Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [MediaWiki-announce] Security pre-release announcement: 1.35.12 / 1.39.5 / 1.40.1

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [MediaWiki-announce] Security pre-release announcement: 1.35.12 / 1.39.5 / 1.40.1


Chronologisch Thread  
  • From: Sam Reed <reedy AT wikimedia.org>
  • To: mediawiki-announce AT lists.wikimedia.org, MediaWiki announcements and site admin list <mediawiki-l AT lists.wikimedia.org>, wikitech-l AT lists.wikimedia.org
  • Subject: [IT-SecNots] [MediaWiki-announce] Security pre-release announcement: 1.35.12 / 1.39.5 / 1.40.1
  • Date: Wed, 27 Sep 2023 16:05:20 +0100
  • Archived-at: <https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce AT lists.wikimedia.org/message/QTRFMDRQAL7QK4RN53URX5YBBV744AWI/>
  • Authentication-results: mail.piratenpartei.de; dkim=pass header.d=lists.wikimedia.org header.s=wikimedia header.b=Ujt6XrkX; spf=pass (mail.piratenpartei.de: domain of mediawiki-announce-bounces AT lists.wikimedia.org designates 2620:0:861:1:208:80:154:21 as permitted sender) smtp.mailfrom=mediawiki-announce-bounces AT lists.wikimedia.org; dmarc=pass (policy=none) header.from=wikimedia.org
  • List-archive: <https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce AT lists.wikimedia.org/>
  • List-id: MediaWiki update and security announcements list <mediawiki-announce.lists.wikimedia.org>

Hi all,

On Thursday we will be issuing a security and maintenance release to all
supported branches of MediaWiki.

The new releases will be:

- 1.35.12
- 1.39.5
- 1.40.1

This will resolve four security issues in MediaWiki core, two in a bundled
skin, along with bug fixes included for maintenance reasons. This includes
various patches for PHP 8.0, PHP 8.1 and PHP 8.2 support.

One issue in a bundled skin only affects MediaWiki 1.40 and master, the
other bundled skin issue affects MediaWiki 1.39, 1.40 and master.

A partial fix for one of the skin issues is already merged into the
relevant release branch.

One more minor security fix was merged in public after the releases of
1.35.11/1.38.7/1.39.4/1.40.0.

We will make the fixes available in the respective release branches and
master in git. Tarballs will be available for the above mentioned point
releases as well.

A summary of some of the security fixes that have gone into non-bundled
MediaWiki extensions will also follow later.

As a reminder, when 1.35 was released, it was originally due to become end
of life (EOL) at the end of September 2023. Due to 1.39 being released late
(November 2022), and to honor the commitment to the 1 year overlap of
MediaWiki LTS releases, this formal EOL process is being delayed till at
least the end of November 2023.

In practice, this may become sometime in December 2023, to coincide with
the security and maintenance release for that quarter. A formal EOL
announcement for 1.35 will come in advance of that point.

It is therefore expected that 1.35.13 in December 2023 will become the
final release for the 1.35 branch.

It is noted that support and CI for 1.35 is becoming more limited;
backports are becoming best-effort. Browser testing has been dropped for
1.35 in Wikimedia CI, due to the difficulties to support this.

It is strongly recommended to upgrade to 1.39 (the next LTS after 1.35),
which will be supported until November 2025, or 1.40, which will be
supported until June 2024.

[1] https://www.mediawiki.org/wiki/Version_lifecycle
_______________________________________________
MediaWiki-announce mailing list -- mediawiki-announce AT lists.wikimedia.org
To unsubscribe send an email to mediawiki-announce-leave AT lists.wikimedia.org


  • [IT-SecNots] [MediaWiki-announce] Security pre-release announcement: 1.35.12 / 1.39.5 / 1.40.1, Sam Reed, 27.09.2023

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang