This page contains release notes for a legacy version of MediaWiki. The current version is 1.41.1 . The legacy support version is 1.40.3 . The legacy long-term support version is 1.39.7 .

MediaWiki 1.39[edit]

This is a security and maintenance release of the MediaWiki 1.39 branch.

Changes since 1.39.6[edit]

• Localisation updates.
• (T334992) Headings in the license pickers should not be selected.
• (T353929) ActiveUsersPager: Count actions only once.
• composer: Use @php instead of php.
• (T326065) Indent JsonContent using tabs.
• (T354541) authmanager: Improve AuthenticationRequest docs.
• (T355017) Add missing space in Special:RecentChangesLinked.
• (T355003) composer.json Add ext-bcmath and ext-gmp to suggests.
• PHPVersionCheck: Update text to match currently supported upstream PHP versions (8.1+).
• (T354045) API: mark HTML output as non-cacheable.
• (T355530) filerepo: Fix img_major_mime for files with a non-standard extensions.
• (T355530) MimeAnalyzer: Add @since to isValidMajorMimeType.
• (T317489, T319202) Mark some parserTests on talk pages Parsoid only on REL1_39.
• (T350594) Update wikimedia/parsoid to 0.16.3.
• (T352554) ZhConverter: Fix language variant fallback chain.
• (T357668) Parser::getExternalLinkAttribs: Don't set rel attribute to null.
• LockManagerGroupIntegrationTest: Remove test depending on DBLockManager.
• (T357808) LinkRendererTest: Add missing import for LinkTarget.
• (T353305) ApiResetPassword: Allow both user and email parameters to be passed for reset.
• (T358949) updateCollation: Explicitly cast $scale to int.
• (T359055) api: Improve linking of language codes lists in top level i18n messages.
• (T359294) Make sure MovePage::isValidFileMove matches UploadBase::getTitle.
• (T230245) Respect $maxConcurrency when queuing async FileOps.
• (T352554) Follow-up "ZhConverter: Fix language variant fallback chain".
• (T292237, T317451) build: Restore Doxygen output for MediaWiki release tags.
• (T324903) HistoryPager: Add #[AllowDynamicProperties].
• (T360850) Update Apache config syntax in .htaccess files.
• (T309714, T354274) mime: Add support for 'font/woff' and 'font/woff2' mime type.
• (T309714) mime: Make test cases use data provider.
• (T331608) installer: Bear with schema drift caused by running old updater.
• docs: Remove use of $IP from mwdocgen.php.
• (T317451) build: Restore Doxygen output for MediaWiki release tags (take 3).
• docs: Set stable permalink on markdown files.
• (T357019) allow maintenance/deleteBatch.php to accept page ID.
• (T355538, CVE-2024-PENDING) XSS in edit summary parser.
• (T357760, CVE-2024-PENDING) Denial of service vector via GET request to Special:MovePage on pages with thousands of subpages.

This is a security and maintenance release of the MediaWiki 1.39 branch.

Changes since MediaWiki 1.39.5[edit]

• Localisation updates.
• Updated symfony/polyfill-php80 from 1.26.0 to 1.28.0.
• Updated symfony/polyfill-php81 from 1.26.0 to 1.28.0.
• (T344912) mail: Encode period (ascii 46) if it appears in encoded email header.
• Added symfony/polyfill-php82.
• Added symfony/polyfill-php83.
• Updated symfony/yaml from 5.4.10 to 5.4.23.
• (T329609) ApiQueryLanguageinfoTest: Do not pass a float to setFakeTime.
• Updated wikimedia/timestamp from 4.0.0 to 4.1.1.
• tests: Provide coverage for StatusValue::__toString.
• StatusValue: Improve logging/debug output with multibyte characters.
• (T347726, CVE-2023-PENDING) SECURITY: logging: Fix non-escaped messages used in rights log.
• Updated wikimedia/parsoid from 0.16.1 to 0.16.2.
• (T229992) LocalisationCache: Preserve fallback source language info.
• (T275085) Fix logging Status objects to 'authevents' channel.
• (T341310) DEVELOPERS.md: mention git clone and WSL.
• (T351758) DEVELOPERS.md: reword WSL instructions to include best practices.
• (T349115) LocalisationCache: Fix a rare case in fallback source language.
• SwiftFileBackend: Fix "PHP Deprecated: strlen(): Passing null to parameter #1 ($string) of type string is deprecated".
• maintenance: Add missing parenthesis to SQL in attachLatest.php.
• (T353472) maintenance: Fix join condition in DeduplicateArchiveRevId.

This is a security and maintenance release of the MediaWiki 1.39 branch.

Changes since MediaWiki 1.39.4[edit]

