Release notes/1.39 - MediaWiki

Release notes/1.39 - MediaWiki
Jump to content
From mediawiki.org
Release notes
This page contains
release notes
for an
unsupported version
of MediaWiki.
Users of this version are strongly recommended to
upgrade
to version
1.45.3
(latest stable),
1.44.5
(legacy version) or
1.43.8
(legacy long-term support version). This version no longer receives security updates and may contain critical vulnerabilities or major bugs, including the risk of data loss or corruption.
MediaWiki
MediaWiki 1.46
(alpha
git master
MediaWiki 1.45
(stable)
MediaWiki 1.44
(legacy)
MediaWiki 1.43
LTS
Older versions
Version lifecycle
MediaWiki 1.39
edit
PHP 8.0 workboard:
PHP 8.1 workboard:
PHP 8.2 workboard:
PHP 8.3 workboard:
PHP 8.4 workboard:
MediaWiki 1.39.17
edit
This is a maintenance release of the MediaWiki 1.39 branch.
Changes since 1.39.16
edit
Localisation updates.
T406664
T412602
) Fix backport for
T406664
MediaWiki 1.39.16
edit
This is a maintenance release of the MediaWiki 1.39 branch.
Changes since 1.39.15
edit
Localisation updates.
T406391
) RemexCompatFormatter: Don't encode HTML entities in raw-text elements.
T401155
) Update wikimedia/ip-utils to 5.0.0.
ResourceLoader: Update cssjanus/cssjanus to wikimedia/cssjanus.
T407289
) i18n: deprecate double-underscore magic words which don't start/end with __.
i18n: all behavior switches should start/end with __ (part 2).
T407289
) i18n: Remove deprecated behavior switches without underscores in et/sh-latn/vep.
T401987
T401995
) SECURITY: Disable xslt option by default.
MediaWiki 1.39.15
edit
This is a maintenance release of the MediaWiki 1.39 branch.
Changes since 1.39.14
edit
Fixup
VisualEditor
related backports.
T406322
CVE-2025-11261
) SECURITY: Escape system messages in
mw.language.listToText
MediaWiki 1.39.14
edit
This is a security and maintenance release of the MediaWiki 1.39 branch.
Changes since 1.39.13
edit
Localisation updates.
T399672
) mime: Add mime types for *.less.
ParserCacheSerializationTestCases: back port ParserOutput changes from 1.45.
ParserCacheSerializationTestCases: distinguish empty ToC from missing ToC.
Fix
attachLatest --regenerate-all
creating invalid SQL command.
T322099
) Make
RequestContext::sanitizeLangCode()
accept null.
T380456
) exception: Avoid service container init in exception handler.
diff: Avoid Phan warning with some Wikidiff2 versions.
T387408
) exception: Skip use of HookRunner when not autoloaded.
T327439
) ParserOutput: Prepare to allow JsonCodec serialization of TOCData.
media: Remove pass-by-ref in
Exif::exifGPStoNumber
T386208
) Exif: Handle malformed gps tags.
i18n: Add Special:MyLanguage to mediawiki.org links.
T380423
) Show user a human readable message when
$wgLocaltimezone
is set to an invalid timezone.
T374042
) PostgresUpdater: Fix typo in
sites_group
index renaming instruction.
T401570
) rdbms: Fix read-only detection for MariaDB 12.
T400881
) filerepo: Improve identification of ForeignAPIRepo requests.
T402037
) config: Change Reauthenticate Time Default.
SimpleParsoidOutputStash: protect against rollback from MW >= 1.43.
T401099
CVE-2025-61638
) Upgrading wikimedia/parsoid (v0.16.5 => v0.16.6).
T394968
) Metadata: ignore
LocationCreated
, similar to
LocationShown
T304428
) Allow marking recent changes about logged actions with bot flag.
T400505
) Regenerate
patch-drop-page_restrictions-pr_user.sql
for SQLite.
T401099
CVE-2025-61638
) SECURITY: Sanitize data- attributes.
T280413
CVE-2025-61639
) SECURITY: Use
ManualLogEntry::getDeleted
in
::getRecentChange
T402075
CVE-2025-61640
) SECURITY: Parse messages instead of inserting them as HTML.
T298690
CVE-2025-61641
) SECURITY: api: Disable maxsize in QueryAllPages in miser mode.
T403757
CVE-2025-61643
) SECURITY: Don't send suppressed recent changes to RCFeeds.
T398706
CVE-2025-61646
) SECURITY: Prevent leaking hidden usernames in Watchlist/RecentChanges.
MediaWiki 1.39.13
edit
This is a security and maintenance release of the MediaWiki 1.39 branch.
Changes since 1.39.12
edit
Localisation updates.
T386175
CVE-2025-32072
) SECURITY: Escape newpage message in FeedUtils.
T391867
) http: Handle accept header with incomplete q.
Update Pingback address.
T393879
) objectcache: Cast explicitly to integer.
T394989
) FormatMetadata::formatFraction: Don't risk passing null to preg_match.
T395834
) Treat File::getShortDesc() as possibly unsafe HTML.
T396766
) ApiQueryRevisionsBase: Cast ctype_digit() param to string.
T221560
) Remove hyphens from legal search characters for MySQL-based database searches.
ParserCache forward-compatibility: anticipate removal of OutputHooks.
Protect against ParserOutput/CacheTime re-namespacing.
ParserCache forward-compatibility: anticipate removal of TOCHTML.
SerializationTestUtils: handle 1.xx_wmf* versions; don't fail immediately.
AuthManager: Be consistent about the remember flag on autocreate.
T397883
T397643
) htmlform: fix min/max validations on empty input in int/float fields.
T392746
CVE-2025-6590
) SECURITY: Escape usernames in HTMLUserTextField validation errors.
T392276
CVE-2025-6591
) SECURITY: API: Escape i18n messages in action=feedcontributions.
T396230
T31856
CVE-2025-6593
) SECURITY: fix IP leak to unverified email.
T395063
CVE-2025-6594
) SECURITY: apisandbox: Fix reflected XSS when invalid 'format' is provided.
T389009
CVE-2025-6597
) SECURITY: Do not treat autocreation as login for reauthentication.
MediaWiki 1.39.12
edit
This is a security and maintenance release of the MediaWiki 1.39 branch.
Changes since 1.39.11
edit
Localisation updates.
T380755
) session: Do not set session.use_trans_sid.
T382987
$wgDnsBlacklistUrls
now defaults to an empty array. See the comment in the "Configuration changes for system administrators" section.
T382484
) dumps: Use proc_close() to close proc_open() subprocess.
T315202
) Account for null values in Exif data.
T384879
) FormatMetadata: Prevent running preg_match() on null.
T384995
) specialpage: Improve handling of invalid lang codes on login/signup.
T385169
) MultiUsernameFilter: Don't try to split ids if they're not a string.
T319219
) Fix Site::getPath() + MediaWikiSite::getFileUrl() confusion.
T385332
) feeds: Fix str_replace() deprecation warnings on PHP 8.
T379125
) exception: Suppress dependency loop exception.
T381033
) RateLimiter: Fix peek mode.
T387130
CVE-2025-32699
) SECURITY: Update wikimedia/parsoid to 0.16.5.
T385519
) Sanitizer::normalizeWhitespace warn on preg_replace error.
T387638
) RevDelList: Ensure setVisibility always includes itemStatuses in value if applicable.
T388296
) ImportImages: Exit with non-zero code if import fails.
Request: Improve log message when headers already sent.
T388066
) Avoid trying to load the session user in MW_NO_SESSION endpoints.
T388171
) HttpError: Cast Message to string.
T388255
) ApiLogin: Don't break BotPasswords if password or user is blank, just error.
T388728
T385519
) Sanitizer::normalizeSectionNameWhitespace: Apply same anti-null fix as 270499b.
T387690
) upload: Suppress warnings from iconv().
T388733
) Sanitizer::normalizeWhitespace: simplify redundant preg_replace.
