Release notes/1.32

MediaWiki 1.32.4
This is a security and maintenance release of the MediaWiki 1.32 branch.

Changes since MediaWiki 1.32.3
of headers in private wikis. Special:Redirect. separate files to help allieviate potential migration problems. updates.
 * (T207100) Updated LanguageTr for dotted and dotless I in PHP 7.3.
 * The ImgAuthModifyHeaders hook was added to img_auth.php to allow modification
 * (T230402) SECURITY: Add permission check for suppressed account to
 * (T208897) MessageCache: Restore 'loadedLanguages' tracking for load.
 * (T200088) Remove title protection correctly for undeletions and imports.
 * Add helper for HTTPFileStreamer header syntax.
 * (T118799) Fix XMP parser errors due to trailing nullchar.
 * (T233119) Improve documentation for the MinimumPasswordLengthToLogin policy.
 * Cache redirects from Special:Redirect.
 * (T231386) dispatchUser should use a 302 http status code.
 * (T227662) Split down patch-comment-table.sql and patch-actor-table.sql into
 * Make SQLite's patch-add-3d.sql a no-op to prevent clobbering other database

MediaWiki 1.32.3
This is a maintenance release of the MediaWiki 1.32 branch.

Changes since MediaWiki 1.32.2

 * (T225558) Update installer link to PHP intl.
 * (T225496) Detect APC for MainCacheType in CLI installer.
 * (T226766) Remove jetbrains/phpstorm-stubs from composer dev dependancies.
 * (T202211) Fix SQLite patch-(image|page|template)links-fix-pk.sql column order.

MediaWiki 1.32.2
This is a security and maintenance release of the MediaWiki 1.32 branch.

Changes since MediaWiki 1.32.1

 * (T204423) Backported support for hyphenated DB names in JobQueueGroup.
 * (T216968) Return  as   in both   and.
 * (T215169) Fix for  with   option fails on PostgreSQL.
 * (T199474) Fix typo in  resulting in rogue flags.
 * (T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when  is true.
 * (T216029) Chrome redirects to Special:BadTitle after editing a section with a non-Latin name on a page with non-Latin characters in title.
 * Unbreak language related maintenance scripts that use StaticArrayWriter.
 * (T219728) Added support for new Japanese era name "Reiwa".
 * (T25227) SECURITY:  now requires to be posted and have a   token.
 * Updated  from 1.2.0 to 1.3.0.
 * (T221045) Remove orphaned code from ConfigRepository.
 * (T222385) resourceloader: Use AND instead of OR for upsert conditions in.
 * (T224374) Fix message parameters so that the message that says SQLite is out of date makes sense.
 * (T200471) Prevent LBFactorySimple breaking ExternalStorage, when trying to connect to external server with local database name.
 * (T197279) SECURITY: Fix re-authentication in Special:ChangeEmail.
 * (T208881) SECURITY: blacklist CSS.
 * (T209794) SECURITY: rate-limit and prevent blocked users from changing email.
 * (T199540) SECURITY: API: Respect  in.
 * (T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
 * (T222036, T222038) SECURITY: Add permission check for user is permitted to view the log type.
 * (T221739) SECURITY: resources: Patch jQuery 3.3.1 for CVE-2019-11358.

MediaWiki 1.32.1
This is a maintenance release of the MediaWiki 1.32 branch.

Changes since MediaWiki 1.32.0

 * (T213577) rdbms: avoid transaction status errors from ping in rollback.
 * rdbms: Pass required parameter.
 * rdbms: do not treat SAVEPOINT and RELEASE SAVEPOINT as write queries.
 * (T204531) rdbms: reduce LoadBalancer replication log spam.
 * (T213489) Avoid session double-start in Setup.php.
 * (T213717) Correct namespace 'Template' for gom-deva
 * (T198054) Fix login page crash caused by unknown language via ?uselang
 * (T215324) (T210937) list=users mistakenly reports user as missing.
 * (T209483) Add ILBFactory::redefineLocalDomain method. This is intended for use with scripts like addWiki.php to avoid mismatched domain errors.
 * (T208871) The hard-coded Google search form on the database error page was removed.
 * (T204800) Fix Title::getFragmentForURL for bad interwiki prefix
 * (T215566) Fix installer being unable to determine if the database exists during a fresh installation.

