Current File : //var/softaculous/mw35/changelog.txt
== MediaWiki 1.35.7 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.6 ===
* Localisation updates.
* (T289879) Type hints for ArrayAccess.
* (T304783) TemplateParser: avoid warnings when called by NoLocalSettings.
* Rebuilt vendor with composer 2.3.3.
* (T289879) Address some deprecations for PHP 8.1.
* Fix old_name in UserLogoutComplete hook.
* (T286260, T307979) objectcache: normalize $exptime to a TTL in
APCUBagOStuff/WinCacheBagOStuff.
* MediaSearchWidget should declare an explicit dependency on mediawiki.user
module.
* (T288423) WikiImporter: Replace deprecated WikiRevision::setText.
* (T309377, CVE-2022-29248, T311384, CVE-2022-27776) Updating guzzlehttp/guzzle
(6.5.5 => 6.5.8).
* (T308471) SECURITY: Escape welcomeuser message passed to showSuccessPage().
* (T311272) Call parent constructor of AddSite maintenance script first.
* MediaWiki: Don't eagerly initialize action name.
* (T289926) Avoid passing null to trim() in SkinTemplate.
* (T307282) Avoid passing null to strcasecmp(), for PHP 8.1.
* (T311552) ChangesListSpecialPage: Don't pass null to FormatJson::decode().
* (T311569) FileBackend::isStoragePath() Handle being passed null.
* (T311544) Pass int to ApiUsageException::newWithMessage()'s $httpCode param.
* (T311678) SpecialEditWatchlist: Prevent passing null to strtolower().
* (T281741) ChangeTags: Fix adding CSS classes for hidden tags.
* (T296642) changetags: Fix management of a '0' tag.
* (T311554) ChangeTags: Return early in formatSummaryRow() if $tags === null.
* (T303033) Handle null in ChangeTags::modifyDisplayQuery.
== MediaWiki 1.35.6 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.5 ===
* (T298261) Fix support for Composer 2.2.
* (T298283) composer.json: Add wikimedia/composer-merge-plugin to allow-plugins.
* Update doctrine/dbal (3.0.0 => 3.1.5).
* (T298564) MemcachedClient: Add support for IPv6.
* (T297543, CVE-2022-28202) SECURITY: properly escape output used within galleries and
Special:RevisionDelete.
* (T268847) Suppress deprecation warnings from libxml_disable_entity_loader().
* (T283275) Fix PHP 8.0 failure of WikiExporterFactoryTest.
* (T274966) Upgrading wikimedia/html-formatter (1.0.2 => 2.0.1).
* Fix the json schema and the extension processor for Parsoid extension modules.
* (T299696) update.php: Avoid passing null to substr.
* In PHP 8.1 don't throw exceptions from mysqli.
* (T289926) SiteConfiguration: Don't pass null to str_replace().
* (T264735) Fix deprecation warning from CURLPIPE_HTTP1.
* (T260735) Stop using is_resource() where possible.
* (T289879) Apply ReturnTypeWillChange to various implementations of built in
interfaces.
* (T299312) Implement __serialize/__unserialize for PHP 8.1 support.
* ExtensionRegistry: Add process cache for lazy attributes.
* (T301041) ApiPageSet: Add "missing": true to missing revisions.
* Allow ParsoidModules extension schema to register services.
* (T297708) Allow setting max execution time to several special pages.
* Upgrading wikimedia/object-factory (v2.1.0 => v2.2.0).
* (T302540) composer.json: Add ext-calendar to require.
* (T302540) composer.json: Add ext-simplexml to require-dev.
* (T302540) composer.json: Add various PHP extensions to suggests.
* Upgrading symfony/polyfill-php80 (v1.23.1 => v1.25.0).
* (T303871) Add Title::getId() as an alias for ::getArticleId().
* (T304008) Don't re-check "Move subpages" on Special:MovePage after a warning.
* (T293576) listFiles: Display file name instead of version.
* (T303560) Installer: Check correct PCRE_CONFIG_NEWLINE value.
* wrapOldPasswords: add \n to two output calls.
* (T304993) Make editcontentmodel a part of editpage grant.
* (T297571, CVE-2022-28201) Title::newMainPage() goes into an infinite recursion
loop if it points to a local interwiki.
* (T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with many file
uploads with actor as a condition can result in a DoS.
== MediaWiki 1.35.5 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.4 ===
* (T290697) Add symfony/polyfill-php80.
* IcuCollation: Add some more icu to unicode version mappings.
* ApiBase: Annotate deprecated constants individually.
* PHPVersionCheck: Mark PHP 7.4.0 - 7.4.2 as buggy.
* (T293044) installer: Fix 5th param to sourceFile() in DatabaseUpdater.
* (T291127) Always encode spaces in cookie values as "%20".
* Use LocalFile::getHookRunner instead of LocalFile::hookRunner.
