diff options
Diffstat (limited to 'RELEASE-NOTES-1.22')
| -rw-r--r-- | RELEASE-NOTES-1.22 | 848 |
1 files changed, 0 insertions, 848 deletions
diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22 deleted file mode 100644 index 9d10f222..00000000 --- a/RELEASE-NOTES-1.22 +++ /dev/null @@ -1,848 +0,0 @@ -= MediaWiki release notes = - -Security reminder: MediaWiki does not require PHP's register_globals. If you -have it on, turn it '''off''' if you can. - -== MediaWiki 1.22.15 == - -This is a security and maintenance release of the MediaWiki 1.22 branch. - -=== Changes since 1.22.14 === - -* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which - could lead to xss. Permission to edit MediaWiki namespace is required to - exploit this. -* (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in - $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as - part of its name. -* (bug T74222) The original patch for T74222 was reverted as unnecessary. - -== MediaWiki 1.22.14 == - -This is a security and maintenance release of the MediaWiki 1.22 branch. - -=== Changes since 1.22.13 === - -* (bugs 66776, 71478) SECURITY: User PleaseStand reported a way to inject code - into API clients that used format=php to process pages that underwent flash - policy mangling. This was fixed along with improving how the mangling was done - for format=json, and allowing sites to disable the mangling using - $wgMangleFlashPolicy. -* (bug 70901) SECURITY: User Jackmcbarn reported that the ability to update - the content model for a page could allow an unprivileged attacker to edit - another user's common.js under certain circumstances. The user right - "editcontentmodel" was added, and is needed to change a revision's content - model. -* (bug 72222) SECURITY: Do not show log action when the entry is revdeleted with - DELETED_ACTION. NOTICE: this may be reverted in a future release pending a - public RFC about the desired functionality. This issue was reported by user - Bawolff. -* (bug 71621) Make allowing site-wide styles on restricted special pages a - config option. -* $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that - might be a flash policy directive configurable. - -== MediaWiki 1.22.13 == - -This is a maintenance release of the MediaWiki 1.22 branch. - -=== Changes since 1.22.12 === - -* (Bug 67440) Allow classes to be registered properly from installer - -== MediaWiki 1.22.12 == - -This is a security release of the MediaWiki 1.22 branch. - -=== Changes since 1.22.11 === - -* (bug 70672) SECURITY: OutputPage: Remove separation of css and js module - allowance. - -== MediaWiki 1.22.11 == - -This is a security release of the MediaWiki 1.22 branch. - -=== Changes since 1.22.10 === -* (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style> - elements; normalize style elements and attributes before filtering; add - checks for attributes that contain css; add unit tests for html5sec and - reported bugs. - -== MediaWiki 1.22.10 == - -This is a maintenance release of the MediaWiki 1.22 branch. - -=== Changes since 1.22.9 === - -* (bug 64970) Fix support for blobs on DatabaseOracle::update -* (bug 60719) In MediaWiki 1.22, the job queue execution on each page - request was changed (Gerrit change 59797) so, instead of executing - the job inside the same PHP process that's rendering the page, a new - PHP cli command is spawned to execute runJobs.php in the - background. It will only work if $wgPhpCli is set to an actual path - or safe mode is off, otherwise, the old method will be used. - - https://www.mediawiki.org/wiki/Manual:Job_queue#Changes_introduced_in_MediaWiki_1.22 - for more infomation. This change was in earlier releases of 1.22 - but was not noted here until now. - -== MediaWiki 1.22.9 == - -This is a security and maintenance release of the MediaWiki 1.22 branch. - -=== Changes since 1.22.8 === - -* (bug 68187) SECURITY: Prepend jsonp callback with comment. -* (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used - for loading a new page in Javascript,instead of relying on the URL in the link - that has been clicked. -* (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and - ParserOutput. -* (bug 59147) The img_metadata field was not being decoded from bytea into text. - -== MediaWiki 1.22.8 == - -This is a security and maintenance release of the MediaWiki 1.22 branch. - -=== Changes since 1.22.7 === - -* (bug 65839) SECURITY: Prevent external resources in SVG files. -* (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects - like only extracting the tail of the file partially or not at all. - -== MediaWiki 1.22.7 == - -This is a security and maintenance release of the MediaWiki 1.22 branch. - -=== Changes since 1.22.6 === - -* (bug 65501) SECURITY: Don't parse usernames as wikitext on - Special:PasswordReset. -* (bug 36356) Add space between two feed links. -* (bug 63269) Email notifications were not correctly handling the - [[MediaWiki:Helppage]] message being set to a full URL. This is a regression - from the 1.22.5 point release, which made the default value for it a URL. - If you customized [[MediaWiki:Enotif body]] (the text of email notifications), - you'll need to edit it locally to include the URL via the new variable - $HELPPAGE instead of the parser functions fullurl and canonicalurl; otherwise - you don't have to do anything. -* Add missing uploadstash.us_props for PostgreSQL. -* (bug 56047) Fixed stream wrapper in PhpHttpRequest. - -== MediaWiki 1.22.6 == - -This is a security release of the MediaWiki 1.22 branch. - -=== Changes since 1.22.5 === - -* (bug 63251) SECURITY: Escape sortKey in pageInfo. - -== MediaWiki 1.22.5 == - -This is a security and maintenance release of the MediaWiki 1.22 branch. - -=== Changes since 1.22.4 === - -* (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword. -* (bug 62467) Set a title for the context during import on the