * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used. * Add Finnish special page aliases. * Fix GuzzleHttpRequest request headers. * Fix description for pruneFileCache.php. * emptyUserGroup.php: handle more than 5000 users. * Make ApiSandbox copyable URL absolute. * (T261087) Add a link from a deleted page to that page's logs.
Open Bugs: [1] https://phabricator.wikimedia.org/project/board/4035/
Bug report form: [2] https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-R...
[3] https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-R...
********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz
Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz
Patch to previous version (1.35.0-rc.3): https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz
GPG signatures: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz.s... https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz.sig
Public keys: https://www.mediawiki.org/keys/keys.html
Release Notes https://www.mediawiki.org/wiki/Release_notes/1.35 _______________________________________________ MediaWiki announcements mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
On 2020-10-14 13:56, Rehman Abubakr wrote:
A number of users have complained about VisualEditor not working out-of-the-box for MW 1.35.0 (even on fresh install). [1][2][3]
Is this a known issue (i.e. actually a bug)? And has a solution been shared yet?
Sorry if this is the wrong place. It just seems (to me) like it is not accepted as an actual bug yet, despite a number of feedbacks. Feel free to reply to the onsite pages.
My impression has been that if you have the simplest possible setup, then everything does work out-of-the-box.
But if you have configured any of many reasonable things (e.g. you have some hardened security settings, or you're running multiple wikis, or you have a caching proxy in front of your site), then you might also need to configure VisualEditor with that in mind.
Unfortunately our documentation for configuring VisualEditor is lacking. You could probably consider that a bug, even if most of the issues being reported don't actually require any code changes on our side to fix.
Thanks for the reply.
I had purchased the domain/hosting purely to test MW before I do a demo for a company to install a private instance.
Hence, the setup is as basic as it could be. Nothing has been modified beyond the defaults.
Yours truly,
Rehmanhttps://en.wikipedia.org/wiki/User:Rehman
________________________________ From: MediaWiki-l mediawiki-l-bounces@lists.wikimedia.org on behalf of Bartosz Dziewoński matma.rex@gmail.com Sent: 14 October 2020 18:14 To: mediawiki-l@lists.wikimedia.org mediawiki-l@lists.wikimedia.org Subject: Re: [MediaWiki-l] Issue with VisualEditor on MediaWiki 1.35
On 2020-10-14 13:56, Rehman Abubakr wrote:
A number of users have complained about VisualEditor not working out-of-the-box for MW 1.35.0 (even on fresh install). [1][2][3]
Is this a known issue (i.e. actually a bug)? And has a solution been shared yet?
Sorry if this is the wrong place. It just seems (to me) like it is not accepted as an actual bug yet, despite a number of feedbacks. Feel free to reply to the onsite pages.
My impression has been that if you have the simplest possible setup, then everything does work out-of-the-box.
But if you have configured any of many reasonable things (e.g. you have some hardened security settings, or you're running multiple wikis, or you have a caching proxy in front of your site), then you might also need to configure VisualEditor with that in mind.
Unfortunately our documentation for configuring VisualEditor is lacking. You could probably consider that a bug, even if most of the issues being reported don't actually require any code changes on our side to fix.
-- Bartosz Dziewoński
_______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
For private instances, it won't work out of the box. You need to manually configure your LocalSettings.php.
See https://www.mediawiki.org/wiki/Extension:VisualEditor#Linking_with_Parsoid_i...
-Subbu.
On 10/14/20 7:54 AM, Rehman Abubakr wrote:
Thanks for the reply.
I had purchased the domain/hosting purely to test MW before I do a demo for a company to install a private instance.
Hence, the setup is as basic as it could be. Nothing has been modified beyond the defaults.
Yours truly,
*Rehman https://en.wikipedia.org/wiki/User:Rehman*
*From:* MediaWiki-l mediawiki-l-bounces@lists.wikimedia.org on behalf of Bartosz Dziewoński matma.rex@gmail.com *Sent:* 14 October 2020 18:14 *To:* mediawiki-l@lists.wikimedia.org mediawiki-l@lists.wikimedia.org *Subject:* Re: [MediaWiki-l] Issue with VisualEditor on MediaWiki 1.35 On 2020-10-14 13:56, Rehman Abubakr wrote:
A number of users have complained about VisualEditor not working out-of-the-box for MW 1.35.0 (even on fresh install). [1][2][3]
Is this a known issue (i.e. actually a bug)? And has a solution been shared yet?