• Localisation updates.
• (task T333050, CVE-2023-45363) SECURITY: Fix infinite loop for self-redirects with variants conversion.
• docs: Fix a few typos in MainConfigSchema.
• (task T309714) mime: Add support for 'font/sfnt' MIME type.
• (task T341434) WikiImporter: Improve error message output.
• (task T317255) VueComponentParser: Use Zest's getElementsByTagName() rather than PHP's.
• (task T341737) ApiBase: Cast $id to string in filterIDs.
• (task T286291, task T296188) Merge zh and zh-tw namespace translations back to zh-hans, zh-hant, zh-hk respectively.
• (task T337875) WRStats: Round up SequenceSpec::hardExpiry to the nearest integer.
• (task T237898) installer: Check MariaDB version in updater/installer.
• (task T342632) ApiComparePages: Add help url.
• (task T326182, task T324903) EditPage: Add #[AllowDynamicProperties].
• (task T342351) rdbms: Fix postgres db function call.
• (task T343675) user: Use {@} to escape annotation when writting about annotation.
• (task T343797) LanguageWa: Fix double timezone adjustment.
• (task T326454) Update pear/mail to 1.5.1.
• (T204470) Remove feedback messages from RawHtmlMessages.
• (T264765, CVE-2023-45364) SECURITY: Article: Check permissions before showing link to view deleted revision.
• (T310378) Ensure that installer i18n is loaded by update.php.
• (task T343622) docs: Set the <comment> tag back to optional.
• (task T330528) Upgrade wikimedia/html-formatter from 3.0.1 to 4.0.3.
• (task T337463) wdio-mediawiki: await saveScreenshot.
• (task T274041) Include core PSR-4 classes in the generated classmap.
• (task T208477) $wgPrivilegedGroups – Users belonging in some of the listed groups will be audited more aggressively.
• doc: Improve description of "type" in extension.schema.v2.json.
• Added PrivilegedGroups attribute for extension.json / skin.json, which lets you add any new user groups you define to wgPrivilegedGroups (see above).
• HTMLForm: Fix E_NOTICE when hide-if is used with setFormIdentifier.
• (task T288624) MultiHttpClient: Unset $this->cmh after closing it.
• (task T345039) Do not run SkinAfterBottomScripts hook twice unconditionally.
• (task T265734) API Help: Note that parameters may be inherited from other context.
• API: Make continue parameter help description more specific.
• (task T285545) i18n: Split apihelp for standard dir parameter.
• (task T285545) i18n: Split apihelp for redirects/linkshere/transcludedin/fileusage show.
• (task T285545) i18n: Split apihelp for parameter list=deletedrevs&drprop=.
• (task T285545) i18n: Split apihelp for parameter list=allpages&apprexpiry=.
• (task T285545) i18n: Split apihelp for parameter action=opensearch&redirects=.
• (task T285545) i18n: Split apihelp for parameter action=managetags&operation=.
• (task T285545) api: Add message for list=watchlist&wlprop=expiry.
• (task T334011) ApiComparePages: expose 'difftype' param if wikidiff2 is installed.
• (task T342633) api: Add message for action=compare&prop=timestamp.
• API: revids=… does not necessarily return the queried revisions.
• (task T326696) user: Truncate option value in UserOptionsManager.
• (task T326696) ApiOptions: Give warning if the value is too long.
• API i18n: Add for byte count messages.
• (task T235207) Get correct main page in API call examples.
• doc: Make extension.schema.v2.json a valid JSON schema.
• updateSpecialPages.php: Avoid implicit float conversion on modulo.
• (task T347227) ImportReporter: Make callback functions public.
• (task T346898) importDump: Unconditionally call $importer->setUsernamePrefix().
• (task T204470) Remove feedback messages from RawHtmlMessages.
• (task T264765, CVE-2023-45364) SECURITY: Article: Check permissions before showing link to view deleted revision.
• (task T310378) Ensure that installer i18n is loaded by update.php.
• doc: Improve description of type in extension.schema.v1.json.
• (task T340217, CVE-2023-45359) SECURITY: Vector 2022: Numerous unescaped messages leading to potential XSS.
• (task T340220, CVE-2023-45361) SECURITY: Vector 2022: vector-intro-page message is assumed to yield a valid title.
• (task T340221, CVE-2023-45360) SECURITY: XSS via 'youhavenewmessagesmanyusers' and 'youhavenewmessages' messages.
• (task T341529, CVE-2023-45362) SECURITY: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression.
• (task T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted XML file to Special:Upload (non-standard configuration).

This is a security and maintenance release of the MediaWiki 1.39 branch.

Changes since MediaWiki 1.39.3[edit]

• Localisation updates.
• (task T333990) composer.json: Explicitly pin psr/http-message to 1.0.1.
• (task T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7 (2.4.0 => 2.4.5).
• (task T333776) Template:ACTIVEUSERS wasn't being updated without updateSpecialPages.php.
• (task T258860) Prevent LogicCache exception from message cache during IO errors from memcache.
• (task T336868) Improve idempotency of postgres index upgrades.
• (task T322944) Add Authorization to default $wgAllowedCorsHeaders .
• (task T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter.
• A fake MessageLocalizer for use in unit tests.
• (task T338114) Title: Add forward alias.
• composer: Add symfony/polyfill-php81 like symfony/polyfill-php80.
• (task T330464) Work around argument corruption bug in XMLReader::open.
• Fix frame and frameless rdfa depending on file existing.
• Fixes for the phan upgrade, part 1.
• Fixes for the phan upgrade, part 2.
• (task T298571) build: Update mediawiki/mediawiki-phan-config to 0.12.0.
• build: Updating mediawiki/mediawiki-phan-config to 0.12.1.
• (task T329214) Pass whether current rev of file exists to Linker::makeBrokenImageLinkObj.
• (task T334659) Handle thumb errors when !$enableLegacyMediaDOM.
• A manualthumb that doesn't exist should be considered a thumb error.
• (task T313157) IndexPager: Also protect against $offset being 0.
• (task T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.

This is a security and maintenance release of the MediaWiki 1.39 branch.

Changes since MediaWiki 1.39.2[edit]

• Localisation updates.
• (task T328477) LinksUpdate: Use DB key for category links table.
• GlobalFunctions: Remove check for MEDIAWIKI constant.
• (task T329484) API: Fix query+allimages user parameter description.
• (task T330529) SpecialEditTags: Set default of for wpReason.
• (task T330382) postgres: Make the upgrade ignore dropping indexes that might not exist.
• (task T330526) htmlform: Handle null from HTMLFormField::getDefault in multiselects.
• (task T291753) rdbms: escape backslashes in makeConnectionString for PostgreSQL.
• (task T325529) Fix total breakage of wgCanonicalServer fallback.
• (task T318103) mediawiki.storage: Disable async GC during integration test.
• (task T332461, task T332397) TempFSFile: Keep the WeakMap alive.
• (task T332902) page: fix InvalidArgumentException in SQLPlatform::makeList.
• (task T285159, CVE-2023-29141) SECURITY: Do not apply autoblocks to untrusted XFF headers.

This is a maintenance release of the MediaWiki 1.39 branch.

Changes since MediaWiki 1.39.1[edit]

