Thread View
j
: Next unread message
k
: Previous unread message
j a
: Jump to all threads
j l
: Jump to MailingList overview
I would like to announce the release of MediaWiki 1.35.8, 1.37.5 and 1.38.3!
These releases also serve as a maintenance release for these branches.
The tarballs have already been uploaded as of this e-mail; the git tags
will follow later on today.
A "MediaWiki Extensions Security Release Supplement" e-mail will follow
this one, covering security updates for non-bundled extensions.
T307278 only applies to MediaWiki >= 1.37. Therefore the fix has not been
back-ported to 1.35.
All three fixes apply to the pre-release 1.39, and will be included in the
upcoming 1.39.0-rc.1 release. They will be merged into the REL1_39 branch
later today.
Various patches aimed at PHP 8.0, 8.1, and 8.2 support have been
back-ported. This should fix a lot of log spam, and MediaWiki should work
on both released versions (PHP 8.0 and 8.1).
Reports of bugs with PHP 8.0, 8.1, or 8.2 support are particularly welcome,
and fixes will be back-ported when possible. Please see
https://phabricator.wikimedia.org/tag/php_8.0_support/ ,
https://phabricator.wikimedia.org/tag/php_8.1_support/ and
https://phabricator.wikimedia.org/tag/php_8.2_support/ for the relevant
work boards.
As a reminder, 1.37 is due to become end of life (EOL) in November 2022.
1.37.5 is expected to be the last release for this branch. It is
recommended to upgrade to 1.38, or to 1.39 (the next LTS after 1.35) due to
be released in November 2022.
== Security fixes ==
* (T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results
in an IP range check on Special:Contributions.
* (T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence
of hidden users.
* (T307278, CVE-2022-41766) SECURITY: On action=rollback the message
"alreadyrolled" can leak revision deleted user name.
== Links to all mentioned tasks ==
* https://phabricator.wikimedia.org/T316304
* https://phabricator.wikimedia.org/T309894
* https://phabricator.wikimedia.org/T307278
== Release notes ==
Full release notes for 1.35.8:
https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_35/RELEASE-NOTES…
https://www.mediawiki.org/wiki/Release_notes/1.35
Full release notes for 1.37.5:
https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_37/RELEASE-NOTES…
https://www.mediawiki.org/wiki/Release_notes/1.37
Full release notes for 1.38.3:
https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_38/RELEASE-NOTES…
https://www.mediawiki.org/wiki/Release_notes/1.38
For information about how to upgrade, see
<https://www.mediawiki.org/wiki/Manual:Upgrading >
**********************************************************************
Download:
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.8.tar.gz
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.8.zip
Download without bundled extensions:
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.8.tar.gz
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.8.zip
Patch to previous version (1.35.7):
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.8.patch.gz
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.8.patch.zip
GPG signatures:
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.8.tar.gz.…
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.8.zip.sig
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.8.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.8.zip.sig
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.8.patch.gz.sig
https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.8.patch.zip.sig
Public keys:
https://www.mediawiki.org/keys/keys.html
**********************************************************************
Download:
https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.5.tar.gz
https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.5.zip
Download without bundled extensions:
https://releases.wikimedia.org/mediawiki/1.37/mediawiki-core-1.37.5.tar.gz
https://releases.wikimedia.org/mediawiki/1.37/mediawiki-core-1.37.5.zip
Patch to previous version (1.37.4):
https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.5.patch.gz
https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.5.patch.zip
GPG signatures:
https://releases.wikimedia.org/mediawiki/1.37/mediawiki-core-1.37.5.tar.gz.…
https://releases.wikimedia.org/mediawiki/1.37/mediawiki-core-1.37.5.zip.sig
https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.5.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.5.zip.sig