Sorry if this is the wrong place. It just seems (to me) like it is not accepted as an actual bug yet, despite a number of feedbacks. Feel free to reply to the onsite pages.
My impression has been that if you have the simplest possible setup, then everything does work out-of-the-box.
But if you have configured any of many reasonable things (e.g. you have some hardened security settings, or you're running multiple wikis, or you have a caching proxy in front of your site), then you might also need to configure VisualEditor with that in mind.
Unfortunately our documentation for configuring VisualEditor is lacking. You could probably consider that a bug, even if most of the issues being reported don't actually require any code changes on our side to fix.
-- Bartosz Dziewoński
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Hi Subbu,
Thank you for replying.
I'm afraid the result is the same. I've first tried adding the blue bit, outcome was same. Then tried red bit, same. And then both, same.
$wgVirtualRestConfig['modules']['parsoid']['forwardCookies'] = true;
$PARSOID_INSTALL_DIR = 'vendor/wikimedia/parsoid'; # bundled copy #$PARSOID_INSTALL_DIR = '/my/path/to/git/checkout/of/Parsoid';
// For developers: ensure Parsoid is executed from $PARSOID_INSTALL_DIR, // (not the version included in mediawiki-core by default) // Must occur *before* wfLoadExtension() if ( $PARSOID_INSTALL_DIR !== 'vendor/wikimedia/parsoid' ) { AutoLoader::$psr4Namespaces += [ // Keep this in sync with the "autoload" clause in // $PARSOID_INSTALL_DIR/composer.json 'Wikimedia\Parsoid\' => "$PARSOID_INSTALL_DIR/src", ]; }
wfLoadExtension( 'Parsoid', "$PARSOID_INSTALL_DIR/extension.json" );
# Manually configure Parsoid $wgVisualEditorParsoidAutoConfig = false; $wgParsoidSettings = [ 'useSelser' => true, 'rtTestMode' => false, 'linting' => false, ]; $wgVirtualRestConfig['modules']['parsoid'] = [];
The blue code is from your link. And the red code is from the footnote link within your link.
For a basic freshly-installed private wiki, in order to use the bundled VisualEditor feature, what code do you suggest please?
Yours truly,
Rehmanhttps://en.wikipedia.org/wiki/User:Rehman
________________________________ From: Subramanya Sastry ssastry@wikimedia.org Sent: 15 October 2020 18:36 To: MediaWiki announcements and site admin list mediawiki-l@lists.wikimedia.org; Rehman Abubakr rehman.wikimedia@live.com Subject: Re: [MediaWiki-l] Issue with VisualEditor on MediaWiki 1.35
For private instances, it won't work out of the box. You need to manually configure your LocalSettings.php.
See https://www.mediawiki.org/wiki/Extension:VisualEditor#Linking_with_Parsoid_i...
-Subbu.
On 10/14/20 7:54 AM, Rehman Abubakr wrote: Thanks for the reply.
I had purchased the domain/hosting purely to test MW before I do a demo for a company to install a private instance.
Hence, the setup is as basic as it could be. Nothing has been modified beyond the defaults.
Yours truly,
Rehmanhttps://en.wikipedia.org/wiki/User:Rehman
________________________________ From: MediaWiki-l mediawiki-l-bounces@lists.wikimedia.orgmailto:mediawiki-l-bounces@lists.wikimedia.org on behalf of Bartosz Dziewoński matma.rex@gmail.commailto:matma.rex@gmail.com Sent: 14 October 2020 18:14 To: mediawiki-l@lists.wikimedia.orgmailto:mediawiki-l@lists.wikimedia.org mediawiki-l@lists.wikimedia.orgmailto:mediawiki-l@lists.wikimedia.org Subject: Re: [MediaWiki-l] Issue with VisualEditor on MediaWiki 1.35
On 2020-10-14 13:56, Rehman Abubakr wrote:
A number of users have complained about VisualEditor not working out-of-the-box for MW 1.35.0 (even on fresh install). [1][2][3]
Is this a known issue (i.e. actually a bug)? And has a solution been shared yet?