• Localisation updates.
• (task T325872) ChangeTags: Remove table name from condition.
• (task T324895) MWCallbackStream: Add explicit $stream property.
• (task T297031, task T326039) PostgresUpdater: Move setDefault ahead of changeNullableField.
• (task T321319) Produce HTML for invalid JSON.
• (task T215466, task T326071) MigrateActors: Write to revision table (Follow-up 24115a8).
• (task T223027) ReservedUsernames config: Add reserved names from maintenance scripts.
• (task T325000, task T324896, task T307631) Updated OOUI from v0.44.3 to v0.44.5.
• Remove /images .htaccess rules that are no longer relevant.
• Disable php in .htaccess of images directory as a hardening measure.
• (task T322583) Include missing message parameter in message.
• LocalFileTest: use encodeBlob/decodeBlob for img_metadata.
• DatabaseSqlite: fix null blobs.
• rdbms: avoid pg_escape_bytea() call-style deprecation notices.
• (task T322278) Improve LocalisationCache post-merge validation check.
• (task T324408, task T326367) Updated wikimedia/remex-html from 3.0.2 to 3.0.3.
• (task T322278) Fix the remaining Phan failures on PHP 8.1.
• (task T322278, task T326367) Respond to some messages from Phan on PHP 8.1.
• Fix phan error when Excimer is enabled.
• (task T326021) Add matrix: to $wgUrlProtocols .
• (task T314099) stream wrapper: Declare $context class property.
• (task T314099) libs\jsminplus: Declare JSNode::$expression.
• (task T314096) composer.json: Updated composer/spdx-licenses from 1.5.6 to 1.5.7.
• (task T326472) Upgrading cssjanus/cssjanus (v2.1.0 => v2.1.1).
• (task T308536) rdbms: Remove deprecation mark for $wgSharedDB .
• (task T215466, task T326071) installer: Split drop action out of the SQL patch for actor migration.
• (task T322603) SqliteMaintenance.php: Fix fatally broken instanceof check.
• (task T326377) rdbms: Use DBConnRef in SelectQueryBuilder.
• api/en.json: api-help-datatype-expiry add missing 'may'.
• (task T317329) OutputPage: Fix undefined ['host'] in ImagePreconnect code.
• (task T328222) Pass empty string to strlen() if schema is null for PostgresDatabase.
• (task T289926) SpecialRevisionDelete: Set default of for wpReason.
• (task T155582, task T328503) Fix XML dumps for content types with non-string getNativeData().
• (task T326886) PoolCounterRedis: Fix wrong cast, locks weren't being released.
• (task T314099) revisiondelete: Replace dynamic property Status::$itemStatuses
• (task T327821) skin: Restore default 'value' attribute in makeSearchButton().
• (task T329198) ParamValidator: Improve paramvalidator-help-multi-max message.
• (task T329415) Clear the statsd data buffer regardless of StatsdServer config.
• (task T292348) WikiImporter: do not fail if upload entry in dump lacks 'text' tag.
• (task T330049) UnregisteredLocalFile: Don't call MimeAnalyzer if no path.
• (task T324894 TempFSFile: Use a WeakMap for reference tracking if available.
• (task T295637) Add no to fallback chain of nb and nn.

This is a security and maintenance release of the MediaWiki 1.39 branch.

Changes since MediaWiki 1.39.0[edit]

• Localisation updates.
• PostgresUpdater: Remove trailing space from 'user_id ' column.
• (task T304515) LCStoreStaticArray: atomically replace the cache file.
• (task T324516) postgres: Fix upgrade for templatelinks primary key.
• (task T324890, task T324891, task T324901) Parser: Allow dynamic properties on PHP 8.2.
• (task T324513) uuid\GlobalIdGenerator: Check if getmyuid() exists.
• (task T314099) OutputPage: Remove unused dynamic property ParserOptions->isBogus.
• (task T314099) api: Remove use of undeclared property in action=comparepages.
• Upgrading wikimedia/xmp-reader (0.8.5 => 0.8.6).
• (task T324489) Upgrading wikimedia/parsoid (v0.16.0 => v0.16.1).
• Updated pear/mail (v1.4.1 => v1.5.0).
• Removed wikimedia/dodo (v0.4.0).
• (task T324910) On pages using multi-content revisions, the raw content of a specific slot can be retrieved using the action=raw&slot=<role-name> query parameters.
• (task T322637) SECURITY: sqlite should not create DB file world-readable.

Changes since MediaWiki 1.39.0-rc.1[edit]

• Localisation updates.
• exception: Tolerate no service container when trying DB rollback.
• (task T320282) Upgrading wikimedia/xmp-reader (0.8.3 => 0.8.4).
• objectcache: Deprecate WANObjectCache::reap() and ::reapCheckKey().
• (task T320864) When calling mail(), use an array for headers.
• Upgrading wikimedia/xmp-reader (0.8.4 => 0.8.5).
• (task T321154) Call setFormIdentifier() on LogEventsList form.
• When importing revision with same timestamp as latest revision, treat it as the new latest.
• (task T320726) RandomImageGenerator::getImageSpec: Don't pass a float to mt_rand(), for PHP 8.1.
• (task T298485, task T322360) WikiExporter: Avoid calling reload in processing every row.
• (task T321551) pager: Fix null used for foreach in Pager::getNavigationBar.
• (task T321551) pager: Remove unused AlphabeticPager::getOrderTypeMessages() support.
• pager: Remove unused PagerNavigationBuilder::setExtra().
• PagerNavigationBuilder: Document that nulls in setLinkQuery() etc. are allowed.
• (task T322335) ApiQueryRevisionsBase: Fix 'rvdiffto' parameter handling on PHP 8.0.
• (task T314096) TestFileEditor: Fix string interpolation.
• (task T289926) api: Fix minor PHP 8.1 incompatibility in ApiOptions.
• (task T322803) SpecialBotPasswords: Don't pass null to trim().
• (task T289926) Fix incomplete ITextFormatter mocks.
• Language: Handle ronna and quetta.
• (task T72510) rdbms: make SqlitePlatform::tableName() apply double quotes.
• (task T323373) Parser: Fix extractSections() behavior for PHP >= 8.0.
• .gitattributes: Ship docker-compose.yml to the tarball.

Changes since MediaWiki 1.39.0-rc.0[edit]

• Localisation updates.
• (task T318481) composer: Drop symfony/php73-polyfill.
• (task T318460) SpecialChangeEmail: Set default for returntoquery.
• (task T318307) HTMLFormField::validate(): Update docs to permit all data types
• (task T306802) docker: update to latest published images.
• (task T318754) WebInstallerOptions::addPersonalizationOptions(): Close fieldset.
• (task T227047) Soft-deprecate the remainder of ActorMigration.
• (task T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results in an IP range check on Special:Contributions.
• (task T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence of hidden users.
• (task T307278, CVE-2022-41766) SECURITY: On action=rollback the message "alreadyrolled" can leak revision deleted user name.
• (task T319186) .phan/config.php: Update minimum_target_php_version.
• Tests: Explicit cast to int in RandomImageGenerator test (php8 warnings).
• (task T319186) .phan/config.php: Update minimum_target_php_version.
• (task T310243) Deprecate use of 'wvui-search' package.
• utils: Fix return doc about false/null for UrlUtils::expand.
• (task T319000) WebInstaller: Don't try and run trim() on null.
• In the event of preg failure in MagicWordArray throw exception.
• (task T318753) Installer: Disable logo dropper for now.

