= MediaWiki release notes = Stable branch snapshot, release 2003-11-18. This is the version of MediaWiki that we're running on Wikipedia as of this date. == Overview of changes from mediawiki-20031117 release: == * Image deletion fixed. * Deletion of image old revisions now restricted to sysops (this is an irreversible action and not well logged) * Fixed maintenance scripts broken by last release's security fix * Many errors in rebuildlinks script fixed. == Overview of changes from mediawiki-20031107 release: == * SECURITY FIX: stricter checking of include path * Fixed user contributions next/prev bug * Login cookies now have the database name prefixed to allow wikis to coexist in the same domain. This will invalidate any old saved password cookies. * Update cache timestamp when talk pages are created * Saving the login form in Mozilla no longer blanks password in prefs. * Check existence of source page before performing a move. * Detect invalid titles in Special:Allpages * Q-encode headers on outgoing inter-user e-mail * Updates to some translations. * Added table of contents border/bg to Cologne Blue, Nostalgia skins * Protected pages no longer appear unprotected when visited via redirect * Swapped old Wikipedia logo for the MediaWiki sunflower logo * install.php, update.php print warning on old PHP versions, added compatibility functions that might or might not help No database changes since 20031107; upgrading should be clean. == Overview of changes from mediawiki-20030829 release: == * Fixed various bugs! * Some speed improvements from tweaks to the table indexes * Limited support for memcached (see below) * New translations (see below) * Interwiki link data now kept in database for flexibility * Friendlier read-only source view if asked to edit a page when the db is locked or the page is protected. * Normal IP blocks auto-expire after 24 hours * Optional support for blocking usernames * Uploads disabled by default (see below) == Security note == Uploads are now disabled by default. If you've set up a secure configuration you can reenable uploads by putting: $wgDisableUploads = false; into LocalSettings.php. Earlier versions of MediaWiki included a bug that potentially allows logged- in users to delete arbitrary files in directories writable by the web server user by manually feeding false form data; this is now fixed. As a reminder, disable PHP script execution in the upload directory! You may also wish to serve HTML pages as plaintext to prevent cookie- stealing JavaScript attacks. Example Apache config fragment: # Ignore .htaccess files AllowOverride None # Serve HTML as plaintext AddType text/plain .html .htm .shtml # Don't run arbitrary PHP code. php_admin_flag engine off # If you've other scripting languages, disable them too. == Database updates == If you're using update.php, the necessary database changes should be made automatically. To manually upgrade your database from the 2003-08-29 release, run the following SQL scripts from the maintenance subdirectory: archives/patch-ipblocks.sql archives/patch-interwiki.sql archives/patch-indexes.sql interwiki.sql To copy in the Wikipedia language-prefix interwikis as well, add: wikipedia-interwiki.sql == Translations == New interface localization files are included for: fy Frisian ro Romanian sl Slovene sq Albanian sr Serbian == Memcached == Memcached is a distributed cache system. See http://www.danga.com/memcached/ MediaWiki can optionally use memcached to store some data between calls to reduce load on the database. Currently this is limited to user and talk page notification data, interwiki prefix/URL matches, and the UTF-8 conversion tables. MediaWiki includes version 1.0.10 of the (GPL'd) PHP memcached client by Ryan Gilfether; if memcached is disabled it acts as a dummy object with minimal overhead. To use memcached you'll need PHP installed with sockets support (this is not in the default configure options). See docs/memcached for some more details. Additionally, you can store login session data in memcached instead of the local filesystem, which can help to enable load-balancing by letting login sessions transparently work on multiple front-end web servers. (The primary other issue is with uploads, which requires some care in handling.) To enable this, set $wgSessionsInMemcached = true; and set $wgCookieDomain appropriately if exposing multiple hostnames. This system is new and may be volatile; login sessions will fail dramatically if memcached is unavailable when this option is turned on. == Online documentation == Documentation for both end-users and site administrators is currently being built up on Meta-Wikipedia, and is covered under the GNU Free Documentation License: http://meta.wikipedia.org/wiki/MediaWiki_User%27s_Guide == Mailing list == A MediaWiki-l mailing list has been set up distinct from the Wikipedia wikitech-l list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l == UseModWiki import script == A stripped-down UseModWiki import script is available in the maintenance subdirectory. It is incomplete and requires a lot of manual clean-up, but does function for the brave and pure of heart. == Test suite removed == The unmaintained Java-based test suite has been removed from the tarball release. If you really want it you can check it out from CVS.