cli. -* Fix custom local MediaWiki:Helppage values. -* mediawiki.js: Fix documentation breakage. -* (bug 58153) Make MySQLi work with non standard port. -* (bug 53887) Reintroduced a link to help pages in the default sidebar, that - any sysop can customize by editing [[MediaWiki:Sidebar]] locally. The link - now points to a mediawiki.org page which is guaranteed to exist. Nothing needs - to be done on your end, but remember to adjust [[MediaWiki:Sidebar]] for the - needs of your wikis. Everyone can help with the shared documentation by - translating: https://www.mediawiki.org/wiki/Special:Translate/agg-Help_pages . -* (bug 53888) Corrected a regression in 1.22 which introduced red links on the - login page. If you previously installed 1.22.x and have created a local page - to make the red link blue, write its title as in [[MediaWiki:helplogin-url]] - if you didn't already. Otherwise, you don't need to do anything, but you can - translate the help page at https://www.mediawiki.org/wiki/Help:Logging_in . - -== MediaWiki 1.22.4 == - -This is a maintenance release of the MediaWiki 1.22 branch. - -=== Changes since 1.22.3 === - -* Use the correct branch of the extensions' git repositories. - -== MediaWiki 1.22.3 == - -This is a security and bugfix release of the MediaWiki 1.22 branch. - -=== Changes since 1.22.2 === - -* (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted - namespaces. Also disallow iframe elements. User will get an error - including the namespace name if they use a non- whitelisted namespace. -* (bug 61346) SECURITY: Make token comparison use constant time. It seems like - our token comparison would be vulnerable to timing attacks. This will take - constant time. -* (bug 61362) SECURITY: API: Don't find links in the middle of api.php links. -* (bug 53710) Add sequence support for upsert in DatabaseOracle in the same way - as in selectInsert -* (bug 60231, 58719) Various fixes to job running code in Wiki.php: Make it - async on Windows. Fixed possible "invalid filename" errors on Windows. - Redirect output to dev/null to avoid hanging PHP. -* (bug 60083) Correct sequence name for fresh Postgres installation. Spotted - by gebhkla -* (bug 60531) Avoid variable naming conflicts in - DatabasePostgres::selectSQLText. Spotted by gebhkla -* (bug 60094) Fix rebuildall.php fatal error with PostgreSQL. The fix for - 47055 introduced a fatal error when running rebuildall.php. This is a - workaround suggested by gebhkla on Bugzilla. It just checks to make sure - $options is actually an array before calling array_search on it. -* (bug 43817c12) Add error handling if descriptionmsg isn't defined for - extension. -* (bug 60543) Special:PrefixIndex omits stripprefix=1 for "Next page" link. - -== MediaWiki 1.22.2 == - -This is a security and bugfix release of the MediaWiki 1.22 branch. - -=== Changes since 1.22.1 === - -* (bug 60339) SECURITY: Sanitize shell arguments to DjVu files, and other media - formats. -* (bug 58253) Check for very old PCRE versions in installer and updater. -* (bug 60054) Make WikiPage::$mPreparedEdit public. - -== MediaWiki 1.22.1 == - -This is a security and maintenance release of the MediaWiki 1.22 branch. - -=== Changes since 1.22.0 === - -* (bug 57550) SECURITY: Disallow stylesheets in SVG Uploads -* (bug 58088) SECURITY: Don't normalize U+FF3C to \ in CSS Checks -* (bug 58472) SECURITY: Disallow -o-link in styles -* (bug 58553) SECURITY: Return error on invalid XML for SVG Uploads -* (bug 58699) SECURITY: Fix RevDel log entry information leaks -* (bug 58178) Restore compatibility with curl < 7.16.2. -* (bug 56931) Updated the plural rules to CLDR 24. They are in new format - which is detailed in UTS 35 Rev 33. The PHP parser and evaluator as well as - the JavaScript evaluator were updated to support the new format. Plural rules - for some languages have changed, most notably Russian. Affected software - messages have been updated and marked for review at translatewiki.net. - This change is backported from the development branch of MediaWiki 1.23. -* (bug 58434) The broken installer for database backend Oracle was fixed. -* (bug 58167) The web installer no longer throws an exception when PHP is - compiled without support for MySQL yet with support for another DBMS. -* (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages - to appear blank or with missing text. -* (bug 47055) Changed FOR UPDATE handling in Postgresql -* (bug 57026) Avoid extra parsing in prepareContentForEdit() - -== MediaWiki 1.22.0 == - -MediaWiki 1.22.0 is the stable branch and is recommended for use in production. -MediaWiki 1.22.0 is a large release that contains many new features and bug fixes. - -* Breaking Changes in 1.22.0 -* New features in 1.22.0 -* Configuration changes in 1.22.0 -* Bug fixes in 1.22.0 -* API changes in 1.22.0 -* Languages updated in 1.22.0 -* Other changes in 1.22.0 - -=== Breaking Changes in 1.22.0 === -* BREAKING CHANGE: (bug 41729) Display editsection links next to headings. Also - change their class name from .editsection to .mw-editsection and place them at - the end of the heading element instead of the beginning. Client-side code and - screen-scrapers will have to be adjusted to handle both cases (old HTML will - still be visible on cached page renders until they are purged); extensions - using the DoEditSectionLink or EditSectionLink hooks might need adjustments as - well. -* (bug 55818) BREAKING CHANGE: Removed undocumented 'Debug' hook in wfDebug. - This resolves an infinite loop when using $wgDebugFunctionEntry = true. -* BREAKING CHANGE: action=parse no longer returns all langlinks for the page - with prop=langlinks by default. The new effectivelanglinks parameter will - request that the LanguageLinks hook be called to determine the effective - language links. -* BREAKING CHANGE: list=allpages, list=langbacklinks, and prop=langlinks do not - apply the new LanguageLinks hook, and thus only consider language links - stored in the database. -* BREAKING CHANGE: Implementation of MediaWiki's JS and JSON value encoding - has changed: -** MediaWiki no longer supports PHP installations in which the native JSON - extension is missing or disabled. -** XmlJsCode objects can no longer be nested inside objects or arrays. - (For Xml::encodeJsCall(), this individually applies to each argument.) -** The sets of characters escaped by default, along with the precise escape - sequences used, have changed (except for the Xml::escapeJsString() - function, which is now deprecated). -* BREAKING CHANGE: The Services_JSON class has been removed. If necessary, - be sure to upgrade affected extensions at the same time (e.g. Collection). -* BREAKING CHANGE: Legacy skins Simple, MySkin, Chick, Standard and Nostalgia - were all removed. (Nostalgia was moved to an extension.) The SkinLegacy and - LegacyTemplate classes that supported them were removed as well and are now a - part of the Nostalgia extension. -* BREAKING CHANGE: The "ExternalAuth" authentication subsystem was removed, along - with its associated globals of $wgExternalAuthType, $wgExternalAuthConf, - $wgAutocreatePolicy and $wgAllowPrefChange. Affected users are encouraged to - use AuthPlugin for external authentication/authorization needs. -* BREAKING CHANGE: mw.util.tooltipAccessKeyRegexp: The match group for the - accesskey character is now $6 instead of $5. -* BREAKING CHANGE: meta keywords are no longer supported. A <meta name="keywords" - will no longer be output and OutputPage::addKeyword no longer exists. -* BREAKING CHANGE: The EditSectionLink hook was removed after being - deprecated since MediaWiki 1.14. Use DoEditSectionLink instead. -* (bug 50310) BREAKING CHANGE: wikibits: Drop support for mwCustomEditButtons. - It defaults to an empty array and emits mw.log.warn when accessed. -* BREAKING CHANGE: Special:Disambiguations has been removed from MediaWiki core. - Functions related to disambiguation pages are now handled by the Disambiguator - extension (https://www.mediawiki.org/wiki/Extension:Disambiguator) (bug - 35981). -* BREAKING CHANGE: The 'mediawiki.legacy.wikiprintable' module has been removed. - The skins/common/wikiprintable.css file no longer exists. Return value of - Skin#commonPrintStylesheet is ignored. Please use the 'mediawiki.legacy.commonPrint' - module instead or base your skin on SkinTemplate. -* BREAKING CHANGE: The module 'mediawiki.legacy.IEFixes' has been removed as it was - unused. The file skins/common/IEFixes.js remains but is only used by wikibits. - The file never contained any re-usable components. To use it in a skin, load - 'mediawiki.legacy.wikibits' (which IEFixes depends on) and that will import - IEFixes automatically if user agent conditions are met. - -=== New features in 1.22.0 === -* You can now install extensions using Composer. - See https://www.mediawiki.org/wiki/Composer -* (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and attributes. -* (bug 33454) Language::sprintfDate now has a timezone parameter, and supports - the "eIOPTZ" formatting characters. -* EditWarning: A warning is shown when an editor leaves the edit form without - saving (enabled by default, users can opt-out via the 'useeditwarning' - preference). This feature was moved from the Vector extension, and is now part - of core for all skins. Take care when upgrading that you don't use an older - version of the Vector extension as this feature may conflict. -* New 'mediawiki.ui' CSS module providing mw-ui-* styles for buttons and a - compact vertical form layout. -* HTMLForm supports a new display format 'vform' which applies this compact vertical - layout and button styling. Special:PasswordReset uses this format. -* New versions of login (Special:UserLogin) and create account - (Special:UserLogin/signup) forms using the "vform" compact vertical form layout. - These forms use new messages that assume a "Help logging in" link, see - https://www.mediawiki.org/wiki/Manual:Page_customizations; - https://www.mediawiki.org/wiki/Account_creation_user_experience/Strings lists the - message key changes. -* (bug 23343) Implemented ability to apply IP blocks to the contents of X-Forwarded-For headers - by adding a new configuration variable $wgApplyIpBlocksToXff (disabled by default). -* The new hook 'APIGetPossibleErrors' to modify the list of possible errors was - added. -* (bug 25592) LogEventsList::showLogExtract() will now ignore various - Pager-related WebRequest parameters by default, as this is overwhelmingly - likely to be what was intended by users of the method. If any caller wishes - to use these parameters, the new param 'useRequestParams' may be set to true. -* mw.util.addPortletLink: Tooltip is no longer required to be plain (without - an accesskey in it already). As such it now rountrips. Creating a link with a - message as tooltip, grabbing the title attribute and using it to create - another portlet will work as expected. -* (bug 6747) {{ROOTPAGENAME}} introduced, contains the name of the topmost - page without namespace. -* (bug 45535) introduced the new 'LanguageLinks' hook for manipulating the - language links associated with a page before display. -* Chosen (http://harvesthq.github.io/chosen/) was added as module 'jquery.chosen' -* HTMLForm will turn multiselect checkboxes into a Chosen interface when setting cssclass 'mw-chosen' -* rebuildLocalisationCache learned --lang option. Let you rebuild l10n caches - of the specified languages instead of all of them. -* New GetNewMessagesAlert hook allowing extensions to disable or modify the new - messages alert -* New wgUserNewMsgRevisionId JS global for logged in users. This will be null - if the user has no new talk page messages. Otherwise it will be set to the - revision ID of the oldest new talk page