MediaWiki Security und Bugfix Update 1.35.7, 1.37.3 und 1.38.2

MediaWiki Logo

Die Entwickler von MediaWiki haben vor ein paar Tagen ein Security und Bugfix Update für die drei Hauptzweige veröffentlicht.

MediaWiki 1.38.2 Release Notes

  • Localisation updates.
  • (T309426) Repair language selector for SVGs.
  • (T310013) Fix default value for $wgShowEXIF and $wgUsePathInfo.
  • (T308471) SECURITY: Escape welcomeuser message passed to showSuccessPage().
  • (T308473) SECURITY: Escape contributions-title msg for use within page title.
  • (T311272) Call parent constructor of AddSite maintenance script first.
  • MediaWiki: Don’t eagerly initialize action name.
  • (T311384, CVE-2022-27776) Updated guzzlehttp/guzzle from 7.4.1 to 7.4.5.
  • (T289926) Avoid passing null to trim() in SkinTemplate.
  • (T289879) Address deprecations for PHP 8.1.
  • (T311473) rollbackEdits: Pass user identity to RollbackPage.
  • Upgrade wikimedia/remex-html from 3.0.1 to 3.0.2.
  • (T311551) ShellboxClientFactory::getUrl(): Check if $this->key is null.
  • (T311552) ChangesListSpecialPage: Don’t pass null to FormatJson::decode().
  • (T311569) FileBackend::isStoragePath() Handle being passed null.
  • (T311544) Pass int to ApiUsageException::newWithMessage()’s $httpCode param.
  • (T311678) SpecialEditWatchlist: Prevent passing null to strtolower().
  • (T311554) ChangeTags: Return early in formatSummaryRow() if $tags === null.
  • Upgrade wikimedia/common-passwords from 0.3.0 to 0.4.0.

MediaWiki 1.37.3 Release Notes

  • Localisation updates.
  • (T289879) Type hints for ArrayAccess and JsonSerializable.
  • (T304783) TemplateParser: avoid warnings when called by NoLocalSettings.
  • Rebuilt vendor with composer 2.3.3.
  • Fix old_name in UserLogoutComplete hook.
  • (T289879) Address some deprecations for PHP 8.1.
  • (T193565) UserGroupManager: Fix dbDomain in addUserToGroup() deferred update.
  • (T309114) LocalFile::prerenderThumbnails: Limit the number of thumbnail jobs triggered.
  • (T307982) Updated wikimedia/parsoid from v0.14.0 to v0.14.1.
  • (T308471) SECURITY: Escape welcomeuser message passed to showSuccessPage().
  • (T308473) SECURITY: Escape contributions-title msg for use within page title.
  • (T311272) Call parent constructor of AddSite maintenance script first.
  • MediaWiki: Don’t eagerly initialize action name.
  • Updated wikimedia/shellbox from v2.0.0 to v2.1.1.
  • (T311384, CVE-2022-27776) Updated guzzlehttp/guzzle from 7.2.0 to 7.4.5.
  • (T289926) Avoid passing null to trim() in SkinTemplate.
  • (T311473) rollbackEdits: Pass user identity to RollbackPage.
  • (T307282) Avoid passing null to strcasecmp(), for PHP 8.1.
  • (T311551) ShellboxClientFactory::getUrl(): Check if $this->key is null.
  • (T311552) ChangesListSpecialPage: Don’t pass null to FormatJson::decode().
  • (T311569) FileBackend::isStoragePath() Handle being passed null.
  • (T311544) Pass int to ApiUsageException::newWithMessage()’s $httpCode param.
  • (T311678) SpecialEditWatchlist: Prevent passing null to strtolower().
  • (T281741) ChangeTags: Fix adding CSS classes for hidden tags.
  • (T296642) changetags: Fix management of a ‘0’ tag.
  • (T311554) ChangeTags: Return early in formatSummaryRow() if $tags === null.
  • (T303033) Handle null in ChangeTags::modifyDisplayQuery.
  • Updated wikimedia/common-passwords from 0.3.0 to 0.4.0.

MediaWiki 1.35.7 Release Notes

  • Localisation updates.
  • (T289879) Type hints for ArrayAccess.
  • (T304783) TemplateParser: avoid warnings when called by NoLocalSettings.
  • Rebuilt vendor with composer 2.3.3.
  • (T289879) Address some deprecations for PHP 8.1.
  • Fix old_name in UserLogoutComplete hook.
  • (T286260, T307979) objectcache: normalize $exptime to a TTL in APCUBagOStuff/WinCacheBagOStuff.
  • MediaSearchWidget should declare an explicit dependency on mediawiki.user module
  • (T288423) WikiImporter: Replace deprecated WikiRevision::setText.
  • (T309377, CVE-2022-29248, T311384, CVE-2022-27776) Updating guzzlehttp/guzzle (6.5.5 => 6.5.8)
  • (T308471) SECURITY: Escape welcomeuser message passed to showSuccessPage().
  • (T311272) Call parent constructor of AddSite maintenance script first.
  • MediaWiki: Don’t eagerly initialize action name.
  • (T289926) Avoid passing null to trim() in SkinTemplate.
  • (T307282) Avoid passing null to strcasecmp(), for PHP 8.1.
  • (T311552) ChangesListSpecialPage: Don’t pass null to FormatJson::decode().
  • (T311569) FileBackend::isStoragePath() Handle being passed null.
  • (T311544) Pass int to ApiUsageException::newWithMessage()’s $httpCode param.
  • (T311678) SpecialEditWatchlist: Prevent passing null to strtolower().
  • (T281741) ChangeTags: Fix adding CSS classes for hidden tags.
  • (T296642) changetags: Fix management of a ‘0’ tag.
  • (T311554) ChangeTags: Return early in formatSummaryRow() if $tags === null.
  • (T303033) Handle null in ChangeTags::modifyDisplayQuery.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.