| Server IP : 66.29.153.156 / Your IP : 216.73.217.36 Web Server : LiteSpeed System : Linux premium322.web-hosting.com 4.18.0-553.50.1.lve.el8.x86_64 #1 SMP Thu Apr 17 19:10:24 UTC 2025 x86_64 User : lastyfjz ( 1521) PHP Version : 8.1.34 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /./var/softaculous/mw14/ |
Upload File : |
== MediaWiki 1.45.4 == This is a security and maintenance release of the MediaWiki 1.45 branch. === Changes since 1.45.3 === * Localisation updates. * (T419192) Actions: Fix incorrect variable shadowing. * (T421659) Installer: Skip dropIndex() when table does not exists. * (T413545, T422879) Update wikimedia/parsoid to 0.22.3. * (T423185) HashSiteStore: Don't trigger PHP 8.5 warnings if the Site has no globalID. * (T420239) search: Escape highlighting terms in postgres. * ParserOutput: Add JsonCodec hints for TOCData and WarningMsgs. * (T414805) Media: Re-apply Use previous step for non-standard width between steps and original. * (T418745, T423895) Media: Fallback to the largest standard size if an overly large one is requested. * (T382781) Changed Levantine Arabic numerals to Western numerals. * (T382781) [PHP 8.4] Ensure Levantine Arabic numerals stay as Western numerals. * (T261260) Limit preloading workaround for autoload bug to PHP<8.6. * Upload: Avoid null array key in UploadBase::getMaxUploadSize. * (T423821) Correctly support new file tables in RevDelFileItem. * (T423502) AuthManager: Log status changes from SecuritySensitiveOperationStatusHook call. * (T419768) RawAction: Restrict content type to javascript. * HTMLForm: Add 'type' => 'button'. * (T395204) Update GetSecurityLogContext @since tags for backports. * (T424553) Correctly support new file tables in RevisionDeleteUser. * (T402792, T414805, T416620, T418178) DjvuHandler: Make it follow thumb steps. * (T425393) languages: Add back Chinese language message entries for $specialPageAliases. * (T425742) ApiQueryInfo: Pass an empty string instead of null to EditFormPreloadText hook. * (T424114) Media: Improve $wgThumbnailSteps docs. * resetUserEmail: Log email change to authentication log. * resetUserEmail: Add reason option for email change. * resetUserEmail: Log more events from script. * changePassword/resetUserEmail: Invalidate user sessions upon password change. * (T426861) composer.json: Updated symfony/yaml from 6.4.25 to 6.4.40. * (T366986) Parser: Improve recursive lock error message. * (T413545) Update wikimedia/parsoid to 0.22.4. * Add GitHub to $wgGitRepositoryViewers. * (T425818) changePassword: Log password change to authentication log. * changePassword: Add reason option for password change. * (T428406) LocalFileMoveBatch: Also update fr_archive_name when moving file. * (T429826) Updated guzzlehttp/guzzle from 7.10.0 to 7.12.1. * (T423617) Check the target url for redirects are allowed. * (T429965) Updated guzzlehttp/guzzle from 7.12.1 to 7.12.3. * (T383047) Mail: Extract sendWithMailFunction() from UserMailer::send(). * (T429720) FileRepo: Fix typos in schema compatibility checks. * (T383047) Mail: Log PHP mail() send failures with recipient count. * (T425406, CVE-2026-58036) SECURITY: Fix ApiQueryUsers leaking status of private user conditions for user. * (T422306, CVE-2026-58028) SECURITY: Disallow user JS in pretty-print api.php responses. * (T427235, CVE-2026-58033) SECURITY: Exclude rev-deleted usernames from distinct authors query. * (T426867, CVE-2026-58032) SECURITY: mw.Api.getErrorMessage: Treat formatversion=1 as text. * (T299359, CVE-2026-58026) SECURITY: Make sure the actual title that's being transcluded is includable. * (T422085, CVE-2026-58024) SECURITY: Restrict interwiki user lookup in ApiUserrights. * (T422676, CVE-2026-58029) SECURITY: Check for editmyprivateinfo right in more places. * (T422995, CVE-2026-58037) SECURITY: LogFormatter: 'raw' parameter format is no longer raw HTML. * (T422244, CVE-2026-58025) SECURITY: Safely unserialize log entry parameters. == MediaWiki 1.45.3 == This is a maintenance release of the MediaWiki 1.45 branch. === Changes since 1.45.2 === * Fixed backport issues. == MediaWiki 1.45.2 == This is a security and maintenance release of the MediaWiki 1.45 branch. === Changes since 1.45.1 === * Localisation updates. * (T386108) Upgrade pear/pear-core-minimal to v1.10.17. * (T412194) Upgrading justinrainbow/json-schema (5.3.0 => 5.3.1). * (T411213) Upgrade wikimedia/less.php from 5.2.2 to 5.5.0. * (T413538) MultiHttpClient: Remove curl_close() call. * (T413565) Search: Replace deprecated SplObjectStorage methods. * Mime: Change mime type video/x-matroska to video/matroska. * (T413625) LinksMigration: Correctly filter for equal namespaces. * (T413582) ShellboxClientFactory: Handle $service being null in getUrl(). * (T413672) EtcdConfigTest: Add return value for some MultiHttpClient mocks. * (T413675) DBConnRefTest: Add a temporary variable for return value in testRoleExceptions. * (T413580) LanguageCodeTest: Remove unnecessary null assertion. * Allow wikimedia/testing-access-wrapper ^4.0.0. * Logging: Handle possible null as type for LogPage. * (T411019) Logging: Set default for log type on dropdown via LogEventsList. * (T413690) libs: Fix closure detection in MemoizedCallable. * (T413923) Don't use null offsets in BlockManager::getUniqueBlocks. * SiteConfiguration: Optimize processSetting for default-only case. * SiteConfiguration: Use \array_key_exists(). * SiteConfiguration: Use use function syntax. * Config: Use use function array_key_exists some more. * (T413924, T413925) tests: PHP 8.5 compatibility in AuthManager tests. * (T413573) [php8.4] Use DOMCompat::innerHTML() instead of Element::nodeValue. * Update documentation from which versions you can upgrade. * (T413673) tests: Fix PHP8.5 error when casting float(INF) as integer. * (T414355) Fix PHP 8.5 deprecation warnings in IcuCollation. * (T414351) Avoid coercing NAN/INF/-INF to string. * (T404636) tests: Hide deprecation warning for PHPSessionHandler. * (T414323) tests: Use setAttributeForTest() correctly. * (T413674) ParamValidator: Suppress cast warning in IntegerDef. * (T413577) Parser: Ignore long user provided int in Sanitizer::decodeCharReferences. * (T413576) Rdbms: Get strings from SQLPlatform::getDatabaseAndTableIdentifier. * (T413579) Site: Handle non-stored Site objects in SiteList. * (T413920) tests: Mock some functions in OutputPageTest. * (T413926) Do not attempt to get handler for unknown file types. * (T413919) tests: Use real TitleFormatter in LinkBatchTest. * (T413930) User: Add fallback 'default' to User::getDatePreference. * (T413934) JobQueueGroup: avoid PHP 8.5 deprecation from null array offsets. * (T413922) Rdbms: Handle null from DatabaseDomain::getDatabase in LBFactoryMulti. * (T413901) Media: Remove deprecated imagedestroy. * rdbms::assertTransactionRoundStage: Show transaction name if available. * (T414350) Language: Handle NAN coercion to string in formatting numbers. * (T413931) tests: Set module name in ApiBaseTest::doGetParameterFromSettings. * (T414336) Disable process timeout for Composer phpunit script. * (T413575) libs>XhprofData: Handle use of NULLs as array keys for PHP8.5. * (T406744) tests: remove setAccessible() call on Reflection objects. * tests: Change DomDocument return type in SpecialCreateAccountTest. * (T415443) Upgrading mck89/peast (v1.16.3 => v1.17.4). * (T413918) tests: Mock value for RangeChronologicalPager::getTimestampField. * (T413921) LinksUpdate: Handle nullable el_to_path column in ExternalLinksUpdate. * (T413926) Upload: Do not attempt to get handler for unknown file types. * File: Ensure mime type is set for LocalFile::getMimeType. * (T413917) Specials: Use empty string as missing type on Special:RevisionDelete. * (T415723) Updated phpunit/phpunit from 9.6.21 to 9.6.33. * Update phpunit/phpunit