Don't forget to always back up your database before upgrading!

See the file UPGRADE for more detailed per-version upgrade instructions from the oldest supported upgrading version, MediaWiki 1.31.

Some specific notes for MediaWiki 1.39 upgrades are below:

• (task T278139) Drop PHP 7.3 support in MediaWiki 1.39; require 7.4.3 or higher.

For notes on 1.38.x and older releases, see HISTORY.

Configuration changes for system administrators in 1.39[edit]

• The default serialization method for file meta-data has been changed to JSON. You can revert it to PHP by setting the 'useJsonMetadata' property to false in $wgLocalFileRepo .
• The DBO_SSL flag in $wgDBservers and $wgLBFactoryConf has been deprecated in favour of a boolean "ssl" parameter.
• $wgMangleFlashPolicy is deprecated and is no longer functional. Users who are somehow still using Flash as a browser extension will be exposed to CSRF vulnerabilities.

New configuration[edit]

• $wgAutoCreateTempUser – configures automatic user creation on page save.
• $wgCopyUploadAllowOnWikiDomainConfig – Configures if administrators can use the MediaWiki:Copyupload-allowed-domains system message to define which domains can be used with the upload-by-url tool.
• $wgLBFactoryConf['configCallback'] can be set to a callback function that returns an array with keys to update in $wgLBFactoryConf . This can be used to update the database configuration on the fly, e.g. to take replica hosts out of rotation.
• $wgCdnMatchParameterOrder can be set to false if MediaWiki is behind a CDN that re-orders query parameters. This will make the code that matches request URLs to canonical CDN URLs insensitive to parameter order.
• $wgMultiShardSiteStats – split site_stats across multiple rows. Only useful for very large, heavily edited wikis. (task T306589)
• $wgPrivilegedGroups – Users belonging in some of the listed groups will be audited more aggressively.

Changed configuration[edit]

• $wgInvalidUsernameCharacters now contains the char '>', reserved delimiter for external user names.

Removed configuration[edit]

• $wgMultiContentRevisionSchemaMigrationStage - Migration is over, was deprecated since 1.35.
• $wgWikiFarmSiteDetector – experimental setting removed without replacement. Use the MW_WIKI_NAME environment variable to specifiy the name of the site to load configuration for. Using the WIKI_NAME environment variable for this purpose is deprecated.
• $wgParserCacheUseJson - the ParserCache now always uses JSON serialization. Reading old non-JSON cache entries is still supported. The setting had been deprecated since 1.36.
• $wgAllowJavaUploads - To allow uploads of JAR files, remove application/java from $wgMimeTypeExclusions .
• $wgMaxRedirects has been removed. This feature never worked as intended, see task T296430.
• $wgElementTiming has been removed. This feature was experimental, and disabled by default.
• $wgPriorityHints and $wgPriorityHintsRatio have been removed. This feature was experimental, and disabled by default.
• $wgIncludeLegacyJavaScript has been removed. Note that no functionality was removed in this release. Most former "wikibits" functions were removed after deprecation in previous releases. The remaining functions, such as importScript, are available unconditionally.
• $wgActorTableSchemaMigrationStage has been removed. Migration is over.
• In $wgObjectCaches , globalKeyLB and localKeyLB are no longer supported.
• $wgLegacySchemaConversion - This global configuration has been removed because it was unused.
• $wgInterwikiPrefixDisplayTypes - This global configuration has been removed because it was unused.

New user-facing features in 1.39[edit]

• Optional automatic user creation on page save ($wgAutoCreateTempUser )
• Administrators now have the option to delete/undelete the associated "Talk" page when they are (un)deleting a given page. `deletetalk` and `undeletetalk` options were added to the 'delete' and 'undelete' action APIs in MW 1.38.
• `=` is now a wikitext built-in magic word, expanding to `=`. This is conventionally used as an escape mechanism to allow the use of `=` in unnamed template arguments. Defining Template:= to expand to something other than `=` has been deprecated since 1.36, with affected pages put into a special tracking category for migration.
• (task T284020) Bot passwords are now supported when using the REST API.

New developer features in 1.39[edit]

• Added optional $size param to SearchResultProvideThumbnail hook.
• SearchResultProvideThumbnail hook interface moved from MediaWiki\Rest\Hook namespace to MediaWiki\Search\Hook.
• JsonValidateSaveHook has been added to allow extensions to set additional pre-save validations for specific JSON pages (task T313254).
• Added 'PermissionErrorAudit' hook, enabling extensions to audit permission errors on specfic actions (for instance, account registration failed attempts due to a block (task T306018)).

External library changes in 1.39[edit]

New external libraries[edit]

• Added Codex v0.1.1. This replaces the now deprecated wvui library.
• Added symfony/polyfill-php81.
• Added symfony/polyfill-php82.
• Added symfony/polyfill-php83.

New development-only external libraries[edit]

• Updated QUnit from 2.18.0 to 2.18.2.

Changed external libraries[edit]

• Updated jQuery from v3.6.0 to v3.6.1.
• Updated OOUI from v0.43.2 to v0.44.5.
• Updated composer/semver from 3.2.6 to 3.3.2.
• Updated cssjanus/cssjanus fromv2.1.0 to v2.1.1.
• Updated pear/mail from v1.4.1 to v1.5.1.
• Updated symfony/polyfill-php80 from 1.25.0 to 1.28.0.
• Updated symfony/yaml from 5.4.3 to 5.4.23.
• Updated vue/compat from 3.2.23 to 3.2.37.
• Updated wikimedia/base-convert from 2.0.1 to 2.0.2.
• Updated wikimedia/html-formatter from 3.0.1 to 4.0.3.
• Updated wikimedia/ip-set from 3.0.0 to 3.1.0.
• Updated wikimedia/minify from 2.2.6 to 2.3.0.
• Updated wikimedia/php-session-serializer from 2.0.0 to 2.0.1.
• Updated wikimedia/remex-html from 3.0.2 to 3.0.3.
• Updated wikimedia/running-stat from 1.2.1 to 2.1.0.
• Updated wikimedia/scoped-callback from 3.0.0 to 4.0.0.
• Updated wikimedia/services from 2.0.1 to 3.0.0.
• Updated wikimedia/timestamp from 3.0.0 to 4.1.1.
• Updated wikimedia/xmp-reader from 0.8.1 to 0.8.6.

