Hi all,
On Thursday we will be issuing a security and maintenance release to all
supported branches of MediaWiki.
The new releases will be:
- 1.35.14
- 1.39.6
- 1.40.2
1.41.0 is expected to follow shortly after.
This will resolve one minor security issue in MediaWiki core, along with
bug fixes included for maintenance reasons. This includes various patches
for PHP 8.0, 8.1, 8.2 and 8.3 support.
This release may or may not be made with a CVE number formally attached,
due to the recent delays in receiving them from MITRE.
We will make the fixes available in the respective release branches and
master in git. Tarballs will be available for the above mentioned point
releases as well.
A summary of some of the security fixes that have gone into non-bundled
MediaWiki extensions will also follow later.
As a reminder, when 1.35 was released, it was originally due to become end
of life (EOL) at the end of September 2023. Due to 1.39 being released late
(November 2022), and to honor the commitment to the 1 year overlap of
MediaWiki LTS releases, this formal EOL process was delayed till at least
the end of November 2023, with the suggestion it would be December 2023.
It is therefore expected that this 1.35.14 will become the final release
for the 1.35 branch, and 1.35 will formally become end of life afterwards.
A separate announcement will be sent for that.
It is strongly recommended to upgrade to either 1.39 (the next LTS after
1.35), which will be supported until November 2025, 1.40, which will be
supported until June 2024, or 1.41, which will be supported until December
2024.
[1] https://www.mediawiki.org/wiki/Version_lifecycle
On Thursday we will be issuing a security and maintenance release to all
supported branches of MediaWiki.
The new releases will be:
- 1.35.14
- 1.39.6
- 1.40.2
1.41.0 is expected to follow shortly after.
This will resolve one minor security issue in MediaWiki core, along with
bug fixes included for maintenance reasons. This includes various patches
for PHP 8.0, 8.1, 8.2 and 8.3 support.
This release may or may not be made with a CVE number formally attached,
due to the recent delays in receiving them from MITRE.
We will make the fixes available in the respective release branches and
master in git. Tarballs will be available for the above mentioned point
releases as well.
A summary of some of the security fixes that have gone into non-bundled
MediaWiki extensions will also follow later.
As a reminder, when 1.35 was released, it was originally due to become end
of life (EOL) at the end of September 2023. Due to 1.39 being released late
(November 2022), and to honor the commitment to the 1 year overlap of
MediaWiki LTS releases, this formal EOL process was delayed till at least
the end of November 2023, with the suggestion it would be December 2023.
It is therefore expected that this 1.35.14 will become the final release
for the 1.35 branch, and 1.35 will formally become end of life afterwards.
A separate announcement will be sent for that.
It is strongly recommended to upgrade to either 1.39 (the next LTS after
1.35), which will be supported until November 2025, 1.40, which will be
supported until June 2024, or 1.41, which will be supported until December
2024.
[1] https://www.mediawiki.org/wiki/Version_lifecycle