X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=RELEASE-NOTES-1.29;h=33d917c84975d2798bfe188bffe49ef3127f8918;hb=55043101b2a89ea1e811b6d35e415f57ed0bf41d;hp=793769ff1c41269bf2734bb85a31d165e8fced48;hpb=d10ace77d37899fd1110fc0b51e17e9e518c5615;p=lhc%2Fweb%2Fwiklou.git diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29 index 793769ff1c..33d917c849 100644 --- a/RELEASE-NOTES-1.29 +++ b/RELEASE-NOTES-1.29 @@ -35,9 +35,12 @@ production. * (T156983) $wgRateLimitsExcludedIPs now accepts CIDR ranges as well as single IPs. * $wgDummyLanguageCodes is deprecated. Additional language code mappings may be added to $wgExtraLanguageCodes instead. +* (T161453) LocalisationCache will no longer use the temporary directory in it's + fallback chain when trying to work out where to write the cache. +* The user right 'editusercssjs' (deprecated in 1.16) was removed. Use + 'editusercss' and 'edituserjs' in $wgGroupPermissions and elsewhere instead. === New features in 1.29 === -* (T137376) New language support: Atikamekw (atj) * (T5233) A cookie can now be set when a user is autoblocked, to track that user if they move to a new IP address. This is disabled by default. * Added ILocalizedException interface to standardize the use of localized @@ -64,15 +67,18 @@ production. === External library changes in 1.29 === ==== Upgraded external libraries ==== -* Added wikimedia/timestamp v1.0.0. * Updated QUnit from v1.22.0 to v1.23.1. -* Updated cssjanus from v1.1.2 to 1.1.3. +* Updated cssjanus from v1.1.2 to v1.2.0. * Updated psr/log from v1.0.0 to v1.0.2. * Update Moment.js from v2.8.4 to v2.15.0. -* Updated oyejorge/less.php from v1.7.0.10 to v1.7.0.13. -* Added wikimedia/remex-html v1.0.1. +* Updated oyejorge/less.php from v1.7.0.10 to v1.7.0.14. +* Updated monolog from v1.18.2 to 1.22.1. +* Updated wikimedia/composer-merge-plugin from v1.3.1 to v1.4.0. +* Updated OOjs from v1.1.10 to v2.0.0. ==== New external libraries ==== +* Added wikimedia/timestamp v1.0.0. +* Added wikimedia/remex-html v1.0.1. ==== Removed and replaced external libraries ==== @@ -83,6 +89,24 @@ production. highlight prefix matches in the results. * (T157035) "new mw.Uri()" was ignoring options when using default URI. * Special:Allpages can no longer be filtered by redirect in miser mode. +* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is installed. +* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow redirect + to interwiki links. +* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when + $wgAdvancedSearchHighlighting is true. +* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep + their values out of the logs. +* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a CSRF + token. +* (T156184) SECURITY: Escape content model/format url parameter in message. +* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD + declaration. +* (T161453) SECURITY: LocalisationCache will no longer use the temporary directory + in it's fallback chain when trying to work out where to write the cache. +* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion + syntax's link parameter. +* (T108138) SECURITY: Sysops can undelete pages, although the page is protected against + it. === Action API changes in 1.29 === * Submitting sensitive authentication request parameters to action=login, @@ -143,6 +167,8 @@ production. various methods now take a module path rather than a module name. * ApiMessageTrait::getApiCode() now strips 'apierror-' and 'apiwarn-' prefixes from the message key, and maps some message keys for backwards compatibility. +* API parameters may now be marked as "sensitive" to keep their values out of + the logs. === Languages updated in 1.29 === @@ -160,6 +186,7 @@ changes to languages because of Phabricator reports. The new or reinstated language fallbacks are (after cs ↔ sk in 1.28): ca ↔ oc; hsb ↔ dsb; io → eo; mdf → ru; pnt → el; roa-tara → it; rup → ro; sh → bs, sr-el, hr. +* (T137376) New language support: Atikamekw (atj). * (T155957) Talk Namespaces for Javanese language (jv) have been updated. ==== No fallback for Ukrainian ==== @@ -276,14 +303,30 @@ changes to languages because of Phabricator reports. 'EditPageGetCheckboxesDefinition', or 'EditPage::showStandardInputs:options' if you don't actually care about checkboxes and just want to add some HTML to the page. +* Selflinks are now rendered as href-less tags with the class mw-selflink + rather than tags. The old class name, "selflink", was deprecated + and will be removed in a future release. (T160480) +* (T156184) $wgRawHtml will no longer apply to internationalization messages. +* Browser support for non-ES5 JavaScript browsers, including Android 2, + Opera <12.10, and Internet Explorer 9, was lowered from Grade A to Grade C. +* Removed wikibits global methods deprecated since MediaWiki 1.17 (T122755): + is_gecko, is_chrome_mac, is_chrome, webkit_version, is_safari_win, is_safari, + webkit_match, is_ff2, ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs, + opera7_bugs, opera6_bugs, is_opera_95, is_opera_preseven, is_opera, + ie6_bugs, clientPC, changeText, killEvt, addHandler, hookEvent, + addClickHandler, removeHandler, getElementsByClassName, getInnerText, + setupCheckboxShiftClick, addCheckboxClickHandlers, mwEditButtons, + mwCustomEditButtons, injectSpinner, removeSpinner, escapeQuotes, + escapeQuotesHTML, jsMsg, addPortletLink, appendCSS, tooltipAccessKeyPrefix, + tooltipAccessKeyRegexp, updateTooltipAccessKeys. == Compatibility == MediaWiki 1.29 requires PHP 5.5.9 or later. There is experimental support for HHVM 3.6.5 or later. -MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but -support for them is somewhat less mature. There is experimental support for +MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used, +but support for them is somewhat less mature. There is experimental support for Oracle and Microsoft SQL Server. The supported versions are: @@ -301,20 +344,10 @@ updates. Note that due to changes to some very large tables like the revision table, the schema update may take quite long (minutes on a medium sized site, many hours on a large site). -If upgrading from before 1.11, and you are using a wiki as a commons -repository, make sure that it is updated as well. Otherwise, errors may arise -due to database schema changes. - -If upgrading from before 1.7, you may want to run refreshLinks.php to ensure -new database fields are filled with data. - -If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to -1.5 first. The upgrade script maintenance/upgrade1_5.php has been removed -with MediaWiki 1.21. - Don't forget to always back up your database before upgrading! -See the file UPGRADE for more detailed upgrade instructions. +See the file UPGRADE for more detailed upgrade instructions, including +important information when upgrading from versions prior to 1.11. For notes on 1.28.x and older releases, see HISTORY.