Changed development-only external libraries[edit]

• Updated composer/spdx-licenses from 1.5.5 to 1.5.6.
• Updated doctrine/dbal for PHP < 7.3 from 2.13.6 to 2.13.9.
• Updated doctrine/dbal for PHP >= 7.3 from 3.1.5 to 3.4.2.
• Updated mediawiki/mediawiki-phan-config from 0.11.1 to 0.12.1.

Bug fixes in 1.39[edit]

• (task T314013) $wgExtraNamespaces no longer overrides canonical namespace names specified in extension.json files. While this setting can still be used to rename extension-defined namespaces, system administrators may need to run namespaceDupes.php after upgrading.

Action API changes in 1.39[edit]

• New `undeletetalk` parameter on action=undelete that allows you to restore all revisions of the associated talk page.

Languages updated in 1.39[edit]

MediaWiki supports over 350 languages. Many localisations are updated regularly. Below only new and removed languages are listed, as well as changes to languages because of Phabricator reports.

• Actual localization was added for several languages, which were already in Names.php and even used for a Wikipedia:
  • (task T313200) Added language support for Rundi (Kirundi, rn).
  • (task T310976) Added language support for Tumbuka (ChiTumbuka, tum).
  • (task T314270) Added language support for Kanuri (kr).
• (task T313199) Added language support for Sylheti (syl).
• (task T311975) Added language support for Ghanaian Pidgin (gpe).
• (task T307080) Added language support for Okinawan (ryu).
• (task T307887) Added language support for Mooré (mos).
• (task T308813) Added language support for Nigerian Pidgin (pcm).
• (task T309763) Added language support for Tai Nüa (tdd).
• (task T310040) Added language support for Fante (fat).
• (task T311034) Added language support for Campidanese Sardinian (sro).
• (task T315406) Fix the autonym of the Iñupiaq language to "Iñupiatun".
• (task T315677) Removed French fallback from the Fula language (ff).
• (task T304920) In Swahili, the "Media" namespace is now "Media", as in English, and the "File" namespace is now "Faili". The old name of the "File" namespace was "Picha", which has been kept for backwards compatibility. If you manage a wiki in Swahili, and you use "Faili:" as a namespace anywhere in wikitext, and you mean to use it as "Media:", these need to be replaced to "Media:".
• (task T309866) Some namespace translations were updated for Kyrgyz (ky). The old ones are retained as aliases for backwards compatibility.
• (task T117845) Started the renaming of the language codes for Serbian from sr-ec and sr-el to sr-cyrl and sr-latn.

Breaking changes in 1.39[edit]

