>
> If the developer setting $wgUseXssLanguage is set to true, then an “x-xss”
> language code becomes available and can be selected with *?uselang=x-xss*
> in the URL. When using this language code, all messages become “malicious”:
> every message is replaced by a snippet of HTML that tries to run alert('
> *message-key*').
Clever feature - this will be great for testing. Thank you!
-Yaron
--
WikiWorks · MediaWiki Consulting · http://wikiworks.com
Hi all,
On Thursday we will be issuing a security and maintenance release to all
supported branches of MediaWiki.
The new releases will be:
- 1.35.12
- 1.39.5
- 1.40.1
This will resolve four security issues in MediaWiki core, two in a bundled
skin, along with bug fixes included for maintenance reasons. This includes
various patches for PHP 8.0, PHP 8.1 and PHP 8.2 support.
One issue in a bundled skin only affects MediaWiki 1.40 and master, the
other bundled skin issue affects MediaWiki 1.39, 1.40 and master.
A partial fix for one of the skin issues is already merged into the
relevant release branch.
One more minor security fix was merged in public after the releases of
1.35.11/1.38.7/1.39.4/1.40.0.
We will make the fixes available in the respective release branches and
master in git. Tarballs will be available for the above mentioned point
releases as well.
A summary of some of the security fixes that have gone into non-bundled
MediaWiki extensions will also follow later.
As a reminder, when 1.35 was released, it was originally due to become end
of life (EOL) at the end of September 2023. Due to 1.39 being released late
(November 2022), and to honor the commitment to the 1 year overlap of
MediaWiki LTS releases, this formal EOL process is being delayed till at
least the end of November 2023.
In practice, this may become sometime in December 2023, to coincide with
the security and maintenance release for that quarter. A formal EOL
announcement for 1.35 will come in advance of that point.
It is therefore expected that 1.35.13 in December 2023 will become the
final release for the 1.35 branch.
It is noted that support and CI for 1.35 is becoming more limited;
backports are becoming best-effort. Browser testing has been dropped for
1.35 in Wikimedia CI, due to the difficulties to support this.
It is strongly recommended to upgrade to 1.39 (the next LTS after 1.35),
which will be supported until November 2025, or 1.40, which will be
supported until June 2024.
[1] https://www.mediawiki.org/wiki/Version_lifecycle
Hi everybody,
TL;DR We would like users of ORES models to migrate to our new open source
ML infrastructure, Lift Wing, within the next five months. We are available
to help you do that, from advice to making code commits. It is important to
note: All ML models currently accessible on ORES are also currently
accessible on Lift Wing.
As part of the Machine Learning Modernization Project (
https://www.mediawiki.org/wiki/Machine_Learning/Modernization), the Machine
Learning team has deployed a Wikimedia’s new machine learning inference
infrastructure, called Lift Wing (
https://wikitech.wikimedia.org/wiki/Machine_Learning/LiftWing). Lift Wing
brings a lot of new features such as support for GPU-based models, open
source LLM hosting, auto-scaling, stability, and ability to host a larger
number of models.
With the creation of Lift Wing, the team is turning its attention to
deprecating the current machine learning infrastructure, ORES. ORES served
us really well over the years, it was a successful project but it came
before radical changes in technology like Docker, Kubernetes and more
recently MLOps. The servers that run ORES are at the end of their planned
lifespan and so to save cost we are going to shut them down in early 2024.
We have outlined a deprecation path on Wikitech (
https://wikitech.wikimedia.org/wiki/ORES), please read the page if you are
a maintainer of a tool or code that uses the ORES endpoint
https://ores.wikimedia.org/). If you have any doubt or if you need
assistance in migrating to Lift Wing, feel free to contact the ML team via:
- Email: ml(a)wikimedia.org
- Phabricator: #Machine-Learning-Team tag
- IRC (Libera): #wikimedia-ml
The Machine Learning team is available to help projects migrate, from
offering advice to making code commits. We want to make this as easy as
possible for folks.
