MediaWiki 1.32, now defaults to MIGRATION_NEW instead of MIGRATION_WRITE_BOTH.
* Special:ActiveUsers will no longer filter out users who became inactive since
the last time the active users query cache was updated.
+* If you ran migrateActors.php using an older version of MediaWiki and want to
+ run your wiki with $wgActorTableSchemaMigrationStage SCHEMA_COMPAT_READ_OLD,
+ note that log_search rows needed to find revision deletions by target user
+ were incorrectly deleted. See T215464 for details.
==== Removed configuration ====
* (T199334) $wgTagStatisticsNewTable — This temporary setting, added in
pages.
* (T214706) LinksUpdate::getAddedExternalLinks() and
LinksUpdate::getRemovedExternalLinks() were introduced.
+ * Argon2 password hashing is now available, can be enabled via
+ $wgPasswordDefault = 'argon2'. It's designed to resist timing attacks
+ (requires PHP 7.2+) and GPU hacking (7.3+).
=== External library changes in 1.33 ===
==== New external libraries ====
* Added wikimedia/password-blacklist 0.1.4.
* Added guzzlehttp/guzzle 6.3.3.
+* Added jakub-onderka/php-console-highlighter 0.3.2 explicitly (dev-only).
==== Changed external libraries ====
* Updated OOUI from v0.29.2 to v0.30.2.
* Updated OOjs Router from pre-release to v0.2.0.
-* Updated wikimedia/xmp-reader from 0.6.0 to 0.6.1.
+* Updated wikimedia/xmp-reader from 0.6.0 to 0.6.2.
* Updated wikimedia/scoped-callback from 2.0.0 to 3.0.0.
-* Updated wikimedia/ip-set from 1.2.0 to 2.0.0.
+* Updated wikimedia/ip-set from 1.2.0 to 2.0.1.
* The deprecated IPSet\IPSet alias was removed, Wikimedia\IPSet must be
used instead.
* Updated qunitjs from 2.6.2 to 2.9.1.
* Updated jquery-client from 2.0.1 to 2.0.2.
+* Updated psy/psysh from 0.9.6 to 0.9.9 (dev-only).
+* Updated nikic/php-parser from 3.1.3 to 3.1.5 (dev-only).
+* Updated pear/net_smtp from 1.8.0 to 1.8.1.
+* Updated cssjanus/cssjanus from 1.2.0 to 1.2.1.
+* Updated wikimedia/php-session-serializer from 1.0.6 to 1.0.7.
==== Removed external libraries ====
=== Bug fixes in 1.33 ===
* (T164211) Special:UserRights could sometimes fail with a
"conflict detected" error when there weren't any conflicts.
+* (T215566) Unable to determine if the database exists
+ during a fresh installation.
=== Action API changes in 1.33 ===
* (T198913) Added 'ApiOptions' hook.
deletion will be processed via the job queue.
* action=setnotificationtimestamp will now update the watchlist asynchronously
if entirewatchlist is set, so updates may not be visible immediately
+* Block info will be added to "blocked" errors from more modules.
+* (T216245) Autoblocks will now be spread by action=edit and action=move.
=== Action API internal changes in 1.33 ===
* A number of deprecated methods for API documentation, intended for overriding
hyphen. Methods such as ApiBase::dieWithError() and
ApiMessageTrait::setApiCode() will throw an InvalidArgumentException if
passed a bad code.
+* ApiBase::checkTitleUserPermissions() now takes an options array as its third
+ parameter. Passing a User object or null is deprecated.
=== Languages updated in 1.33 ===
MediaWiki supports over 350 languages. Many localisations are updated regularly.
Use require( 'mediawiki.libs.jpegmeta' ) instead.
* The mw.user.stickyRandomId() method, deprecated in 1.32, was removed.
Use mw.user.getPageviewToken() instead.
+* Removed deprecated class property WikiRevision::$importer.
+* ResourceLoaderFileModule::readStyleFiles() now requires its $context
+ parameter.
+* The ChangeList::insertArticleLink() method, that was deprecated in 1.27, has
+ been removed.
+* MessageBlobStore::__construct() now requires its $rl parameter.
=== Deprecations in 1.33 ===
* The configuration option $wgUseESI has been deprecated, and is expected
* The mw.language.specialCharacters property from the
'mediawiki.language.specialCharacters' module has been deprecated.
Use require( 'mediawiki.language.specialCharacters' ) instead.
+* ChangeTags::purgeTagUsageCache() has been deprecated, and is expected to be
+ removed in a future release.
+* Passing a User object or null as the third parameter to
+ ApiBase::checkTitleUserPermissions() has been deprecated. Pass an array
+ [ 'user' => $user ] instead.
=== Other changes in 1.33 ===
* (T201747) Html::openElement() warns if given an element name with a space
in it.
+* The implementation of buildStringCast() in Wikimedia\Rdbms\Database has
+ changed to explicitly cast. Subclasses relying on the base-class
+ implementation should check whether they need to override it now.
== Compatibility ==
-MediaWiki 1.33 requires PHP 7.0.0 or later. Although HHVM 3.18.5 or later is
-supported, it is generally advised to use PHP 7.0.0 or later for long term
+MediaWiki 1.33 requires PHP 7.0.13 or later. Although HHVM 3.18.5 or later is
+supported, it is generally advised to use PHP 7.0.13 or later for long term
support.
MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
*
* @since 1.33
*/
-$wgMediaInTargetLanguage = false;
+$wgMediaInTargetLanguage = true;
/**
* The maximum number of pixels a source image can have if it is to be scaled
*
* The format is an associative array where the key is a cache identifier, and
* the value is an associative array of parameters. The "cacheId" parameter is
- * a cache identifier from $wgObjectCaches. The "channels" parameter is a map of
- * actions ('purge') to PubSub channels defined in $wgEventRelayerConfig.
- * The "loggroup" parameter controls where log events are sent.
+ * a cache identifier from $wgObjectCaches. The "loggroup" parameter controls
+ * where log events are sent.
*
* @since 1.26
*/
$wgWANObjectCaches = [
CACHE_NONE => [
'class' => WANObjectCache::class,
- 'cacheId' => CACHE_NONE,
- 'channels' => []
+ 'cacheId' => CACHE_NONE
]
/* Example of a simple single data-center cache:
'memcached-php' => [
'class' => WANObjectCache::class,
- 'cacheId' => 'memcached-php',
- 'channels' => [ 'purge' => 'wancache-main-memcached-purge' ]
+ 'cacheId' => 'memcached-php'
]
*/
];
'cost' => '30000',
'length' => '64',
],
+ 'argon2' => [
+ 'class' => Argon2Password::class,
+
+ // Algorithm used:
+ // * 'argon2i' is optimized against side-channel attacks (PHP 7.2+)
+ // * 'argon2id' is optimized against both side-channel and GPU cracking (PHP 7.3+)
+ // * 'auto' to use best available algorithm. If you're using more than one server, be
+ // careful when you're mixing PHP versions because newer PHP might generate hashes that
+ // older versions might would not understand.
+ 'algo' => 'auto',
+
+ // The parameters below are the same as options accepted by password_hash().
+ // Set them to override that function's defaults.
+ //
+ // 'memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
+ // 'time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST,
+ // 'threads' => PASSWORD_ARGON2_DEFAULT_THREADS,
+ ],
];
/**