• Basic non-JavaScript (Grade C) support has been dropped for Internet Explorer 9-10, Firefox 27-38, and Android 4.3-4.4.
• The following methods, deprecated since 1.37, have been removed from IDatabase:
  • ::fetchObject()
  • ::fetchRow()
  • ::numRows()
  • ::freeResult()
• Title::getDefaultNamespace(), deprecated since 1.37, has been removed.
• The DBPrimaryPos class alias 'DBMasterPos' has been removed.
• The global function wfGetLB(), deprecated since 1.27, has been removed.
• Passing a db to BlockRestrictionStore::loadByBlockId() is no longer supported. BlockRestrictionStoreFactory should be used to fetch a correct BlockRestrictionStore instead. This was deprecated since 1.38.
• The global function wfGetCache(), deprecated since 1.32, has been removed. You can use ObjectCache::getInstance() instead.
• The global function wfGetMainCache(), deprecated since 1.32, has been removed. You can use ObjectCache::getLocalClusterInstance() instead.
• MovePage::__construct() now requires that all parameters be passed. The fallback to MediaWikiServices emitted deprecation notices since 1.37.
• WikiPage::doEditContent(), deprecated since 1.32, was removed.
• WikiPage::prepareContentForEdit() now requires a UserIdentity parameter to be provided. Not providing one has been deprecated since 1.37.
• EventRelayerKafka, deprecated in 1.38, was removed.
• MediaWiki\Logger\Monolog\KafkaHandler, deprecated in 1.38, was removed.
• The "trace" option of SectionProfiler, deprecated in 1.38, was removed.
• The global function wfWikiID(), deprecated since 1.35, has been removed.
• Database::wasKnownStatementRollbackError() was removed. Subclasses should override isKnownStatementRollbackError() instead.
• Database::wasQueryTimeoutError() was removed. Subclasses should override isQueryTimeoutError() instead.
• Database::buildSuperlative() has been removed without deprecation.
• The following methods, deprecated in 1.37, have been removed:
  • Linker::setStubThreshold(), ::getStubThreshold().
  • LinkRendererFactory::createForUser().
  • ParserOptions::getStubThreshold(), ::setStubThreshold().
• Changes to ResourceLoader modules:
  • The mediawiki.viewport module, deprecated in 1.37 has been removed. Use IntersectionObserver instead.
• If you manage a wiki in Swahili, and you use "Faili:" as a namespace anywhere, and you mean to use it as "Media:", replace it with "Media:". See task T304920.
• Changes to skins:
  • Skin::getCopyrightIcon(), ::getPoweredBy(), deprecated in 1.37 have been removed.
  • Skin::bottomScripts soft deprecated in 1.37, was hard deprecated. Skins using SkinTemplate must set bodyOnly as a skin option and remove lines of code generating html, body and head elements.
  • Skin::makeSearchButton and Skin::makeSearchInput were deprecated in 1.38. Use SkinTemplate methods with the same name or Skin::getTemplateData instead.
  • Styles for the HTML classes `warningbox`, `errorbox` and `successbox` have been removed in favor of Html class methods.
  • The feature `legacy` used inside ResourceLoaderSkinModule, deprecated in 1.37, will no longer ship any styles.
  • Skin::getSkinStylePath, deprecated since 1.36, has been removed.
  • Skin::getPortletData has been made private.
  • SkinTemplate::getPersonalToolsList(), deprecated in 1.35 has been removed.
  • The following SkinTemplate template data, deprecated in 1.37, have been removed:
    • poweredbyico
    • copyrightico
  • The following hooks, deprecated in 1.37, have been removed:
    • SkinGetPoweredBy: SkinGetPoweredByHook
  • The following hooks are deprecated and replaced with SkinTemplateNavigation::Universal:
    • SkinTemplateNavigation::SpecialPage
    • SkinTemplateNavigation
    • PersonalUrls
  • The mediawiki.skinning.content.externallinks module, which was deprecated in 1.36, has been removed. Skins that still rely on it will lose the icon styling of external links by type.
• Experimental wiki farm support: Automatic detection of the requested site within a wiki farm based on the requested domain has been removed. Use the MW_WIKI_NAME environment variable to specify the name of the site to load configuration for. Using the WIKI_NAME environment variable for this purpose is deprecated. This is only relevant if you have been using $wgWikiFarmSettingsDirectory to load wiki farm config.
• MWExceptionHandler::installHandler was marked @internal and had required arguments added. This method is intended for use in bootstrap code and is unused in known extensions.
• MWException::useOutputPage was made private without deprecation. This method was apparently only public for testing and is unused in known extensions.
• Calling getId() on a User or UserIdentityValue from the wrong wiki, deprecated since 1.36, now throws an exception.
• The following methods have been removed from ExtensionRegistry without deprecation and without replacement. They had been introduced in 1.35 for use in the testing framework, and were not in use by any known extension:
  • exportAutoloadClassesAndNamespaces
  • exportTestAutoloadClassesAndNamespaces
• The MWNamespace class, deprecated since 1.34, has been removed. Use the NamespaceInfo service instead.
• The UnknownContent and UnknownContentHandler class aliases have been removed, use FallbackContent and FallbackContentHandler instead.
• IResultWrapper::next() now returns void, to match the Iterator interface that it implements. fetchObject() has the same behavior as next() used to.
• In HTMLForm HTMLAutoCompleteSelectFields, the parameters 'autocomplete' and 'autocomplete-messages', which were deprecated in MediaWiki 1.29, were removed. Instead, use 'autocomplete-data' and 'autocomplete-data-messages'.
• The global $wgParser , deprecated in 1.32, was removed. Use MediaWikiServices::getInstance()->getParser() instead.
• ParserOutput::setText will now set the ParserOutput's text to null if given null. Previously it did nothing if given null.
• The default value for the first argument to the ParserOutput constructor is now null instead of .
• IDatabase::lockTables() and IDatabase::unlockTables(), deprecated since 1.38, have been removed.
• The $context parameter to `new HTMLForm( … )` and `HTMLForm::factory( … )` is now required.
• The class alias for revision related classes in namespace MediaWiki\Storage has been removed. Classes are IncompleteRevisionException, MutableRevisionRecord, MutableRevisionSlots, RevisionAccessException, RevisionArchiveRecord, RevisionFactory, RevisionLookup, RevisionRecord, RevisionSlots, RevisionStore, RevisionStoreRecord, SlotRecord, and SuppressedDataException.
• Calling getBy() on an AbstractBlock from the wrong wiki, deprecated since 1.38, now throws an exception.
• Passing a MediaWiki\Linker\LinkTarget to EditPage::makeTemplatesOnThisPageList or TemplatesOnThisPageFormatter::format is no longer supported, a MediaWiki\Page\PageIdentity is required.
• The deprecated class alias FakeConverter has been removed, use TrivialLanguageConverter instead.
• The deprecated ApiQueryContributions class alias has been removed, use ApiQueryUserContribs instead.
• The deprecated MediaWiki\Special\SpecialPageFactory class alias has been removed, use MediaWiki\SpecialPage\SpecialPageFactory instead.
• The following skin modules, deprecated in 1.37, have been removed:
  • mediawiki.skinning.elements
  • mediawiki.skinning.content
  • mediawiki.toc.styles
  • mediawiki.legacy.config
  • mediawiki.legacy.shared
  • mediawiki.legacy.commonPrint
• FileModule::compileLessFile(), deprecated since 1.35, has been removed. Use ::compileLessString() instead.
• LogFormatter::styleRestricedElement(), deprecated since 1.37, has been removed. Use ::styleRestrictedElement() instead.
• Title::isNamespaceProtected(), deprecated in 1.34, has been removed.
• ApiStashEdit::parseAndStash(), deprecated in 1.34, has been removed.
• LinkCache::forUpdate(), deprecated in 1.34, has been removed.
• Passing null instead of a NamespaceInfo instance to LinkCache::__construct() is not supported anymore. It is recommended to request an instance from the service container.
• ApiQueryBase::showHiddenUsersAddBlockInfo(), deprecated in 1.34, has been removed. Use ApiQueryBlockInfoTrait instead.
• ApiQueryBase::prefixedTitlePartToKey(), deprecated in 1.35, has been removed. Use ::parsePrefixedTitlePart() instead.
• ExternalStoreDB::getSlave(), deprecated in 1.34, has been removed. Use ExternalStoreDB::getReplica() instead.
• ChangesListSpecialPage::checkStructuredFilterUiEnabled() and SpecialWatchlist::checkStructuredFilterUiEnabled() now support UserIdentity as the only argument. Passing Config argument was deprecated in 1.34.
• DatabaseUpdater::ifNoActorTable(), deprecated in 1.35, has been removed. Use ::ifTableNotExists() instead.
• MediaWiki\Revision\RevisionStoreFactory::getRevisionStore was documented to allow passing bool true as a dbDomain, this is no longer possible, because that is an invalid value for a dbDomain.
• LinkHolderArray::__construct() had its signature changed. The class was marked internal in 1.35.
• SpecialMute::isTargetBlacklisted(), deprecated in 1.35, has been removed. Use ::isTargetMuted() instead.
• WebRequest::checkUrlExtension(), deprecated in 1.35, has been removed.
• ContentHandler::cleanupHandlersCache(), deprecated in 1.35, has been removed.
• SpecialVersion::getExtAuthorsFileName, deprecated in 1.35, has been removed. Use MediaWiki\ExtensionInfo::getAuthorsFileName.
• SpecialVersion::getExtLicenseFileName, deprecated in 1.35, has been removed. Use MediaWiki\ExtensionInfo::getLicenseFileNames.
• CategoryPage::getCategoryViewerClass and ::setCategoryViewerClass, deprecated in 1.35, have been removed.
• SqlBlobStore::getLegacyEncodingConversionLang(), deprecated in 1.34, has been removed.
• wfCanIPUseHTTPS(), deprecated in 1.37, has been removed.
• wfGetScriptUrl(), deprecated in 1.35, has been removed.
• The following methods of Database class, are no longer stable to override:
  • ::implicitOrderby()
  • ::selectSQLText()
  • ::bitNot()
  • ::bitAnd()
  • ::bitOr()
  • ::buildConcat()
  • ::buildGreatest()
  • ::buildLeast()
  • ::buildSubstring()
  • ::buildStringCast()
  • ::buildIntegerCast()
  • ::tableName()
  • ::addIdentifierQuotes()
  • ::buildLike()
  • ::limitResult()
  • ::unionSupportsOrderAndLimit()
  • ::unionQueries()
  • ::conditional()
  • ::strreplace()
  • ::timestamp()
  • ::getInfinity()
  • ::setTableAliases()
  • ::setIndexAliases()
  • ::buildGroupConcatField()
• SpecialUnblock::processUnblock(), deprecated in 1.36, has been removed. Use UnblockUser instead.
• wfLocalFile() and wfFindFile(), deprecated in 1.34, have been removed.
• Maintenance script resetUserTokens.php, deprecated in 1.27, has been removed.
• These methods in Database have been removed without deprecation as they are not used outside core. Users should override corresponding methods in SQLPlatform instead:
  • Database::doInsert -> SQLPlatform::insertSqlText
  • Database::doDropTable -> SQLPlatform::dropTableSqlText
  • Database::doRollback -> SQLPlatform::rollbackSqlText
  • Database::doSavepoint -> SQLPlatform::savepointSqlText
  • Database::doReleaseSavepoint -> SQLPlatform::releaseSavepointSqlText
  • Database::doRollbackToSavepoint -> SQLPlatform::rollbackToSavepointSqlText
• The following protected methods of Database class have been removed without deprecation as they are not used outside core. Users should call corresponding methods in SQLPlatform:
  • Database::makeInsertLists -> SQLPlatform::makeInsertLists
  • Database::isFlagInOptions -> SQLPlatform::isFlagInOptions
  • Database::normalizeOptions -> SQLPlatform::normalizeOptions
  • Database::fieldNameWithAlias -> SQLPlatform::fieldNameWithAlias
  • Database::isTransactableQuery -> SQLPlatform::isTransactableQuery
• $wgCanonicalNamespaceNames no longer includes custom namespaces defined using $wgExtraNamespaces . Extensions should use the NamespaceInfo service instead of accessing this configuration setting directly.
• The following hook, deprecated in 1.35, has been removed:
  • ParserGetVariableValueVarCache: ParserGetVariableValueVarCacheHook
• The $variableCache parameter to the ParserGetVariableValueSwitch hook is no longer used; non-standard use of this parameter has been deprecated since 1.35.
• These methods have been moved from IDatabase to IMaintainableDatabase:
  • IDatabase::fieldExists -> IMaintainableDatabase::fieldExists
  • IDatabase::indexExists -> IMaintainableDatabase::indexExists
  • IDatabase::tableExists -> IMaintainableDatabase::tableExists
• DBConnRef doesn't accept live connection in constructor anymore. Only parameters for getting connection should be provided.
• IDatabase::getTopologyRootPrimary() was removed.
• User::blockedBy(), deprecated since 1.38, has been removed.
• User::getBlockId(), deprecated since 1.38, has been removed.

