This repository has been archived by the owner on Jun 7, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 150
/
RELEASE-NOTES-1.19
721 lines (601 loc) · 33.7 KB
/
RELEASE-NOTES-1.19
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
= MediaWiki release notes =
Security reminder: MediaWiki does not require PHP's register_globals
setting since version 1.2.0. If you have it on, turn it '''off''' if you can.
== MediaWiki 1.19.24 ==
This is a security and maintenance release of the MediaWiki 1.19 branch.
== Changes since 1.19.23 ==
* (T85848, T71210) SECURITY: Don't parse XMP blocks that contain XML entities,
to prevent various DoS attacks.
* (T88310) SECURITY: Always expand xml entities when checking SVG's.
* (T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS.
* (T85855) SECURITY: Don't execute another user's CSS or JS on preview.
* (T85349, T85850, T86711) SECURITY: Multiple issues fixed in SVG filtering to
prevent XSS and protect viewer's privacy.
== MediaWiki 1.19.23 ==
This is a security and maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.22 ===
* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which
could lead to xss. Permission to edit MediaWiki namespace is required to
exploit this.
* (bug T74222) The original patch for T74222 was reverted as unnecessary.
* Add missing $ in front of variable in OutputPage.php
== MediaWiki 1.19.22 ==
This is a security and maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.21 ===
* (bugs 66776, 71478) SECURITY: User PleaseStand reported a way to inject code
into API clients that used format=php to process pages that underwent flash
policy mangling. This was fixed along with improving how the mangling was done
for format=json, and allowing sites to disable the mangling using
$wgMangleFlashPolicy.
* (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with
DELETED_ACTION. NOTICE: this may be reverted in a future release pending a
public RFC about the desired functionality. This issue was reported by user
Bawolff.
* (bug 71621) Make allowing site-wide styles on restricted special pages a
config option.
* $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that
might be a flash policy directive configurable.
== MediaWiki 1.19.21 ==
This is a maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.20 ===
* (bug 67440) Allow classes to be registered properly from installer.
* (bug 47281) Fixed a dumpBackup.php error with --uploads --include-files
options: Unable to find the wrapper "mwstore".
System administrators are encouraged to upgrade to this release or 1.22+
and produce a full data dump.
https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Backing_up_a_wiki
* (bug 63049) Removed anonymous functions from ApiFormatBase, added in
1.19.13 as part of the fix for bug 61362, for PHP 5.2 compatibility.
== MediaWiki 1.19.20 ==
This is a security release of the MediaWiki 1.19 branch.
=== Changes since 1.19.19 ===
* (bug 70672) SECURITY: OutputPage: Remove separation of css and js module
allowance.
== MediaWiki 1.19.19 ==
This is a security release of the MediaWiki 1.19 branch.
=== Changes since 1.19.18 ===
* (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style>
elements; normalize style elements and attributes before filtering; add
checks for attributes that contain css; add unit tests for html5sec and
reported bugs.
== MediaWiki 1.19.18 ==
This is a security release of the MediaWiki 1.19 branch.
=== Changes since 1.19.17 ===
* (bug 68187) SECURITY: Prepend jsonp callback with comment.
* (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and
ParserOutput.
== MediaWiki 1.19.17 ==
This is a security and maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.16 ===
* (bug 65839) SECURITY: Prevent external resources in SVG files.
* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects
like only extracting the tail of the file partially or not at all.
== MediaWiki 1.19.16 ==
This is a security release of the MediaWiki 1.19 branch.
=== Changes since 1.19.15 ===
* (bug 65501) SECURITY: Don't parse usernames as wikitext on
Special:PasswordReset.
== MediaWiki 1.19.15 ==
This is a maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.14 ===
* Fixed resetting passwords.
* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages
to appear blank or with missing text.
== MediaWiki 1.19.14 ==
This is a security and maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.13 ===
* (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword.
* (bug 62467) Set a title for the context during import on the cli.
