HOME


Mini Shell 1.0
DIR: /proc/self/root/proc/self/root/proc/self/root/proc/self/root/var/softaculous/mw19/
Upload File :
Current File : //proc/self/root/proc/self/root/proc/self/root/proc/self/root/var/softaculous/mw19/changelog.txt
== MediaWiki 1.39.17 ==

This is a maintenance release of the MediaWiki 1.39 branch.

=== Changes since 1.39.14 ===
* Localisation updates.
* (T406664, T412602) Fix backport for T406664.

== MediaWiki 1.39.16 ==

This is a security and maintenance release of the MediaWiki 1.39 branch.

=== Changes since 1.39.15 ===
* Localisation updates.
* (T406391) RemexCompatFormatter: Don't encode HTML entities in raw-text
  elements.
* (T401155) Update wikimedia/ip-utils to 5.0.0.
* ResourceLoader: Update cssjanus/cssjanus to wikimedia/cssjanus.
* (T407289) i18n: deprecate double-underscore magic words which don't start/end
  with __.
* i18n: all behavior switches should start/end with __ (part 2).
* (T407289) i18n: Remove deprecated behavior switches without underscores in
  et/sh-latn/vep.
* (T401987, T401995, CVE-2025-67484) SECURITY: Disable xslt option by default.
* (T406664, CVE-2025-67475) SECURITY: Escape square brackets in autocomment
  links.
* (T385403, CVE-2025-67478) SECURITY: Always escape commas in mail encoded-words.
* (T407131, CVE-2025-67479) SECURITY: Sanitizer: disallow underscore and wide
  underscore in data-* attribute names.
* (T401053, CVE-2025-67480) SECURITY: Check read permissions in
  ApiQueryRevisionsBase.
* (T251032, CVE-2025-67481) SECURITY: Disallow 'style' attribute in client-side
  messages (jqueryMsg).

== MediaWiki 1.39.15 ==

This is a maintenance release of the MediaWiki 1.39 branch.

=== Changes since 1.39.14 ===
* Fixup VisualEditor related backports.
* (T406322, CVE-2025-11261) SECURITY: Escape system messages in
  mw.language.listToText.

== MediaWiki 1.39.14 ==

This is a security and maintenance release of the MediaWiki 1.39 branch.

=== Changes since 1.39.13 ===
* Localisation updates.
* (T399672) mime: Add mime types for *.less.
* ParserCacheSerializationTestCases: back port ParserOutput changes from 1.45.
* ParserCacheSerializationTestCases: distinguish empty ToC from missing ToC.
* Fix attachLatest --regenerate-all creating invalid SQL command.
* (T322099) Make RequestContext::sanitizeLangCode() accept null.
* (T380456) exception: Avoid service container init in exception handler.
* diff: Avoid Phan warning with some Wikidiff2 versions.
* (T387408) exception: Skip use of HookRunner when not autoloaded.
* (T327439) ParserOutput: Prepare to allow JsonCodec serialization of TOCData.
* media: Remove pass-by-ref in Exif::exifGPStoNumber.
* (T386208) Exif: Handle malformed gps tags.
* i18n: Add Special:MyLanguage to mediawiki.org links.
* (T380423) Show user a human readable message when $wgLocaltimezone is set to
  an invalid timezone.
* (T374042) PostgresUpdater: Fix typo in sites_group index renaming instruction.
* (T401570) rdbms: Fix read-only detection for MariaDB 12.
* (T400881) filerepo: Improve identification of ForeignAPIRepo requests.
* (T402037) config: Change Reauthenticate Time Default.
* SimpleParsoidOutputStash: protect against rollback from MW >= 1.43.
* (T401099, CVE-2025-61638) Upgrading wikimedia/parsoid (v0.16.5 => v0.16.6).
* (T394968) Metadata: ignore LocationCreated, similar to LocationShown.
* (T304428) Allow marking recent changes about logged actions with bot flag.
* (T400505) Regenerate patch-drop-page_restrictions-pr_user.sql for SQLite.
* (T401099, CVE-2025-61638) SECURITY: Sanitize data- attributes.
* (T280413, CVE-2025-61639) SECURITY: Use ManualLogEntry::getDeleted in
  ::getRecentChange.
* (T402075, CVE-2025-61640) SECURITY: Parse messages instead of inserting
  them as HTML.
* (T298690, CVE-2025-61641) SECURITY: api: Disable maxsize in QueryAllPages
  in miser mode.
* (T403757, CVE-2025-61643) SECURITY: Don't send suppressed recent changes to
  RCFeeds.
* (T398706, CVE-2025-61646) SECURITY: Prevent leaking hidden usernames in
  Watchlist/RecentChanges.

== MediaWiki 1.39.13 ==

This is a security and maintenance release of the MediaWiki 1.39 branch.

=== Changes since 1.39.12 ===
* Localisation updates.
* (T386175, CVE-2025-32072) SECURITY: Escape newpage message in FeedUtils.
* (T391867) http: Handle accept header with incomplete q.
* Update Pingback address.
* (T393879) objectcache: Cast explicitly to integer.
* (T394989) FormatMetadata::formatFraction: Don't risk passing null to
  preg_match.
* (T395834) Treat File::getShortDesc() as possibly unsafe HTML.
* (T396766) ApiQueryRevisionsBase: Cast ctype_digit() param to string.
* (T221560) Remove hyphens from legal search characters for MySQL-based database
  searches.
* ParserCache forward-compatibility: anticipate removal of OutputHooks.
* Protect against ParserOutput/CacheTime re-namespacing.
* ParserCache forward-compatibility: anticipate removal of TOCHTML.
* SerializationTestUtils: handle 1.xx_wmf* versions; don't fail immediately.
* AuthManager: Be consistent about the remember flag on autocreate.
* (T397883, T397643) htmlform: fix min/max validations on empty input in
  int/float fields.
* (T392746, CVE-2025-6590) SECURITY: Escape usernames in HTMLUserTextField
  validation errors.
* (T392276, CVE-2025-6591) SECURITY: API: Escape i18n messages in
  action=feedcontributions.
* (T396230, T31856, CVE-2025-6593) SECURITY: fix IP leak to unverified email.
* (T395063, CVE-2025-6594) SECURITY: apisandbox: Fix reflected XSS when invalid
  'format' is provided.
* (T389009, CVE-2025-6597) SECURITY: Do not treat autocreation as login for
  reauthentication.