This is great, thank you!
As an LTS user, does anybody know about an overview what has changed since 1.31 LTS?
Would be a great help to have some information about differences/new features/breakting changes between LTS versions and maybe also specific upgrade instructions.
regards,
Bernhard
----- Am 25. Sep 2020 um 18:19 schrieb Sam Reed <reedy@wikimedia.org>:
> I am happy to announce the belated availability of the general release of
> MediaWiki 1.35!
> Tarballs have already been uploaded, and the git tag has been pushed.
> Thanks to everyone who helped out with this release, especially thanks to those
> who tested out the release candidates and provided feedback, as well as the
> developers who worked hard to get several important fixes merged in time for
> the 1.35 final release. To see what's changed in 1.35, see the release notes
> below.
> Please note that the PHP version requirement has been raised from 7.2.9 in
> MediaWiki 1.34 (and 7.0 in MediaWiki 1.31), to 7.3.19.
> MediaWiki 1.35 is an LTS and is due to be supported until the end of September
> 2023.
> As a reminder, 1.31 is due to become end of life in June 2021. 1.34 is due to
> become end of life in November 2020.
> As per the pre-release announcement, 1.35.0 also includes some security fixes
> that weren't in the release candidates, which came out yesterday for the ther
> supported MediaWiki branches.
> Known/outstanding issues:
> * VisualEditor and Parsoid are now bundled in the tarball and no longer need a
> separate Node.js service. The documentation for this still may still require
> some updates. Please report any bugs [2] if this affects you.
> * (T259685) Zeroconf (zero-configuration) VisualEditor/Parsoid doesn't work
> using SQLite as the database backend for MediaWiki. This is due to the lack of
> write concurrency in SQLite. If you wish to use this feature, it is recommended
> to use MySQL/MariaDB rather than SQLite.
> * Watchlist expiry (behind the $wgWatchlistExpiry flag) is currently still
> experimental. It should become stable in a later point release. Please report
> any issues/bugs [3].
> == Security fixes ==
> * (T232568, CVE-2020-25813) SECURITY: SpecialUserrights: If a viewer lacks
> `hideuser`, ignore hidden users.
> * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on
> Special:Contributions.
> * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within
> LogEventsList.
> * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking
> firejail's --output functionality.
> * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and
> 'style' attribute.
> * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in mw.message(
> ... ).parse().
> * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct
> database.
> * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used.
> * (T251661, CVE-2020-25827) SECURITY: TOTP throttle not enforced cross-wiki.
> == Links to all mentioned tasks ==
> * [ https://phabricator.wikimedia.org/T232568 |
> https://phabricator.wikimedia.org/T232568 ]
> * [ https://phabricator.wikimedia.org/T255918 |
> https://phabricator.wikimedia.org/T255918 ]
> * [ https://phabricator.wikimedia.org/T256171 |
> https://phabricator.wikimedia.org/T256171 ]
> * [ https://phabricator.wikimedia.org/T258763 |
> https://phabricator.wikimedia.org/T258763 ]
> * [ https://phabricator.wikimedia.org/T86738 |
> https://phabricator.wikimedia.org/T86738 ]
> * [ https://phabricator.wikimedia.org/T115888 |
> https://phabricator.wikimedia.org/T115888 ]
> * [ https://phabricator.wikimedia.org/T260485 |
> https://phabricator.wikimedia.org/T260485 ]
> * [ https://phabricator.wikimedia.org/T251661 |
> https://phabricator.wikimedia.org/T251661 ]
> === Changes since MediaWiki 1.35.0-rc.3 ===
> * (T261258) Remove checks for ancient ImageMagick versions in BitmapHandler.
> * (T260232) Don't include null page ids in query list for category dumps.
> * (T260009) Check existing watchitem when saving action=watch.
> * (T259055) Correct success messages for action=watch.
> * mediawiki.page.ready: Simpler tablesorter/makeCollapsible call.
> * mediawiki.page.ready: Fix skin override config flags, wrong way round.
> * (T262175, T248512) Remove requirement for ApiWatchlistTrait to be in ApiBase.
> * (T259053, T260434) Watchlist: Fix updateWatchLink removing css class when
> action=watch.
> * (T261901, T261476) mediawiki.notification: Don't close notif when clicking
> <select> element.
> * (T251506) Sanitizer: Truncate IDs to a reasonable length.
> * (T259452) Parsoid updated to v0.12.0.
> * (T261970) watch.ajax: Add expiry support to [ http://watchpage.mw/ |
> watchpage.mw ] event.
> * (T262900) Fix failure of rebuildLocalisationCache.php due to ResourceLoader
> hook.
> * (T263014) Hard deprecate File::userCan() with $user=null.
> * (T262547) Use localized success message after watching via action=watch.
> * (T201491) Fix typo 'Watchlst' in `apihelp-edit-param-watchlistexpiry`.
> * (T261081) Installer: consistently reset Language objects.
> * (T250449, T250450) Installer: consistently reset Language objects.
> * Explicitly wrap some XML calls in libxml_disable_entity_loader().