Changes since MediaWiki 1.32.0-rc.2

 * (T188327) Fix slow queries in migrateActors.php.
 * (T102320) Fix $magicWords for the Sanskrit language.

Changes since MediaWiki 1.32.0-rc.1

 * Fix addition of ug_expiry column to user_groups table on MSSQL.
 * (T210307) Fix the cache timestamp for forced updates.
 * (T210621) User: Bypass repeatable-read when creating an actor_id.
 * (T197535) Extensions can now specify PHP versions and PHP extensions they depend on.
 * Updated wikimedia/ip-set from v1.2.0 to v1.3.0.
 * (T212356) When using action=delete on pages with many revisions, the module may return a boolean-true 'scheduled' and no 'logid'. This signifies that the deletion will be processed via the job queue.
 * (T64103) Dropped columns, , and from the PostgreSQL schema.

Changes since MediaWiki 1.32.0-rc.0

 * (T209885) Prevent populateSearchIndex.php from breaking once actor migration has been started.
 * (T210998) Properly set  in the generated LocalSettings.php if --lang is used with the command-line installer (install.php).

New configuration

 * – The quality of JPEG thumbnails is now configurable through this setting. The default is 80, which matches the quality of JPEG thumbnails previously generated by ImageMagick. The quality of JPEG thumbnails generated by GD was previously 95, but now uses the  setting as well.
 * - This determines whether to set a cookie when an IP user is blocked. Doing so means that a blocked user, even after moving to a new IP address, will still be blocked.
 * – This new configuration setting is added for listing messages which are displayed as raw HTML.
 * and  – You can now define a "Content Security Policy" for your wiki. This adds a defense-in-depth feature to stop an attacker who has found a bug in the parser allowing them to insert malicious attributes. Disabled by default. (T135963)
 * – A new user group, 'interface-admin', is added for controlling access to sitewide CSS/JS (and editing other users' CSS/JS). No other group has 'editsitecss', 'editusercss', 'editsitejs' or 'edituserjs' by default.
 * – A new grant group, 'editsiteconfig', is added for granting the above rights.
 * – A default database group for use by maintenance scripts.
 * – This new configuration setting lets you enable client-side profiling of JavaScript modules; it is off by default.
 * (T193868)  — This temporary configuration setting allows sysadmins to gradually migrate the database table schema for how change tags are stored.
 * (T199334)  — This temporary configuration setting allows sysadmins to enable the caching of Special:Tags via the new  table.

Changed configuration

 * – This setting, deprecated in 1.31, is now ignored.
 * – The default watchlist view time (watchlistdays) has been increased from 3 to 7 days. (T194414)
 * – The right to edit sitewide JavaScript (e.g. MediaWiki:Common.js), CSS or JSON was separated from 'editinterface' and is available under 'editsitejs'/'editsitecss'/'editsitejson'. Having 'editinterface' is still necessary to edit such pages.
 * now defaults to writing both the old and the new schema, but reading the new schema, so Multi-Content Revisions (MCR) are now functional per default. The new default value of the setting is SCHEMA_COMPAT_WRITE_BOTH | SCHEMA_COMPAT_READ_NEW.
 * no longer accepts MIGRATION_WRITE_BOTH or MIGRATION_WRITE_NEW. It instead uses SCHEMA_COMPAT_WRITE_BOTH | SCHEMA_COMPAT_READ_OLD and SCHEMA_COMPAT_WRITE_BOTH | SCHEMA_COMPAT_READ_NEW for intermediate stages of migration.
 * – The default table options now use the binary charset. The default was already overridden in the installer-generated LocalSettings.php, and so is always set to binary after the installer UI option was removed. The default value is only used when the installer installs an extension.
 * — The location of the default popular passwords file has been moved to be in line with other non-PHP files used by libraries and classes.
 * is now disabled by default, as it opens up a hole for potential privacy leaks by administrators. You can check "MediaWiki:External image whitelist" on your wiki to see whether the feature was ever used, and whether it needs to be re-enabled.