== MediaWiki 1.19.13 ==
This is a security and maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.12 ===
* (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
* Use the correct branch of the extensions' git repositories.
== MediaWiki 1.19.12 ==
This is a security release of the MediaWiki 1.19 branch.
=== Changes since 1.19.11 ===
* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
namespaces files. Also disallow iframe elements. User will get an error
including the namespace name if they use a non- whitelisted namespace.
* (bug 61346) SECURITY: Make token comparison use constant time. It seems like
our token comparison would be vulnerable to timing attacks. This will take
constant time.
== MediaWiki 1.19.11 ==
This is a security release of the MediaWiki 1.19 branch.
=== Changes since 1.19.10 ===
* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media formats
== MediaWiki 1.19.10 ==
This is a security release of the MediaWiki 1.19 branch.
=== Changes since 1.19.9 ===
* (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads
* (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks
* (bug 58472) SECURITY: Disallow -o-link in styles
* (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads
* (bug 58699) SECURITY: Fix RevDel log entry information leaks
== MediaWiki 1.19.9 ==
This is a security and maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.8 ===
* (bug 53032) SECURITY: Don't cache when a call could autocreate
* (bug 55332) SECURITY: Improve css javascript detection
* (bug 49717) Fix behaviour $wgVerifyMimeType = false; in Upload
* Translations
== MediaWiki 1.19.8 ==
This is a security and maintenance release of the MediaWiki 1.19 branch.
=== Changes since 1.19.7 ===
* SECURITY: Sanitize ResourceLoader exception messages
* SECURITY: Token-getting functions will fail when using jsonp callbacks.
* SECURITY: Fix extension detection with 2 .'s
* Allow a string other than '*' as condition for DatabaseBase::delete()
* Purge upstream caches when deleting file assets.
* jquery.tablesorter: Add missing dependency on jquery.mwExtension
== MediaWiki 1.19.7 ==
This is a security and maintenance release of the MediaWiki 1.19 branch
=== Changes since 1.19.6 ===
* (bug 48306) SECURITY: Run file validation checks on chunked uploads, and chunks
of upload, during the upload process.
== MediaWiki 1.19.6 ==
This is a security and maintenance release of the MediaWiki 1.19 branch
=== Changes since 1.19.5 ===
* (bug 47304) SECURITY: Check SVG xml encoding against whitelist
* (bug 46590) Added AbortChangePassword hook to allow extensions to abort password
changes from Special:ChangePassword
* Localisation updates from http://translatewiki.net.
* mwdocgen.php: Implement --version option.
* Remove svnstat stuff used in Doxygen generation
* E_USER_DEPRECATED undefined prior to php 5.3
== MediaWiki 1.19.5 ==
This is a security and maintenance release of the MediaWiki 1.19 branch
=== Changes since 1.19.4 ===
* (bug 47251) SECURITY: Disable external entities in Import
* (bug 46859) SECURITY: Disable external entities in XMLReader
* (bug 46084) SECURITY: Sanitize $limitReport before outputting
* (bug 43594) Fix notices displayed on PHP 5.4
* (bug 40585) Don't drop 'step="any"' in HTML input fields.
== MediaWiki 1.19.4 ==
This is a maintenance release of the MediaWiki 1.19 branch
=== Changes since 1.19.3 ===
* New preference type - 'api'. Preferences of this type are not shown on
Special:Preferences, but are still available via the action=options API.
* (bug 44010) Context is passed to UserGetLanguageObject.
* The recursion guard on RequestContext::getLanguage() was weakened.
* (bug 44135/42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST
* (bug 43518) API action=unblock should return the user name, not the full
user object
== MediaWiki 1.19.3 ==
This is a security release of the MediaWiki 1.19 branch
=== Changes since 1.19.2 ===
* (bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391)
* (bug 41400) Prevent linker regex from exceeding PCRE backtrack limit
* Increase permitted runtime for testParserTest (only used for continuous
integration).