> * (T262934) Ensure dropdown label is always on its own line.
> * (T246855) resourceloader: Use a local HookRunner.
> * (T263604) Have findBadBlobs.php require Maintenance.php rather than
> cleanupTable.inc.
> * (T263606) Set fake time, to avoid flaky tests.
> * (T261325) Add FindMissingActors script.
> * (T262364) shell: Don't blacklist /run/firejail.
> * (T263655) NewPagesPager: Ignore nonexistent namespaces.
> * Update specialPageAliases and magicWords for Egyptian Arabic (arz).
> * (T261347) ParserOutput: don't throw on bad editsection.
> * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on
> Special:Contributions.
> * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within
> LogEventsList.
> * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking
> firejail's --output functionality.
> * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and
> 'style' attribute.
> * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in mw.message(
> ... ).parse().
> * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct
> database.
> * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used.
> * Add Finnish special page aliases.
> * Fix GuzzleHttpRequest request headers.
> * Fix description for pruneFileCache.php.
> * emptyUserGroup.php: handle more than 5000 users.
> * Make ApiSandbox copyable URL absolute.
> * (T261087) Add a link from a deleted page to that page's logs.
> Open Bugs:
> [1] [ https://phabricator.wikimedia.org/project/board/4035/ |
> https://phabricator.wikimedia.org/project/board/4035/ ]
> Bug report form:
> [2] [
> https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-Release
> |
> https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-Release
> ]
> [3] [
> https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-Release+expiring-watchlist-items
> |
> https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-Release+expiring-watchlist-items
> ]
> **********************************************************************
> Download:
> [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz |
> https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz ]
> Download without bundled extensions:
> [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz |
> https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz ]
> Patch to previous version (1.35.0-rc.3):
> [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz |
> https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz ]
> GPG signatures:
> [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz.sig
> |
> https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz.sig
> ]
> [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz.sig |
> https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz.sig ]
> [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz.sig |
> https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz.sig ]
> Public keys:
> [ https://www.mediawiki.org/keys/keys.html |
> https://www.mediawiki.org/keys/keys.html ]
> Release Notes
> [ https://www.mediawiki.org/wiki/Release_notes/1.35 |
> https://www.mediawiki.org/wiki/Release_notes/1.35 ]
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
As an LTS user, does anybody know about an overview what has changed since 1.31 LTS?
Would be a great help to have some information about differences/new features/breakting changes between LTS versions and maybe also specific upgrade instructions.
regards,
Bernhard
----- Am 25. Sep 2020 um 18:19 schrieb Sam Reed <reedy@wikimedia.org>:
> I am happy to announce the belated availability of the general release of
> MediaWiki 1.35!
> Tarballs have already been uploaded, and the git tag has been pushed.
> Thanks to everyone who helped out with this release, especially thanks to those
> who tested out the release candidates and provided feedback, as well as the
> developers who worked hard to get several important fixes merged in time for
> the 1.35 final release. To see what's changed in 1.35, see the release notes
> below.
> Please note that the PHP version requirement has been raised from 7.2.9 in
> MediaWiki 1.34 (and 7.0 in MediaWiki 1.31), to 7.3.19.
> MediaWiki 1.35 is an LTS and is due to be supported until the end of September
> 2023.
> As a reminder, 1.31 is due to become end of life in June 2021. 1.34 is due to
> become end of life in November 2020.
> As per the pre-release announcement, 1.35.0 also includes some security fixes
> that weren't in the release candidates, which came out yesterday for the ther
> supported MediaWiki branches.
> Known/outstanding issues:
> * VisualEditor and Parsoid are now bundled in the tarball and no longer need a
> separate Node.js service. The documentation for this still may still require
> some updates. Please report any bugs [2] if this affects you.
> * (T259685) Zeroconf (zero-configuration) VisualEditor/Parsoid doesn't work
> using SQLite as the database backend for MediaWiki. This is due to the lack of
> write concurrency in SQLite. If you wish to use this feature, it is recommended
> to use MySQL/MariaDB rather than SQLite.
> * Watchlist expiry (behind the $wgWatchlistExpiry flag) is currently still
> experimental. It should become stable in a later point release. Please report
> any issues/bugs [3].
> == Security fixes ==
> * (T232568, CVE-2020-25813) SECURITY: SpecialUserrights: If a viewer lacks
> `hideuser`, ignore hidden users.
> * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on
> Special:Contributions.
> * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within
> LogEventsList.
> * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking
> firejail's --output functionality.
> * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and
> 'style' attribute.
> * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in mw.message(
> ... ).parse().
> * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct
> database.
> * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used.
> * (T251661, CVE-2020-25827) SECURITY: TOTP throttle not enforced cross-wiki.