T304474
CVE-2025-32696
) SECURITY: Apply proper restrictions on file revert action.
T388924
) MagicWord::replace*: Make sure we don't pass null into preg_match/preg_replace.
T390063
T277675
) ResourceLoader: update wikimedia/minify to 2.9.0.
T368921
) ResourceLoader: Set "math=always" before Less.php 5.0 upgrade.
T384851
) FileBackend: PHP Deprecated: strrpos(): Passing null to parameter #1 ($haystack).
In .htaccess deny files, use "Satisfy All".
T389028
) block: Fix DBS::acquireTarget() race using GET_LOCK().
permissions: Check cascade protection only if page can exists.
T385958
CVE-2025-32698
) SECURITY: LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions,
T387130
CVE-2025-32699
) SECURITY: Potential javascript injection attack enabled by Unicode normalization in Action API.
T358689
CVE-2025-3469
) SECURITY: i18n XSS vulnerability in HTMLMultiSelectField when sections are used.
MediaWiki 1.39.11
edit
This is a maintenance release of the MediaWiki 1.39 branch.
Changes since 1.39.10
edit
Localisation updates.
T377450
) [DatabaseUpdater] Don't interact with updatelog on virtual domains.
T377916
) specials: Avoid passing null to str_replace().
T378006
T372500
) AutoLoader: Use require_once rather than require.
T378304
) GlobalIdGenerator: Update str_getcsv() call for PHP 8.4.
Upgrade php-session-serializer from 2.0.1 to 3.0.0.
Upgrade xmp-reader from 0.8.6 to 0.9.2.
T372569
) installer: Consistently use double quotes when outputting settings.
T362829
) Correct range error in regexp of formatmetadata.
T381068
) ButtonAuthenticationRequest: Add AllowDynamicProperties directive.
Fix minor security issue for the ConfirmEdit extension
T379677
MediaWiki 1.39.10
edit
This is a maintenance release of the MediaWiki 1.39 branch.
Changes since 1.39.9
edit
Fix issue related to backport of AbuseFilter patch for
T372998
Mediawiki 1.39.9
edit
This is a security and maintenance release of the MediaWiki 1.39 branch.
Changes since 1.39.8
edit
Localisation updates.
T303007
) skins: Fix Skin::buildSidebar to not share cache between skins.
T367918
) When using the 'runMaintenance' method in a LoadExtensionSchemaUpdates hook handler, only the script's class name is required, not its path.
Clarify that $wgAllowCrossOrigin only applies to REST.
T370380
) installer: Support MW_SKIP_EXTERNAL_DEPENDENCIES in update.php.
composer.json: Add 5 more ext- to suggests.
resources: Fix 404 Not Found for foreign Financial-Times/polyfill-library.
ResourceLoader: Fix regression of color mapping in Less.php.
ResourceLoader: Upgrade wikimedia/less.php to 4.4.1.
SpecialExport: Prevent passing null to strtolower.
MediaWiki 1.39.8
edit
This is a maintenance release of the MediaWiki 1.39 branch.
Changes since 1.39.7
edit
Localisation updates.
tests: Skip failing tests on php8.2 (and make pass).
T326480
) ApiResult: Make array ordering consistent across PHP versions.
T352789
T287972
) build: Raise TestingAccessWrapper from 2.0.0 to 3.0.0.
T326478
) tests: Create new classes to hold dynamic properties in auth tests.
T326478
) tests: Avoid dynamic properties in AuthenticationProvider Test.
T326466
) Introduce and use DynamicPropertyTestHelper.
tests: Skip failing tests on php8.3 (and make pass).
T352910
) tests: Use TestingAccessWrapper::newFromClass in session tests.
T326478
) tests: Avoid dynamic properties in auth tests.
T326479
T361985
) StatusValue: Allow passing arbitrary data to augment result.
tests: Remove dead code from WikiPageDbTest::assertPreparedEditNotEquals.
T326478
) tests: Avoid dynamic properties in SessionManagerTest.
T361990
) Upgrading wikimedia/parsoid (v0.16.3 => v0.16.4).
T357760
) Use i18n strings for truncated subpage message in SpecialMovePage.
ArticleTest: Skip testGetOrSetOnNewProperty() if PHP >= 8.2.
T361982
) Update wikimedia/less.php from 3.1.0 to 3.2.1.
debug: Update PsySH 0.11.1 -> 0.12.3.
T361991
) Fix slash-delimited regex from CLI on maintenence/grep.php.
T362078
) Improve RestAPIAdditionalRouteFiles path expansion.
T352695
) tests: Only set $dbSetup if setupTestDB() ends without throwing.
T302186
) Add title cache for Title::newMainPage().
objectcache: Fix flaky WANObjectCacheTest::testLockTSESlow case.
T362272
) api: Replace null $httpCode by 0 in ApiBase::dieWithErrorOrDebug.
T150647
T216682
) Make EncryptedPassword work with Argon2Password.
T327220
) Special:ApiHelp: Move widths and floats in CSS to media query.
T364270
) Fix long param names overlapping docs in API help pages.
MaintenanceRunner.php: Add trailing newline to error message.
wrapOldPasswords: Improve progress output and decrease batch size.
T361367
) ApiFeedWatchlist: Fix handling of array parameters.
T132418
) ResourceLoader: Add 1min grace via stale-while-revalidate Cache-Control.
T366130
) EncryptedPassword: Store default parameters as strings.
Name the PagerTools array entries to allow hooks to unset them.
MediaWiki 1.39.7
edit
This is a security and maintenance release of the MediaWiki 1.39 branch.
Changes since 1.39.6
edit
Localisation updates.
T334992
) Headings in the license pickers should not be selected.
T353929
) ActiveUsersPager: Count actions only once.
composer: Use @php instead of php.
T326065
) Indent JsonContent using tabs.
T354541
) authmanager: Improve AuthenticationRequest docs.
T355017
) Add missing space in Special:RecentChangesLinked.
T355003
) composer.json Add ext-bcmath and ext-gmp to suggests.
PHPVersionCheck: Update text to match currently supported upstream PHP versions (8.1+).
T354045
) API: mark HTML output as non-cacheable.
T355530
) filerepo: Fix img_major_mime for files with a non-standard extensions.
T355530
) MimeAnalyzer: Add @since to isValidMajorMimeType.
T317489
T319202
) Mark some parserTests on talk pages Parsoid only on REL1_39.
T350594
) Update wikimedia/parsoid to 0.16.3.
T352554
) ZhConverter: Fix language variant fallback chain.
T357668
) Parser::getExternalLinkAttribs: Don't set rel attribute to null.
LockManagerGroupIntegrationTest: Remove test depending on DBLockManager.
T357808
) LinkRendererTest: Add missing import for LinkTarget.
T353305
) ApiResetPassword: Allow both user and email parameters to be passed for reset.
T358949
) updateCollation: Explicitly cast $scale to int.
T359055
) api: Improve linking of language codes lists in top level i18n messages.
T359294
) Make sure MovePage::isValidFileMove matches UploadBase::getTitle.
T230245
) Respect $maxConcurrency when queuing async FileOps.
T352554
) Follow-up "ZhConverter: Fix language variant fallback chain".
T292237
T317451
) build: Restore Doxygen output for MediaWiki release tags.
T324903
) HistoryPager: Add #[AllowDynamicProperties].
T360850
) Update Apache config syntax in .htaccess files.
T309714
T354274)
mime: Add support for 'font/woff' and 'font/woff2' mime type.
T309714
) mime: Make test cases use data provider.
T331608
) installer: Bear with schema drift caused by running old updater.
docs: Remove use of $IP from mwdocgen.php.
T317451
) build: Restore Doxygen output for MediaWiki release tags (take 3).
docs: Set stable permalink on markdown files.
(T
T357019
) allow maintenance/deleteBatch.php to accept page ID.
(T
T355538
, CVE-2024-PENDING) XSS in edit summary parser.
T357760
, CVE-2024-PENDING) Denial of service vector via GET request to Special:MovePage on pages with thousands of subpages.
MediaWiki 1.39.6
edit
This is a security and maintenance release of the MediaWiki 1.39 branch.
Changes since MediaWiki 1.39.5
edit
Localisation updates.
Updated symfony/polyfill-php80 from 1.26.0 to 1.28.0.
Updated symfony/polyfill-php81 from 1.26.0 to 1.28.0.
T344912
) mail: Encode period (ascii 46) if it appears in encoded email header.
Added symfony/polyfill-php82.
Added symfony/polyfill-php83.
Updated symfony/yaml from 5.4.10 to 5.4.23.
T329609
) ApiQueryLanguageinfoTest: Do not pass a float to setFakeTime.
Updated wikimedia/timestamp from 4.0.0 to 4.1.1.
tests: Provide coverage for StatusValue::__toString.
StatusValue: Improve logging/debug output with multibyte characters.
T347726
, CVE-2023-PENDING) SECURITY: logging: Fix non-escaped messages used in rights log.
Updated wikimedia/parsoid from 0.16.1 to 0.16.2.
T229992
) LocalisationCache: Preserve fallback source language info.
T275085
) Fix logging Status objects to 'authevents' channel.
T341310
) DEVELOPERS.md: mention git clone and WSL.
T351758
) DEVELOPERS.md: reword WSL instructions to include best practices.
T349115
) LocalisationCache: Fix a rare case in fallback source language.
SwiftFileBackend: Fix "PHP Deprecated: strlen(): Passing null to parameter #1 ($string) of type string is deprecated".
maintenance: Add missing parenthesis to SQL in attachLatest.php.
T353472
) maintenance: Fix join condition in DeduplicateArchiveRevId.
MediaWiki 1.39.5
edit
This is a security and maintenance release of the MediaWiki 1.39 branch.
Changes since MediaWiki 1.39.4
edit
Localisation updates.
T333050
CVE-2023-45363
) SECURITY: Fix infinite loop for self-redirects with variants conversion.
docs: Fix a few typos in MainConfigSchema.
T309714
) mime: Add support for 'font/sfnt' MIME type.
T341434
) WikiImporter: Improve error message output.
T317255
) VueComponentParser: Use Zest's getElementsByTagName() rather than PHP's.
T341737
) ApiBase: Cast $id to string in filterIDs.
T286291
T296188
) Merge zh and zh-tw namespace translations back to zh-hans, zh-hant, zh-hk respectively.
T337875
) WRStats: Round up SequenceSpec::hardExpiry to the nearest integer.
T237898
) installer: Check MariaDB version in updater/installer.
T342632
) ApiComparePages: Add help url.
T326182
T324903
) EditPage: Add #[AllowDynamicProperties].
T342351
) rdbms: Fix postgres db function call.
T343675
) user: Use {@} to escape annotation when writting about annotation.
T343797
) LanguageWa: Fix double timezone adjustment.
T326454
) Update pear/mail to 1.5.1.
(T204470) Remove feedback messages from RawHtmlMessages.
(T264765, CVE-2023-45364) SECURITY: Article: Check permissions before showing link to view deleted revision.
(T310378) Ensure that installer i18n is loaded by update.php.
T343622
) docs: Set the tag back to optional.
T330528
) Upgrade wikimedia/html-formatter from 3.0.1 to 4.0.3.
T337463
) wdio-mediawiki: await saveScreenshot.
T274041
) Include core PSR-4 classes in the generated classmap.
T208477
$wgPrivilegedGroups
– Users belonging in some of the listed groups will be audited more aggressively.
doc: Improve description of "type" in extension.schema.v2.json.
Added PrivilegedGroups attribute for extension.json / skin.json, which lets you add any new user groups you define to wgPrivilegedGroups (see above).
HTMLForm: Fix E_NOTICE when hide-if is used with setFormIdentifier.
T288624
) MultiHttpClient: Unset $this->cmh after closing it.
T345039
) Do not run SkinAfterBottomScripts hook twice unconditionally.
T265734
) API Help: Note that parameters may be inherited from other context.
API: Make continue parameter help description more specific.
T285545
) i18n: Split apihelp for standard dir parameter.
T285545
) i18n: Split apihelp for redirects/linkshere/transcludedin/fileusage show.
T285545
) i18n: Split apihelp for parameter list=deletedrevs&drprop=.
T285545
) i18n: Split apihelp for parameter list=allpages&apprexpiry=.
T285545
) i18n: Split apihelp for parameter action=opensearch&redirects=.
T285545
) i18n: Split apihelp for parameter action=managetags&operation=.
T285545
) api: Add message for list=watchlist&wlprop=expiry.
T334011
) ApiComparePages: expose 'difftype' param if wikidiff2 is installed.
T342633
) api: Add message for action=compare&prop=timestamp.
API: revids=… does not necessarily return the queried revisions.
T326696
) user: Truncate option value in UserOptionsManager.
T326696
) ApiOptions: Give warning if the value is too long.
API i18n: Add for byte count messages.
T235207
) Get correct main page in API call examples.
doc: Make extension.schema.v2.json a valid JSON schema.
updateSpecialPages.php: Avoid implicit float conversion on modulo.
T347227
) ImportReporter: Make callback functions public.
T346898
) importDump: Unconditionally call $importer->setUsernamePrefix().
T204470
) Remove feedback messages from RawHtmlMessages.
T264765
CVE-2023-45364
) SECURITY: Article: Check permissions before showing link to view deleted revision.
T310378
) Ensure that installer i18n is loaded by update.php.
doc: Improve description of type in extension.schema.v1.json.
T340217
CVE-2023-45359
) SECURITY: Vector 2022: Numerous unescaped messages leading to potential XSS.
T340220
CVE-2023-45361
) SECURITY: Vector 2022: vector-intro-page message is assumed to yield a valid title.
T340221
CVE-2023-45360
) SECURITY: XSS via 'youhavenewmessagesmanyusers' and 'youhavenewmessages' messages.
T341529
CVE-2023-45362
) SECURITY: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression.
T341565
CVE-2023-3550
) SECURITY: Stored XSS when uploading crafted XML file to Special:Upload (non-standard configuration).
MediaWiki 1.39.4
edit
This is a security and maintenance release of the MediaWiki 1.39 branch.
Changes since MediaWiki 1.39.3
edit
Localisation updates.
T333990
) composer.json: Explicitly pin psr/http-message to 1.0.1.
T335203
CVE-2023-29197
) SECURITY: Upgrading guzzlehttp/psr7 (2.4.0 => 2.4.5).
T333776
Template:ACTIVEUSERS
wasn't being updated without updateSpecialPages.php.
T258860
) Prevent LogicCache exception from message cache during IO errors from memcache.
T336868
) Improve idempotency of postgres index upgrades.
T322944
) Add Authorization to default
$wgAllowedCorsHeaders
T332889
CVE-2023-36675
) SECURITY: Fix escaping in BlockLogFormatter.
A fake MessageLocalizer for use in unit tests.
T338114
) Title: Add forward alias.
composer: Add symfony/polyfill-php81 like symfony/polyfill-php80.
T330464
) Work around argument corruption bug in XMLReader::open.
Fix frame and frameless rdfa depending on file existing.
Fixes for the phan upgrade, part 1.
Fixes for the phan upgrade, part 2.
T298571
) build: Update mediawiki/mediawiki-phan-config to 0.12.0.
build: Updating mediawiki/mediawiki-phan-config to 0.12.1.
T329214
) Pass whether current rev of file exists to Linker::makeBrokenImageLinkObj.
T334659
) Handle thumb errors when !$enableLegacyMediaDOM.
A manualthumb that doesn't exist should be considered a thumb error.
T313157
) IndexPager: Also protect against $offset being 0.
T335612
CVE-2023-36674
) SECURITY: Move badFile lookup to Linker.
