Back
Current Directory
/var/softaculous/mw19
Type Name Operations
images Open
php53 Open
php56 Open
php71 Open
php81 Open
LocalSettings.php
Edit Get
changelog.txt
Edit Get
clone.php
Edit Get
edit.php
Edit Get
edit.xml
Edit Get
fileindex.php
Edit Get
import.php
Edit Get
info.xml
Edit Get
install.js
Edit Get
install.php
Edit Get
install.xml
Edit Get
md5
Edit Get
notes.txt
Edit Get
upgrade.php
Edit Get
upgrade.xml
Edit Get

File Transfer

Upload files to current directory

File Editor: changelog.txt

== MediaWiki 1.39.5 == This is a security and maintenance release of the MediaWiki 1.39 branch. === Changes since MediaWiki 1.39.4 === * Localisation updates. * (T333050, CVE-2023-PENDING) SECURITY: Fix infinite loop for self-redirects with variants conversion. * docs: Fix a few typos in MainConfigSchema. * (T309714) mime: Add support for 'font/sfnt' mime type. * (T341434) WikiImporter: Improve error message output. * (T317255) VueComponentParser: Use Zest's getElementsByTagName() rather than PHP's. * (T341737) ApiBase: Cast $id to string in filterIDs. * (T286291, T296188) Merge zh and zh-tw namespace translations back to zh-hans, zh-hant, zh-hk respectively. * (T337875) WRStats: Round up SequenceSpec::hardExpiry to the nearest integer. * (T237898) installer: Check MariaDB version in updater/installer. * (T342632) ApiComparePages: Add help url. * (T326182, T324903) EditPage: Add #[AllowDynamicProperties]. * (T342351) rdbms: Fix postgres db function call. * (T343675) user: Use {@} to escape annotation when writting about annotation. * (T343797) LanguageWa: Fix double timezone adjustment. * (T326454) Update pear/mail to 1.5.1. * (T343622) docs: Set the tag back to optional. * (T330528) Upgrade wikimedia/html-formatter from 3.0.1 to 4.0.3. * (T337463) wdio-mediawiki: await saveScreenshot. * (T274041) Include core PSR-4 classes in the generated classmap. * (T208477) $wgPrivilegedGroups – Users belonging in some of the listed groups will be audited more aggressively. * doc: Improve description of "type" in extension.schema.v2.json. * Added PrivilegedGroups attribute for extension.json / skin.json, which lets you add any new user groups you define to wgPrivilegedGroups (see above). * HTMLForm: Fix E_NOTICE when hide-if is used with setFormIdentifier. * (T288624) MultiHttpClient: Unset $this->cmh after closing it. * (T345039) Do not run SkinAfterBottomScripts hook twice unconditionally. * (T265734) API Help: Note that parameters may be inherited from other context. * API: Make continue parameter help description more specific. * (T285545) i18n: Split apihelp for standard dir parameter. * (T285545) i18n: Split apihelp for redirects/linkshere/transcludedin/fileusage show. * (T285545) i18n: Split apihelp for parameter list=deletedrevs&drprop=. * (T285545) i18n: Split apihelp for parameter list=allpages&apprexpiry=. * (T285545) i18n: Split apihelp for parameter action=opensearch&redirects=. * (T285545) i18n: Split apihelp for parameter action=managetags&operation=. * (T285545) api: Add message for list=watchlist&wlprop=expiry. * (T334011) ApiComparePages: expose 'difftype' param if wikidiff2 is installed. * (T342633) api: Add message for action=compare&prop=timestamp. * API: revids=… does not necessarily return the queried revisions. * (T326696) user: Truncate option value in UserOptionsManager. * (T326696) ApiOptions: Give warning if the value is too long. * API i18n: Add {{PLURAL:}} for byte count messages. * (T235207) Get correct main page in API call examples. * doc: Make extension.schema.v2.json a valid JSON schema. * updateSpecialPages.php: Avoid implicit float conversion on modulo. * (T347227) ImportReporter: Make callback functions public. * (T346898) importDump: Unconditionally call $importer->setUsernamePrefix(). * doc: Improve description of type in extension.schema.v1.json. * (T340217, CVE-2023-PENDING) SECURITY: Vector 2022: Numerous unescaped messages leading to potential XSS. * (T340220, CVE-2023-PENDING) SECURITY: Vector 2022: vector-intro-page message is assumed to yield a valid title. * (T340221, CVE-2023-PENDING) SECURITY: XSS via 'youhavenewmessagesmanyusers' and 'youhavenewmessages' messages. * (T341529, CVE-2023-PENDING) SECURITY: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression. * (T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted XML file to Special:Upload (non-standard configuration). == MediaWiki 1.39.4 == This is a security and maintenance release of the MediaWiki 1.39 branch. === Changes since MediaWiki 1.39.3 === * Localisation updates. * (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1. * (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7 (2.4.0 => 2.4.5). * (T333776) {{ACTIVEUSERS}} wasn't being updated without updateSpecialPages.php. * (T258860) Prevent LogicCache exception from message cache during IO errors from memcache. * (T336868) Improve idempotency of postgres index upgrades. * (T322944) Add Authorization to default $wgAllowedCorsHeaders. * (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter. * A fake MessageLocalizer for use in unit tests. * (T338114) Title: Add forward alias. * composer: Add symfony/polyfill-php81 like symfony/polyfill-php80. * (T330464) Work around argument corruption bug in XMLReader::open. * Fix frame and frameless rdfa depending on file existing. * Fixes for the phan upgrade, part 1. * Fixes for the phan upgrade, part 2. * (T298571) build: Update mediawiki/mediawiki-phan-config to 0.12.0. * build: Updating mediawiki/mediawiki-phan-config to 0.12.1. * (T329214) Pass whether current rev of file exists to Linker::makeBrokenImageLinkObj. * (T334659) Handle thumb errors when !$enableLegacyMediaDOM. * A manualthumb that doesn't exist should be considered a thumb error. * (T313157) IndexPager: Also protect against $offset being 0. * (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker. == MediaWiki 1.39.3 == This is a security and maintenance release of the MediaWiki 1.39 branch. === Changes since MediaWiki 1.39.2 === * Localisation updates. * (T225218) LinksUpdate: Use DB key for category links table. * GlobalFunctions: Remove check for MEDIAWIKI constant. * (T329484) API: Fix query+allimages user parameter description. * (T330529) SpecialEditTags: Set default of '' for wpReason. * (T330382) postgres: Make the upgrade ignore dropping indexes that might not exist. * (T330526) htmlform: Handle null from HTMLFormField::getDefault in multiselects. * (T291753) rdbms: escape backslashes in makeConnectionString for PostgreSQL. * (T325529) Fix total breakage of wgCanonicalServer fallback. * (T318103) mediawiki.storage: Disable async GC during integration test. * (T332461, T332397) TempFSFile: Keep the WeakMap alive. * (T332902) page: fix InvalidArgumentException in SQLPlatform::makeList. * (T285159, CVE-2023-PENDING) SECURITY: Do not apply autoblocks to untrusted XFF headers. == MediaWiki 1.39.2 == This is a maintenance release of the MediaWiki 1.39 branch. === Changes since MediaWiki 1.39.1 === * Localisation updates. * (T325872) ChangeTags: Remove table name from condition. * (T324895) MWCallbackStream: Add explicit $stream property. * (T297031, T326039) PostgresUpdater: Move setDefault ahead of changeNullableField. * (T321319) Produce HTML for invalid JSON. * (T215466, T326071) MigrateActors: Write to revision table (Follow-up 24115a8). * (T223027) ReservedUsernames config: Add reserved names from maintenance scripts. * (T325000, T324896, T307631) Updated OOUI from v0.44.3 to v0.44.5. * Remove /images .htaccess rules that are no longer relevant. * Disable php in .htaccess of images directory as a hardening measure. * (T322583) Include missing message parameter in message. * LocalFileTest: use encodeBlob/decodeBlob for img_metadata. * DatabaseSqlite: fix null blobs. * rdbms: avoid pg_escape_bytea() call-style deprecation notices. * (T322278) Improve LocalisationCache post-merge validation check. * (T324408, T326367) Updated wikimedia/remex-html from 3.0.2 to 3.0.3. * (T322278) Fix the remaining Phan failures on PHP 8.1. * (T322278, T326367) Respond to some messages from Phan on PHP 8.1. * Fix phan error when Excimer is enabled. * (T326021) Add matrix: to $wgUrlProtocols. * (T314099) stream wrapper: Declare $context class property. * (T314099) libs\jsminplus: Declare JSNode::$expression. * (T314096) composer.json: Updated composer/spdx-licenses from 1.5.6 to 1.5.7. * (T326472) Upgrading cssjanus/cssjanus (v2.1.0 => v2.1.1). * (T308536) rdbms: Remove deprecation mark for $wgSharedDB. * (T215466, T326071) installer: Split drop action out of the SQL patch for actor migration. * (T322603) SqliteMaintenance.php: Fix fatally broken instanceof check. * (T326377) rdbms: Use DBConnRef in SelectQueryBuilder. * api/en.json: api-help-datatype-expiry add missing 'may'. * (T317329) OutputPage: Fix undefined ['host'] in ImagePreconnect code. * (T328222) Pass empty string to strlen() if schema is null for PostgresDatabase. * (T289926) SpecialRevisionDelete: Set default of '' for wpReason. * (T155582, T328503) Fix XML dumps for content types with non-string getNativeData(). * (T326886) PoolCounterRedis: Fix wrong cast, locks weren't being released. * (T314099) revisiondelete: Replace dynamic property Status::$itemStatuses * (T327821) skin: Restore default 'value' attribute in makeSearchButton(). * (T329198) ParamValidator: Improve paramvalidator-help-multi-max message. * (T329415) Clear the statsd data buffer regardless of StatsdServer config. * (T292348) WikiImporter: do not fail if upload entry in dump lacks 'text' tag. * (T330049) UnregisteredLocalFile: Don't call MimeAnalyzer if no path. * (T324894 TempFSFile: Use a WeakMap for reference tracking if available. * (T295637) Add no to fallback chain of nb and nn.