Important Release Notes

From MediaWiki.org

Jump to: navigation, search
Download icon
Download a package
Current version
Legacy versions
Nightly release
Read more

These are only the most important MediaWiki release notes. Read the project's SourceForge pages to find more and closer information.

Contents

MediaWiki 1.13

Maintenance update MediaWiki 1.13 is not released yet, even though MediaWiki 1.13alpha is currently running on all Wikimedia sites (since March 2007), see these notes about the "continuous integration" development model with quarterly snapshot releases. Third-party users should probably not use the development version to run a public site unless paying close attention to development and ongoing releases, and unless really keeping up with fixes. If you want to grab and install the latest development version, read Download from SVN as appropriate.

MediaWiki 1.12.x (Current Stable Release)

Download This is the current stable release branch. New wikis should be installed using this version if possible.
1.12.0 released on 2008-03-20
MediaWiki 1.12.0 is the release snapshot for Winter 2008.
See the full release notes and Release notes/1.12.
Download mediawiki-1.12.0.tar.gz

MediaWiki 1.11.x (Legacy Releases)

1.11.2 released on 2008-03-02
MediaWiki 1.11.2 is the release snapshot for Fall 2007.
See the full release notes and Release notes/1.11.
Download mediawiki-1.11.2.tar.gz
1.11.1 released on 2008-01-23
MediaWiki 1.11.1 is the release snapshot for Fall 2007.
See the full release notes and Release notes/1.11.
1.11.0 released on 2007-09-10
MediaWiki 1.11.0 is the release snapshot for Fall 2007.
See the full release notes and Release notes/1.11.

MediaWiki 1.10.x (Legacy Releases)

1.10.2 released on 2007-09-10
MediaWiki 1.10.2 is a bugfix release of the Spring 2007 quaterly release.
See the full release notes and Release notes/1.10.
Download mediawiki-1.10.2.tar.gz
1.10.1 released on 2007-07-13
MediaWiki 1.10.1 is a bugfix release of the Spring 2007 quaterly release.
See the full release notes and Release notes/1.10.
1.10.0 released on 2007-05-09
MediaWiki 1.10.0 is the quarterly release snapshot for Spring 2007.
See the full release notes and Release notes/1.10.

MediaWiki 1.9.x (Legacy Releases)

1.9.4 released on 2007-09-10
MediaWiki 1.9.4 is a bug-fix and security update of the Winter 2007 snapshot.
See the full release notes and Release notes/1.9.
Download mediawiki-1.9.4.tar.gz
1.9.3 released on 2007-02-20
MediaWiki 1.9.3 is a bug-fix and security update that fixes some issues.
See the full release notes and Release notes/1.9.
1.9.2 released on 2007-02-04
MediaWiki 1.9.2 is a bug-fix and security update that fixes some issues.
See the full release notes and Release notes/1.9.
1.9.1 released on 2007-01-24
MediaWiki 1.9.1 is a bug-fix update that fixes some installation and upgrade issues of the Winter 2007 snapshot.
See the full release notes and Release notes/1.9.
1.9.0 released on 2007-01-10
MediaWiki 1.9.0 is the quarterly release snapshot for Winter 2007.
See the full release notes and Release notes/1.9.

MediaWiki 1.8.x (Legacy Releases)

1.8.5 released on 2007-09-10
MediaWiki 1.8.5 is a security fix update to the Fall 2006 quarterly release snapshot.
See the full release notes and Release notes/1.8.
1.8.4 released on 2007-02-20
MediaWiki 1.8.4 is security and bug-fix update to the Fall 2006 quarterly release.
See the full release notes and Release notes/1.8.
1.8.3 released on 2007-01-09
MediaWiki 1.8.3 is a security release of the Fall 2006 snapshot.
See the full release notes and Release notes/1.8.
1.8.2 released on 2006-10-13
MediaWiki 1.8.2 is a bugfix maintenance release of the Fall 2006 snapshot.
See the full release notes and Release notes/1.8.
1.8.1 released on 2006-10-11
MediaWiki 1.8.1 is a security and bugfix maintenance release of the Fall 2006 snapshot.
See the full release notes and Release notes/1.8.
1.8.0 released on 2006-10-10
MediaWiki 1.8.0 is the quarterly release snapshot for Fall 2006.
See the full release notes and Release notes/1.8.