High Level timeline:
**By September 30th 2023: *Infrastructure powering the ORES API endpoint
will be migrated from ORES to Lift Wing. For users, the API endpoint will
remain the same, and most users won’t notice any change. Rather just the
backend services powering the endpoint will change.
Details: We'd like to add a DNS CNAME that points ores.wikimedia.org to
ores-legacy.wikimedia.org, a new endpoint that offers a almost complete
replacement of the ORES API calling Lift Wing behind the scenes. In an
ideal world we'd migrate all tools to Lift Wing before decommissioning the
infrastructure behind ores.wikimedia.org, but it turned out to be really
challenging so to avoid disrupting users we chose to implement a transition
layer/API.
To summarize, if you don't have time to migrate before September to Lift
Wing, your code/tool should work just fine on ores-legacy.wikimedia.org and
you'll not have to change a line in your code thanks to the DNS CNAME. The
ores-legacy endpoint is not a 100% replacement for ores, we removed some
very old and not used features, so we highly recommend at least test the
new endpoint for your use case to avoid surprises when we'll make the
switch. In case you find anything weird, please report it to us using the
aforementioned channels.
**September to January: *We will be reaching out to every user of ORES we
can identify and working with them to make the migration process as easy as
possible.
**By January 2024: *If all goes well, we would like zero traffic on the
ORES API endpoint so we can turn off the ores-legacy API.
If you want more information about Lift Wing, please check
https://wikitech.wikimedia.org/wiki/Machine_Learning/LiftWing
Thanks in advance for the patience and the help!
Regards,
The Machine Learning Team
Hey all,
This is a quick note to highlight that in six weeks' time, the REL1_41
branch will be created for MediaWiki core and each of the extensions and
skins in Wikimedia git, with some (the 'tarball') included as sub-modules
of MediaWiki itself[0]. This is the first step in the release process for
MediaWiki 1.41, which should be out in May 2023, approximately six months
after MediaWiki 1.40.
The branches will reflect the code as of the last 'alpha' branch for the
release, 1.41.0-wmf.30, which will be deployed to Wikimedia wikis in the
week beginning 10 October 2023 for MediaWiki itself and those extensions
and skins available there.
After that point, patches that land in the main development branch of
MediaWiki and its bundled extensions and skins will be instead be slated
for the MediaWiki 1.42 release unless specifically backported[1].
If you are working on a new feature that you wish to land for the release,
you now have a few days to finish your work and land it in the development
branch; feature changes should not be backported except in an urgent case.
If your work might not be complete in time, and yet should block release
for everyone else, please file a task against the `mw-1.41-release` project
on Phabricator.[2]
If you have tickets that are already tagged for `mw-1.41-release`, please
finish them, untag them, or reach out to get them resolved in the next few
weeks.
We hope to issue the first release candidate, 1.41.0-rc.0, two weeks after
the branch point, and if all goes well, to release MediaWiki 1.41.0 a few
weeks after that.
Tyler Cipriani (he/him)
Engineering Manager, Release Engineering
Wikimedia Foundation
[0]: <https://www.mediawiki.org/wiki/Bundled_extensions_and_skins>
[1]: <https://www.mediawiki.org/wiki/Backporting_fixes>
[2]: <https://phabricator.wikimedia.org/tag/mw-1.41-release/>
Hello!
We're excited to invite you to our Mobile Apps Team online meeting. This is
a great opportunity to learn about the latest developments in Wikipedia's
mobile apps and engage with the team.
Date: 27th October
Time: 5 p.m. UTC
Meeting Link: https://wikimedia.zoom.us/j/83695206107
Our host, Jazmin Tanner <https://meta.wikimedia.org/wiki/User:JTanner_(WMF)>,
Product Manager of the Apps Team
<https://www.mediawiki.org/wiki/Wikimedia_Apps/Team>, and our software
engineers will be there to provide updates, answer your questions, and hear
your suggestions.
