This is great, thank you! As an LTS user, does anybody know about an overview what has changed since 1.31 LTS?
Would be a great help to have some information about differences/new features/breakting changes between LTS versions and maybe also specific upgrade instructions. regards, Bernhard ----- Am 25. Sep 2020 um 18:19 schrieb Sam Reed <[email protected]>: > I am happy to announce the belated availability of the general release of > MediaWiki 1.35! > Tarballs have already been uploaded, and the git tag has been pushed. > Thanks to everyone who helped out with this release, especially thanks to > those > who tested out the release candidates and provided feedback, as well as the > developers who worked hard to get several important fixes merged in time for > the 1.35 final release. To see what's changed in 1.35, see the release notes > below. > Please note that the PHP version requirement has been raised from 7.2.9 in > MediaWiki 1.34 (and 7.0 in MediaWiki 1.31), to 7.3.19. > MediaWiki 1.35 is an LTS and is due to be supported until the end of September > 2023. > As a reminder, 1.31 is due to become end of life in June 2021. 1.34 is due to > become end of life in November 2020. > As per the pre-release announcement, 1.35.0 also includes some security fixes > that weren't in the release candidates, which came out yesterday for the ther > supported MediaWiki branches. > Known/outstanding issues: > * VisualEditor and Parsoid are now bundled in the tarball and no longer need a > separate Node.js service. The documentation for this still may still require > some updates. Please report any bugs [2] if this affects you. > * (T259685) Zeroconf (zero-configuration) VisualEditor/Parsoid doesn't work > using SQLite as the database backend for MediaWiki. This is due to the lack of > write concurrency in SQLite. If you wish to use this feature, it is > recommended > to use MySQL/MariaDB rather than SQLite. > * Watchlist expiry (behind the $wgWatchlistExpiry flag) is currently still > experimental. It should become stable in a later point release. Please report > any issues/bugs [3]. > == Security fixes == > * (T232568, CVE-2020-25813) SECURITY: SpecialUserrights: If a viewer lacks > `hideuser`, ignore hidden users. > * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on > Special:Contributions. > * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within > LogEventsList. > * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking > firejail's --output functionality. > * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and > 'style' attribute. > * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in mw.message( > ... ).parse(). > * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the > correct > database. > * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is > used. > * (T251661, CVE-2020-25827) SECURITY: TOTP throttle not enforced cross-wiki. > == Links to all mentioned tasks == > * [ https://phabricator.wikimedia.org/T232568 | > https://phabricator.wikimedia.org/T232568 ] > * [ https://phabricator.wikimedia.org/T255918 | > https://phabricator.wikimedia.org/T255918 ] > * [ https://phabricator.wikimedia.org/T256171 | > https://phabricator.wikimedia.org/T256171 ] > * [ https://phabricator.wikimedia.org/T258763 | > https://phabricator.wikimedia.org/T258763 ] > * [ https://phabricator.wikimedia.org/T86738 | > https://phabricator.wikimedia.org/T86738 ] > * [ https://phabricator.wikimedia.org/T115888 | > https://phabricator.wikimedia.org/T115888 ] > * [ https://phabricator.wikimedia.org/T260485 | > https://phabricator.wikimedia.org/T260485 ] > * [ https://phabricator.wikimedia.org/T251661 | > https://phabricator.wikimedia.org/T251661 ] > === Changes since MediaWiki 1.35.0-rc.3 === > * (T261258) Remove checks for ancient ImageMagick versions in BitmapHandler. > * (T260232) Don't include null page ids in query list for category dumps. > * (T260009) Check existing watchitem when saving action=watch. > * (T259055) Correct success messages for action=watch. > * mediawiki.page.ready: Simpler tablesorter/makeCollapsible call. > * mediawiki.page.ready: Fix skin override config flags, wrong way round. > * (T262175, T248512) Remove requirement for ApiWatchlistTrait to be in > ApiBase. > * (T259053, T260434) Watchlist: Fix updateWatchLink removing css class when > action=watch. > * (T261901, T261476) mediawiki.notification: Don't close notif when clicking > <select> element. > * (T251506) Sanitizer: Truncate IDs to a reasonable length. > * (T259452) Parsoid updated to v0.12.0. > * (T261970) watch.ajax: Add expiry support to [ http://watchpage.mw/ | > watchpage.mw ] event. > * (T262900) Fix failure of rebuildLocalisationCache.php due to ResourceLoader > hook. > * (T263014) Hard deprecate File::userCan() with $user=null. > * (T262547) Use localized success message after watching via action=watch. > * (T201491) Fix typo 'Watchlst' in `apihelp-edit-param-watchlistexpiry`. > * (T261081) Installer: consistently reset Language objects. > * (T250449, T250450) Installer: consistently reset Language objects. > * Explicitly wrap some XML calls in libxml_disable_entity_loader(). > * (T262934) Ensure dropdown label is always on its own line. > * (T246855) resourceloader: Use a local HookRunner. > * (T263604) Have findBadBlobs.php require Maintenance.php rather than > cleanupTable.inc. > * (T263606) Set fake time, to avoid flaky tests. > * (T261325) Add FindMissingActors script. > * (T262364) shell: Don't blacklist /run/firejail. > * (T263655) NewPagesPager: Ignore nonexistent namespaces. > * Update specialPageAliases and magicWords for Egyptian Arabic (arz). > * (T261347) ParserOutput: don't throw on bad editsection. > * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on > Special:Contributions. > * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within > LogEventsList. > * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking > firejail's --output functionality. > * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and > 'style' attribute. > * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in mw.message( > ... ).parse(). > * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the > correct > database. > * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is > used. > * Add Finnish special page aliases. > * Fix GuzzleHttpRequest request headers. > * Fix description for pruneFileCache.php. > * emptyUserGroup.php: handle more than 5000 users. > * Make ApiSandbox copyable URL absolute. > * (T261087) Add a link from a deleted page to that page's logs. > Open Bugs: > [1] [ https://phabricator.wikimedia.org/project/board/4035/ | > https://phabricator.wikimedia.org/project/board/4035/ ] > Bug report form: > [2] [ > https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-Release > | > https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-Release > ] > [3] [ > https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-Release+expiring-watchlist-items > | > https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-Release+expiring-watchlist-items > ] > ********************************************************************** > Download: > [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz | > https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz ] > Download without bundled extensions: > [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz | > https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz ] > Patch to previous version (1.35.0-rc.3): > [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz | > https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz ] > GPG signatures: > [ > https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz.sig > | > https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz.sig > ] > [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz.sig | > https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz.sig ] > [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz.sig > | > https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz.sig ] > Public keys: > [ https://www.mediawiki.org/keys/keys.html | > https://www.mediawiki.org/keys/keys.html ] > Release Notes > [ https://www.mediawiki.org/wiki/Release_notes/1.35 | > https://www.mediawiki.org/wiki/Release_notes/1.35 ] > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
