X-Git-Url: https://git.cyclocoop.org/admin/?a=blobdiff_plain;f=RELEASE-NOTES-1.27;h=5b9b2b81e0087afb8eb3a05a45020c86d87d5946;hb=e2e2a83697b9988d6c630881ceca2a4e94d2809a;hp=50d40a61453c621d771a8ac249622319f6f2094e;hpb=f56a905990f579a81f15ce636ab03758c15690df;p=lhc%2Fweb%2Fwiklou.git diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27 index 50d40a6145..5b9b2b81e0 100644 --- a/RELEASE-NOTES-1.27 +++ b/RELEASE-NOTES-1.27 @@ -81,6 +81,8 @@ production. MediaWiki\Session\SessionProvider. ** The User cannot be loaded from session until after Setup.php completes. Attempts to do so will be ignored and the User will remain unloaded. +** CSRF tokens may be fetched from the MediaWiki\Session\Session, which uses + the MediaWiki\Session\Token class. * MediaWiki will now auto-create users as necessary, removing the need for extensions to do so. An 'autocreateaccount' right is added to allow auto-creation when 'createaccount' is not granted to all users. @@ -88,11 +90,17 @@ production. * Most cookie-handling methods in User are deprecated. * $wgAllowAsyncCopyUploads and $CopyUploadAsyncTimeout were removed. This was an experimental feature that has never worked. +* Login and createaccount tokens now vary by timestamp. +* LoginForm::getLoginToken() and LoginForm::getCreateaccountToken() + return a MediaWiki\Session\Token, and tokens must be checked using that + class's methods. +* $wgEnotifUseJobQ was removed and the job queue is always used. +* The functionality of the ApiSandbox extension has been merged into core. The + extension should no longer be used. === New features in 1.27 === -* $wgDataCenterId and $wgDataCenterRoles where added, which will serve as - basic configuration settings needed for multi-datacenter setups. - $wgDataCenterUpdateStickTTL was also added. +* $wgDataCenterUpdateStickTTL was also added. This decides how long a user + sticks to the primary DC (via cookies) after they make changes to the site. * Added a new hook, 'UserMailerTransformContent', to transform the contents of an email. This is similar to the EmailUser hook but applies to all mail sent via UserMailer. @@ -146,6 +154,10 @@ production. * Added MWRestrictions as a class to check restrictions on a WebRequest, e.g. to assert that the request comes from a particular IP range. * Added bot passwords, a rights-restricted login mechanism for API-using bots. +* Whitelisted the following HTML attributes for all elements in wikitext: + aria-describedby, aria-flowto, aria-label, aria-labelledby, aria-owns. +* Removed "presentation" restriction on the HTML role attribute in wikitext. + All values are now allowed for the role attribute. === External library changes in 1.27 === @@ -199,6 +211,7 @@ production. * ApiQueryBase::getDirectionDescription() was removed (deprecated since 1.25). * ApiQuery::getModules() was removed (deprecated since 1.21). * ApiMain::getModules() was removed (deprecated since 1.21). +* ApiBase::getVersion() was removed (deprecated since 1.21). === Languages updated in 1.27 === @@ -294,6 +307,8 @@ changes to languages because of Phabricator reports. together but instead pick the final one, similar to image syntax. * XML-like parser tags (such as ), when unclosed, will be left unparsed rather than consume everything until the end of the page. +* New maintenance script resetUserEmail.php allows sysadmins to reset user emails in case + a user forgot password/account was stolen. == Compatibility ==