* Updated messages translations from http://translatewiki.net/
== MediaWiki 1.19.2 ==
2012-08-30
This is a security release of the MediaWiki 1.19 branch
=== Changes since 1.19.1 ===
* (bug 39700) File: link to non-existing file can inject html
* (bug 35839) Hidden block text leaking to admins
* (bug 39184) LDAP password leakage
* (bug 39180) Disallow framing of api results
* (bug 37587) Enforce language codes to be html safe
* (bug 38333) Check global blocks on account creation
== MediaWiki 1.19 ==
MediaWiki 1.19 is a large release that contains many new features and bug
fixes. This is a summary of the major changes of interest to users.
You can consult the RELEASE-NOTES-1.19 file for the full list of changes in
this version.
Our thanks go to everyone who helped to improve MediaWiki by testing the beta
release and submitting bug reports.
=== Changes since 1.19.1 ===
* (bug 38406) Properly quote table names in DatabaseBase::tableName()
=== Changes since 1.19.0 ===
* (bug 36568) Fixed "Illegal string offset 'LIMIT'" warnings in updater
* (bug 36938) Correctly escape uselang attribute to prevent xss
* Expanded Blacklist for SVG Files
=== Changes since 1.19 beta 2 ===
* Special:Watchlist no longer sets links to feed when the user is anonymous.
* (bug 35961) Hash comparison should always be strict.
* Fix broken email confirmation expiration caused by MWCryptRand changes.
* (bug 35671) PHP Notice: Undefined index: gettoken in includes/api/ApiMain.php
on line 598.
* (bug 36042) 'show' causes a fatal in blocks API.
=== Changes since 1.19 beta 1 ===
* (bug 35014) Including a special page no longer sets the page's title to the
included page
* (bug 35019) Edit summaries are no longer transformed in notification e-mails
* (bug 35152) Help message for e-mail is shown again in user preferences
* (bug 34887) $3 and $4 parameters are now substituted correctly in message
"movepage-moved"
* (bug 34841) Edit links are no longer displayed when display old page versions
* (bug 34889) User name should be normalized on Special:Contributions
* (bug 35051) If heading has a trailing space after == then its name is not
preloaded into edit summary on section edit
* (bug 31417) New ID mw-content-text around the actual page text, without categories,
contentSub, ... The same div often also contains the class mw-content-ltr/rtl.
* (bug 35303) Proxy and DNS blacklist blocking works again
* (bug 22555) Remove or skip strip markers from tag hooks like <nowiki> in
core parser functions which operate on strings, such as padleft.
* (bug 18295) Don't expose strip markers when a tag appears inside a link
inside a heading.
* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token
parameter present.
* (bug 34907) Fixed exposure of tokens through load.php that could have facilitated
CSRF attacks.
* (bug 35317) CSRF in Special:Upload.
=== Configuration changes in 1.19 ===
* Removed SkinTemplateSetupPageCss hook; use BeforePageDisplay instead.
* (bug 27132) movefile right granted by default to registered users.
* Default cookie lifetime ($wgCookieExpiration) is increased to 180 days.
* (bug 31204) Removed old user.user_options.
* $wgMaxImageArea now applies to jpeg files if they are not scaled with
ImageMagick.
* Introduced $wgQueryPageDefaultLimit (defaults to 50) for the number of
items to show by default on query pages (special pages such as Whatlinkshere).
* (bug 32470) Increase the length of ug_group.
* (bug 32239) Removed $wgEnableTooltipsAndAccesskeys.
* Removed $wgVectorShowVariantName.
* Removed $wgExtensionAliasesFiles. Use $wgExtensionMessagesFiles.
* Removed $wgResourceLoaderInlinePrivateModules , now always enabled.
=== New features in 1.19 ===
* (bug 19838) Add ability to get all interwiki prefixes also if the interwiki
cache is used.
* $wgDnsBlacklistUrls now accepts an array with url and key as the
elements to work with DNSBLs that require keys, such as
Project Honeypot.
* (bug 30022) Add support for custom loadScript sources to ResourceLoader.
* (bug 19052) Unicode space separator characters (Zs) now terminates external
links and images links.