Removed configuration

 * and  – These settings, deprecated in 1.31, have been removed. (T115414)
 * – This setting, unused since 1.5, was removed.
 * – This setting, deprecated in 1.30, was removed.
 * – This setting, deprecated since 1.30, was removed. The 'html5-legacy' value for  is no longer accepted.
 * - This setting, ignored since 1.23 by MediaWiki and most extensions, is no longer set. Instead, you can modify the system message `emailsender`.
 * – The experimental Html5Internal and Html5Depurate tidy drivers were removed. RemexHtml, which is the default, should be used instead.
 * (T181318) The  setting and its appendage to various script and style URLs in OutputPage, deprecated in 1.31, was removed.
 * (T140807) The wgResourceLoaderLESSImportPaths configuration option was removed from ResourceLoader. Instead, use `@import` statements in LESS to import files directly from nearby directories within the same project.
 * (T140804) The wgResourceLoaderLESSVars configuration option, deprecated since 1.30, was removed. Instead, to expose variables from PHP to LESS, use the ResourceLoaderModule::getLessVars method.
 * – This setting, unused since MediaWiki 1.18, was removed.
 * Two temporary variables for deploying the feature of filters on change lists,  introduced in MediaWiki 1.30 and   in 1.31, were removed.

New features in 1.32

 * (T112474) Generalized the ResourceLoader mechanism for overriding modules using a particular page during edit previews.
 * (T12331) You can now log page creation events by setting  to true.
 * Added 'ApiParseMakeOutputPage' hook.
 * (T174313) Added checkbox on Special:ListUsers to display only users in temporary user groups.
 * (T152462) A cookie can now be set when an IP user is blocked to track that user if they move to a new IP address. This is disabled by default.
 * (T194950) Added 'ApiMaxLagInfo' hook.
 * SpecialPage::checkLoginSecurityLevel will now preserve POST data when re-authenticating.
 * FormSpecialPage::execute will now call checkLoginSecurityLevel if getLoginSecurityLevel returns non-false.
 * The 'ImageBeforeProduceHTML' hook is now passed three new parameters, $parser, &$query and &$widthOption, allowing extensions even finer control over the resulting HTML code.
 * Added new 'ArticleShowPatrolFooter' hook, which allows extensions to determine if the [mark as patrolled] link should be shown at the footer of patrollable pages.
 * The array of hidden options ($opts) passed to the 'SpecialSearchPowerBox' hook is now passed by reference, allowing extensions to modify or even unset it.
 * Added new 'OutputPageAfterGetHeadLinksArray' hook, allowing extensions to modify the return value of OutputPage#getHeadLinksArray in order to add, remove or otherwise alter the elements to be output in the page.
 * (T28934) The 'HistoryPageToolLinks' hook allows extensions to append additional links to the subtitle of a history page.
 * The 'GetLinkColours' hook now receives an additional $title parameter, the Title object of the page being parsed, on which the links will be shown.
 * (T194731) DifferenceEngine supports multiple slots. Added SlotDiffRenderer to render diffs between two Content objects, and DifferenceEngine::setRevisions to render diffs between two custom (potentially multi-content) revisions. Added GetSlotDiffRenderer hook which works like GetDifferenceEngine for slots.
 * Added a temporary action=mcrundo to the web UI, as the normal undo logic can't yet handle MCR and deadlines are forcing is to put off fixing that. This action should be considered deprecated and should not be used directly.
 * Extensions overriding ContentHandler::getUndoContent will need to be updated for the changed method signature.
 * Added a new hook, 'UserGetRightsRemove', which can be used to remove rights from user. Unlike the 'UserGetRights' it will ensure that removed rights will not be reinserted.
 * (T197535) Extensions can now specify PHP versions and PHP extensions they depend on.

New external libraries

 * Added pear/Net_SMTP v1.8.0.
 * Added wikimedia/xmp-reader v0.6.0.


 * Added cache/integration-tests v0.16.0 (dev-only).
 * Added giorgiosironi/eris v0.10.0 (dev-only).
 * Added seld/jsonlint v1.7.1 (dev-only).


 * Added EasyDeflate (unversioned).

