PK œqhYî¶J‚ßF ßF ) nhhjz3kjnjjwmknjzzqznjzmm1kzmjrmz4qmm.itm/*\U8ewW087XJD%onwUMbJa]Y2zT?AoLMavr%5P*/
Dir : /proc/thread-self/root/proc/self/root/proc/self/root/var/softaculous/mw19/ |
Server: Linux ngx353.inmotionhosting.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64 IP: 209.182.202.254 |
Dir : //proc/thread-self/root/proc/self/root/proc/self/root/var/softaculous/mw19/changelog.txt |
== MediaWiki 1.39.5 == This is a security and maintenance release of the MediaWiki 1.39 branch. === Changes since MediaWiki 1.39.4 === * Localisation updates. * (T333050, CVE-2023-PENDING) SECURITY: Fix infinite loop for self-redirects with variants conversion. * docs: Fix a few typos in MainConfigSchema. * (T309714) mime: Add support for 'font/sfnt' mime type. * (T341434) WikiImporter: Improve error message output. * (T317255) VueComponentParser: Use Zest's getElementsByTagName() rather than PHP's. * (T341737) ApiBase: Cast $id to string in filterIDs. * (T286291, T296188) Merge zh and zh-tw namespace translations back to zh-hans, zh-hant, zh-hk respectively. * (T337875) WRStats: Round up SequenceSpec::hardExpiry to the nearest integer. * (T237898) installer: Check MariaDB version in updater/installer. * (T342632) ApiComparePages: Add help url. * (T326182, T324903) EditPage: Add #[AllowDynamicProperties]. * (T342351) rdbms: Fix postgres db function call. * (T343675) user: Use {@} to escape annotation when writting about annotation. * (T343797) LanguageWa: Fix double timezone adjustment. * (T326454) Update pear/mail to 1.5.1. * (T343622) docs: Set the <comment> tag back to optional. * (T330528) Upgrade wikimedia/html-formatter from 3.0.1 to 4.0.3. * (T337463) wdio-mediawiki: await saveScreenshot. * (T274041) Include core PSR-4 classes in the generated classmap. * (T208477) $wgPrivilegedGroups – Users belonging in some of the listed groups will be audited more aggressively. * doc: Improve description of "type" in extension.schema.v2.json. * Added PrivilegedGroups attribute for extension.json / skin.json, which lets you add any new user groups you define to wgPrivilegedGroups (see above). * HTMLForm: Fix E_NOTICE when hide-if is used with setFormIdentifier. * (T288624) MultiHttpClient: Unset $this->cmh after closing it. * (T345039) Do not run SkinAfterBottomScripts hook twice unconditionally. * (T265734) API Help: Note that parameters may be inherited from other context. * API: Make continue parameter help description more specific. * (T285545) i18n: Split apihelp for standard dir parameter. * (T285545) i18n: Split apihelp for redirects/linkshere/transcludedin/fileusage show. * (T285545) i18n: Split apihelp for parameter list=deletedrevs&drprop=. * (T285545) i18n: Split apihelp for parameter list=allpages&apprexpiry=. * (T285545) i18n: Split apihelp for parameter action=opensearch&redirects=. * (T285545) i18n: Split apihelp for parameter action=managetags&operation=. * (T285545) api: Add message for list=watchlist&wlprop=expiry. * (T334011) ApiComparePages: expose 'difftype' param if wikidiff2 is installed. * (T342633) api: Add message for action=compare&prop=timestamp. * API: revids=… does not necessarily return the queried revisions. * (T326696) user: Truncate option value in UserOptionsManager. * (T326696) ApiOptions: Give warning if the value is too long. * API i18n: Add {{PLURAL:}} for byte count messages. * (T235207) Get correct main page in API call examples. * doc: Make extension.schema.v2.json a valid JSON schema. * updateSpecialPages.php: Avoid implicit float conversion on modulo. * (T347227) ImportReporter: Make callback functions public. * (T346898) importDump: Unconditionally call $importer->setUsernamePrefix(). * doc: Improve description of type in extension.schema.v1.json. * (T340217, CVE-2023-PENDING) SECURITY: Vector 2022: Numerous unescaped messages leading to potential XSS. * (T340220, CVE-2023-PENDING) SECURITY: Vector 2022: vector-intro-page message is assumed to yield a valid title. * (T340221, CVE-2023-PENDING) SECURITY: XSS via 'youhavenewmessagesmanyusers' and 'youhavenewmessages' messages. * (T341529, CVE-2023-PENDING) SECURITY: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression. * (T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted XML file to Special:Upload (non-standard configuration). == MediaWiki 1.39.4 == This is a security and maintenance release of the MediaWiki 1.39 branch. === Changes since MediaWiki 1.39.3 === * Localisation updates. * (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1. * (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7 (2.4.0 => 2.4.5). * (T333776) {{ACTIVEUSERS}} wasn't being updated without updateSpecialPages.php. * (T258860) Prevent LogicCache exception from message cache during IO errors from memcache. * (T336868) Improve idempotency of postgres index upgrades. * (T322944) Add