* (bug 30160) Add public method to mw.loader to get module names from registry.
* (bug 15558) Parameters to special pages included in wikitext can now be passed
as with templates.
* Installer now issues a warning if mod_security is present.
* (bug 29455) Add support for a filter callback function in jQuery byteLimit
plugin.
* Added two new GetLocalURL hooks to better serve extensions working on a
limited type of titles.
* Added a --no-updates flag to importDump.php that skips updating the links
tables.
* Most presentational html attributes like valign are now converted to inline
css style rules. These attributes were removed from html5 and so we clean
them up when $wgHtml5 is enabled. This can be disabled using
$wgCleanupPresentationalAttributes.
* Magic words (time and number-formatting ones, plus DIRECTIONMARK, but not
NAMESPACE) now depend on the page content language instead of the site
language. In theory this sets the right magic words in system messages,
although they are not used there.
* (bug 30451) Add page_props to RefreshLinks::deleteLinksFromNonexistent.
* (bug 30450) Clear page_props table on page deletion.
* Hook added to check for exempt from account creation throttle.
* (bug 30344) Add configuration variable for setting custom priorities when
generating sitemaps.
* (bug 96170) Add array support for space-separated list attributes (like
'class') in the Html helper class.
* (bug 26470) Add checkered background image on hover on files pages.
* (bug 30774) mediawiki.html: Add support for numbers and booleans in the
attribute values and element contents.
* Conversion script between Tifinagh and Latin for the Tachelhit language.
* (bug 16755) Add options 'noreplace' and 'noerror' to {{DEFAULTSORT:...}}
to stop it from replace an already existing default sort, and suppress error.
* (bug 18578) Rewrote revision delete related messages to allow better
localisation.
* (bug 30364) LanguageConverter now depends on the page content language
instead of the wiki content language.
* Jump links will now be usable in CSS-capable browsers instead of only
in outdated text browsers.
* New common*.css files usable by skins instead of having to copy piles
of generic styles from MonoBook or Vector's css.
* Some deprecated presentational html attributes will now be automatically
converted to css.
* (bug 31297) Add support for namespaces in Special:RecentChanges subpage filter
syntax.
* The default user signature now contains a talk link in addition to the user link.
* (bug 25306) Add link of old page title to MediaWiki:Delete_and_move_reason.
* Added hook BitmapHandlerCheckImageArea.
* (bug 30062) Add $wgDBprefix option to cli installer.
* getUserPermissionsErrors and getUserPermissionsErrorsExpensive hooks are now
also called when checking for 'read' permission.
* Introduce $wgEnableSearchContributorsByIP which controls whether searching
for an IP address redirects to the contributions list for that IP.
* (bug 8859) Database::update should take array of tables too.
* (bug 19698) Add "Inverse namespaces" option to Special:Contributions.
* (bug 24037) Add byte length of revision to Special:Contributions.
* (bug 1672) Added $wgDisableUploadScriptChecks to allow uploading of files
containing HTML or JS. DISABLING THESE CHECKS IS VERY DANGEROUS.
* New path mappings can be added using the WebRequestPathInfoRouter hook
and adding paths to the PathRouter.
* (bug 32666) Special:ActiveUsers now allows a subpage to be used as value for the
"target" query parameter (eg. Special:ActiveUsers/Username).
* New JavaScript variable wgPageContentLanguage.
* Added new debugging toolbar, enabled with $wgDebugToolbar.
* Differences in the history page now uses slightly better colors for people
perceiving colors differently.
* (bug 32879) Upgrade jQuery to 1.7.1.
* jQuery UI upgraded to 1.8.17.
* Extensions can use the 'Language::getMessagesFileName' hook to define new
languages using messages files outside of core.
* (bug 32512) Add 'Associated namespace' checkbox to Special:Contributions.
* Added $wgSend404Code, true by default, which can be set to false to send a
200 status code instead of 404 for nonexistent articles.
* (bug 33447) Link to the broken image tracking category from Special:Wantedfiles.
