X-Git-Url: http://git.cyclocoop.org//%22javascript:ModifierStyle%28%27%22.%24id.%22%27%29/%22?a=blobdiff_plain;f=RELEASE-NOTES-1.29;h=4b7de886a9396212ec87577c6f4e0191ed9a1c8b;hb=7076755463bc6e74768d00c0266198c32f50304d;hp=bb57a9ef8b26bb6944433e809eb7f35363e7123c;hpb=b18cf7b4b2c1c8d7644a755244ab9163d8a796a4;p=lhc%2Fweb%2Fwiklou.git diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29 index bb57a9ef8b..4b7de886a9 100644 --- a/RELEASE-NOTES-1.29 +++ b/RELEASE-NOTES-1.29 @@ -35,9 +35,10 @@ production. * (T156983) $wgRateLimitsExcludedIPs now accepts CIDR ranges as well as single IPs. * $wgDummyLanguageCodes is deprecated. Additional language code mappings may be added to $wgExtraLanguageCodes instead. +* (T161453) LocalisationCache will no longer use the temporary directory in it's + fallback chain when trying to work out where to write the cache. === New features in 1.29 === -* (T137376) New language support: Atikamekw (atj) * (T5233) A cookie can now be set when a user is autoblocked, to track that user if they move to a new IP address. This is disabled by default. * Added ILocalizedException interface to standardize the use of localized @@ -64,15 +65,18 @@ production. === External library changes in 1.29 === ==== Upgraded external libraries ==== -* Added wikimedia/timestamp v1.0.0. * Updated QUnit from v1.22.0 to v1.23.1. -* Updated cssjanus from v1.1.2 to 1.1.3. +* Updated cssjanus from v1.1.2 to v1.2.0. * Updated psr/log from v1.0.0 to v1.0.2. * Update Moment.js from v2.8.4 to v2.15.0. -* Updated oyejorge/less.php from v1.7.0.10 to v1.7.0.13. -* Added wikimedia/remex-html v1.0.1. +* Updated oyejorge/less.php from v1.7.0.10 to v1.7.0.14. +* Updated monolog from v1.18.2 to 1.22.1. +* Updated wikimedia/composer-merge-plugin from v1.3.1 to v1.4.0. +* Updated OOjs from v1.1.10 to v2.0.0. ==== New external libraries ==== +* Added wikimedia/timestamp v1.0.0. +* Added wikimedia/remex-html v1.0.1. ==== Removed and replaced external libraries ==== @@ -83,6 +87,24 @@ production. highlight prefix matches in the results. * (T157035) "new mw.Uri()" was ignoring options when using default URI. * Special:Allpages can no longer be filtered by redirect in miser mode. +* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is installed. +* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow redirect + to interwiki links. +* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when + $wgAdvancedSearchHighlighting is true. +* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep + their values out of the logs. +* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a CSRF + token. +* (T156184) SECURITY: Escape content model/format url parameter in message. +* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD + declaration. +* (T161453) SECURITY: LocalisationCache will no longer use the temporary directory + in it's fallback chain when trying to work out where to write the cache. +* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion + syntax's link parameter. +* (T108138) SECURITY: Sysops can undelete pages, although the page is protected against + it. === Action API changes in 1.29 === * Submitting sensitive authentication request parameters to action=login, @@ -143,6 +165,8 @@ production. various methods now take a module path rather than a module name. * ApiMessageTrait::getApiCode() now strips 'apierror-' and 'apiwarn-' prefixes from the message key, and maps some message keys for backwards compatibility. +* API parameters may now be marked as "sensitive" to keep their values out of + the logs. === Languages updated in 1.29 === @@ -160,6 +184,7 @@ changes to languages because of Phabricator reports. The new or reinstated language fallbacks are (after cs ↔ sk in 1.28): ca ↔ oc; hsb ↔ dsb; io → eo; mdf → ru; pnt → el; roa-tara → it; rup → ro; sh → bs, sr-el, hr. +* (T137376) New language support: Atikamekw (atj). * (T155957) Talk Namespaces for Javanese language (jv) have been updated. ==== No fallback for Ukrainian ==== @@ -269,6 +294,19 @@ changes to languages because of Phabricator reports. * WikiRevision::$fileIsTemp was deprecated. * WikiRevision::$importer was deprecated. * WikiRevision::$user was deprecated. +* Article::getLastPurgeTimestamp(), WikiPage::getLastPurgeTimestamp(), and the + WikiPage::PURGE_* constants are deprecated, and the functions will always + return false. They were a hack for an issue that has since been fixed. +* Hook 'EditPageBeforeEditChecks' is now deprecated. Instead use the new hook + 'EditPageGetCheckboxesDefinition', or 'EditPage::showStandardInputs:options' + if you don't actually care about checkboxes and just want to add some HTML + to the page. +* Selflinks are now rendered as href-less tags with the class mw-selflink + rather than tags. The old class name, "selflink", was deprecated + and will be removed in a future release. (T160480) +* (T156184) $wgRawHtml will no longer apply to internationalization messages. +* Browser support for non-ES5 JavaScript browsers, including Android 2, + Opera <12.10, and Internet Explorer 9, was lowered from Grade A to Grade C. == Compatibility ==