message. This will allow gadgets and - extensions to create their own new message alerts on the client side. -* mediawiki.log: Added log.warn wrapper (uses console.warn and console.trace). -* mediawiki.log: Implemented log.deprecate. This method defines a property and - uses ES5 getter/setter to emit a warning when they are used. -* $wgCascadingRestrictionLevels was added, allowing one to specify restriction levels - which can be cascading (previously 'sysop' was hard-coded as the only one). -* XHTML5 support has been improved. If you set $wgMimeType = 'application/xhtml+xml' - MediaWiki will try outputting markup acording to XHTML5 rules. -* Altered hook 'ProtectionForm::save', adding the reason page protection is - changed as third parameter. -* New hook 'TitleSquidURLs' for manipulating the list of URLs to be purged from - HTTP caches when a page is changed. -* Changed the patrolling system to always show the link for patrolling in case the - current revision is patrollable. This also removed the usage of the rcid URI parameters. -* Oracle DB backend now supports Database Resident Connection Pooling (DRCP). - Can be enabled by setting $wgDBOracleDRCP=true. - Requires Oracle DB 11gR1 or above, enabled DRCP inside the DB itself and a - propper connect string. - More about DRCP can be found at: - http://www.oracle-base.com/articles/11g/database-resident-connection-pool-11gr1.php -* Add a new parameter $patrolFooterShown to hook ArticleViewFooter so the hook - handlers can take further action based on the status of the patrol footer -* A new hook TitleQuickPermissions was added to allow overriding of quick - permissions in the Title class. -* LinkCache singleton can now be altered or cleared, letting one to specify - another instance that does not rely on a database backend. -* MediaWiki's PHPUnit tests can now use PHPUnit installed using composer --dev. -* (bug 43689) The lists of templates used on the page and hidden categories it - is a member of, shown below the edit form, are now collapsible (and collapsed - by default). -* Parser profiling data, formerly only available in the "NewPP limit report" - HTML comment, is now also displayed at the bottom of page previews. -* Added ParserLimitReportPrepare and ParserLimitReportFormat hooks, deprecated - ParserLimitReport hook. -* New user rights have been added to increase granularity in rights management - for extensions such as OAuth: -** editmyusercss controls whether a user may edit their own CSS subpages. -** editmyuserjs controls whether a user may edit their own JS subpages. -** viewmywatchlist controls whether a user may view their watchlist. -** editmywatchlist controls whether a user may edit their watchlist. -** viewmyprivateinfo controls whether a user may access their private - information (e.g. registered email address, real name). -** editmyprivateinfo controls whether a user may change their private - information. -** editmyoptions controls whether a user may change their preferences. -* Add new hook AbortTalkPageEmailNotification, this will be used to determine - whether to send the regular talk page email notification -* Action classes registered in $wgActions are now also supported in the form of - a callback (which returns an instance of Action) instead of providing the name - of a subclass of Action. -* (bug 46513) Vector: Add the collapsibleTabs script from the Vector extension. -* Added $wgRecentChangesFlags for defining new flags for RecentChanges and - watchlists. -* (bug 40518) mw.toolbar: Implemented mw.toolbar.addButtons for adding multiple - button objects in one call. -* Rights used for the default protection levels ('sysop' and 'autoconfirmed') - are now used just for that purpose, instead of overloading other rights. This - allows easy granting of the ability to edit sysop-protected pages without - also granting the ability to protect and unprotect. -* (bug 48256) Make brackets in section edit links accessible to CSS. - They are now wrapped in <span class="mw-editsection-bracket" />. -* (bug 8480) Allow handler specific parameters in galleries (like page number) -* jquery.client: Add detection for Opera 15 and Internet Explorer 11. -* Change tags (used by the AbuseFilter extension) are now shown on diff pages. -* Change tag lists (shown on recent changes, watchlist, user contributions, - history pages, diff pages) now include a link to Special:Tags to distinguish - them from edit summaries. -* Added a new method and hook, User::isEveryoneAllowed() and - UserIsEveryoneAllowed, for use in situations where a "does everyone have this - right?" check is used to avoid more expensive checks. -* (bug 14431) Display "(No difference)" instead of an empty diff (when comparing - revisions in the history or when previewing changes while editing). -* New hook 'IsUploadAllowedFromUrl' is added which can be used to intercept uploads by - URL, useful for blacklisting specific URLs -* (bug 21912) Watchlist token implementation has been refactored and - Special:ResetTokens was added to allow users to reset their tokens - instead of presenting them in Preferences. -* Special:PrefixIndex now lets you strip the searched prefix from the displayed - titles. Given a list of articles named Bug1, Bug2, you can now transclude the - list of bug numbers using: {{Special:PrefixIndex/Bug|stripprefix=1}}. - The special page form received a new checkbox matching that option. -* (bug 23580) Implement javascript callback interface "mw.hook". -* (bug 30713) New mw.hook "wikipage.content". -* (bug 40430) jquery.placeholder gets a new parameter to set the attribute value - to be used. -* $wgHTCPMulticastRouting renamed $wgHTCPRouting since it accepts unicast. -* $wgHTCPRouting rules can now be passed an array of hosts/ports to send purge - too. Can be used whenever several multicast group could be interested by a - specific purge. -* (bug 25931) Add