* (bug 27724) Add timestamp to job queue.
* (bug 30339) Implement SpecialPage for running javascript tests. Disabled by default, due to
tests potentially being harmful, not to be run on a production wiki.
Enable by setting $wgEnableJavaScriptTest to true.
* Extensions can use the RequestContextCreateSkin hook to override what skin is
loaded in some contexts.
* (bug 33456) Show $wgQueryCacheLimit on cached query pages.
* (bug 10574) Add an option to allow all pages to be exported by Special:Export.
* mediawiki.js Message object constructor is now publicly available as mw.Message.
* (bug 29309) Allow CSS class per tooltip (tipsy).
* (bug 33565) Add accesskey/tooltip to submit buttons on Special:EditWatchlist.
* (bug 17959) Inline rendering/thumbnailing for Gimp XCF images.
* (bug 27775) Namespace has it's own XML tag in the XML dump file.
* (bug 30513) Redirect tag is now resolved in XML dump file.
* sha1 xml tag added to XML dump file.
* (bug 33646) Badtitle error page now emits a 400 HTTP status.
* Special:MovePage now has a dropdown menu for namespaces.
* (bug 34420) Special:Version now shows git HEAD sha1 when available.
* (bug 33952) Refactor mw.toolbar to allow dynamic additions at any time.
=== Bug fixes in 1.19 ===
* $wgUploadNavigationUrl should be used for file redlinks if.
$wgUploadMissingFileUrl is not set. The first was used for this
until the second was introduced in 1.17.
* BREAKING CHANGE: Style rules for wikitable are now more specific and prevent
inheritance to nested tables which caused various issues (bug 30485 and bug
33434). If your wiki has overriden rules for ".wikitable", please revise them and
adjust where neccecary. For comparison, use the "table.wikitable" section in
skins/common/shared.css as base.
* $wgUploadNavigationUrl is now used for file redlinks if
$wgUploadMissingFileUrl is not set. The former was used for this until the
second was introduced in 1.17.
* (bug 27894) Move 'editondblclick' event listener down from body to
div#bodyContent.
* (bug 30172) The check for posix_isatty() in maintenance scripts did not detect
when the function exists but is disabled. Introduced
Maintenance::posix_isatty().
* (bug 30264) Changed installer-generated LocalSettings.php to use
require_once() instead require() for included extensions.
* Do not convert text in the user interface language to another script.
* (bug 26283) Previewing user JS/CSS pages didn't load other user JS/CSS pages.
* (bug 26486) ResourceLoader modules with paths to nonexistent files cause PHP
warnings/notices to be thrown.
* (bug 30335) Fix for HTMLForms using GET that were breaking when non-friendly
URLs are used.
* (bug 28649) Preventing half truncated multi-byte unicode characters when
truncating log comments.
* Show --batch-size option in help of maintenance scripts that support it.
* (bug 4381) Magic quotes cleaning was not comprehensive, key strings were not
unescaped.
* (bug 23057) Importers no longer can 'edit' or 'create' a fully-protected page by
importing a new revision into it.
* Allow moving the associated talk pages of subpages even if the base page
has no subpage.
* Per page edit-notices now work in namespaces without subpages enabled.
* (bug 31081) $wgEnotifUseJobQ is no longer unconditionally enqueueing jobs.
* (bug 30202) File names are now restricted on upload to 240 bytes, because of
restrictions on some of the database fields.
* Timezones are now recognised in user preferences when offset is different
due to DST.
* (bug 31692) "summary" parameter now also works when undoing revisions.
* (bug 18823) "move succeeded" text displayed bluelinks even when redirect was
suppressed.
* (bug 19186) Special:UserLogin's title on Special:SpecialPages now says
"create account" when the user cannot create an account.
* (bug 31818) 'usercreated' message now supports GENDER.
* (bug 32022) Our phpunit.php script can now be executed from another directory.
* (bug 26020) Setting $wgEmailConfirmToEdit to true no longer removes diffs.
from recent changes feeds.