Deprecations in 1.39[edit]

• PageProps::getInstance(), deprecated since 1.38, emits deprecations warnings.
• The global function wfGetDB() has been deprecated. Use LoadBalancer::getConnection() instead.
• SpecialRedirectWithAction::__construct without SearchEngineFactory argument is hard deprecated.
• Use of the SiteStatsUpdate constructor has been deprecated in favor of the ::factory() method.
• AuthManager::checkAccountCreatePermissions has been deprecated. Use AuthManager::authorizeCreateAccount or AuthManager::probablyCanCreateAccount instead.
• Title::getSelectFields() has been deprecated in favor of PageStore::newSelectQueryBuilder()
• Title::newFromTitleValue(), deprecated since in 1.34, now emits deprecation warnings. Use ::newFromLinkTarget() instead.
• ExtensionRegistry::readFromQueue() has been marked @internal. Extensions should use ExtensionProcessor instead.
• Processor::getExtraAutoloaderPaths() and ExtensionProcessor::getExtraAutoloaderPaths() have been deprecated, use get getExtractedAutoloadInfo() instead.
• The following global functions are deprecated in favor of the listed UrlUtils methods.
  • wfExpandUrl -> UrlUtils::expand
  • wfGetServerUrl -> UrlUtils::getServer
  • wfAssembleUrl -> UrlUtils::assemble
  • wfRemoveDotSegments -> UrlUtils::removeDotSegments
  • wfUrlProtocols -> UrlUtils::validProtocols
  • wfUrlProtocolsWithoutProtRel -> UrlUtils::validAbsoluteProtocols
  • wfParseUrl -> UrlUtils::parse
  • wfExpandIRI -> UrlUtils::expandIRI
  • wfMatchesDomainList -> UrlUtils::matchesDomainList

These methods are exact replacements except that

1. they return null instead of false or empty string on error (where applicable);
2. UrlUtils::validProtocols does not take a parameter (documentation said not to pass one to wfUrlProtocols anyway);
3. they use type hints (don't try passing null instead of string, etc.).

