@@ -6,6 +6,131 @@ PHP 8.3 workboard: https://phabricator.wikimedia.org/tag/php_8.3_support/
66PHP 8.4 workboard: https://phabricator.wikimedia.org/tag/php_8.4_support/
77PHP 8.5 workboard: https://phabricator.wikimedia.org/tag/php_8.5_support/
88
9+ == MediaWiki 1.45.4 ==
10+
11+ THIS IS NOT A RELEASE YET
12+
13+ === Changes since 1.45.3 ===
14+ * Localisation updates.
15+
16+ == MediaWiki 1.45.3 ==
17+
18+ This is a maintenance release of the MediaWiki 1.45 branch.
19+
20+ === Changes since 1.45.2 ===
21+ * Fixed backport issues.
22+
23+ == MediaWiki 1.45.2 ==
24+
25+ This is a security and maintenance release of the MediaWiki 1.45 branch.
26+
27+ === Changes since 1.45.1 ===
28+ * Localisation updates.
29+ * (T386108) Upgrade pear/pear-core-minimal to v1.10.17.
30+ * (T412194) Upgrading justinrainbow/json-schema (5.3.0 => 5.3.1).
31+ * (T411213) Upgrade wikimedia/less.php from 5.2.2 to 5.5.0.
32+ * (T413538) MultiHttpClient: Remove curl_close() call.
33+ * (T413565) Search: Replace deprecated SplObjectStorage methods.
34+ * Mime: Change mime type video/x-matroska to video/matroska.
35+ * (T413625) LinksMigration: Correctly filter for equal namespaces.
36+ * (T413582) ShellboxClientFactory: Handle $service being null in getUrl().
37+ * (T413672) EtcdConfigTest: Add return value for some MultiHttpClient mocks.
38+ * (T413675) DBConnRefTest: Add a temporary variable for return value in
39+ testRoleExceptions.
40+ * (T413580) LanguageCodeTest: Remove unnecessary null assertion.
41+ * Allow wikimedia/testing-access-wrapper ^4.0.0.
42+ * Logging: Handle possible null as type for LogPage.
43+ * (T411019) Logging: Set default for log type on dropdown via LogEventsList.
44+ * (T413690) libs: Fix closure detection in MemoizedCallable.
45+ * (T413923) Don't use null offsets in BlockManager::getUniqueBlocks.
46+ * SiteConfiguration: Optimize processSetting for default-only case.
47+ * SiteConfiguration: Use \array_key_exists().
48+ * SiteConfiguration: Use use function syntax.
49+ * Config: Use use function array_key_exists some more.
50+ * (T413924, T413925) tests: PHP 8.5 compatibility in AuthManager tests.
51+ * (T413573) [php8.4] Use DOMCompat::innerHTML() instead of Element::nodeValue.
52+ * Update documentation from which versions you can upgrade.
53+ * (T413673) tests: Fix PHP8.5 error when casting float(INF) as integer.
54+ * (T414355) Fix PHP 8.5 deprecation warnings in IcuCollation.
55+ * (T414351) Avoid coercing NAN/INF/-INF to string.
56+ * (T404636) tests: Hide deprecation warning for PHPSessionHandler.
57+ * (T414323) tests: Use setAttributeForTest() correctly.
58+ * (T413674) ParamValidator: Suppress cast warning in IntegerDef.
59+ * (T413577) Parser: Ignore long user provided int in
60+ Sanitizer::decodeCharReferences.
61+ * (T413576) Rdbms: Get strings from SQLPlatform::getDatabaseAndTableIdentifier.
62+ * (T413579) Site: Handle non-stored Site objects in SiteList.
63+ * (T413920) tests: Mock some functions in OutputPageTest.
64+ * (T413926) Do not attempt to get handler for unknown file types.
65+ * (T413919) tests: Use real TitleFormatter in LinkBatchTest.
66+ * (T413930) User: Add fallback 'default' to User::getDatePreference.
67+ * (T413934) JobQueueGroup: avoid PHP 8.5 deprecation from null array offsets.
68+ * (T413922) Rdbms: Handle null from DatabaseDomain::getDatabase in
69+ LBFactoryMulti.
70+ * (T413901) Media: Remove deprecated imagedestroy.
71+ * rdbms::assertTransactionRoundStage: Show transaction name if available.
72+ * (T414350) Language: Handle NAN coercion to string in formatting numbers.