MediaWiki 1.7.x (Legacy Releases)

1.7.3 released on 2007-02-20
MediaWiki 1.7.3 is a security and bug-fix update to the Summer 2006 quarterly release.
See the full release notes and Release notes/1.7.
Download mediawiki-1.7.3.tar.gz
1.7.2 released on 2007-01-09
MediaWiki 1.7.2 is a security release of the Summer 2006 snapshot.
See the full release notes and Release notes/1.7.
1.7.1 released on 2006-07-08
Fixed some installer issues from MediaWiki 1.7.0
See the full release notes and Release notes/1.7.
MediaWiki 1.7 requires PHP 5 (5.1 recommended). PHP 4 is no longer supported. If you are unable to run PHP 5, you may have to stick with 1.6 for now.
MySQL 3.23.x is no longer supported; some older hosts may need to upgrade. At this time we still recommend 4.0, but 4.1/5.0 will work fine in most cases.
Experimental Oracle support has been dropped as it is unmaintained.
1.7.0 released on 2006-07-07
MediaWiki 1.7.0 is the quarterly release snapshot for Summer 2006.
See the full release notes and Release notes/1.7.

MediaWiki 1.6.x (Legacy Releases)

1.6.10 released on 2007-02-20
MediaWiki 1.6.10 is a security and bugfix release of the Spring 2006 snapshot.
See the full release notes and Release notes/1.6.
Download mediawiki-1.6.10.tar.gz
1.6.9 released on 2007-01-09
MediaWiki 1.6.9 is a security release of the Spring 2006 snapshot.
See the full release notes and Release notes/1.6.
1.6.8 released on 2006-07-08
MediaWiki 1.6.8 is a security and bugfix maintenance release of the Spring 2006 snapshot.
See the full release notes and Release notes/1.6.
A potential HTML/JavaScript-injection vulnerability in a debugging script has been fixed. Only versions and configurations of PHP vulnerable to the $GLOBALS overwrite vulnerability are affected.
As a workaround for existing installs, profileinfo.php may simply be deleted if it's not being used.
1.6.7 released on 2006-06-06
MediaWiki 1.6.7 is a security and bugfix maintenance release of the Spring 2006 snapshot.
See the full release notes and Release notes/1.6.
An HTML/JavaScript-injection vulnerability in the edit form has been closed. This vulnerability was new in 1.6.0; MediaWiki versions 1.5.x or earlier are not affected.
Extensions, comments, and <nowiki> sections are now handled in a one-pass way which is more reliable and safer. Under earlier versions of MediaWiki, certain extensions could be abused to inject HTML/JavaScript into the page.
Additional precautions are made against offsite form submissions when the restricted raw HTML mode is enabled.
1.6.6 released on 2006-05-23
MediaWiki 1.6.6 is a security and bugfix maintenance release.
An XSS injection vector in brace replacement has been fixed, as have some potential problems with table parsing. Upgrading is strongly recommended for all users of 1.6. MediaWiki versions 1.5 and earlier are not affected.
Additionally some localization and user interface updates are included.
1.6.5 released on 2006-05-02
MediaWiki 1.6.5 is a fix on the stable release branch for Spring 2006.
Rolled back the buggy patch in 1.6.4 (released on the same day) for bug 5497
1.6.3 released on 2006-04-10
MediaWiki 1.6.3 is a fix on the stable release branch for Spring 2006.
1.6.2 released on 2006-04-08
MediaWiki 1.6.2 is a fix on the stable release branch for Spring 2006.
A bug with parameters on extension tags containing "/" has been fixed.
Some more installer fixlets, and bad XHTML in some localizations.
1.6.1 released on 2006-04-05
MediaWiki 1.6.1 is a fix on the stable release branch for Spring 2006.
Corrected installer and other bugs which affected some users in 1.6.0.
1.6.0 released on 2006-04-05
MediaWiki 1.6.0 is the stable release branch for Spring 2006.
Lots of fun features! Woo.