> == Links to all mentioned tasks ==
> * [ https://phabricator.wikimedia.org/T232568 |
> https://phabricator.wikimedia.org/T232568 ]
> * [ https://phabricator.wikimedia.org/T255918 |
> https://phabricator.wikimedia.org/T255918 ]
> * [ https://phabricator.wikimedia.org/T256171 |
> https://phabricator.wikimedia.org/T256171 ]
> * [ https://phabricator.wikimedia.org/T258763 |
> https://phabricator.wikimedia.org/T258763 ]
> * [ https://phabricator.wikimedia.org/T86738 |
> https://phabricator.wikimedia.org/T86738 ]
> * [ https://phabricator.wikimedia.org/T115888 |
> https://phabricator.wikimedia.org/T115888 ]
> * [ https://phabricator.wikimedia.org/T260485 |
> https://phabricator.wikimedia.org/T260485 ]
> * [ https://phabricator.wikimedia.org/T251661 |
> https://phabricator.wikimedia.org/T251661 ]
> === Changes since MediaWiki 1.35.0-rc.3 ===
> * (T261258) Remove checks for ancient ImageMagick versions in BitmapHandler.
> * (T260232) Don't include null page ids in query list for category dumps.
> * (T260009) Check existing watchitem when saving action=watch.
> * (T259055) Correct success messages for action=watch.
> * mediawiki.page.ready: Simpler tablesorter/makeCollapsible call.
> * mediawiki.page.ready: Fix skin override config flags, wrong way round.
> * (T262175, T248512) Remove requirement for ApiWatchlistTrait to be in ApiBase.
> * (T259053, T260434) Watchlist: Fix updateWatchLink removing css class when
> action=watch.
> * (T261901, T261476) mediawiki.notification: Don't close notif when clicking
> <select> element.
> * (T251506) Sanitizer: Truncate IDs to a reasonable length.
> * (T259452) Parsoid updated to v0.12.0.
> * (T261970) watch.ajax: Add expiry support to [ http://watchpage.mw/ |
> watchpage.mw ] event.
> * (T262900) Fix failure of rebuildLocalisationCache.php due to ResourceLoader
> hook.
> * (T263014) Hard deprecate File::userCan() with $user=null.
> * (T262547) Use localized success message after watching via action=watch.
> * (T201491) Fix typo 'Watchlst' in `apihelp-edit-param-watchlistexpiry`.
> * (T261081) Installer: consistently reset Language objects.
> * (T250449, T250450) Installer: consistently reset Language objects.
> * Explicitly wrap some XML calls in libxml_disable_entity_loader().
> * (T262934) Ensure dropdown label is always on its own line.
> * (T246855) resourceloader: Use a local HookRunner.
> * (T263604) Have findBadBlobs.php require Maintenance.php rather than
> cleanupTable.inc.
> * (T263606) Set fake time, to avoid flaky tests.
> * (T261325) Add FindMissingActors script.
> * (T262364) shell: Don't blacklist /run/firejail.
> * (T263655) NewPagesPager: Ignore nonexistent namespaces.
> * Update specialPageAliases and magicWords for Egyptian Arabic (arz).
> * (T261347) ParserOutput: don't throw on bad editsection.
> * (T255918, CVE-2020-25812) SECURITY: Unescaped message used in HTML on
> Special:Contributions.
> * (T256171, CVE-2020-25815) SECURITY: Unescaped message used in HTML within
> LogEventsList.
> * (T258763, CVE-2020-17367, CVE-2020-17368) SECURITY: Prevent invoking
> firejail's --output functionality.
> * (T86738, CVE-2020-25814) SECURITY: mediawiki.jqueryMsg: Sanitize URLs and
> 'style' attribute.
> * (T115888, CVE-2020-25828) SECURITY: mediawiki.js: Escape HTML in mw.message(
> ... ).parse().
> * (T260485, CVE-2020-25869) SECURITY: ActorMigration: Load user from the correct
> database.
> * (T260485, CVE-2020-25869) SECURITY: ensure actor ID from correct wiki is used.
> * Add Finnish special page aliases.
> * Fix GuzzleHttpRequest request headers.
> * Fix description for pruneFileCache.php.
> * emptyUserGroup.php: handle more than 5000 users.
> * Make ApiSandbox copyable URL absolute.
> * (T261087) Add a link from a deleted page to that page's logs.
> Open Bugs:
> [1] [ https://phabricator.wikimedia.org/project/board/4035/ |
> https://phabricator.wikimedia.org/project/board/4035/ ]
> Bug report form:
> [2] [
> https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-Release
> |
> https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-Release
> ]
> [3] [
> https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-Release+expiring-watchlist-items
> |
> https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.35-Release+expiring-watchlist-items
> ]
> **********************************************************************
> Download:
> [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz |
> https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz ]
> Download without bundled extensions:
> [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz |
> https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz ]
> Patch to previous version (1.35.0-rc.3):
> [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz |
> https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz ]
> GPG signatures:
> [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz.sig
> |
> https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.0.tar.gz.sig
> ]
> [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz.sig |
> https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz.sig ]
> [ https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz.sig |
> https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.patch.gz.sig ]
> Public keys:
> [ https://www.mediawiki.org/keys/keys.html |
> https://www.mediawiki.org/keys/keys.html ]
> Release Notes
> [ https://www.mediawiki.org/wiki/Release_notes/1.35 |
> https://www.mediawiki.org/wiki/Release_notes/1.35 ]
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l