MediaWiki 1.39.3
edit
This is a security and maintenance release of the MediaWiki 1.39 branch.
Changes since MediaWiki 1.39.2
edit
Localisation updates.
T328477
) LinksUpdate: Use DB key for category links table.
GlobalFunctions: Remove check for MEDIAWIKI constant.
T329484
) API: Fix query+allimages user parameter description.
T330529
) SpecialEditTags: Set default of
for wpReason.
T330382
) postgres: Make the upgrade ignore dropping indexes that might not exist.
T330526
) htmlform: Handle null from HTMLFormField::getDefault in multiselects.
T291753
) rdbms: escape backslashes in makeConnectionString for PostgreSQL.
T325529
) Fix total breakage of wgCanonicalServer fallback.
T318103
) mediawiki.storage: Disable async GC during integration test.
T332461
T332397
) TempFSFile: Keep the WeakMap alive.
T332902
) page: fix InvalidArgumentException in SQLPlatform::makeList.
T285159
CVE-2023-29141
) SECURITY: Do not apply autoblocks to untrusted XFF headers.
MediaWiki 1.39.2
edit
This is a maintenance release of the MediaWiki 1.39 branch.
Changes since MediaWiki 1.39.1
edit
Localisation updates.
T325872
) ChangeTags: Remove table name from condition.
T324895
) MWCallbackStream: Add explicit $stream property.
T297031
T326039
) PostgresUpdater: Move setDefault ahead of changeNullableField.
T321319
) Produce HTML for invalid JSON.
T215466
T326071
) MigrateActors: Write to revision table (Follow-up 24115a8).
T223027
) ReservedUsernames config: Add reserved names from maintenance scripts.
T325000
T324896
T307631
) Updated OOUI from v0.44.3 to v0.44.5.
Remove /images .htaccess rules that are no longer relevant.
Disable php in .htaccess of images directory as a hardening measure.
T322583
) Include missing message parameter in message.
LocalFileTest: use encodeBlob/decodeBlob for img_metadata.
DatabaseSqlite: fix null blobs.
rdbms: avoid pg_escape_bytea() call-style deprecation notices.
T322278
) Improve LocalisationCache post-merge validation check.
T324408
T326367
) Updated wikimedia/remex-html from 3.0.2 to 3.0.3.
T322278
) Fix the remaining Phan failures on PHP 8.1.
T322278
T326367
) Respond to some messages from Phan on PHP 8.1.
Fix phan error when Excimer is enabled.
T326021
) Add matrix: to
$wgUrlProtocols
T314099
) stream wrapper: Declare $context class property.
T314099
) libs\jsminplus: Declare JSNode::$expression.
T314096
) composer.json: Updated composer/spdx-licenses from 1.5.6 to 1.5.7.
T326472
) Upgrading cssjanus/cssjanus (v2.1.0 => v2.1.1).
T308536
) rdbms: Remove deprecation mark for
$wgSharedDB
T215466
T326071
) installer: Split drop action out of the SQL patch for actor migration.
T322603
) SqliteMaintenance.php: Fix fatally broken instanceof check.
T326377
) rdbms: Use DBConnRef in SelectQueryBuilder.
api/en.json: api-help-datatype-expiry add missing 'may'.
T317329
) OutputPage: Fix undefined ['host'] in ImagePreconnect code.
T328222
) Pass empty string to strlen() if schema is null for PostgresDatabase.
T289926
) SpecialRevisionDelete: Set default of
for wpReason.
T155582
T328503
) Fix XML dumps for content types with non-string getNativeData().
T326886
) PoolCounterRedis: Fix wrong cast, locks weren't being released.
T314099
) revisiondelete: Replace dynamic property Status::$itemStatuses
T327821
) skin: Restore default 'value' attribute in makeSearchButton().
T329198
) ParamValidator: Improve paramvalidator-help-multi-max message.
T329415
) Clear the statsd data buffer regardless of StatsdServer config.
T292348
) WikiImporter: do not fail if upload entry in dump lacks 'text' tag.
T330049
) UnregisteredLocalFile: Don't call MimeAnalyzer if no path.
T324894
TempFSFile: Use a WeakMap for reference tracking if available.
T295637
) Add no to fallback chain of nb and nn.
MediaWiki 1.39.1
edit
This is a security and maintenance release of the MediaWiki 1.39 branch.
Changes since MediaWiki 1.39.0
edit
Localisation updates.
PostgresUpdater: Remove trailing space from 'user_id ' column.
T304515
) LCStoreStaticArray: atomically replace the cache file.
T324516
) postgres: Fix upgrade for templatelinks primary key.
T324890
T324891
T324901
) Parser: Allow dynamic properties on PHP 8.2.
T324513
) uuid\GlobalIdGenerator: Check if getmyuid() exists.
T314099
) OutputPage: Remove unused dynamic property ParserOptions->isBogus.
T314099
) api: Remove use of undeclared property in action=comparepages.
Upgrading wikimedia/xmp-reader (0.8.5 => 0.8.6).
T324489
) Upgrading wikimedia/parsoid (v0.16.0 => v0.16.1).
Updated pear/mail (v1.4.1 => v1.5.0).
Removed wikimedia/dodo (v0.4.0).
T324910
) On pages using multi-content revisions, the raw content of a specific slot can be retrieved using the action=raw&slot= query parameters.
T322637
) SECURITY: sqlite should not create DB file world-readable.
MediaWiki 1.39.0
edit
Changes since MediaWiki 1.39.0-rc.1
edit
Localisation updates.
exception: Tolerate no service container when trying DB rollback.
T320282
) Upgrading wikimedia/xmp-reader (0.8.3 => 0.8.4).
objectcache: Deprecate WANObjectCache::reap() and ::reapCheckKey().
T320864
) When calling mail(), use an array for headers.
Upgrading wikimedia/xmp-reader (0.8.4 => 0.8.5).
T321154
) Call setFormIdentifier() on LogEventsList form.
When importing revision with same timestamp as latest revision, treat it as the new latest.
T320726
) RandomImageGenerator::getImageSpec: Don't pass a float to mt_rand(), for PHP 8.1.
T298485
T322360
) WikiExporter: Avoid calling reload in processing every row.
T321551
) pager: Fix null used for foreach in Pager::getNavigationBar.
T321551
) pager: Remove unused AlphabeticPager::getOrderTypeMessages() support.
pager: Remove unused PagerNavigationBuilder::setExtra().
PagerNavigationBuilder: Document that nulls in setLinkQuery() etc. are allowed.
T322335
) ApiQueryRevisionsBase: Fix 'rvdiffto' parameter handling on PHP 8.0.
T314096
) TestFileEditor: Fix string interpolation.
T289926
) api: Fix minor PHP 8.1 incompatibility in ApiOptions.
T322803
) SpecialBotPasswords: Don't pass null to trim().
T289926
) Fix incomplete ITextFormatter mocks.
Language: Handle ronna and quetta.
T72510
) rdbms: make SqlitePlatform::tableName() apply double quotes.
T323373
) Parser: Fix extractSections() behavior for PHP >= 8.0.
.gitattributes: Ship docker-compose.yml to the tarball.
MediaWiki 1.39.0-rc.1
edit
Changes since MediaWiki 1.39.0-rc.0
edit
Localisation updates.
T318481
) composer: Drop symfony/php73-polyfill.
T318460
) SpecialChangeEmail: Set default for returntoquery.
T318307
) HTMLFormField::validate(): Update docs to permit all data types
T306802
) docker: update to latest published images.
T318754
) WebInstallerOptions::addPersonalizationOptions(): Close fieldset.
T227047
) Soft-deprecate the remainder of ActorMigration.
T316304
CVE-2022-41767
) SECURITY: reassignEdits doesn't update results in an IP range check on Special:Contributions.
T309894
CVE-2022-41765
) SECURITY: HTMLUserTextField exposes existence of hidden users.
T307278
CVE-2022-41766
) SECURITY: On action=rollback the message "alreadyrolled" can leak revision deleted user name.
T319186
) .phan/config.php: Update minimum_target_php_version.
Tests: Explicit cast to int in RandomImageGenerator test (php8 warnings).
T319186
) .phan/config.php: Update minimum_target_php_version.
T310243
) Deprecate use of 'wvui-search' package.
utils: Fix return doc about false/null for UrlUtils::expand.
T319000
) WebInstaller: Don't try and run trim() on null.
In the event of preg failure in MagicWordArray throw exception.
T318753
) Installer: Disable logo dropper for now.
MediaWiki 1.39.0-rc.0
edit
Upgrading notes for 1.39
edit
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed per-version upgrade instructions from the oldest supported upgrading version, MediaWiki 1.31.
Some specific notes for MediaWiki 1.39 upgrades are below:
T278139
) Drop PHP 7.3 support in MediaWiki 1.39; require 7.4.3 or higher.
For notes on 1.38.x and older releases, see HISTORY.
Configuration changes for system administrators in 1.39
edit
The default serialization method for file meta-data has been changed to JSON. You can revert it to PHP by setting the 'useJsonMetadata' property to false in
$wgLocalFileRepo
The DBO_SSL flag in
$wgDBservers
and
$wgLBFactoryConf
has been deprecated in favour of a boolean "ssl" parameter.
$wgMangleFlashPolicy
is deprecated and is no longer functional. Users who are somehow still using Flash as a browser extension will be exposed to CSRF vulnerabilities.
New configuration
edit
$wgAutoCreateTempUser
– configures automatic user creation on page save.
$wgCopyUploadAllowOnWikiDomainConfig
– Configures if administrators can use the MediaWiki:Copyupload-allowed-domains system message to define which domains can be used with the upload-by-url tool.
$wgLBFactoryConf['configCallback'] can be set to a callback function that returns an array with keys to update in
$wgLBFactoryConf
. This can be used to update the database configuration on the fly, e.g. to take replica hosts out of rotation.
$wgCdnMatchParameterOrder
can be set to false if MediaWiki is behind a CDN that re-orders query parameters. This will make the code that matches request URLs to canonical CDN URLs insensitive to parameter order.
$wgMultiShardSiteStats
– split site_stats across multiple rows. Only useful for very large, heavily edited wikis. (
T306589
$wgPrivilegedGroups
– Users belonging in some of the listed groups will be audited more aggressively.
Changed configuration
edit
$wgInvalidUsernameCharacters
now contains the char '>', reserved delimiter for external user names.
Removed configuration
edit
$wgMultiContentRevisionSchemaMigrationStage
- Migration is over, was deprecated since 1.35.
$wgWikiFarmSiteDetector
– experimental setting removed without replacement. Use the MW_WIKI_NAME environment variable to specifiy the name of the site to load configuration for. Using the WIKI_NAME environment variable for this purpose is deprecated.
$wgParserCacheUseJson
- the ParserCache now always uses JSON serialization. Reading old non-JSON cache entries is still supported. The setting had been deprecated since 1.36.
$wgAllowJavaUploads
- To allow uploads of JAR files, remove application/java from
$wgMimeTypeExclusions
$wgMaxRedirects
has been removed. This feature never worked as intended, see
T296430
$wgElementTiming
has been removed. This feature was experimental, and disabled by default.
$wgPriorityHints
and
$wgPriorityHintsRatio
have been removed. This feature was experimental, and disabled by default.
$wgIncludeLegacyJavaScript
has been removed. Note that no functionality was removed in this release. Most former "wikibits" functions were removed after deprecation in previous releases. The remaining functions, such as importScript, are available unconditionally.
$wgActorTableSchemaMigrationStage
has been removed. Migration is over.
In
$wgObjectCaches
, globalKeyLB and localKeyLB are no longer supported.
$wgLegacySchemaConversion
- This global configuration has been removed because it was unused.
$wgInterwikiPrefixDisplayTypes
- This global configuration has been removed because it was unused.
New user-facing features in 1.39
edit
Optional automatic user creation on page save (
$wgAutoCreateTempUser
Administrators now have the option to delete/undelete the associated "Talk" page when they are (un)deleting a given page. `deletetalk` and `undeletetalk` options were added to the 'delete' and 'undelete' action APIs in MW 1.38.
`=` is now a wikitext built-in magic word, expanding to `=`. This is conventionally used as an escape mechanism to allow the use of `=` in unnamed template arguments. Defining
Template:=
to expand to something other than `=` has been deprecated since 1.36, with affected pages put into a special tracking category for migration.
T284020
) Bot passwords are now supported when using the REST API.
New developer features in 1.39
edit
Added optional $size param to SearchResultProvideThumbnail hook.
SearchResultProvideThumbnail hook interface moved from MediaWiki\Rest\Hook namespace to MediaWiki\Search\Hook.
JsonValidateSaveHook has been added to allow extensions to set additional pre-save validations for specific JSON pages (
T313254
).
Added 'PermissionErrorAudit' hook, enabling extensions to audit permission errors on specfic actions (for instance, account registration failed attempts due to a block (
T306018
)).
External library changes in 1.39
edit
New external libraries
edit
Added Codex v0.1.1. This replaces the now deprecated wvui library.
Added symfony/polyfill-php81.
Added symfony/polyfill-php82.
Added symfony/polyfill-php83.
New development-only external libraries
edit
Updated QUnit from 2.18.0 to 2.18.2.
Changed external libraries
edit
Updated jQuery from v3.6.0 to v3.6.1.
Updated OOUI from v0.43.2 to v0.44.5.
Updated composer/semver from 3.2.6 to 3.3.2.
Updated cssjanus/cssjanus fromv2.1.0 to v2.1.1.
Updated pear/mail from v1.4.1 to v1.5.1.
Updated symfony/polyfill-php80 from 1.25.0 to 1.28.0.
Updated symfony/yaml from 5.4.3 to 5.4.23.
Updated vue/compat from 3.2.23 to 3.2.37.
Updated wikimedia/base-convert from 2.0.1 to 2.0.2.
Updated wikimedia/html-formatter from 3.0.1 to 4.0.3.
Updated wikimedia/ip-set from 3.0.0 to 3.1.0.
Updated wikimedia/minify from 2.2.6 to 2.3.0.
Updated wikimedia/php-session-serializer from 2.0.0 to 2.0.1.
Updated wikimedia/remex-html from 3.0.2 to 3.0.3.
Updated wikimedia/running-stat from 1.2.1 to 2.1.0.
Updated wikimedia/scoped-callback from 3.0.0 to 4.0.0.
Updated wikimedia/services from 2.0.1 to 3.0.0.
Updated wikimedia/timestamp from 3.0.0 to 4.1.1.
Updated wikimedia/xmp-reader from 0.8.1 to 0.8.6.
Changed development-only external libraries
edit
Updated composer/spdx-licenses from 1.5.5 to 1.5.6.
Updated doctrine/dbal for PHP < 7.3 from 2.13.6 to 2.13.9.
Updated doctrine/dbal for PHP >= 7.3 from 3.1.5 to 3.4.2.
Updated mediawiki/mediawiki-phan-config from 0.11.1 to 0.12.1.
Bug fixes in 1.39
edit
T314013
$wgExtraNamespaces
no longer overrides canonical namespace names specified in extension.json files. While this setting can still be used to rename extension-defined namespaces, system administrators may need to run namespaceDupes.php after upgrading.
Action API changes in 1.39
edit
New `undeletetalk` parameter on action=undelete that allows you to restore all revisions of the associated talk page.
Languages updated in 1.39
edit
MediaWiki supports over 350 languages. Many localisations are updated regularly.
Below only new and removed languages are listed, as well as changes to languages
because of Phabricator reports.
Actual localization was added for several languages, which were already in Names.php and even used for a Wikipedia:
T313200
) Added language support for Rundi (Kirundi, rn).