Sorry if this is the wrong place. It just seems (to me) like it is not accepted as an actual bug yet, despite a number of feedbacks. Feel free to reply to the onsite pages.
My impression has been that if you have the simplest possible setup, then everything does work out-of-the-box.
But if you have configured any of many reasonable things (e.g. you have some hardened security settings, or you're running multiple wikis, or you have a caching proxy in front of your site), then you might also need to configure VisualEditor with that in mind.
Unfortunately our documentation for configuring VisualEditor is lacking. You could probably consider that a bug, even if most of the issues being reported don't actually require any code changes on our side to fix.
-- Bartosz Dziewoński
_______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
_______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
It is also hard to say what is going on with your install without more information or error messages.
Looking at https://www.mediawiki.org/wiki/Topic:Vv9zl5e9gre77rgq, it looks like you are also on NameCheap and you might benefit from whatever that other user has tried to get NameCheap to update some security rules. So, let us start there on that Flow thread.
As Bartosz said earlier, our docs don't cover all these various scenarios that users encounter and so most of the problems are related to our missing documentation for these use cases. We are limited in our ability to capture them all and support them all and do rely on users helping each other out.
Anyway, let us move this conversation on the wiki talk page so we can actually look at error messages.
Subbu.
On 10/15/20 8:37 AM, Rehman Abubakr wrote:
Hi Subbu,
Thank you for replying.
I'm afraid the result is the same. I've first tried adding the blue bit, outcome was same. Then tried red bit, same. And then both, same.
$wgVirtualRestConfig['modules']['parsoid']['forwardCookies'] = true; $PARSOID_INSTALL_DIR = 'vendor/wikimedia/parsoid'; # bundled copy #$PARSOID_INSTALL_DIR = '/my/path/to/git/checkout/of/Parsoid'; // For developers: ensure Parsoid is executed from $PARSOID_INSTALL_DIR, // (not the version included in mediawiki-core by default) // Must occur *before* wfLoadExtension() if ( $PARSOID_INSTALL_DIR !== 'vendor/wikimedia/parsoid' ) { AutoLoader::$psr4Namespaces += [ // Keep this in sync with the "autoload" clause in // $PARSOID_INSTALL_DIR/composer.json 'Wikimedia\\Parsoid\\' => "$PARSOID_INSTALL_DIR/src", ]; } wfLoadExtension( 'Parsoid', "$PARSOID_INSTALL_DIR/extension.json" ); # Manually configure Parsoid $wgVisualEditorParsoidAutoConfig = false; $wgParsoidSettings = [ 'useSelser' => true, 'rtTestMode' => false, 'linting' => false, ]; $wgVirtualRestConfig['modules']['parsoid'] = [];
The blue code is from your link. And the red code is from the footnote link within your link.
For a basic freshly-installed private wiki, in order to use the bundled VisualEditor feature, what code do you suggest please?
Yours truly,
*Rehman https://en.wikipedia.org/wiki/User:Rehman*
*From:* Subramanya Sastry ssastry@wikimedia.org *Sent:* 15 October 2020 18:36 *To:* MediaWiki announcements and site admin list mediawiki-l@lists.wikimedia.org; Rehman Abubakr rehman.wikimedia@live.com *Subject:* Re: [MediaWiki-l] Issue with VisualEditor on MediaWiki 1.35
For private instances, it won't work out of the box. You need to manually configure your LocalSettings.php.
See https://www.mediawiki.org/wiki/Extension:VisualEditor#Linking_with_Parsoid_i...
-Subbu.
On 10/14/20 7:54 AM, Rehman Abubakr wrote:
Thanks for the reply.
I had purchased the domain/hosting purely to test MW before I do a demo for a company to install a private instance.
Hence, the setup is as basic as it could be. Nothing has been modified beyond the defaults.
Yours truly,
*Rehman https://en.wikipedia.org/wiki/User:Rehman*
*From:* MediaWiki-l mediawiki-l-bounces@lists.wikimedia.org mailto:mediawiki-l-bounces@lists.wikimedia.org on behalf of Bartosz Dziewoński matma.rex@gmail.com mailto:matma.rex@gmail.com *Sent:* 14 October 2020 18:14 *To:* mediawiki-l@lists.wikimedia.org mailto:mediawiki-l@lists.wikimedia.org mediawiki-l@lists.wikimedia.org mailto:mediawiki-l@lists.wikimedia.org *Subject:* Re: [MediaWiki-l] Issue with VisualEditor on MediaWiki 1.35 On 2020-10-14 13:56, Rehman Abubakr wrote:
A number of users have complained about VisualEditor not working out-of-the-box for MW 1.35.0 (even on fresh install). [1][2][3]
Is this a known issue (i.e. actually a bug)? And has a solution been shared yet?