MediaWiki 1.5.x (Legacy Releases)

MediaWiki Stable Releases 1.5.x

Security No one should install these on new wikis – security updates for older wikis only.

1.5.8 released on 2006-03-26
MediaWiki 1.5.8 is a security and bugfix maintenance release.
A bug in decoding of certain encoded links could allow injection of raw HTML into page output; this could potentially lead to XSS attacks. Some minor UI fixes were also made, see the change log at the bottom of this file.
1.5.7 released on 2006-03-02
MediaWiki 1.5.7 is a bugfix maintenance release.
Most importantly, a security issue in the installer has been fixed. The bug affects new installations of 1.5.6 only. If the user specified the MySQL root password, to allow the installer to create an unprivileged account, the installer would not only create the new account but also change the root password to be equal to the password of the new account. Anyone affected by this bug will need to change the root password back manually. For information about how to change passwords in MySQL please see: dev.mysql.com.
This version includes fixes for compatibility with Internet Explorer 7 beta 2, and various other bugs.
1.5.6 released on 2006-01-19
MediaWiki 1.5.6 is a security and bugfix maintenance release.
A bug in edit comment formatting could send PHP into an infinite loop if certain malformed links were included. In most installations, this would cause the script to fail after PHP's 30-second failsafe timeout.
1.5.5 released on 2006-01-05
MediaWiki 1.5.5 is a security and bugfix maintenance release.
Detection for uploads of Windows Metafile (.wmf) images has been added to help protect against a client-side vulnerability in unpatched Microsoft Windows operating systems. Sites which have enabled uploads and added non-standard file types (such as .ogg, .doc, or .pdf) should upgrade to this release to ensure that malicious .wmf files can't be uploaded with a fake extension; such files could put visitors to the site at risk. For more details on this, see: Windows Metafile vulnerability
Additionally, a maintenance script removeUnusedAccounts.php has been added in 1.5.5; this replaces an older Perl script which had not been updated for the new schema in 1.5.
1.5.4 released on 2005-12-21
MediaWiki 1.5.4 is a security and bugfix maintenance release.
A hardcoded internal placeholder string has been replaced with a random one. This closes a hole where security checks in inline style attributes could be bypassed, injecting JavaScript code that could execute in Microsoft Internet Explorer.
Other browsers would not be vulnerable.
Several minor fixes are included in this release, most notably a fix to clear the "you have new messages" flag properly for usernames containing spaces when e-mail notification is enabled.
1.5.3 released on 2005-12-04
MediaWiki 1.5.3 is a security and bugfix maintenance release.
Validation of the user language option was broken by a code change in May 2005, opening the possibility of remote code execution as this parameter is used in forming a class name dynamically created with eval().
The validation has been corrected in this version. All prior 1.5 release and prelease versions are affected; 1.4 and earlier are not affected. Additionally several bugs have been fixed.
1.5.2 released on 2005-11-02
MediaWiki 1.5.2 is a bugfix maintenance release.
A change in PHP 4.4.1 and PHP 5.1.0RC broke handling of extension and <pre> sections, causing garbage data to be inserted in output and saved edits. This version works around the change. Several other glitches with MySQL 5.0 and PHP 5.0.5 were also fixed.
1.5.1 released on 2005-10-26
MediaWiki 1.5.1 is a bugfix and security maintenance release.
This release includes further corrections to the inline CSS style sanitation which works around a JavaScript "feature" on Microsoft Internet Explorer. Users of Microsoft Internet Explorer for Windows may be vulnerable to XSS injections on prior versions; users of standards-compliant browsers are not vulnerable.
Major fixes include:
  • Image pages work again with resizing disabled
  • Works in MySQL 5.0 strict mode
There is experimental support in this release for explicitly declaring the UTF-8 charset in the database; this has been tested with MySQL 5.0.15 but should work on 4.1 as well.
Important: Changing this setting on an existing wiki may produce interesting data corruption, depending on server configuration. Page contents should, usually, be unaffected, but page titles and other items may be. Limitations in MySQL's Unicode support mean that characters outside the BMP cannot be used in page titles or various other fields when using this mode.
Table definitions are in maintenance/mysql5/tables.sql, and the runtime option to send 'SET NAMES utf8' is set by $wgDBmysql5 = true.
(MySQL 3.23.x and 4.0.x do not support character set declarations; on these versions MediaWiki simply works with UTF-8 data and MySQL is blissfully unaware of it.)
1.5.0 released on 2005-10-05
MediaWiki 1.5.0 is the new stable release branch of MediaWiki, and is recommended for all new installations.