73+ * (T413931) tests: Set module name in ApiBaseTest::doGetParameterFromSettings.
74+ * (T414336) Disable process timeout for Composer phpunit script.
75+ * (T413575) libs>XhprofData: Handle use of NULLs as array keys for PHP8.5.
76+ * (T406744) tests: remove setAccessible() call on Reflection objects.
77+ * tests: Change DomDocument return type in SpecialCreateAccountTest.
78+ * (T415443) Upgrading mck89/peast (v1.16.3 => v1.17.4).
79+ * (T413918) tests: Mock value for RangeChronologicalPager::getTimestampField.
80+ * (T413921) LinksUpdate: Handle nullable el_to_path column in
81+ ExternalLinksUpdate.
82+ * (T413926) Upload: Do not attempt to get handler for unknown file types.
83+ * File: Ensure mime type is set for LocalFile::getMimeType.
84+ * (T413917) Specials: Use empty string as missing type on
85+ Special:RevisionDelete.
86+ * (T415723) Updated phpunit/phpunit from 9.6.21 to 9.6.33.
87+ * Update phpunit/phpunit from 9.6.33 to 9.6.34.
88+ * Update wikimedia/parsoid to 0.22.1.
89+ * (T414599) migrateLinksTable: Handle constant namespace values in mapping.
90+ * VueComponentParser: use Parsoid DOM compatibility methods.
91+ * FileRepo: Add 'userAgent' option in ForeignAPIRepo for wgForeignFileRepos.
92+ * [tests] Add forward-compatibility alias for JsonDeserializableSubClass.
93+ * (T367584) JsonCodec/ParserCache: Forward-compatibility test cases.
94+ * (T413545) Update wikimedia/parsoid to 0.22.2.
95+ * (T417390) mediawiki.util: Don't throw in addSubtitle if the skin lacks a
96+ subtitle.
97+ * (T414884) PostgresInstaller: Handle null password in openConnectionToAnyDB.
98+ * Forward compatibility with ParserOutput::getTitle().
99+ * Upgrade wikimedia/css-sanitizer from 6.1.0 to 6.2.1.
100+ * (T414805, T418745, T418346) WebPHandler: Allow the original being served on
101+ the web.
102+ * (T411013) mediawiki.util: Add adjustThumbWidthForSteps for step sizing in JS.
103+ * (T411013) mediawiki.util,FileRepo: Improve adjustThumbWidthForSteps test
104+ coverage.
105+ * (T411125) Round to original file width if there is no steep between that &
106+ requested.
107+ * (T411125) File: Allow scaling up vectorized images to larger sizes.
108+ * (T360589, T415598) Move handling of ThumbnailSteps to media handlers.
109+ * (T416518) Disable Composer audit.block-insecure option.
110+ * (T419183) ParserOutputFlags: add HAS_SLOT_HEADERS.
111+ * (T419479) sql: Mark pl_target_id as non-nullable in abstract schema.
112+ * (T329183, T417691) Clarify documentation for action=query&list=tags.
113+ * (T391524) EditPage: Handle MWException when serializing the preloaded
114+ content.
115+ * (T417819) ParserOutputFlags: Back-port new flags added in 1.46 for
116+ forward compat.
117+ * (T384147, CVE-2026-34092) SECURITY: Block UI elements in 'tools'-sidebar
118+ shows presence of an autoblocked IP.
119+ * (T410429, CVE-2026-34088) SECURITY: RecentChanges entries expose suppressed
120+ content via generated log page html.
121+ * (T411305, CVE-2026-34091) SECURITY: User localization leaked by AbuseFilter
122+ + EventStream.
123+ * (T411366, CVE-2026-34090) SECURITY: Suggested investigations: Handle
124+ suppressed usernames.
125+ * (T414547, CVE-2026-34093) SECURITY: Special:UserRights allows viewing user
126+ rights from private wiki.
127+ * (T416090, CVE-2026-34094) SECURITY: Customized help link for page protection
128+ indicator is relative to subpage name, because the link target is missing the
129+ "/wiki/" prefix.
130+ * (T419192, CVE-2026-34095) SECURITY: action=raw with Special:Mypage subpage
131+ title responds with "Content-Type) SECURITY: text/html" on
132+ ctype=text/javascript request.
133+
9134== MediaWiki 1.45.1 ==
10135
11136This is a security and maintenance release of the MediaWiki 1.45 branch.
0 commit comments