Special:RandomInCategory. -* mediawiki.util: addPortletLink now supports passing a jQuery object as nextnode. -* <wbr> can now be used inside WikiText. -* WebResponse::setcookie is much more featureful. Callers using PHP's - setcookie() or setrawcookie() should begin using this instead. -* New hook WebResponseSetCookie, called from WebResponse::setcookie(). -* New hook ResetSessionID, called when the session id is reset. -* Add a mode parameter to <gallery> tag with potential options of "traditional", - "nolines", "packed", "packed-overlay", or "packed-hover". -* (bug 47399) A success message is now displayed after changing the password. -* Make thumb.php give HTTP redirects for file redirects -* (bug 30607) Special:ListFiles can now show old versions of files. Additionally - Special:AllMyUploads was introduced so the user can get a list of all things - they have ever uploaded, even if it was subsequently overriden. -* Introduced Special:MyFiles and Special:AllMyFiles as an alias for Special:MyUploads - and Special:AllMyUploads respectively. -* IPv6 addresses in X-Forwarded-For headers are now normalised before checking - against allowed proxy lists. -* Add deferrable update support for callback/closure. -* Add TitleMove hook before page renames. -* Revision deletion backend code is moved out of SpecialRevisiondelete -* Added {{REVISIONSIZE}} variable to get the current size of a revision. -* Add support for the LESS stylesheet language to ResourceLoader. LESS is a - stylesheet language that compiles into CSS. ResourceLoader file modules may - include LESS style files; ResourceLoader will compile these files into CSS - before sending them to the client. -** The $wgResourceLoaderLESSVars configuration variable is an associative array - mapping variable names to string CSS values. These variables are considered - declared for all LESS files. Additional variables may be registered by - adding keys to the array. -** $wgResourceLoaderLESSFunctions is an associative array of custom LESS - function names to PHP callables. See <http://leafo.net/lessphp/docs/#custom_functions> - for more details regarding custom functions. -** $wgResourceLoaderLESSImportPaths is an array of file system paths. Files - referenced in LESS '@import' statements are looked up here first. -* ResourceLoader supports hashes as module cache invalidation trigger (instead - of or in addition to timestamps). -* Added $wgExtensionEntryPointListFiles for use in mergeMessageFileList.php. -* Added a hook, APIQuerySiteInfoStatisticsInfo, to allow extensions to modify - the output of the API query meta=siteinfo&siprop=statistics -* Primary keys have been added to both the archive table and the externallinks - tables. -* Added $wgEnableParserLimitReporting to control whether the NewPP limit report is - output in a HTML comment. -* The 'UnwatchArticle' and 'WatchArticle' hooks now support a Status object - instead of just a boolean return value to abort the hook. -* Added a hook, SpecialWatchlistGetNonRevisionTypes, to allow extensions - with custom recentchanges entries to hook into the Watchlist without - clobbering each other. -* A hidden, empty input field was added to the edit form, and any edit that fills - it in will be rejected. This prevents against the simplest form of spambots. - Previously in the "SimpleAntiSpam" extension by Ryan Schmidt. -* populateRevisionLength.php maintenance script updated to also populate - archive.ar_len field. -* (bug 43571) DatabaseMySQLBase learned to list views, optionally filtered by a - prefix. Also fixed PHPUnit test suite when using a MySQL backend containing - views. - -=== Configuration changes in 1.22.0 === -* $wgRedirectScript was removed. It was unused. -* Removed $wgLocalMessageCacheSerialized, it is now always true. -* $wgVectorUseIconWatch is now enabled by default. -* $wgCascadingRestrictionLevels was added. -* ftps, ssh, sftp, xmpp, sip, sips, tel, sms, bitcoin, magnet, urn, and geo - have been whitelisted inside of $wgUrlProtocols. -* $wgDocType and $wgDTD have been removed and are no longer used for the DOCTYPE. -* $wgHtml5 is no longer used by core. Setting it to false will no longer disable HTML5. - It is still set to true for extension compatibility but doing so in extensions is deprecated. -* $wgXhtmlDefaultNamespace is no longer used by core. Setting it will no longer change the - xmlns used by MediaWiki. Reliance on this variable by extensions is deprecated. -* $wgHandheldStyle was removed. -* $wgHandheldForIPhone was removed. -* $wgJsMimeType is no longer used by core. Most usage has been removed since - HTML output is now exclusively HTML5. -* $wgDBOracleDRCP added. True enables persistent connection with DRCP on Oracle. -* $wgLogAutopatrol added to allow disabling logging of autopatrol edits in the logging table. - default for $wgLogAutopatrol is true. -* The 'edit' right no longer allows for editing a user's own CSS and JS. -* New rights 'editmyusercss', 'editmyuserjs', 'viewmywatchlist', - 'editmywatchlist', 'viewmyprivateinfo', 'editmyprivateinfo', and - 'editmyoptions' restrict actions that were formerly allowed by default. They - have been added to the default for $wgGroupPermissions['*']. -* The 'editprotected' right no longer allows bypassing of all page protection - restrictions. Any group using it for this purpose will now need to have all - the individual rights listed in $wgRestrictionTypes for the same effect. -* The 'protect' and 'autoconfirmed' rights are no longer used for the default - page protection levels. The rights 'editprotected' and 'editsemiprotected' - are now used for this purpose instead. -* (bug 40866) wgOldChangeTagsIndex removed. -* $wgNoFollowDomainExceptions now only matches entire domains. For example, - an entry for 'bar.com' will still match 'foo.bar.com' but not 'foobar.com'. -* $wgCopyUploadTimeout and $wgCopyUploadAsyncTimeout added to change the timeout times for - fetching the file during upload by url. -* New key added to $wgGalleryOptions - $wgGalleryOptions['mode'] to set - default gallery mode. -* New hook 'GalleryGetModes' to allow extensions to make new gallery modes. -* The checkbox for staying in HTTPS displayed on the login form when $wgSecureLogin is - enabled has been removed. Instead, whether the user stays in HTTPS will be determined - based on the user's preferences, and whether they came from HTTPS or not. -* $wgRC2UDPAddress, $wgRC2UDPInterwikiPrefix, $wgRC2UDPOmitBots, $wgRC2UDPPort, - and $wgRC2UDPPrefix configuration options have been deprecated in favor of a - $wgRCFeeds configuration array. $wgRCFeeds makes both the format and - destination of recent change notifications customizable, and allows for - multiple destinations to be specified. -* (bug 53862) portal-url, currentevents-url and helppage have been removed from the - default Sidebar. -* The 'vector-simplesearch' preference is now enabled by default. Previously - it was only enabled if the Vector extension was installed. -* The precise format of metric datagrams produced by the UDP profiler and stats counter - may now be specified as $wgUDPProfilerFormatString and $wgStatsFormatString, - respectively. -* (bug 54597) $wgBlockOpenProxies, $wgProxyPorts, $wgProxyScriptPath, and - $wgProxyMemcExpiry have been removed, along with the open proxy scanner - script they were added for. -* Default value of $wgMaxShellMemory has been tripled (it's now 300 MB). - -=== Bug fixes in 1.22.0 === -* (bug 47271) $wgContentHandlerUseDB should be set to false during the upgrade -* Disable Special:PasswordReset when $wgEnableEmail is false. Previously one - could still navigate to the page by entering the URL directly. -* (bug 47138) Fixed a fatal error when a blocked user tries to automatically - create an account on login due external authentication in some circumstances. -* (bug 23393) HTML <hN> headings containing line breaks are now handled - correctly. -* (bug 45803) Whitespace within == Headline == syntax and within <hN> headings - is now non-significant and not preserved in the HTML output. -* (bug 47218) Special:BlockList now handles correctly user names with spaces - when passed as subpage. -* Pager's properly validate which fields are allowed to be sorted on. -* mw.util.tooltipAccessKeyRegexp: The regex now matches "option-" as well. - Support for Mac "option" was added in 1.16, but the regex was never updated. -* (bug 46768) Usernames of blocking users now display correctly, even if numeric. -* (bug 39590) Self-transclusions now show the most up to date result always - after save instead of being a revision behind. -* A bias in wfRandomString() toward digits 1-7 has been corrected. Generated - strings will now start with digits 0 and 8-f as often as they should. -* (bug 45371) Removed Parser_LinkHooks and CoreLinkFunctions classes. -* (bug 41545) Allow <kbd>, <samp>, and <var> to be nested like allowed in html. -* PLURAL magic word no longer causes a PHP notice when no matching form exists. -* (bug 36641) Patrol page links no longer show on non-existent revisions. -* (bug 35810) Pages not linked from Special:RecentChanges or Special:NewPages - are patrollable now. -* (bug 30213) JavaScript for search suggestions is now disabled when the API - is disabled, and AJAX patrolling and watching are now disabled when use of - the write API is not allowed. -* (bug 48294) API: Fix chunk upload async mode. -* (bug 46749) Broken files tracking category removed from pages if an image - with that name is uploaded. -* (bug 14176) System messages that are empty were previously incorrectly treated - as non-existent, causing a fallback to the default. This stopped users from - overriding system messages to make them blank. -* (bug 48319) action=parse no longer returns an error if passed none of 'oldid', - 'pageid', 'page', 'title', and 'text' (e.g. if only passed 'summary'). A - warning will instead be issued if 'title' is non-default, unless no props are - requested. -* Special:Recentchangeslinked will now include upload log entries -* (bug 41281) Fixed ugly output if file size could not be extracted for multi-page media. -* (bug 50315) list=logevents API module will now output log entries by anonymous users. -* (bug 38911) Handle headers with rowspan in jquery.tablesorter -* (bug 658) Converted the table of contents on wiki pages from <table> to <div> - and adjusted skin CSS accordingly. The CSS was carefully crafted to be - backwards-compatible in all reasonable cases (uses of the __TOC__ magic word, - the #toc CSS id and the .toc CSS class). However, particularly bad abuse of - the id or the class can possibly break. -* CSSJanus now supports rgb, hsl, rgba, and hsla color syntaxes. -* Special:Listfiles can no longer be sorted by image name when filtering - by user in miser mode. -* (bug 49074) CSSJanus: Handle values of border-radius correctly. -* Handle relative inclusions ({{../name}}) in main namespace with subpages - enabled correctly (previously MediaWiki tried to include Template:Parent/name - instead of just Parent/name). -* Added $wgAPIUselessQueryPages to allow extensions to flag their query pages - for non-inclusion in ApiQueryQueryPages. -* (bug 50870) mediawiki.notification: Notification area should remain visible - when scrolled down. -* (bug 13438) Special:MIMESearch no longer an expensive special page. -* (bug 48342) Fixed a fatal error when $wgValidateAllHtml is set to true and - the function apache_request_headers() function is not available. -* (bug 33399) LivePreview: Re-run wikipage content handlers - (jquery.makeCollapsible, jquery.tablesorter) after preview content is loaded. -* (bug 51891) Fixed PHP notice on Special:PagesWithProp when no properties - are defined. -* (bug 52006) Corrected documentation of $wgTranscludeCacheExpiry. -* (bug 