Additional Notes:

  • Any wikis running a 1.5 beta or release candidate are strongly recommended to upgrade to the final release, which includes a number of bug fixes and a security fix for CSS bugs in Microsoft Internet Explorer.
  • IMPORTANT: Running a 1.3 or 1.4 wiki and don't want to jump to 1.5 yet? Be sure to upgrade to 1.3.17 or 1.4.11, also released today. Versions prior to 1.3.16 and 1.4.10 have a serious data corruption bug which is triggered by a spambot known to operate in the wild.
Older Unstable Releases 1.5.x

(extract)

Release Candidate Series 1.5
1.5rc4 released on 2005-08-29 (full release notes)
Beta Preview releases 1.5 (beta of next major release)
1.5beta4 released 2005-07-30 (full release notes)
Alpha Preview releases 1.5 (alpha of next major release)
1.5alpha2 released on 2005-06-03 (full release notes)

MediaWiki 1.4.x (Legacy Releases)

MediaWiki Stable Releases 1.4.x

Security No one should install these on new wikis – security updates for older wikis only.

1.4.15 released on 2005-03-26
MediaWiki 1.4.15 is a security maintenance release.
A bug in decoding of certain encoded links could allow injection of raw HTML into page output; this could potentially lead to XSS attacks. Additionally, this release may display more correctly in IE7 betas.
1.4.14 released on 2006-01-19
MediaWiki 1.4.14 is a security and bugfix maintenance release.
A bug in edit comment formatting could send PHP into an infinite loop if certain malformed links were included. In most installations, this would cause the script to fail after PHP's 30-second failsafe timeout.
1.4.13 released on 2006-01-05
MediaWiki 1.4.13 is a security and bugfix maintenance release.
1.4.12 released on 2005-11-02
MediaWiki 1.4.12 is a bugfix and security maintenance release.
Additional Notes:
  • A change in PHP 4.4.1 broke handling of extension and <pre> sections, causing garbage data to be inserted in output and saved edits. This version works around the change.
  • This release includes further corrections to the inline CSS style sanitation which works around a JavaScript "feature" on Microsoft Internet Explorer. Users of Microsoft Internet Explorer for Windows may be vulnerable to XSS injections on prior 1.4 releases; users of standards-compliant browsers are not vulnerable.
  • All publicly accessible wikis are recommended to upgrade to reduce the risk to visitors using Microsoft web browsers.
1.4.11 released on 2005-10-05
MediaWiki 1.4.11 is a security maintenance release.
Additional Notes:
  • Unsafe handling of CSS by Microsoft Internet Explorer could be exploited to produce cross-site scripting attacks by JavaScript injection to clients running that browser.
  • This release blacklists several additional variants from use in HTML inline style attributes.
  • All publicly accessible wikis are recommended to upgrade to reduce the risk to visitors using Microsoft web browsers.
1.4.10 released on 2005-09-21
MediaWiki 1.4.10 is a security maintenance release.
Additional Notes:
  • A bug in edit submission handling could cause corruption of the previous revision in the database if an abnormal URL was used, such as those used by some spambots.
  • Affected releases:
-1.4.x <= 1.4.9; fixed in 1.4.10
-1.3.x <= 1.3.15; fixed in 1.3.16
  • 1.5 release candidates are not affected by this problem.
All publicly editable wikis are strongly recommended to upgrade immediately.
1.4 releases can be manually patched by changing this bit in EditPage.php:
function importFormData( &$request ) {