* (bug 30232) add current time to message wlnote on Special:Watchlist.
* (bug 29110) $wgFeedDiffCutoff did not affect new pages.
* (bug 32168) Add wfRemoveDotSegments for use in wfExpandUrl.
* (bug 32358) Do not display "No higher resolution available" for dimensionless
files (like audio files).
* (bug 32168) Add wfAssembleUrl for use in wfExpandUrl.
* (bug 32168) fixed - wfExpandUrl expands dot segments now.
* (bug 31535) Upload comments now truncated properly, and don't have brackets.
* (bug 32086) Special:PermanentLink now show an error message when no subpage
was specified.
* (bug 30368) Special:Newpages now shows the new page name for moved pages.
* (bug 1697) The way to search blocked usernames in block log should be clearer.
* (bug 29747) eAccelerator shared memory caching has been removed since it is
now disabled by default and is buggy. APC, XCache and WinCache are not affected.
* Installer now refuses to install if php was not compiled with Ctype support.
* (bug 29475) Remove "trackback" feature entirely from core.
* (bug 32665) Special:BlockList prefills the username in the input field if
using the Special:BlockList/username URL.
* (bug 27721) Make JavaScript variables wgSeparatorTransformTable and
wgDigitTransformTable depend on page content language so the sort script
sorts correctly more often.
* (bug 32230) Expose wgRedirectedFrom in JavaScript.
* (bug 31212) History tab not collapsed when the screen is narrow.
* (bug 15521) Use new section summary when the action of adding a new section
also happens to create the page.
* (bug 32960) Remove EmailAuthenticationTimestamp from database when a
email address is removed.
* (bug 32414) Empty page get a empty bytes attribute in Export/Dump.
* (bug 33101) Viewing a User or User talk of username resembling IP ending
with .xxx causes Internal error.
* Warning about undefined index in certain situations when $wgLogRestrictions
causes the first log type requested to be removed but not the others.
* Use separate message ('prefixindex-namespace') for title of
Special:PrefixIndex rather then re-using Special:AllPages's allinnamespace.
* (bug 33156) Special:Block now allows you to confirm you want to block yourself
when using non-normalized username.
* (bug 33246) News icon shown for news:// URLs but not for news: URLs.
* (bug 33305) Make mw.util.addCSS resistant to IE's @font-face bug by setting
cssText after DOM insertion.
* (bug 30711) When adding a new section to a page with section=new, the text is
now always added to the current version of the page.
* (bug 31719) Fix uploads of SVGs exported by Adobe Illustrator by expanding
XML entities correctly.
* (bug 30914) Embeddable ResourceLoader modules (user.options, user.tokens)
should be loaded in <head> for proper dependency resolution.
* (bug 32702) Removed method Skin::makeGlobalVariablesScript() has been readded
for backward compatibility.
* (bug 31469) Make sure tracking category messages expand variables like
{{NAMESPACE}} relative to correct title.
* (bug 33454) ISO-8601 week-based year number (format character 'o') is now
calculated correctly with respect to timezone.
* (bug 32219) InstantCommons now fetches content from Wikimedia Commons using
HTTPS when the local wiki is served over HTTPS.
* (bug 33525) clearTagHooks doesn't clear function hooks.
* (bug 33523) Function tag hooks don't appear on Special:Version.
* Files with IPTC blocks we can't read no longer prevent extraction of exif
or other metadata.
* (bug 33587) Remove action "historysubmit" from history pages.
* (bug 25800) mw.config wgAction should contain the actually performed action instead
of whatever the query value contains.
* (bug 4438) Add CSS hook for current WikiPage action.
* (bug 33703) Common border-bottom color for <abbr> should inherit default (text) color.
* (bug 33819) Display file sizes in appropriate units.
* (bug 32948) {{REVISIONID}} and related variables are no longer blank after doing
a null edit.
* (bug 33880) $wgUsersNotifiedOnAllChanges should not send e-mail to user who made
the edit.
* (bug 33902) Decoding %2B with mw.Uri.decode results in ' ' instead of +.
* (bug 33762) QueryPage-based special pages no longer misses *-summary message.
* Other sizes links are no longer generated for wikis without a 404 thumbnail handler.
* (bug 29454) Enforce byteLimit for page title input on Special:MovePage.
* (bug 34114) CSSMin::remap() doesn't respect its $embed parameter.
* Special:Contributions/newbies now shows the contributions for the user "newbies".
New user contributions are obtained using the form or using ?contribs=newbie in URL.
* It is now possible to delete images that have no corresponding description pages.
* (bug 33165) GlobalFunctions.php line 1312: Call to a member function
getText() on a non-object.
* (bug 31676) Group dynamically inserted CSS into a single <style> tag, to work
around a bug where not all styles were applied in Internet Explorer.
* (bug 28936, bug 5280) Broken or invalid titles can't be removed from watchlist.
* (bug 34600) Older skins using useHeadElement=false were broken in 1.18.
* (bug 34604) [mw.config] wgActionPaths should be an object instead of a numeral
array.* (bug 12262) Indents and lists are now aligned
* (bug 29753) mw.util.tooltipAccessKeyPrefix should be alt-shift for Chrome
on Windows
* (bug 25095) Special:Categories should also include the first relevant item
when "from" is filled.
* (bug 34972) An error occurred while changing your watchlist settings for
[[Special:WhatLinksHere/Example]]
=== API changes in 1.19 ===
* Made action=edit less likely to return "unknownerror", by returning the actual error
message (which may have come from a hook call or similar).
* (bug 19838) siprop=interwikimap can now use the interwiki cache.
* (bug 29748) Add API search prefix support.
* (bug 29684) Set forgotten parameter types in ApiQueryIWLinks.
* (bug 29685) do not output NULL parentid with list=deletedrevs&drprop=parentid.
* siprop=interwikimap and siprop=languages can use silanguagecode to have
a best effort language name translation. Use CLDR extension for best result.
* (bug 30230) action=expandtemplates should not silently override invalid title
inputs.
* (bug 18634) Create API to fetch MediaWiki's language fallback tree structure.
* (bug 26885) Allow show/hide of account blocks, temporary blocks and single IP
address blocks for list=blocks.
* (bug 30591) Add support to only return keys in ApiAllMessages.
* The API now respects $wgShowHostnames and won't share the hostname in
severedby if it's set to false.
* wlexcludeuser parameter added to ApiFeedWatchlist.
* (bug 7304) Links on redirect pages no longer cause the redirect page to show
up as a redirect to the linked page on Special:Whatlinkshere.
* (bug 32609) API: Move captchaid/captchaword of action=edit from core
to Captcha extension(s).
* Added 'APIGetDescription' hook.
* (bug 32688) Paraminfo for parameter "generator" of the query module shows too
many types.
* (bug 32415) Empty page get no size attribute in API output.
* (bug 31759) Undefined property notice in querypages API.
* (bug 32495) API should allow purge by pageids.
* (bug 33147) API examples should explain what they do.
* (bug 33482) Api incorrectly calls ApiBase::parseMultiValue if allowed
values is given as an array.
* (bug 32948) {{REVISIONID}} and related variables are no longer blank after
calling action=purge&forcelinkupdate.
* (bug 34377) action=watch now parses messages using the correct title instead
of "API".
* (bug 35036) WikiLove messages were not automatically updated in JavaScript
after having been changed on-wiki due to a bug in core
=== Languages updated in 1.19 ===
MediaWiki supports over 350 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Bugzilla reports.
* Canadian English (en-ca) (new).
* Norwegian (bokmål) (nb) (renamed from no).
* Uighur (Latin) (ug-latn) was incorrectly marked as right-to-left language.
* (bug 30217) Make pt-br a fallback of pt.
* (bug 31193) Set fallback language of Assamese from Bengali to English.
* Update date format for dsb and hsb: month names need the genitive.
* (bug 28643) Serbian variant conversion improvements (Nikola Smolenski).