52077) The APIEditBeforeSave hook is giving the content of the whole - revision as second argument now, rather than just the current section. -* (bug 49694) $wgSpamRegex is now also applied on the new section headline text - adding a new topic on a page -* (bug 41756) Improve treatment of multiple comments on a blank line. -* (bug 51064) Purge upstream caches when deleting file assets. -* (bug 39012) File types with a mime that we do not know the extension for - can no longer be uploaded as an extension that we do know the mime type - for. -* (bug 51742) Add data-sort-value for better sorting of hitcounts Special:Tags -* (bug 26811) On DB error pages, server hostnames are now hidden when both - $wgShowHostnames and $wgShowSQLErrors are false. -* (bug 6200) line breaks in <blockquote> are handled like they are in <div> -* (bug 14931) Default character set now set to 'utf8' when a new MySQL - database is created. -* (bug 47191) Fixed "Column 'si_title' cannot be part of FULLTEXT index" - MySQL error when installing using the binary character set option. -* (bug 45288) Support mysqli PHP extension -* (bug 56707) Correct tooltip of "Next n results" on query special pages. -* (bug 56770) mw.util.addPortletLink: Check length before access array index. - -=== API changes in 1.22.0 === -* (bug 25553) The JSON output formatter now leaves forward slashes unescaped - to improve human readability of URLs and similar strings. Also, a "utf8" - option is now provided to use UTF-8 encoding instead of hex escape codes - for most non-ASCII characters. -* (bug 46626) xmldoublequote parameter was removed. Because of a bug, the - parameter has had no effect since MediaWiki 1.16, and so its removal is - unlikely to impact existing clients. -* (bug 47216) action=query&meta=siteinfo&siprop=skins will now indicate which - skin is the default and which are unusable (e.g. listed in $wgSkipSkins). -* (bug 25325) Added support for wlshow filtering (bots/anon/minor/patrolled) - to action=feedwatchlist. -* WDDX formatted output will actually be formatted (and normal output will no - longer be), and will no longer choke on booleans. -* action=opensearch no longer silently ignores the format parameter. -* action=opensearch now supports format=jsonfm. -* list=usercontribs&ucprop=ids will now include the parent revision id. -* (bug 47219) Allow specifying change type of Wikipedia feed items -* prop=imageinfo now allows setting iiurlheight without setting iiurlwidth -* prop=info now adds the content model and page language of the title. -* New upload log entries will now contain information on the relevant - image (sha1 and timestamp). -* (bug 49239) action=parse now can parse in preview and section preview modes. -* (bug 49259) action=patrol now accepts revision ids. -* (bug 48129) list=blocks&bkip= now correctly handles IPv6 CIDR ranges and - honors $wgBlockCIDRLimit. Note any clients passing invalid values to bkip - will now receive an error, rather than the previous behavior listing all - user blocks. -* (bug 48201) action=parse&text=foo now assumes wikitext if no title is given, - rather than using the content model of the page "API". -* action=watch no longer silently ignores hook abort. -* (bug 50785) action=purge with forcelinkupdate=1 no longer queues refreshLinks - jobs in the job queue for link table updates of pages that use the given page - as a template. Instead, forcerecursivelinkupdate=1 is introduced and should - be used if that behaviour is desirable. -* The 'debugLog' property (enabled by $wgDebugToolbar) no longer sets the log - entry values through ApiResult::content but directly. This changes the JSON - output from an array of objects with content in '*' to an array of strings - with the content. -* (bug 51342) prop=imageinfo iicontinue now contains the dbkey, not the text - version of the title. -* (bug 52538) action=edit will now use empty text instead of the contents - of section 0 when passed prependtext or appendtext with section=new. -* Support for the 'gettoken' parameter to action=block and action=unblock, - deprecated since 1.20, has been removed. -* (bug 49090) Token-getting functions will fail when using jsonp callbacks. -* (bug 52699) action=upload returns normalized file name on warning - "exists-normalized" instead of filename to be uploaded to. -* (bug 53884) action=edit will now return an error when the specified section - does not exist in the page. -* Added meta=filerepoinfo API module for getting information about foreign - file repositories, and related ForeignAPIRepo methods getInfo and getApiUrl. -* The new query module list=allfileusages to enumerate file usages was added. - -=== Languages updated in 1.22.0 === - -MediaWiki supports over 350 languages. Many localisations are updated -regularly. Below only new and removed languages are listed, as well as -changes to languages because of Bugzilla reports. - -* (bug 47099) Plural rules were updated to those from CLDR 24 for Manx (gv). -* (bug 54514) Explicit plural forms now work for Russian. -* (bug 46422) Explicit plural forms for languages that use a custom - implementation for Language::convertPlural now work correctly. -* Batak Toba (bbc-latn) added. -* (bug 46751) Made Buryat (Russia) (буряад) (bxr) fallback to Russian. - -=== Other changes in 1.22.0 === -* redirect.php was removed. It was unused. -* ClickTracking integration was dropped from the mediaWiki.user.bucket - JavaScript function. The 'tracked' option is now ignored. -* Event namespace used by jquery.makeCollapsible has been changed from - 'mw-collapse' to 'mw-collapsible' for consistency with the module name. -* The Quickbar feature of the legacy skin model and the last remnants of it - throughout the code base have been removed. -* Externaledit/externaldiff preference was removed. Very few users used this - feature, and improper configuration can