https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.5.patch.gz.sig
https://releases.wikimedia.org/mediawiki/1.37/mediawiki-1.37.5.patch.zip.sig
Public keys:
https://www.mediawiki.org/keys/keys.html
**********************************************************************
Download:
https://releases.wikimedia.org/mediawiki/1.38/mediawiki-1.38.3.tar.gz
https://releases.wikimedia.org/mediawiki/1.38/mediawiki-1.38.3.zip
Download without bundled extensions:
https://releases.wikimedia.org/mediawiki/1.38/mediawiki-core-1.38.3.tar.gz
https://releases.wikimedia.org/mediawiki/1.38/mediawiki-core-1.38.3.zip
Patch to previous version (1.38.2):
https://releases.wikimedia.org/mediawiki/1.38/mediawiki-1.38.3.patch.gz
https://releases.wikimedia.org/mediawiki/1.38/mediawiki-1.38.3.patch.zip
GPG signatures:
https://releases.wikimedia.org/mediawiki/1.38/mediawiki-core-1.38.3.tar.gz.…
https://releases.wikimedia.org/mediawiki/1.38/mediawiki-core-1.38.3.zip.sig
https://releases.wikimedia.org/mediawiki/1.38/mediawiki-1.38.3.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.38/mediawiki-1.38.3.zip.sig
https://releases.wikimedia.org/mediawiki/1.38/mediawiki-1.38.3.patch.gz.sig
https://releases.wikimedia.org/mediawiki/1.38/mediawiki-1.38.3.patch.zip.sig
Public keys:
https://www.mediawiki.org/keys/keys.html
Hi all,
On Thursday we will be issuing a security and maintenance release to all
supported branches of MediaWiki.
The new releases will be:
- 1.35.8
- 1.37.5
- 1.38.3
This will resolve three low priority issues in MediaWiki core along with
bug fixes included for maintenance reasons. This includes various patches
for PHP 8.0 and PHP 8.1 support.
We will make the fixes available in the respective release branches (plus
1.39 which is currently in release candidate status) and master in git.
Tarballs will be available for the above mentioned point releases as well.
A summary of some of the security fixes that have gone into non-bundled
MediaWiki extensions will also follow later.
As a reminder, 1.37 is due to become end of life (EOL) in November 2022.
1.37.5 is expected to be the last release for this branch. It is
recommended to upgrade to 1.38, or to 1.39 (the next LTS after 1.35) due to
be released in November 2022.
[1] https://www.mediawiki.org/wiki/Version_lifecycle
I'm pleased to announce the immediate availability of MediaWiki
1.39.0-rc.0, the first release candidate for 1.39.0, the next LTS after
MediaWiki 1.35. Download links are at the end of the e-mail. The tag has
been signed and pushed to Git.
This is not a final release, and should not be used for production
websites. Known issues are tracked in Phabricator on the release workboard
[1]. As with every release of MediaWiki, a large number of changes have
landed in the last six months (over 1850 commits since 1.38.0 was cut), and
you should read over the preliminary release notes as part of assuring
yourself of areas that may have issues with your configuration, your skins,
and/or your extensions.
As always, please try out the release candidate in a test environment and
do report any issues that you discover. Please use the #MW-1.39-Release [2]
tag in Phabricator when reporting issues specific to this release, to make
sure that we find them as quickly as possible.
It is expected that MediaWiki 1.39 will become final in November 2022,
though the date may slip if blockers are identified.
Preliminary release notes:
https://gerrit.wikimedia.org/g/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
https://www.mediawiki.org/wiki/Release_notes/1.39
Open Bugs:
[1] https://phabricator.wikimedia.org/tag/mw-1.39-release/
Bug report form:
[2]
https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.39-…
**********************************************************************
Download:
https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0-rc.0.tar.gz
https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0-rc.0.zip
Download without bundled extensions:
https://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.0-rc.0.ta…
https://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.0-rc.0.zip
GPG signatures:
https://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.0-rc.0.ta…
https://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.0-rc.0.zi…
https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.38.0-rc.0.tar.gz.…
https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.38.0-rc.0.zip.sig
Public keys:
https://www.mediawiki.org/keys/keys.html