it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Sam Reed <reedy AT wikimedia.org>
- To: mediawiki-announce AT lists.wikimedia.org, MediaWiki announcements and site admin list <mediawiki-l AT lists.wikimedia.org>, wikitech-l AT lists.wikimedia.org
- Subject: [IT-SecNots] [MediaWiki-announce] MediaWiki 1.39.0-rc.1 is ready for testing
- Date: Fri, 7 Oct 2022 23:14:17 +0100
- Archived-at: <https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce AT lists.wikimedia.org/message/VO3DZ3CGEZKSSFUP4US7QCRPUF6LB6FW/>
- Authentication-results: mail.piratenpartei.de; dkim=pass header.d=lists.wikimedia.org header.s=wikimedia header.b="NxFNQm4/"; dmarc=pass (policy=none) header.from=wikimedia.org; spf=pass (mail.piratenpartei.de: domain of mediawiki-announce-bounces AT lists.wikimedia.org designates 2620:0:861:1:208:80:154:21 as permitted sender) smtp.mailfrom=mediawiki-announce-bounces AT lists.wikimedia.org
- List-archive: <https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce AT lists.wikimedia.org/>
- List-id: MediaWiki update and security announcements list <mediawiki-announce.lists.wikimedia.org>
I'm pleased to announce the immediate availability of MediaWiki
1.39.0-rc.1, the second release candidate for 1.39.0, the next LTS after
MediaWiki 1.35. Download links are at the end of the e-mail. The tag has
been signed and pushed to Git.
This is not a final release, and should not be used for production
websites. Known issues are tracked in Phabricator on the release workboard
[1]. As with every release of MediaWiki, a large number of changes have
landed in the last six months (over 1850 commits since 1.38.0 was cut), and
you should read over the preliminary release notes as part of assuring
yourself of areas that may have issues with your configuration, your skins,
and/or your extensions.
As always, please try out the release candidate in a test environment and
do report any issues that you discover. Please use the #MW-1.39-Release [2]
tag in Phabricator when reporting issues specific to this release, to make
sure that we find them as quickly as possible.
It is expected that MediaWiki 1.39 will become final in November 2022,
though the date may slip if blockers are identified.
Changes since MediaWiki 1.39.0-rc.0:
* Localisation updates.
* (T318481) composer: Drop symfony/php73-polyfill.
* (T318460) SpecialChangeEmail: Set default for returntoquery.
* (T318307) HTMLFormField::validate(): Update docs to permit all data types
* (T306802) docker: update to latest published images.
* (T318754) WebInstallerOptions::addPersonalizationOptions(): Close
fieldset.
* (T227047) Soft-deprecate the remainder of ActorMigration.
* (T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results
in an IP range check on Special:Contributions.
* (T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence
of hidden users.
* (T307278, CVE-2022-41766) SECURITY: On action=rollback the message
"alreadyrolled" can leak revision deleted user name.
* (T319186) .phan/config.php: Update minimum_target_php_version.
* Tests: Explicit cast to int in RandomImageGenerator test (php8 warnings).
* (T319186) .phan/config.php: Update minimum_target_php_version.
* (T310243) Deprecate use of 'wvui-search' package.
* utils: Fix return doc about false/null for UrlUtils::expand.
* (T319000) WebInstaller: Don't try and run trim() on null.
* In the event of preg failure in MagicWordArray throw exception.
* (T318753) Installer: Disable logo dropper for now.
Preliminary release notes:
https://gerrit.wikimedia.org/g/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
https://www.mediawiki.org/wiki/Release_notes/1.39
Open Bugs:
[1] https://phabricator.wikimedia.org/tag/mw-1.39-release/
Bug report form:
[2]
https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?tags=MW-1.39-Release
**********************************************************************
Download:
https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0-rc.1.tar.gz
https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0-rc.1.zip
Download without bundled extensions:
https://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.0-rc.1.tar.gz
https://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.0-rc.1.zip
Patch to previous version (1.39.0-rc.0):
https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0-rc.1.patch.gz
https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0-rc.1.patch.zip
GPG signatures:
https://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.0-rc.1.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.39/mediawiki-core-1.39.0-rc.1.zip.sig
https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0-rc.1.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0-rc.1.zip.sig
https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0-rc.1.patch.gz.sig
https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.0-rc.1.patch.zip.sig
Public keys:
https://www.mediawiki.org/keys/keys.html
_______________________________________________
MediaWiki-announce mailing list -- mediawiki-announce AT lists.wikimedia.org
To unsubscribe send an email to mediawiki-announce-leave AT lists.wikimedia.org
- [IT-SecNots] [MediaWiki-announce] MediaWiki 1.39.0-rc.1 is ready for testing, Sam Reed, 08.10.2022
Archiv bereitgestellt durch MHonArc 2.6.24.