I am happy to announce the availability of the general release of MediaWiki
1.40!
This includes the security fixes announced in 1.35.11/1.38.7/1.39.4.
Tarballs have already been uploaded, and the git tag has been pushed.
Thanks to everyone who helped out with this release, especially thanks to
those who tested out the release candidate and provided feedback, as well
as the developers who worked hard to get several important fixes merged in
time for the 1.40 final release. To see what's changed in 1.40, see the
release notes below.
MediaWiki 1.40 is the second release of MediaWiki 'born' with PHP 8.0 and
PHP 8.1 support included. We anticipate there may be some as-yet
undiscovered bugs with PHP 8.x support, of which we'd love to hear reports
so they can be fixed. We plan to back-port fixes to 1.39, 1.38 and 1.35 to
the extent possible.
MediaWiki 1.40 is due to be supported until the end of June 2024.
As a reminder, 1.35 LTS is due to become end-of-life in November 2023, and
1.38 became end-of-life today, 30 June 2023.
=== Changes since MediaWiki 1.40.0-rc.0 ===
* Localisation updates.
* (T330464) Work around argument corruption bug in XMLReader::open.
* build: Updating mediawiki/mediawiki-phan-config to 0.12.1.
* Fix frame and frameless rdfa depending on file existing.
* (T329214) Pass whether current rev of file exists to
Linker::makeBrokenImageLinkObj.
* (T334659) Handle thumb errors when !$enableLegacyMediaDOM.
* A manualthumb that doesn't exist should be considered a thumb error.
* (T313157) IndexPager: Also protect against $offset being 0.
* (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.
Open Bugs:
[1] https://phabricator.wikimedia.org/project/board/6139/
Bug report form:
[2]
https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.40-Release
**********************************************************************
Download:
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-1.40.0.tar.gz
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-1.40.0.zip
Download without bundled extensions:
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-core-1.40.0.tar.gz
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-core-1.40.0.zip
Patch to previous version (1.40.0-rc.0):
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-1.40.0.patch.gz
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-1.40.0.patch.zip
GPG signatures:
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-core-1.40.0.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-core-1.40.0.zip.sig
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-1.40.0.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-1.40.0.zip.sig
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-1.40.0.patch.gz.sig
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-1.40.0.patch.zip.sig
Public keys:
https://www.mediawiki.org/keys/keys.html
1.40!
This includes the security fixes announced in 1.35.11/1.38.7/1.39.4.
Tarballs have already been uploaded, and the git tag has been pushed.
Thanks to everyone who helped out with this release, especially thanks to
those who tested out the release candidate and provided feedback, as well
as the developers who worked hard to get several important fixes merged in
time for the 1.40 final release. To see what's changed in 1.40, see the
release notes below.
MediaWiki 1.40 is the second release of MediaWiki 'born' with PHP 8.0 and
PHP 8.1 support included. We anticipate there may be some as-yet
undiscovered bugs with PHP 8.x support, of which we'd love to hear reports
so they can be fixed. We plan to back-port fixes to 1.39, 1.38 and 1.35 to
the extent possible.
MediaWiki 1.40 is due to be supported until the end of June 2024.
As a reminder, 1.35 LTS is due to become end-of-life in November 2023, and
1.38 became end-of-life today, 30 June 2023.
=== Changes since MediaWiki 1.40.0-rc.0 ===
* Localisation updates.
* (T330464) Work around argument corruption bug in XMLReader::open.
* build: Updating mediawiki/mediawiki-phan-config to 0.12.1.
* Fix frame and frameless rdfa depending on file existing.
* (T329214) Pass whether current rev of file exists to
Linker::makeBrokenImageLinkObj.
* (T334659) Handle thumb errors when !$enableLegacyMediaDOM.
* A manualthumb that doesn't exist should be considered a thumb error.
* (T313157) IndexPager: Also protect against $offset being 0.
* (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.
Open Bugs:
[1] https://phabricator.wikimedia.org/project/board/6139/
Bug report form:
[2]
https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.40-Release
**********************************************************************
Download:
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-1.40.0.tar.gz
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-1.40.0.zip
Download without bundled extensions:
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-core-1.40.0.tar.gz
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-core-1.40.0.zip
Patch to previous version (1.40.0-rc.0):
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-1.40.0.patch.gz
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-1.40.0.patch.zip
GPG signatures:
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-core-1.40.0.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-core-1.40.0.zip.sig
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-1.40.0.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-1.40.0.zip.sig
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-1.40.0.patch.gz.sig
https://releases.wikimedia.org/mediawiki/1.40/mediawiki-1.40.0.patch.zip.sig
Public keys:
https://www.mediawiki.org/keys/keys.html