Agenda:
Mobile app updates
Q&A session
Share your thoughts
Contribute by posting your questions and insights about Wikipedia’s mobile
apps on the Wikimedia Apps/Office Hours page on mediawiki.org
<https://www.mediawiki.org/wiki/Wikimedia_Apps/Office_Hours#:~:text=edit%20s…>.
The deadline for input is 24th October at 12:00 UTC.
We can provide Arabic and French interpretations if we get +7 sign-ups for
each language by 3rd October on the same link.
Also, for a one-day reminder before the meeting, add your username.
Please help us spread the word to interested developers in Android, iOS
Wikipedia mobile apps, and Commons. We value your contribution to the
Wikimedia community and look forward to your active participation in this
meeting!
Respectfully,
*Amal Ramadan* (She\Her)
Sr. Community Relations Specialist
Wikimedia Foundation <https://wikimediafoundation.org/>
Hi all,
For your information, as part of the September 2023 datacenter switchover
<https://wikitech.wikimedia.org/wiki/Switch_Datacenter>, the primary
maintenance server is now mwmaint2002.codfw.wmnet.
If you use the alias maintenance.eqiad.wmnet, please note that the host key
has changed.You may want to run wmf-update-known-hosts-production.
Please reach out if you encounter any issue, either by responding to this
email, or by filing a sub-task to https://phabricator.wikimedia.org/T346474.
Thanks,
Kamila Součková (they/them)
Senior SRE
Wikimedia Foundation
Hello everyone,
TLDR; Wikimedia is participating in the Outreachy Round 27 internship
program <https://www.mediawiki.org/wiki/Outreachy/Round_27 > [1].
Outreachy's goal is to support people from groups underrepresented in the
technology industry. Interns will work remotely with mentors from our
community. We are seeking mentors to propose projects that Outreachy
interns can work on during their internship. If you have some ideas for coding
or non-coding (design, documentation, translation, outreach, research)
projects, share them by Sept. 29, 2023 at 4 pm UTC here as a subtask of
this parent task: <https://phabricator.wikimedia.org/T343871 > [2]
Program Timeline
As a mentor, you engage potential candidates in the application period
between October–November (winter round) and help them make small
contributions to your project. You work more closely with the accepted
candidates during the internship period between December–March (winter
round).
Important dates are:
-
Aug. 22, 2023 at 4pm UTC - Live Q&A for Outreachy mentors
<https://www.youtube.com/@outreachyinternships>
-
September 29, 2023 at 4pm UTC - Project submission deadline
<https://www.outreachy.org/communities/cfp/wikimedia/>
Guidelines for Crafting Project Proposals
* Follow this task description template when you propose a project in
Phabricator: <
https://phabricator.wikimedia.org/tag/outreach-programs-projects> [3]. You
can also use this workboard to pick an idea if you don't have one already.
Add #Outreachy (Round 27) tag.
* Project should require an experienced developer ~15 days and a newcomer
~3 months to complete.
* Each project should have at least two mentors, including one with a
technical background.
* Ideally, the project has no tight deadlines, a moderate learning curve,
and fewer dependencies on Wikimedia's core infrastructure. Projects
addressing the needs of a language community are most welcome.
Learn more about the roles and responsibilities of mentors on
MediaWiki.org: <https://www.mediawiki.org/wiki/Outreachy/Mentors> [4][5]
Cheers,
Onyinye & Sheila (Wikimedia Org Admins for Outreachy Round 27)
[1] https://www.mediawiki.org/wiki/Outreachy/Round_27
[2] https://phabricator.wikimedia.org/T343871
[3] https://phabricator.wikimedia.org/tag/outreach-programs-projects/
[4] https://www.mediawiki.org/wiki/Outreachy/Mentors
[ 5] https://www.outreachy.org/mentor/mentor-faq