* HistoryBlobStub: add getLocation() to get $mOldId.
* Fix checkStorage.php.
* checkStorage: pass no parameters to WikiRevision::getContent().
* (T292763, CVE-2021-44854) SECURITY: Do not cache private wiki completion results.
* (T294316) Revert "Mark ApiClientLogin/ApiLogin as requiring write mode".
* (T250068) resources: Upgrade jQuery from 3.4.1 to 3.6.0.
* (T250068) resources: Upgrade jquery-migrate from 3.1.0 (patched) to 3.3.2
(patched).
* (T294796) JobQueueRedis: Replace deprecated zSize with zCard.
* (T212428, T267468) Allow populateContentTables to continue when there are
bad blobs.
* (T295191) ApiQuerySiteinfo: Fix "rightsinfo"/"url" when $wgRightsPage is
set.
* Update pear/mail_mime to 1.10.11.
* Update deprecated Guzzle Psr7 function calls.
* Tweak error message for missing composer dependencies.
* (T296112) Allow inserting new sections named '0'.
* nukeNS: don't run purgeRedundantText() after every change.
* (T225888) RollbackAction: fix missing pagetitle.
* (T297322, CVE-2021-44858, CVE-2021-44857) SECURITY: Fix permissions checks in
undo actions.
* (T297574, CVE-2021-45038) SECURITY: Fix permissions check in action=rollback.
* (T34716, T297416) SECURITY: Require 'read' right for most actions.
* (T271037, CVE-2021-44856) SECURITY: Fix use of EditFilterMergedContent hook when
changing content model.
== MediaWiki 1.35.4 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.3 ===
* (T283394) Mark ApiClientLogin/ApiLogin as requiring write mode.
* (T283273) Make postgres IRC channel point to libera.chat.
* (T289108) ExtensionProcessor: Remove loaderScripts from extension.json
schemas.
* (T281549) Installer: Fix mediawiki-announce auto subscription code.
* FormatJson: Optimize encode() for supported PHP versions.
* (T290398) renameRestrictions.php: Update protected_titles as well.
* $wgMimeTypeBlacklist - This configuration array now prohibits the RFC 4329
form of JavaScript, 'application/javascript', as well as previous MIME types.
* (T51097, T290273) resourceloader: Call getStyleFiles from
FileModule::getFileHashes.
* (T277788) parser: Avoid calling ParserOptions::getOption() too many times.
* (T285515, CVE-2021-41798) SECURITY: XSS vulnerability in Special:Search.
* (T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full
table scan.
* (T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of
Special:Contributions.
== MediaWiki 1.35.3 ==
This is a security and maintenance release of the MediaWiki 1.35 branch.
=== Changes since MediaWiki 1.35.2 ===
* (T259685) SQLite compatibility with ZeroConf VisualEditor was fixed in 1.35.2.
* (T196906, T242751) Fix the test MonologSpiTest::testDefaultChannel.
* (T279964) Parser: Trim trailing whitespace as the last step in pre-save
transform.
* (T278026) rdbms: Add DB_PRIMARY to replace DB_MASTER.
* (T252853) Update updateSearchIndex.php to 2006+ standards.
* (T276945) Define a batch size in maintenance/manageJobs.php.
* (T276945) Implement JobQueueDB::getAllAbandonedJobs.
* (T269676) authevents: strval() variables passed to status when logging.
* (T280944) $wgIncludejQueryMigrate - This setting allows the jQuery Migrate
plugin to be disabled. It has been enabled by default since MediaWiki 1.27.
* (T281584) apihelp-query+iwlinks-param-prop: s/interlanguage/interwiki/.
* (T281635) Delete maintenance/cleanupAncientTables.php.
* (T282133) RedisConnectionPool: Suppress phan issue.
* (T281549) WebInstaller: Don't show the announce-l subscribe
checkbox temporarily.
* (T278266) Fix annoying E_NOTICE about undefined 'alt' index in
Skin#makeFooterIcon.
* (T264214) UserRightsProxy::addGroup has to be allowed to update the
old group as well, which is used for granting interwiki rights.
* (T269776, T278266) getFooterIcons should not return empty arrays.
* (T274966) Skip AvroFormatterTest::testSchemaNotAvailable on PHP 8.0.
* phpunit: fail on warnings.
* (T283247) Freenode -> Libera per wikimedia moving from
freenode to libera.
* (T243124) Make phpunit:unit accept extension*.json to populate the classes.
* (T142663) Add extension.json merge strategy "provide_default".
* (T283540) HookContainer: Fix normalization of callback for static handler.
* (T283464) Fix array order for array_replace_recursive merge strategy.
* (T247223) Optimise MessageCache::isMainCacheable() for the single-message
case.
* (T278579) Don't send headers on ob_end_clean().
* (T280226, CVE-2021-35197) SECURITY: Prevent blocked users from purging
pages.
Mini Shell