• MaintainableDBConnRef is deprecated, use DBConnRef instead.
• Loading DefaultSettings.php is deprecated. To get default values of main config settings, use MainConfigSchema::listDefaultValues() or MainConfigSchema::getDefaultValue().
• AbstractContent::getRedirectChain() and AbstractContent::getUltimateRedirectTarget() are now emitting deprecation warnings (task T296430).
• (task T244138) QueryPage::getSQL() is deprecated. Instead QueryPage::getQueryInfo() should be overridden.
• Calling new JobRunner() directly without $serviceOptions now emits deprecation warnings. Use MediaWikiServices::getInstance()->getJobRunner() instead.
• Passing an array of targets to Article::getRedirectHeaderHtml() is deprecated. Supply a single redirect target instead (task T296430).
• The following Less mediawiki.mixins have been deprecated:
  • .animation()
  • .animation-delay()
  • .transform-rotate()
• Skin::getAction is deprecated. Use IContextSource::getActionName instead.
• User::getOption, deprecated since 1.35, now emits deprecation warnings. Use UserOptionsLookup::getOption instead.
• ILBFactory::forEachLB() is deprecated. Use ::getAllLBs().
• LoadBalancer::forEachOpenConnection() and ::forEachOpenPrimaryConnection() are deprecated without replacement.
• The following classes were moved from the root namespace to the MediaWiki\ResourceLoader namespace, the old names becoming deprecated aliases: ResourceLoader, MessageBlobStore, VueComponentParser.
• The following classes had the "ResourceLoader" prefix stripped while being moved to the MediaWiki\ResourceLoader namespace, the old names becoming deprecated aliases: DerivativeResourceLoaderContext, ResourceLoaderCircularDependencyError, ResourceLoaderClientHtml, ResourceLoaderCodexModule, ResourceLoaderContext, ResourceLoaderFileModule, ResourceLoaderFilePath, ResourceLoaderForeignApiModule, ResourceLoaderImage, ResourceLoaderImageModule, ResourceLoaderLanguageDataModule, ResourceLoaderLessVarFileModule, ResourceLoaderModule, ResourceLoaderMwUrlModule, ResourceLoaderOOUIFileModule, ResourceLoaderOOUIIconPackModule, ResourceLoaderOOUIImageModule, ResourceLoaderOOUIModule, ResourceLoaderSiteModule, ResourceLoaderSiteStylesModule, ResourceLoaderSkinModule, ResourceLoaderStartUpModule, ResourceLoaderUserModule, ResourceLoaderUserOptionsModule, ResourceLoaderUserStylesModule, ResourceLoaderWikiModule.
• The following methods in WikiRevision and their interfaces ImportableUploadRevision and ImportableOldRevision are deprecated:
  • ::getUserObj() → ::getUser()
  • ::setUserObj() → ::setUsername()
  • ::setUserIP() → ::setUsername()
• ObjectCache::addBusyCallback() is deprecated and non-functional.
• MWTimestamp::getHumanTimestamp(), deprecated in 1.26, now emits deprecation warnings.
• Article::viewRedirect(), deprecated in 1.30, now emits deprecation warnings.
• Parser::getFreshParser() is deprecated, use ParserFactory::getInstance().
• CoreParserFunctions::mwnamespace() is deprecated and emits deprecation warnings, use CoreParserFunctions::namespace() instead.
• Registering magic variables whose names include a colon is deprecated.
• User::blockedFor(), deprecated in 1.35, now emits deprecation warnings.
• Access to previously public properties AbstractBlock::$mExpiry, AbstractBlock::$mHideName, AbstractBlock::$mTimestamp, DatabaseBlock::$mAuto, and DatabaseBlock::$mParentBlockId, deprecated in 1.34, now emits deprecation warnings.
• Access to previously public properties User::$mBlock, User::$mBlockedby, and User::$mHideName, deprecated in 1.35, now emits deprecation warnings.
• JobQueueGroup::singleton() and ::destroySingletons(), deprecated in 1.37, now emit deprecation warnings.
• Title::getNotificationTimestamp(), deprecated in 1.35, now emits deprecation warnings.
• Global functions wfReadOnly and wfReadOnlyReason, deprecated in 1.38, now emit deprecation warnings.
• Overriding or calling DifferenceEngine::getDiffBodyCacheKey(), deprecated in 1.31, now emits deprecation warnings.
• Access to previously public property WikiRevision::$fileIsTemp, deprecated in 1.29, now emits deprecation warnings.
• wfQueriesMustScale() has been deprecated and emits deprecation warnings.
• ContextSource::getStats(), RequestContext::getStats(), and DerivativeContext::getStats(), deprecated in 1.27, now emit deprecation warnings.
• ManualLogEntry::setTags(), deprecated in 1.33, now emits deprecation warnings.
• WikiRevision::downloadSource(), deprecated in 1.31, now emits deprecation warnings.
• DifferenceEngine::textDiff(), deprecated in 1.32, now emits deprecation warnings.
• FormatMetadata::flattenArrayContentLang(), deprecated in 1.36, now emits deprecation warnings.
• SkinTemplate::getNameSpaceKey(), deprecated in 1.35, now emits deprecation warnings.
• EnqueueJob::newFromJobsByWiki(), deprecated in 1.33, now emits deprecation warnings.
• The following methods of the MWGrants class, all deprecated since 1.38, are now emitting deprecation warnings:
  • getValidGrants
  • getRightsByGrant
  • grantName
  • grantNames
  • getGrantRights
  • grantsAreValid
  • getGrantGroups
  • getHiddenGrants
  • getGrantsLink
  • getGrantsWikiText
• DataUpdate::runUpdates(), deprecated in 1.28, now emits deprecation warnings.
• CdnCacheUpdate::newFromTitles(), deprecated in 1.35, now emits deprecation warnings.
• Instantiating HTMLCacheUpdate class, deprecated in 1.34, now emits deprecation warnings.
• ISQLPlatform::tableNames() (implemented by IDatabase) is soft deprecated. None of the tableName*() functions should be used by most users; if you absolutely must use raw SQL, write several tableName() calls instead.
• Language::isWellFormedLanguageTag() has been deprecated in favor of LanguageCode::isWellFormedLanguageTag().
• The PrevNextNavigationRenderer helper class has been deprecated in favor of the new PagerNavigationBuilder one.
• The methods IndexPager::getPagingLinks(), IndexPager::getLimitLinks() and IndexPager::buildPrevNextNavigation() have been deprecated in favor of IndexPager::getNavigationBuilder().
• Overriding the method IndexPager::makeLink() has been deprecated.

Other changes in 1.39[edit]

• Dynamic default values are now applied before extension registration callbacks are run. This way, extensions have a complete view of config variables, with all defaults applied. For example, when the default value of X used to be static but becomes dynamic, and an extension reads the value of X in the registration callback, it will now continue to function as expected. In some cases however, this may cause an undesired change in behavior: if the dynamic default of setting X depends on the value of setting Y, and an extension changes Y, the changed value of Y will no longer affect the value of X.

MediaWiki 1.39 requires PHP 7.4.3 or later and the following PHP extensions:

• ctype
• dom
• fileinfo
• iconv
• intl
• json
• mbstring
• xml

MariaDB is the recommended database software. MySQL, PostgreSQL, or SQLite can be used instead, but support for them is somewhat less mature.

The supported versions are:

• MariaDB 10.3 or higher
• MySQL 5.7.0 or higher
• PostgreSQL 10 or later
• SQLite 3.8.0 or later

Documentation for both end-users and site administrators is available on MediaWiki.org, and is covered under the GNU Free Documentation License (except for pages that explicitly state that their contents are in the public domain):

[1]

A mailing list is available for MediaWiki user support and discussion:

[2]

A low-traffic announcements-only list is also available:

[3]

It's highly recommended that you sign up for one of these lists if you're going to run a public MediaWiki, so you can be notified of security fixes.

There's usually someone online in #mediawiki on irc.libera.chat.