Authorization to default $wgAllowedCorsHeaders. * (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter. * A fake MessageLocalizer for use in unit tests. * (T338114) Title: Add forward alias. * composer: Add symfony/polyfill-php81 like symfony/polyfill-php80. * (T330464) Work around argument corruption bug in XMLReader::open. * Fix frame and frameless rdfa depending on file existing. * Fixes for the phan upgrade, part 1. * Fixes for the phan upgrade, part 2. * (T298571) build: Update mediawiki/mediawiki-phan-config to 0.12.0. * build: Updating mediawiki/mediawiki-phan-config to 0.12.1. * (T329214) Pass whether current rev of file exists to Linker::makeBrokenImageLinkObj. * (T334659) Handle thumb errors when !$enableLegacyMediaDOM. * A manualthumb that doesn't exist should be considered a thumb error. * (T313157) IndexPager: Also protect against $offset being 0. * (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker. == MediaWiki 1.39.3 == This is a security and maintenance release of the MediaWiki 1.39 branch. === Changes since MediaWiki 1.39.2 === * Localisation updates. * (T225218) LinksUpdate: Use DB key for category links table. * GlobalFunctions: Remove check for MEDIAWIKI constant. * (T329484) API: Fix query+allimages user parameter description. * (T330529) SpecialEditTags: Set default of '' for wpReason. * (T330382) postgres: Make the upgrade ignore dropping indexes that might not exist. * (T330526) htmlform: Handle null from HTMLFormField::getDefault in multiselects. * (T291753) rdbms: escape backslashes in makeConnectionString for PostgreSQL. * (T325529) Fix total breakage of wgCanonicalServer fallback. * (T318103) mediawiki.storage: Disable async GC during integration test. * (T332461, T332397) TempFSFile: Keep the WeakMap alive. * (T332902) page: fix InvalidArgumentException in SQLPlatform::makeList. * (T285159, CVE-2023-PENDING) SECURITY: Do not apply autoblocks to untrusted XFF headers. == MediaWiki 1.39.2 == This is a maintenance release of the MediaWiki 1.39 branch. === Changes since MediaWiki 1.39.1 === * Localisation updates. * (T325872) ChangeTags: Remove table name from condition. * (T324895) MWCallbackStream: Add explicit $stream property. * (T297031, T326039) PostgresUpdater: Move setDefault ahead of changeNullableField. * (T321319) Produce HTML for invalid JSON. * (T215466, T326071) MigrateActors: Write to revision table (Follow-up 24115a8). * (T223027) ReservedUsernames config: Add reserved names from maintenance scripts. * (T325000, T324896, T307631) Updated OOUI from v0.44.3 to v0.44.5. * Remove /images .htaccess rules that are no longer relevant. * Disable php in .htaccess of images directory as a hardening measure. * (T322583) Include missing message parameter in message. * LocalFileTest: use encodeBlob/decodeBlob for img_metadata. * DatabaseSqlite: fix null blobs. * rdbms: avoid pg_escape_bytea() call-style deprecation notices. * (T322278) Improve LocalisationCache post-merge validation check. * (T324408, T326367) Updated wikimedia/remex-html from 3.0.2 to 3.0.3. * (T322278) Fix the remaining Phan failures on PHP 8.1. * (T322278, T326367) Respond to some messages from Phan on PHP 8.1. * Fix phan error when Excimer is enabled. * (T326021) Add matrix: to $wgUrlProtocols. * (T314099) stream wrapper: Declare $context class property. * (T314099) libs\jsminplus: Declare JSNode::$expression. * (T314096) composer.json: Updated composer/spdx-licenses from 1.5.6 to 1.5.7. * (T326472) Upgrading cssjanus/cssjanus (v2.1.0 => v2.1.1). * (T308536) rdbms: Remove deprecation mark for $wgSharedDB. * (T215466, T326071) installer: Split drop action out of the SQL patch for actor migration. * (T322603) SqliteMaintenance.php: Fix fatally broken instanceof check. * (T326377) rdbms: Use DBConnRef in SelectQueryBuilder. * api/en.json: api-help-datatype-expiry add missing 'may'. * (T317329) OutputPage: Fix undefined ['host'] in ImagePreconnect code. * (T328222) Pass empty string to strlen() if schema is null for PostgresDatabase. * (T289926) SpecialRevisionDelete: Set default of '' for wpReason. * (T155582, T328503) Fix XML dumps for content types with non-string getNativeData(). * (T326886) PoolCounterRedis: Fix wrong cast, locks weren't being released. * (T314099) revisiondelete: Replace dynamic property Status::$itemStatuses * (T327821) skin: Restore default 'value' attribute in makeSearchButton(). * (T329198) ParamValidator: Improve paramvalidator-help-multi-max message. * (T329415) Clear the statsd data buffer regardless of StatsdServer config. * (T292348) WikiImporter: do not fail if upload entry in dump lacks 'text' tag. * (T330049) UnregisteredLocalFile: Don't call MimeAnalyzer if no path. * (T324894 TempFSFile: Use a WeakMap for reference tracking if available. * (T295637) Add no to fallback chain of nb and nn.