actually prevent a user from editing -* Calling Linker methods using a skin will now output deprecation warnings. -* (bug 46680) "Return to" links are no longer tagged with rel="next". -* HipHop compiler (hphpc) support was removed. HipHop VM support (hhvm) was - added. -* A new Special:Redirect page was added, providing lookup by revision ID, - user ID, or file name. The old Special:Filepath page was reimplemented - to redirect through Special:Redirect. -* Monobook: Removed the old conditional stylesheets for Opera 6, 7 and 9. -* Support for XHTML 1.0 has been removed. MediaWiki now only outputs (X)HTML5. -* wikibits: User-agent related globals have been deprecated. The following - properties now default to false and emit mw.log.warn: is_gecko, is_chrome_mac, - is_chrome, webkit_version, is_safari_win, is_safari, webkit_match, is_ff2, - ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs, opera7_bugs, opera6_bugs, - is_opera_95, is_opera_preseven, is_opera, and ie6_bugs. -* (bug 48276) MediaWiki will now flash a confirmation message upon successfully - editing a page. -* (bug 40785) mediawiki.legacy.ajax has been marked as deprecated. The following - properties now emit mw.log.warn when accessed: sajax_debug, sajax_init_object, - sajax_do_call and wfSupportsAjax. -* Methods Title::userCanEditCssSubpage and Title::userCanEditJsSubpage, - deprecated since 1.19, have been removed. -* (bug 50134) Hook functions are no longer required to return a value. When a - hook function does not return a value (or when it returns an explicit null), - processing continues. To abort the hook, a hook function must return an - explicit, boolean false or a string error message. Other falsey values are - tantamount to a 'return true' in earlier versions of MediaWiki. -* (bug 48256) The 'editsection-brackets' optional message was removed. - Section edit links' brackets can now be customized using CSS by - styling span.mw-editsection-bracket. -* The usePatrol function in ChangesList has been marked as deprecated. -* (bug 50785) A "null edit", that is, a save action in which no changes to the - page text are made and no revision recorded, will no longer send refreshLinks - jobs to the job table to update pages which use the edited page as a template. -* The LivePreviewPrepare and LivePreviewDone events triggered on "jQuery( mw )" - have been deprecated in favour of using mw.hook. -* The 'showjumplinks' user preference has been removed, jump links are now - always included. -* Methods RecentChange::notifyRC2UDP, RecentChange::sendToUDP, and - RecentChange::cleanupForIRC have been deprecated, as it is now the - responsibility of classes implementing the RCFeedFormatter and RCFeedEngine - interfaces to implement the formatting and delivery for recent change - notifications. -* SpecialPrefixindex methods namespacePrefixForm() and showPrefixChunk() have - been made protected. They were accepting form variance arguments, this is now - using properties in the SpecialPrefixindex class. -* (bug 49629) The hook ExtractThumbParamaters has been deprecated in favour - of media handler overriding MediaHandler::parseParamString. -* (bug 46512) The collapsibleNav feature from the Vector extension has been moved - to the Vector skin in core. -* SpecialRecentChanges::addRecentChangesJS() function has been renamed - to addModules() and made protected. -* Methods WatchAction::doWatch and WatchAction::doUnwatch now return a Status - object instead of a boolean. -* Information boxes (CSS classes errorbox, warningbox, successbox) have been - made more subtle. -* Code specific to the Math extension was marked as deprecated. -* mediawiki.util: mw.util.wikiGetlink has been renamed to getUrl. (The old name - still works, but is deprecated.) - -== Compatibility == - -MediaWiki 1.22.0 requires PHP 5.3.2 or later. - -MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but -support for them is somewhat less mature. There is experimental support for -Oracle. - -The supported versions are: - -* MySQL 5.0.2 or later -* PostgreSQL 8.3 or later -* SQLite 3.3.7 or later -* Oracle 9.0.1 or later - -== Upgrading == - -1.22.0 has several database changes since 1.21, and will not work without schema -updates. Note that due to changes to some very large tables like the revision -table, the schema update may take quite long (minutes on a medium sized site, -many hours on a large site). - -If upgrading from before 1.11, and you are using a wiki as a commons -repository, make sure that it is updated as well. Otherwise, errors may arise -due to database schema changes. - -If upgrading from before 1.7, you may want to run refreshLinks.php to ensure -new database fields are filled with data. - -If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to -1.5 first. The upgrade script maintenance/upgrade1_5.php has been removed -with MediaWiki 1.21. - -Don't forget to always back up your database before upgrading! - -See the file UPGRADE for more detailed upgrade instructions. - -For notes on 1.21.x and older releases, see HISTORY. - -== Online documentation == - -Documentation for both end-users and site administrators is available on -MediaWiki.org, and is covered under the GNU Free Documentation License (except -for pages that explicitly state that their contents are in the public domain): - - https://www.mediawiki.org/wiki/Documentation - -== Mailing list == - -A mailing list is available for MediaWiki user support and discussion: - - https://lists.wikimedia.org/mailman/listinfo/mediawiki-l - -A low-traffic announcements-only list is also available: - - https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce - -It's highly recommended that you sign up for one of these lists if you're -going to run a public MediaWiki, so you can be notified of security fixes. - -== IRC help == - -There's usually someone online in #mediawiki on irc.freenode.net. - |