T310976
) Added language support for Tumbuka (ChiTumbuka, tum).
T314270
) Added language support for Kanuri (kr).
T313199
) Added language support for Sylheti (syl).
T311975
) Added language support for Ghanaian Pidgin (gpe).
T307080
) Added language support for Okinawan (ryu).
T307887
) Added language support for Mooré (mos).
T308813
) Added language support for Nigerian Pidgin (pcm).
T309763
) Added language support for Tai Nüa (tdd).
T310040
) Added language support for Fante (fat).
T311034
) Added language support for Campidanese Sardinian (sro).
T315406
) Fix the autonym of the Iñupiaq language to "Iñupiatun".
T315677
) Removed French fallback from the Fula language (ff).
T304920
) In Swahili, the "Media" namespace is now "Media", as in English, and the "File" namespace is now "Faili". The old name of the "File" namespace was "Picha", which has been kept for backwards compatibility. If you manage a wiki in Swahili, and you use "Faili:" as a namespace anywhere in wikitext, and you mean to use it as "Media:", these need to be replaced to "Media:".
T309866
) Some namespace translations were updated for Kyrgyz (ky). The old ones are retained as aliases for backwards compatibility.
T117845
) Started the renaming of the language codes for Serbian from sr-ec and sr-el to sr-cyrl and sr-latn.
Breaking changes in 1.39
edit
Basic non-JavaScript (Grade C) support has been dropped for Internet Explorer 9-10, Firefox 27-38, and Android 4.3-4.4.
The following methods, deprecated since 1.37, have been removed from IDatabase:
::fetchObject()
::fetchRow()
::numRows()
::freeResult()
Title::getDefaultNamespace(), deprecated since 1.37, has been removed.
The DBPrimaryPos class alias 'DBMasterPos' has been removed.
The global function wfGetLB(), deprecated since 1.27, has been removed.
Passing a db to BlockRestrictionStore::loadByBlockId() is no longer supported. BlockRestrictionStoreFactory should be used to fetch a correct BlockRestrictionStore instead. This was deprecated since 1.38.
The global function wfGetCache(), deprecated since 1.32, has been removed. You can use ObjectCache::getInstance() instead.
The global function wfGetMainCache(), deprecated since 1.32, has been removed. You can use ObjectCache::getLocalClusterInstance() instead.
MovePage::__construct() now requires that all parameters be passed. The fallback to MediaWikiServices emitted deprecation notices since 1.37.
WikiPage::doEditContent(), deprecated since 1.32, was removed.
WikiPage::prepareContentForEdit() now requires a UserIdentity parameter to be provided. Not providing one has been deprecated since 1.37.
EventRelayerKafka, deprecated in 1.38, was removed.
MediaWiki\Logger\Monolog\KafkaHandler, deprecated in 1.38, was removed.
The "trace" option of SectionProfiler, deprecated in 1.38, was removed.
The global function wfWikiID(), deprecated since 1.35, has been removed.
Database::wasKnownStatementRollbackError() was removed. Subclasses should override isKnownStatementRollbackError() instead.
Database::wasQueryTimeoutError() was removed. Subclasses should override isQueryTimeoutError() instead.
Database::buildSuperlative() has been removed without deprecation.
The following methods, deprecated in 1.37, have been removed:
Linker::setStubThreshold(), ::getStubThreshold().
LinkRendererFactory::createForUser().
ParserOptions::getStubThreshold(), ::setStubThreshold().
Changes to ResourceLoader modules:
The mediawiki.viewport module, deprecated in 1.37 has been removed. Use IntersectionObserver instead.
If you manage a wiki in Swahili, and you use "Faili:" as a namespace anywhere, and you mean to use it as "Media:", replace it with "Media:". See
T304920
Changes to skins:
Skin::getCopyrightIcon(), ::getPoweredBy(), deprecated in 1.37 have been removed.
Skin::bottomScripts soft deprecated in 1.37, was hard deprecated. Skins using SkinTemplate must set bodyOnly as a skin option and remove lines of code generating html, body and head elements.
Skin::makeSearchButton and Skin::makeSearchInput were deprecated in 1.38. Use SkinTemplate methods with the same name or Skin::getTemplateData instead.
Styles for the HTML classes `warningbox`, `errorbox` and `successbox` have been removed in favor of Html class methods.
The feature `legacy` used inside ResourceLoaderSkinModule, deprecated in 1.37, will no longer ship any styles.
Skin::getSkinStylePath, deprecated since 1.36, has been removed.
Skin::getPortletData has been made private.
SkinTemplate::getPersonalToolsList(), deprecated in 1.35 has been removed.
The following SkinTemplate template data, deprecated in 1.37, have been removed:
copyrightico
The following hooks, deprecated in 1.37, have been removed:
SkinGetPoweredBy: SkinGetPoweredByHook
The following hooks are deprecated and replaced with SkinTemplateNavigation::Universal:
SkinTemplateNavigation::SpecialPage
SkinTemplateNavigation
PersonalUrls
The mediawiki.skinning.content.externallinks module, which was deprecated in 1.36, has been removed. Skins that still rely on it will lose the icon styling of external links by type.
Experimental wiki farm support: Automatic detection of the requested site within a wiki farm based on the requested domain has been removed. Use the MW_WIKI_NAME environment variable to specify the name of the site to load configuration for. Using the WIKI_NAME environment variable for this purpose is deprecated. This is only relevant if you have been using
$wgWikiFarmSettingsDirectory
to load wiki farm config.
MWExceptionHandler::installHandler was marked @internal and had required arguments added. This method is intended for use in bootstrap code and is unused in known extensions.
MWException::useOutputPage was made private without deprecation. This method was apparently only public for testing and is unused in known extensions.
Calling getId() on a User or UserIdentityValue from the wrong wiki, deprecated since 1.36, now throws an exception.
The following methods have been removed from ExtensionRegistry without deprecation and without replacement. They had been introduced in 1.35 for use in the testing framework, and were not in use by any known extension:
exportAutoloadClassesAndNamespaces
exportTestAutoloadClassesAndNamespaces
The MWNamespace class, deprecated since 1.34, has been removed. Use the NamespaceInfo service instead.
The UnknownContent and UnknownContentHandler class aliases have been removed, use FallbackContent and FallbackContentHandler instead.
IResultWrapper::next() now returns void, to match the Iterator interface that it implements. fetchObject() has the same behavior as next() used to.
In HTMLForm HTMLAutoCompleteSelectFields, the parameters 'autocomplete' and 'autocomplete-messages', which were deprecated in MediaWiki 1.29, were removed. Instead, use 'autocomplete-data' and 'autocomplete-data-messages'.
The global
$wgParser
, deprecated in 1.32, was removed. Use MediaWikiServices::getInstance()->getParser() instead.
ParserOutput::setText will now set the ParserOutput's text to null if given null. Previously it did nothing if given null.
The default value for the first argument to the ParserOutput constructor is now null instead of
IDatabase::lockTables() and IDatabase::unlockTables(), deprecated since 1.38, have been removed.
The $context parameter to `new HTMLForm( … )` and `HTMLForm::factory( … )` is now required.
The class alias for revision related classes in namespace MediaWiki\Storage has been removed. Classes are IncompleteRevisionException, MutableRevisionRecord, MutableRevisionSlots, RevisionAccessException, RevisionArchiveRecord, RevisionFactory, RevisionLookup, RevisionRecord, RevisionSlots, RevisionStore, RevisionStoreRecord, SlotRecord, and SuppressedDataException.
Calling getBy() on an AbstractBlock from the wrong wiki, deprecated since 1.38, now throws an exception.
Passing a MediaWiki\Linker\LinkTarget to EditPage::makeTemplatesOnThisPageList or TemplatesOnThisPageFormatter::format is no longer supported, a MediaWiki\Page\PageIdentity is required.
The deprecated class alias FakeConverter has been removed, use TrivialLanguageConverter instead.