if( $request->wasPosted() ) {
to:
function importFormData( &$request ) {
if( $request->getVal( 'action' ) == 'submit' && $request->wasPosted() ) {
1.4.9 released on 2005-08-29
MediaWiki 1.4.9 is a security maintenance release.
- <math> tags were handled incorrectly when TeX rendering support is off, as in the default configuration.
- Extension or <nowiki> sections in Wiki table syntax could bypass HTML style attribute restrictions for cross-site scripting attacks against Microsoft Internet Explorer
1.4.8 released on 2005-08-23
MediaWiki 1.4.8 is a bug fix and security maintenance release.
  • A flaw in the interaction between extensions and HTML attribute sanitization was discovered which could allow unauthorized use of offsite resources in style sheets, and possible exploitation of a JavaScript injection feature on Microsoft Internet Explorer.
  • This version expands the returned text and properly checks it before output.
  • Additionally, an update to skins/MonoBook.php ensures that sites using the default MonoBook skin will display correctly in the Internet Explorer 7 beta. (1.3 and 1.5 are not affected by this bug.)
1.4.7 released on 2005-07-16
MediaWiki 1.4.7 is a stable series bugfix release.
Additional Notes:
  • Those affected by the following problems in 1.4.6 should upgrade:
- Watchlist breakage on MySQL 3.23.x and with table prefix enabled
- Possible breakage in watchlist, some image resizing modes on PHP 4.1.2
  • 1.4.6 included a fix for a cross-site scripting vulnerability, so anyone running older 1.4 releases is very strongly encouraged to upgrade as well.
  • Note to upgraders: current versions of MediaWiki are known to produce a large number of notice-level warnings under the newly released PHP 4.4.0. These appear however to be harmless; if you encounter them add error_reporting( E_ALL & ~E_NOTICE ); to your LocalSettings.php to suppress the notices.
  • PHP 5.1.0 beta 3 is known to be incompatible at this time.
  • MySQL 3.23.x and table prefix compatibility fix: restore old watchlist code (MediaZilla:2747, MediaZilla:2755)
  • PHP 4.1.2 compatibility fix: define floatval() equivalent if missing
1.4.6 released on 2005-07-07
MediaWiki 1.4.6 is a stable series security and bugfix release.
For details of this and all earlier releases, please see the old main page at wikipedia.sourceforge.net.

MediaWiki 1.3.x (Legacy Releases)

MediaWiki Stable Releases 1.3.x

Security No one should install these on new wikis – security updates for older wikis only.

1.3.18 released on 2005-11-02
MediaWiki 1.3.18 is a security maintenance release.
Additional Notes:
  • A change in PHP 4.4.1 broke handling of extension and <pre> sections, causing garbage data to be inserted in output and saved edits. This version works around the change.
  • This release includes further corrections to the inline CSS style sanitation which works around a JavaScript "feature" on Microsoft Internet Explorer. Users of Microsoft Internet Explorer for Windows may be vulnerable to XSS injections on prior 1.4 releases; users of standards-compliant browsers are not vulnerable.
  • All publicly accessible wikis are recommended to upgrade to reduce the risk to visitors using Microsoft web browsers.
  • Note: the MediaWiki 1.3.x series is not compatible with PHP 5.0.5 or higher. Upgrade to the 1.5.0 release if you require this version of PHP 5.

You may also look up the Stable Releases overview.

Retrieved from "http://www.mediawiki.org/wiki/Important_Release_Notes"
Personal tools