from 9.6.33 to 9.6.34. * Update wikimedia/parsoid to 0.22.1. * (T414599) migrateLinksTable: Handle constant namespace values in mapping. * VueComponentParser: use Parsoid DOM compatibility methods. * FileRepo: Add 'userAgent' option in ForeignAPIRepo for wgForeignFileRepos. * [tests] Add forward-compatibility alias for JsonDeserializableSubClass. * (T367584) JsonCodec/ParserCache: Forward-compatibility test cases. * (T413545) Update wikimedia/parsoid to 0.22.2. * (T417390) mediawiki.util: Don't throw in addSubtitle if the skin lacks a subtitle. * (T414884) PostgresInstaller: Handle null password in openConnectionToAnyDB. * Forward compatibility with ParserOutput::getTitle(). * Upgrade wikimedia/css-sanitizer from 6.1.0 to 6.2.1. * (T414805, T418745, T418346) WebPHandler: Allow the original being served on the web. * (T411013) mediawiki.util: Add adjustThumbWidthForSteps for step sizing in JS. * (T411013) mediawiki.util,FileRepo: Improve adjustThumbWidthForSteps test coverage. * (T411125) Round to original file width if there is no steep between that & requested. * (T411125) File: Allow scaling up vectorized images to larger sizes. * (T360589, T415598) Move handling of ThumbnailSteps to media handlers. * (T416518) Disable Composer audit.block-insecure option. * (T419183) ParserOutputFlags: add HAS_SLOT_HEADERS. * (T419479) sql: Mark pl_target_id as non-nullable in abstract schema. * (T329183, T417691) Clarify documentation for action=query&list=tags. * (T391524) EditPage: Handle MWException when serializing the preloaded content. * (T417819) ParserOutputFlags: Back-port new flags added in 1.46 for forward compat. * (T384147, CVE-2026-34092) SECURITY: Block UI elements in 'tools'-sidebar shows presence of an autoblocked IP. * (T410429, CVE-2026-34088) SECURITY: RecentChanges entries expose suppressed content via generated log page html. * (T411305, CVE-2026-34091) SECURITY: User localization leaked by AbuseFilter + EventStream. * (T411366, CVE-2026-34090) SECURITY: Suggested investigations: Handle suppressed usernames. * (T414547, CVE-2026-34093) SECURITY: Special:UserRights allows viewing user rights from private wiki. * (T416090, CVE-2026-34094) SECURITY: Customized help link for page protection indicator is relative to subpage name, because the link target is missing the "/wiki/" prefix. * (T419192, CVE-2026-34095) SECURITY: action=raw with Special:Mypage subpage title responds with "Content-Type) SECURITY: text/html" on ctype=text/javascript request. == MediaWiki 1.45.1 == This is a security and maintenance release of the MediaWiki 1.45 branch. === Changes since 1.45.0 === * Localisation updates. * (T411827) SpecialPageFactory: Handle resolveAlias() returning null in getPage() and exists(). * (T410514) Config: Fix "Using null as the key parameter for array_key_exists" PHP 8.5 warning. * (T391882) HTMLFormFieldCloner: Update version number in deprecation message. * (T411968) Installer: Do not use null as array offset. * Add support for HTTP/3 in MultiHttpClient. * (T411968) EditResultBuilder: Do not use null as array offset. * Add http/3 to runMulti in MultiHttpClient * (T406639, CVE-2025-67477) SECURITY: Escape word-separator message in Special:ApiSandbox. * (T406664, CVE-2025-67475) SECURITY: Escape square brackets in autocomment links. * (T405859, CVE-2025-67476) SECURITY: Do not use importers IP in case of external rev author. * (T385403, CVE-2025-67478) SECURITY: Always escape commas in mail encoded-words. * (T407131, CVE-2025-67479) SECURITY: Sanitizer: disallow underscore and wide underscore in data-* attribute names. * (T401053, CVE-2025-67480) SECURITY: Check read permissions in ApiQueryRevisionsBase. * (T409226, CVE-2025-67483) SECURITY: mediawiki.page.preview: Escape 'comma-separator' between multiple protection levels. * (T251032, CVE-2025-67481) SECURITY: Disallow 'style' attribute in client-side messages (jqueryMsg).