setting since version 1.2.0. If you have it on, turn it *off* if you can.
+== MediaWiki 1.5 alpha 2 ==
+
+June 3, 2005
+
+MediaWiki 1.5 alpha 2 includes a lot of bug fixes, feature merges,
+and a security update.
+
+Incorrect handling of page template inclusions made it possible to
+inject JavaScript code into HTML attributes, which could lead to
+cross-site scripting attacks on a publicly editable wiki.
+
+Vulnerable releases and fix:
+* 1.5 prerelease: fixed in 1.5alpha2
+* 1.4 stable series: fixed in 1.4.5
+* 1.3 legacy series: fixed in 1.3.13
+* 1.2 series no longer supported; upgrade to 1.4.5 strongly recommended
+
+
== MediaWiki 1.5 alpha 1 ==
May 3, 2005
Various bugfixes, small features, and a few experimental things:
* 'live preview' reduces preview reload burden on supported browsers
+* support for external editors for files and wiki pages:
+ http://meta.wikimedia.org/wiki/Help:External_editors
* Schema reworking: http://meta.wikimedia.org/wiki/Proposed_Database_Schema_Changes/October_2004
* New WikiSyntax: -- turns into — or – depending on context
* (bug 15) Allow editors to view diff of their change before actually submitting an edit
* $wgStyleSheetDirectory is no longer an alias for $wgStyleDirectory;
* Special:Movepage can now take paramaters like Special:Movepage/Page_to_move
(used to just be able to take paramaters via a GET request like index.php?title=Special:Movepage&target=Page_to_move)
-* Deprecated the {{msg:template}} syntax for referring to templates
+* (bug 2151) The delete summary now includes editor name, if only one has edited the article.
+* (bug 2105) Fixed from argument to the PHP mail() function. A missing space could prevent sending mail with some versions of sendmail.
+* (bug 2228) Updated the Slovak translation
* ...and more!
=== Changes since 1.5alpha1 ===
-* ...various...
-* (bug 2067) Fixed crash on empty quoted HTML attribute
-* (bug 2079) Removed links to Special:Maintenance from movepagetext messages
-* Fix for reading incorrectly re-gzipped HistoryBlob entries
+* (bug 73) Category sort key is set to file name when adding category to
+ file description from upload page (previously it would be set to
+ "Special:Upload", causing problems with category paging)
+* (bug 419) The contents of the navigation toolbar are now editable through
+ the MediaWiki namespace on the MediaWiki:navbar page.
+* (bug 498) The Views heading in MonoBook.php is now localizable
+* (bug 898) The wiki can now do advanced sanity check on uploaded files
+ including virus checks using external programs.
+* (bug 1692) Fix margin on unwatch tab
* (bug 1906) Generalize project namespace for Latin localization, update namespaces
+* (bug 1975) The name for Limburgish (li) changed from "Lèmburgs" to "Limburgs
+* (bug 2019) Wrapped the output of Special:Version in <div dir='ltr'> in order
+ to preserve the correct flow of text on RTL wikis.
+* (bug 2067) Fixed crash on empty quoted HTML attribute
* (bug 2075) Corrected namespace definitions in Tamil localization
+* (bug 2079) Removed links to Special:Maintenance from movepagetext message
+* (bug 2094) Multiple use of a template produced wrong results in some cases
+* (bug 2095) Triple-closing-bracket thing partly fixed
+* (bug 2110) "noarticletext" should not display on Image page for "sharedupload" media
+* (bug 2150) Fix tab indexes on edit form
+* (bug 2152) Add missing bgcolor to attribute whitelist for <td> and <th>
+* (bug 2176) Section edit 'show changes' button works correctly now
+* (bug 2178) Use temp dir from environment in parser tests
+* (bug 2217) Negative ISO years were incorrectly converted to BC notation
+* (bug 2234) allow special chars in database passwords during install
+* Deprecated the {{msg:template}} syntax for referring to templates, {{msg: is
+ now the wikisyntax representation of wfMsgForContent()
+* Fix for reading incorrectly re-gzipped HistoryBlob entries
+* HistoryBlobStub: the last-used HistoryBlob is kept open to speed up
+ multiple-revision pulls
* Add $wgLegacySchemaConversion update-time option to reduce amount of
copying during the schema upgrade: creates HistoryBlobCurStub reference
records in text instead of copying all the cur_text fields. Requires
that the cur table be left in place until/unless such fields are migrated
into the main text store.
-* (bug 1692) Fix margin on unwatch tab
-* HistoryBlobStub: the last-used HistoryBlob is kept open to speed up
- multiple-revision pulls
* Special:Export now includes page, revision, and user id numbers by
default (previously this was disabled for no particular reason)
* dumpBackup.php can dump the full database to Export XML, with current
revisions only or complete histories.
-* (bug 2150) Fix tab indexes on edit form
-* (bug 2152) Add missing bgcolor to attribute whitelist for <td> and <th>
+* The group table was renamed to groups because "group" is a reserved word in
+ SQL which caused some inconveniances.
+* New fileicons for c, cpp, deb, dvi, exe, h, html, iso, java, mid, mov, o,
+ ogg, pdf, ps, rm, rpm, tar, tex, ttf and txt files based on the KDE
+ crystalsvg theme.
+* Fixed a bug in Special:Newimages that made it impossible to search for '0'
+* Added language variant support for Icelandic, now supports "Íslenzka"
+* The #p-nav id in MonoBook is now #p-navigation
+* Putting $4 in msg:userstatstext will now give the percentage of
+ admnistrators out of normal users.
+* links and brokenlinks tables merged to pagelinks; this will reduce pain
+ dealing with moves and deletes of widely-linked pages.
+* Add validate table and val_ip column through the updater.
+* Simple rate limiter for edits and page moves; set $wgRateLimits
+ (somewhat experimental; currently needs memcached)
+* (bug 2262) Hide math preferences when TeX is not enabled
+* (bug 2267) Don't generate thumbnail at the same size as the source image.
+* Fix rebuildtextindex.inc for new schema
+* Remove linkscc table code, no longer used.
+* (bug 2271) Use faster text-only link replacement in image alt text
+ instead of rerunning expensive link lookup and HTML generation.
+* Only build the HTML attribute whitelist tree once.
+* Replace wfMungeToUtf8 and do_html_entity_decode with a single function
+ that does both numeric and named chars: Sanitizer::decodeCharReferences
+* Removed some obsolete UTF-8 converter functions
+* Fix function comment in debug dump of SQL statements
+* (bug 2275) Update search index more or less right on page move
+* (bug 2053) Move comment whitespace trimming from edit page to save;
+ leaves the whitespace from the section comment there on preview.
+* (bug 2274) Respect stub threshold in category page list
+* (bug 2173) Fatal error when removing an article with an empty title from the watchlist
+* Removed -f parameter from mail() usage, likely to cause failures and bounces.
+* (bug 2130) Fixed interwiki links with fragments
+* (bug 684) Accept an attribute parameter array on parser hook tags
+* (bug 814) Integrate AuthPlugin changes to support Ryan Lane's external
+ LDAP authentication plugin
+* (bug 2034) Armor HTML attributes against template inclusion and links munging
+* (bug 2319) Fix parse hook tag matching
=== Caveats ===