The deprecated ApiQueryContributions class alias has been removed, use ApiQueryUserContribs instead.
The deprecated MediaWiki\Special\SpecialPageFactory class alias has been removed, use MediaWiki\SpecialPage\SpecialPageFactory instead.
The following skin modules, deprecated in 1.37, have been removed:
mediawiki.skinning.elements
mediawiki.skinning.content
mediawiki.toc.styles
mediawiki.legacy.config
mediawiki.legacy.shared
mediawiki.legacy.commonPrint
FileModule::compileLessFile(), deprecated since 1.35, has been removed. Use ::compileLessString() instead.
LogFormatter::styleRestricedElement(), deprecated since 1.37, has been removed. Use ::styleRestrictedElement() instead.
Title::isNamespaceProtected(), deprecated in 1.34, has been removed.
ApiStashEdit::parseAndStash(), deprecated in 1.34, has been removed.
LinkCache::forUpdate(), deprecated in 1.34, has been removed.
Passing null instead of a NamespaceInfo instance to LinkCache::__construct() is not supported anymore. It is recommended to request an instance from the service container.
ApiQueryBase::showHiddenUsersAddBlockInfo(), deprecated in 1.34, has been removed. Use ApiQueryBlockInfoTrait instead.
ApiQueryBase::prefixedTitlePartToKey(), deprecated in 1.35, has been removed. Use ::parsePrefixedTitlePart() instead.
ExternalStoreDB::getSlave(), deprecated in 1.34, has been removed. Use ExternalStoreDB::getReplica() instead.
ChangesListSpecialPage::checkStructuredFilterUiEnabled() and SpecialWatchlist::checkStructuredFilterUiEnabled() now support UserIdentity as the only argument. Passing Config argument was deprecated in 1.34.
DatabaseUpdater::ifNoActorTable(), deprecated in 1.35, has been removed. Use ::ifTableNotExists() instead.
MediaWiki\Revision\RevisionStoreFactory::getRevisionStore was documented to allow passing bool true as a dbDomain, this is no longer possible, because that is an invalid value for a dbDomain.
LinkHolderArray::__construct() had its signature changed. The class was marked internal in 1.35.
SpecialMute::isTargetBlacklisted(), deprecated in 1.35, has been removed. Use ::isTargetMuted() instead.
WebRequest::checkUrlExtension(), deprecated in 1.35, has been removed.
ContentHandler::cleanupHandlersCache(), deprecated in 1.35, has been removed.
SpecialVersion::getExtAuthorsFileName, deprecated in 1.35, has been removed. Use MediaWiki\ExtensionInfo::getAuthorsFileName.
SpecialVersion::getExtLicenseFileName, deprecated in 1.35, has been removed. Use MediaWiki\ExtensionInfo::getLicenseFileNames.
CategoryPage::getCategoryViewerClass and ::setCategoryViewerClass, deprecated in 1.35, have been removed.
SqlBlobStore::getLegacyEncodingConversionLang(), deprecated in 1.34, has been removed.
wfCanIPUseHTTPS(), deprecated in 1.37, has been removed.
wfGetScriptUrl(), deprecated in 1.35, has been removed.
The following methods of Database class, are no longer stable to override:
::implicitOrderby()
::selectSQLText()
::bitNot()
::bitAnd()
::bitOr()
::buildConcat()
::buildGreatest()
::buildLeast()
::buildSubstring()
::buildStringCast()
::buildIntegerCast()
::tableName()
::addIdentifierQuotes()
::buildLike()
::limitResult()
::unionSupportsOrderAndLimit()
::unionQueries()
::conditional()
::strreplace()
::timestamp()
::getInfinity()
::setTableAliases()
::setIndexAliases()
::buildGroupConcatField()
SpecialUnblock::processUnblock(), deprecated in 1.36, has been removed. Use UnblockUser instead.
wfLocalFile() and wfFindFile(), deprecated in 1.34, have been removed.
Maintenance script resetUserTokens.php, deprecated in 1.27, has been removed.
These methods in Database have been removed without deprecation as they are not used outside core. Users should override corresponding methods in SQLPlatform instead:
Database::doInsert -> SQLPlatform::insertSqlText
Database::doDropTable -> SQLPlatform::dropTableSqlText
Database::doRollback -> SQLPlatform::rollbackSqlText
Database::doSavepoint -> SQLPlatform::savepointSqlText
Database::doReleaseSavepoint -> SQLPlatform::releaseSavepointSqlText
Database::doRollbackToSavepoint -> SQLPlatform::rollbackToSavepointSqlText
The following protected methods of Database class have been removed without deprecation as they are not used outside core. Users should call corresponding methods in SQLPlatform:
Database::makeInsertLists -> SQLPlatform::makeInsertLists
Database::isFlagInOptions -> SQLPlatform::isFlagInOptions
Database::normalizeOptions -> SQLPlatform::normalizeOptions
Database::fieldNameWithAlias -> SQLPlatform::fieldNameWithAlias
Database::isTransactableQuery -> SQLPlatform::isTransactableQuery
$wgCanonicalNamespaceNames
no longer includes custom namespaces defined using
$wgExtraNamespaces
. Extensions should use the NamespaceInfo service instead of accessing this configuration setting directly.
The following hook, deprecated in 1.35, has been removed:
ParserGetVariableValueVarCache: ParserGetVariableValueVarCacheHook
The $variableCache parameter to the ParserGetVariableValueSwitch hook is no longer used; non-standard use of this parameter has been deprecated since 1.35.
These methods have been moved from IDatabase to IMaintainableDatabase:
IDatabase::fieldExists -> IMaintainableDatabase::fieldExists
IDatabase::indexExists -> IMaintainableDatabase::indexExists
IDatabase::tableExists -> IMaintainableDatabase::tableExists
DBConnRef doesn't accept live connection in constructor anymore. Only parameters for getting connection should be provided.
IDatabase::getTopologyRootPrimary() was removed.
User::blockedBy(), deprecated since 1.38, has been removed.
User::getBlockId(), deprecated since 1.38, has been removed.
Deprecations in 1.39
edit
PageProps::getInstance(), deprecated since 1.38, emits deprecations warnings.
The global function wfGetDB() has been deprecated. Use LoadBalancer::getConnection() instead.
SpecialRedirectWithAction::__construct without SearchEngineFactory argument is hard deprecated.
Use of the SiteStatsUpdate constructor has been deprecated in favor of the ::factory() method.
AuthManager::checkAccountCreatePermissions has been deprecated. Use AuthManager::authorizeCreateAccount or AuthManager::probablyCanCreateAccount instead.
Title::getSelectFields() has been deprecated in favor of PageStore::newSelectQueryBuilder()
Title::newFromTitleValue(), deprecated since in 1.34, now emits deprecation warnings. Use ::newFromLinkTarget() instead.
ExtensionRegistry::readFromQueue() has been marked @internal. Extensions should use ExtensionProcessor instead.
Processor::getExtraAutoloaderPaths() and ExtensionProcessor::getExtraAutoloaderPaths() have been deprecated, use get getExtractedAutoloadInfo() instead.
The following global functions are deprecated in favor of the listed UrlUtils methods.
wfExpandUrl -> UrlUtils::expand
wfGetServerUrl -> UrlUtils::getServer
wfAssembleUrl -> UrlUtils::assemble
wfRemoveDotSegments -> UrlUtils::removeDotSegments
wfUrlProtocols -> UrlUtils::validProtocols
wfUrlProtocolsWithoutProtRel -> UrlUtils::validAbsoluteProtocols
wfParseUrl -> UrlUtils::parse
wfExpandIRI -> UrlUtils::expandIRI
wfMatchesDomainList -> UrlUtils::matchesDomainList
These methods are exact replacements except that
they return null instead of false or empty string on error (where applicable);
UrlUtils::validProtocols does not take a parameter (documentation said not to pass one to wfUrlProtocols anyway);
they use type hints (don't try passing null instead of string, etc.).
MaintainableDBConnRef is deprecated, use DBConnRef instead.
Loading DefaultSettings.php is deprecated. To get default values of main config settings, use MainConfigSchema::listDefaultValues() or MainConfigSchema::getDefaultValue().
AbstractContent::getRedirectChain() and AbstractContent::getUltimateRedirectTarget() are now emitting deprecation warnings (
T296430
).
T244138
) QueryPage::getSQL() is deprecated. Instead QueryPage::getQueryInfo() should be overridden.
Calling new JobRunner() directly without $serviceOptions now emits deprecation warnings. Use MediaWikiServices::getInstance()->getJobRunner() instead.
Passing an array of targets to Article::getRedirectHeaderHtml() is deprecated. Supply a single redirect target instead (
T296430
).
The following Less mediawiki.mixins have been deprecated:
.animation()
.animation-delay()
.transform-rotate()
Skin::getAction is deprecated. Use IContextSource::getActionName instead.
User::getOption, deprecated since 1.35, now emits deprecation warnings. Use UserOptionsLookup::getOption instead.
ILBFactory::forEachLB() is deprecated. Use ::getAllLBs().
LoadBalancer::forEachOpenConnection() and ::forEachOpenPrimaryConnection() are deprecated without replacement.
The following classes were moved from the root namespace to the MediaWiki\ResourceLoader namespace, the old names becoming deprecated aliases: ResourceLoader, MessageBlobStore, VueComponentParser.
The following classes had the "ResourceLoader" prefix stripped while being moved to the MediaWiki\ResourceLoader namespace, the old names becoming deprecated aliases: DerivativeResourceLoaderContext, ResourceLoaderCircularDependencyError, ResourceLoaderClientHtml, ResourceLoaderCodexModule, ResourceLoaderContext, ResourceLoaderFileModule, ResourceLoaderFilePath, ResourceLoaderForeignApiModule, ResourceLoaderImage, ResourceLoaderImageModule, ResourceLoaderLanguageDataModule, ResourceLoaderLessVarFileModule, ResourceLoaderModule, ResourceLoaderMwUrlModule, ResourceLoaderOOUIFileModule, ResourceLoaderOOUIIconPackModule, ResourceLoaderOOUIImageModule, ResourceLoaderOOUIModule, ResourceLoaderSiteModule, ResourceLoaderSiteStylesModule, ResourceLoaderSkinModule, ResourceLoaderStartUpModule, ResourceLoaderUserModule, ResourceLoaderUserOptionsModule, ResourceLoaderUserStylesModule, ResourceLoaderWikiModule.
The following methods in WikiRevision and their interfaces ImportableUploadRevision and ImportableOldRevision are deprecated:
::getUserObj() → ::getUser()
::setUserObj() → ::setUsername()
::setUserIP() → ::setUsername()
ObjectCache::addBusyCallback() is deprecated and non-functional.
MWTimestamp::getHumanTimestamp(), deprecated in 1.26, now emits deprecation warnings.
Article::viewRedirect(), deprecated in 1.30, now emits deprecation warnings.
Parser::getFreshParser() is deprecated, use ParserFactory::getInstance().
CoreParserFunctions::mwnamespace() is deprecated and emits deprecation warnings, use CoreParserFunctions::namespace() instead.
Registering magic variables whose names include a colon is deprecated.
User::blockedFor(), deprecated in 1.35, now emits deprecation warnings.
Access to previously public properties AbstractBlock::$mExpiry, AbstractBlock::$mHideName, AbstractBlock::$mTimestamp, DatabaseBlock::$mAuto, and DatabaseBlock::$mParentBlockId, deprecated in 1.34, now emits deprecation warnings.
Access to previously public properties User::$mBlock, User::$mBlockedby, and User::$mHideName, deprecated in 1.35, now emits deprecation warnings.
JobQueueGroup::singleton() and ::destroySingletons(), deprecated in 1.37, now emit deprecation warnings.
Title::getNotificationTimestamp(), deprecated in 1.35, now emits deprecation warnings.
Global functions wfReadOnly and wfReadOnlyReason, deprecated in 1.38, now emit deprecation warnings.
Overriding or calling DifferenceEngine::getDiffBodyCacheKey(), deprecated in 1.31, now emits deprecation warnings.
Access to previously public property WikiRevision::$fileIsTemp, deprecated in 1.29, now emits deprecation warnings.
wfQueriesMustScale() has been deprecated and emits deprecation warnings.
ContextSource::getStats(), RequestContext::getStats(), and DerivativeContext::getStats(), deprecated in 1.27, now emit deprecation warnings.
ManualLogEntry::setTags(), deprecated in 1.33, now emits deprecation warnings.
WikiRevision::downloadSource(), deprecated in 1.31, now emits deprecation warnings.
DifferenceEngine::textDiff(), deprecated in 1.32, now emits deprecation warnings.
FormatMetadata::flattenArrayContentLang(), deprecated in 1.36, now emits deprecation warnings.
SkinTemplate::getNameSpaceKey(), deprecated in 1.35, now emits deprecation warnings.
EnqueueJob::newFromJobsByWiki(), deprecated in 1.33, now emits deprecation warnings.
The following methods of the MWGrants class, all deprecated since 1.38, are now emitting deprecation warnings:
getValidGrants
getRightsByGrant
grantName
grantNames
getGrantRights
grantsAreValid
getGrantGroups
getHiddenGrants
getGrantsLink
getGrantsWikiText
DataUpdate::runUpdates(), deprecated in 1.28, now emits deprecation warnings.
CdnCacheUpdate::newFromTitles(), deprecated in 1.35, now emits deprecation warnings.
Instantiating HTMLCacheUpdate class, deprecated in 1.34, now emits deprecation warnings.
ISQLPlatform::tableNames() (implemented by IDatabase) is soft deprecated. None of the tableName*() functions should be used by most users; if you absolutely must use raw SQL, write several tableName() calls instead.
Language::isWellFormedLanguageTag() has been deprecated in favor of LanguageCode::isWellFormedLanguageTag().
The PrevNextNavigationRenderer helper class has been deprecated in favor of the new PagerNavigationBuilder one.
The methods IndexPager::getPagingLinks(), IndexPager::getLimitLinks() and IndexPager::buildPrevNextNavigation() have been deprecated in favor of IndexPager::getNavigationBuilder().
Overriding the method IndexPager::makeLink() has been deprecated.
Other changes in 1.39
edit
Dynamic default values are now applied before extension registration callbacks are run. This way, extensions have a complete view of config variables, with all defaults applied. For example, when the default value of X used to be static but becomes dynamic, and an extension reads the value of X in the registration callback, it will now continue to function as expected. In some cases however, this may cause an undesired change in behavior: if the dynamic default of setting X depends on the value of setting Y, and an extension changes Y, the changed value of Y will no longer affect the value of X.
Compatibility
edit
MediaWiki 1.39 requires PHP 7.4.3 or later and the following PHP extensions:
ctype
dom
fileinfo
iconv
intl
json
mbstring
xml
MariaDB is the recommended database software. MySQL, PostgreSQL, or SQLite can
be used instead, but support for them is somewhat less mature.
The supported versions are:
MariaDB 10.3 or higher
MySQL 5.7.0 or higher
PostgreSQL 10 or later
SQLite 3.8.0 or later
Online documentation
edit
Documentation for both end-users and site administrators is available on
MediaWiki.org, and is covered under the GNU Free Documentation License (except
for pages that explicitly state that their contents are in the public domain):
Mailing list
edit
A mailing list is available for MediaWiki user support and discussion:
A low-traffic announcements-only list is also available:
It's highly recommended that you sign up for one of these lists if you're
going to run a public MediaWiki, so you can be notified of security fixes.
IRC help
edit
There's usually someone online in #mediawiki on irc.libera.chat.
Retrieved from "
Release notes/1.39
Add topic