Sorry if this is the wrong place. It just seems (to me) like it is not accepted as an actual bug yet, despite a number of feedbacks. Feel
free
to reply to the onsite pages.
My impression has been that if you have the simplest possible setup, then everything does work out-of-the-box.
But if you have configured any of many reasonable things (e.g. you have some hardened security settings, or you're running multiple wikis, or you have a caching proxy in front of your site), then you might also need to configure VisualEditor with that in mind.
Unfortunately our documentation for configuring VisualEditor is lacking. You could probably consider that a bug, even if most of the issues being reported don't actually require any code changes on our side to fix.
-- Bartosz Dziewoński
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Dear all,
Thank you for the replies, and all the off-list responses.
The issue is resolved. For me, the cause of the issue is explained at https://www.mediawiki.org/wiki/Topic:Vv9zl5e9gre77rgq
I suspect the other users who faced the same error in similar conditions, may also apply this solution to resolve the issue.
Hope this helps.
Yours truly,
Rehmanhttps://en.wikipedia.org/wiki/User:Rehman
________________________________ From: MediaWiki-l mediawiki-l-bounces@lists.wikimedia.org on behalf of Rehman Abubakr rehman.wikimedia@live.com Sent: 14 October 2020 17:26 To: MediaWiki announcements and site admin list mediawiki-l@lists.wikimedia.org Subject: [MediaWiki-l] Issue with VisualEditor on MediaWiki 1.35
Hello,
Apologies in advance if this has been discussed. I have just subscribed to this list.
A number of users have complained about VisualEditor not working out-of-the-box for MW 1.35.0 (even on fresh install). [1][2][3]
Is this a known issue (i.e. actually a bug)? And has a solution been shared yet?
Sorry if this is the wrong place. It just seems (to me) like it is not accepted as an actual bug yet, despite a number of feedbacks. Feel free to reply to the onsite pages.
[1] https://phabricator.wikimedia.org/T263928 [2] https://www.mediawiki.org/wiki/Extension_talk:VisualEditor [3] https://www.mediawiki.org/wiki/Project:Support_desk
Yours truly,
Rehmanhttps://en.wikipedia.org/wiki/User:Rehman
________________________________ From: MediaWiki-announce mediawiki-announce-bounces@lists.wikimedia.org on behalf of Sam Reed reedy@wikimedia.org Sent: 25 September 2020 21:49 To: MediaWiki announcements and site admin list mediawiki-l@lists.wikimedia.org; mediawiki-announce@lists.wikimedia.org mediawiki-announce@lists.wikimedia.org; wikitech-l@lists.wikimedia.org wikitech-l@lists.wikimedia.org Subject: [MediaWiki-announce] Announcing MediaWiki 1.35.0
I am happy to announce the belated availability of the general release of MediaWiki 1.35!
Tarballs have already been uploaded, and the git tag has been pushed.
Thanks to everyone who helped out with this release, especially thanks to those who tested out the release candidates and provided feedback, as well as the developers who worked hard to get several important fixes merged in time for the 1.35 final release. To see what's changed in 1.35, see the release notes below.
Please note that the PHP version requirement has been raised from 7.2.9 in MediaWiki 1.34 (and 7.0 in MediaWiki 1.31), to 7.3.19.
MediaWiki 1.35 is an LTS and is due to be supported until the end of September 2023.
As a reminder, 1.31 is due to become end of life in June 2021. 1.34 is due to become end of life in November 2020.
As per the pre-release announcement, 1.35.0 also includes some security fixes that weren't in the release candidates, which came out yesterday for the ther supported MediaWiki branches.
Known/outstanding issues: * VisualEditor and Parsoid are now bundled in the tarball and no longer need a separate Node.js service. The documentation for this still may still require some updates. Please report any bugs [2] if this affects you. * (T259685) Zeroconf (zero-configuration) VisualEditor/Parsoid doesn't work using SQLite as the database backend for MediaWiki. This is due to the lack of write concurrency in SQLite. If you wish to use this feature, it is recommended to use MySQL/MariaDB rather than SQLite. * Watchlist expiry (behind the $wgWatchlistExpiry flag) is currently still experimental. It should become stable in a later point release. Please report any issues/bugs [3].
== Security fixes == * (T232568, CVE-2020-25813) SECURITY: SpecialUserrights: If a viewer lacks `hideuser`, ignore hidden users. * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on Special:Contributions. * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within LogEventsList. * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking firejail's --output functionality. * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and 'style' attribute. * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in mw.message( ... ).parse(). * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct database. * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used. * (T251661, CVE-2020-25827) SECURITY: TOTP throttle not enforced cross-wiki.
== Links to all mentioned tasks == * https://phabricator.wikimedia.org/T232568 * https://phabricator.wikimedia.org/T255918 * https://phabricator.wikimedia.org/T256171 * https://phabricator.wikimedia.org/T258763 * https://phabricator.wikimedia.org/T86738 * https://phabricator.wikimedia.org/T115888 * https://phabricator.wikimedia.org/T260485 * https://phabricator.wikimedia.org/T251661
=== Changes since MediaWiki 1.35.0-rc.3 === * (T261258) Remove checks for ancient ImageMagick versions in BitmapHandler. * (T260232) Don't include null page ids in query list for category dumps. * (T260009) Check existing watchitem when saving action=watch. * (T259055) Correct success messages for action=watch. * mediawiki.page.ready: Simpler tablesorter/makeCollapsible call. * mediawiki.page.ready: Fix skin override config flags, wrong way round. * (T262175, T248512) Remove requirement for ApiWatchlistTrait to be in ApiBase. * (T259053, T260434) Watchlist: Fix updateWatchLink removing css class when action=watch. * (T261901, T261476) mediawiki.notification: Don't close notif when clicking <select> element. * (T251506) Sanitizer: Truncate IDs to a reasonable length. * (T259452) Parsoid updated to v0.12.0. * (T261970) watch.ajax: Add expiry support to watchpage.mw event. * (T262900) Fix failure of rebuildLocalisationCache.php due to ResourceLoader hook. * (T263014) Hard deprecate File::userCan() with $user=null. * (T262547) Use localized success message after watching via action=watch. * (T201491) Fix typo 'Watchlst' in `apihelp-edit-param-watchlistexpiry`. * (T261081) Installer: consistently reset Language objects. * (T250449, T250450) Installer: consistently reset Language objects. * Explicitly wrap some XML calls in libxml_disable_entity_loader(). * (T262934) Ensure dropdown label is always on its own line. * (T246855) resourceloader: Use a local HookRunner. * (T263604) Have findBadBlobs.php require Maintenance.php rather than cleanupTable.inc. * (T263606) Set fake time, to avoid flaky tests. * (T261325) Add FindMissingActors script. * (T262364) shell: Don't blacklist /run/firejail. * (T263655) NewPagesPager: Ignore nonexistent namespaces. * Update specialPageAliases and magicWords for Egyptian Arabic (arz). * (T261347) ParserOutput: don't throw on bad editsection. * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on Special:Contributions. * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within LogEventsList. * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking firejail's --output functionality. * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and 'style' attribute. * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in mw.message( ... ).parse(). * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct database. * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used. * Add Finnish special page aliases. * Fix GuzzleHttpRequest request headers. * Fix description for pruneFileCache.php. * emptyUserGroup.php: handle more than 5000 users. * Make ApiSandbox copyable URL absolute. * (T261087) Add a link from a deleted page to that page's logs.
Open Bugs: [1] https://phabricator.wikimedia.org/project/board/4035/
Bug report form: [2] https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-R...
[3] https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-R...
********************************************************************** Download: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz
Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz
Patch to previous version (1.35.0-rc.3): https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz
GPG signatures: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz.s... https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz.sig
Public keys: https://www.mediawiki.org/keys/keys.html
Release Notes https://www.mediawiki.org/wiki/Release_notes/1.35 _______________________________________________ MediaWiki announcements mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
mediawiki-l@lists.wikimedia.org