* (bug 29405, bug 30809) Lower diacritics are invisible in titles in Indic
languages Assamese, Bengali, Hindi, Malyalam and Odiya.
* (bug 32826) Titles in indic languages are partially cut.
* (bug 33367) Gendered namespaces for Czech.
* (bug 33014) Language::formatSize()/formatBitrate() should be able to deal
with larger numbers (tera-yotta).
=== Other changes in 1.19 ===
* BREAKING CHANGE: Legacy global array 'ta' and global function 'akeytt' have
been removed from wikibits.js.
* jquery.mwPrototypes module was renamed to jquery.mwExtension.
* The maintenance script populateSha1.php was renamed to the more concise
populateImageSha1.php.
* The Client-IP header is no longer checked for when trying to resolve a client's
real IP address.
* (bug 22096) Although IE5.x and below was already unsupported officially, stylesheets
existing exclusively for IE5.0 and IE5.5 have now been removed (which were in skins
'chick' and 'monobook').
* The constructor for CategoryView has changed, the second parameter is now a
Context source and is required.
* The Title::escape{Local,Full,Canonical}URL methods are deprecated, please use
proper html building methods to escape the normal get{...}URL methods instead.
* The $variant arguments in the Title::get{Local,Full,Link,Canonical}URL methods
have been replaced with a secondary query argument.
* The $variant argument in the hooks for the Title::get{Local,Full,Link,Canonical}URL
methods have been removed, the variant is now part of the $query argument.
* Removed Title::isValidCssJsSubpage(), deprecated since 1.17 in favor of
using Title::isCssJsSubpage() or checking Title::isWrongCaseCssJsPage().
* Support for the deprecated hook MagicWordMagicWords was removed.
* The Xml::namespaceSelector method has been deprecated, please use
Html::namespaceSelector instead (note that the parameters have changed also).
* (bug 33746) Preload popular ResourceLoader modules (mediawiki.util) as stop-gap
for scripts missing dependencies.
New configuration variable $wgPreloadJavaScriptMwUtil has been introduced for this
(set to false by default for new installations). Set to true if your wiki has a large
amount of user/site scripts that are lacking dependency information. In the short to
medium term these user/site scripts should be fixed by adding the used modules to the
dependencies in the module registry and/or wrapping them in a callback to mw.loader.using.
== Compatibility ==
MediaWiki 1.19 requires PHP 5.2.3. PHP 4 is no longer supported.
MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but
support for them is somewhat less mature. There is experimental support for IBM
DB2 and Oracle.
The supported versions are:
* MySQL 5.0.2 or later
* PostgreSQL 8.3 or later
* SQLite 3.3.7 or later
* Oracle 9.0.1 or later
== Upgrading ==
1.19 has several database changes since 1.18, and will not work without schema
updates.
As of 1.19 several JavaScript interfaces that were deprecated or superseeded in
MediaWiki 1.17, MediaWiki 1.16 or even earlier have been removed. They are
listed at the top of the "Other changes" list as a "BREAKING CHANGE".
If upgrading from before 1.11, and you are using a wiki as a commons
repository, make sure that it is updated as well. Otherwise, errors may arise
due to database schema changes.
If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
new database fields are filled with data.
If you are upgrading from MediaWiki 1.4.x or earlier, some major database
changes are made, and there is a slightly higher chance that things could
break. Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed upgrade instructions.
For notes on 1.18.x and older releases, see HISTORY.
== Online documentation ==
Documentation for both end-users and site administrators is available on
MediaWiki.org, and is covered under the GNU Free Documentation License (except
for pages that explicitly state that their contents are in the public domain):
https://www.mediawiki.org/wiki/Documentation
== Mailing list ==
A mailing list is available for MediaWiki user support and discussion:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
A low-traffic announcements-only list is also available:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
It's highly recommended that you sign up for one of these lists if you're
going to run a public MediaWiki, so you can be notified of security fixes.
== IRC help ==
There's usually someone online in #mediawiki on irc.freenode.net.