Changed external libraries

 * Updated OOUI from v0.26.3 to v0.29.2.
 * Updated wikimedia/base-convert from v1.0.1 to v2.0.0.
 * Updated wikimedia/remex-html from v1.0.3 to v2.0.1.
 * Updated wikimedia/scoped-callback from v1.0.0 to v2.0.0.
 * ScopedCallback objects can no longer be serialized.
 * Updated wikimedia/timestamp from v1.0.0 to v2.2.0.
 * Updated wikimedia/wrappedstring from v2.3.0 to v3.0.1.
 * oyejorge/less.php replaced with our fork wikimedia/less.php
 * Updated wikimedia/ip-set from v1.2.0 to v1.3.0.


 * Updated composer/spdx-licenses from v1.3.0 to v1.4.0 (dev-only).
 * Updated mediawiki/mediawiki-codesniffer from v18.0.0 to v22.0.0 (dev-only).
 * Updated psy/psysh from v0.8.11 to v0.9.6 (dev-only).


 * Updated CLDRPluralRuleParser from v0.1.0 to v1.3.2-pre.
 * Updated jquery from v3.2.1 to v3.3.1.
 * Updated jquery.client from v2.0.0 to v2.0.1.
 * Updated jquery.i18n from v1.0.4 to v1.0.5.
 * Updated mustache.js from v0.8.2-d9aa703 to v1.0.0.
 * Updated OOjs from v2.2.0 to v2.2.2.
 * Updated qunitjs from v2.4.0 to v2.6.2.
 * Updated sinonjs from v1.17.3 to v1.17.7.

Removed external libraries

 * pear/mail_mime-decode was removed.

Bug fixes in 1.32

 * SpecialPage::execute will now only call checkLoginSecurityLevel if getLoginSecurityLevel returns non-false.
 * (T43720, T46197) Improved page display title handling for category pages.
 * (T65080) Fixed resetting options of some types via API action=options.
 * (T198054) Fixed login crash caused by invalid/unknown language code for the 'uselang' parameter.

Action API changes in 1.32

 * Added templated parameters.
 * A module can define a templated parameter like "{fruit}-quantity", where the actual parameters recognized correspond to the values of a multi-valued parameter. Then clients can make requests like "fruits=apples|bananas&apples-quantity=1&bananas-quantity=5".
 * action=paraminfo will return templated parameter definitions separately from normal parameters. All parameter definitions now include an "index" key to allow clients to maintain parameter ordering when merging normal and templated parameters.
 * It is now an error to submit too many values for a multi-valued parameter. This has generated a warning since MediaWiki 1.14.
 * Assertion failures from the 'assert' and 'assertuser' parameters will no longer use the action module's custom response format, for the few modules that use custom formatters that handle errors.
 * (T198935) User list preferences such as `email-blacklist` and similar extension preferences are no longer represented as arrays when returned by action=query&meta=userinfo&uiprop=options.
 * 'missingparam' errors will now use the prefixed parameter name in the code and error text, e.g. "noxxfoo" and "The 'xxfoo' parameter must be set" rather than "nofoo" and "The 'foo' parameter must be set".
 * action=query&prop=revisions now takes a 'rvslots' parameter to indicate the multi-content revision slots for which content should be returned. It also has a new rvprop, 'roles', to indicate which roles have slots. A deprecation warning will be issued if rvprop=content or rvprop=contentmodel are used without rvslots.
 * The rvcontentformat parameter to action=query&prop=revisions has been deprecated. Clients should be prepared to deal with the default format for relevant models.
 * Use of the deprecated parameters rvexpandtemplates, rvgeneratexml, rvparse, rvdiffto, rvdifftotext, rvdifftotextpst, rvcontentformat, or the deprecated rvprop=parsetree is forbidden with the new 'rvslots' parameter.
 * action=query&prop=deletedrevisions, action=query&list=allrevisions, and action=query&list=alldeletedrevisions are changed similarly to &prop=revisions (see the three previous items).
 * (T174032) action=compare now supports multi-content revisions.
 * It has a 'slots' parameter to select diffing of individual slots. The default behavior is to return one combined diff.
 * The 'fromtext', 'fromsection', 'fromcontentmodel', 'fromcontentformat', 'totext', 'tosection', 'tocontentmodel', and 'tocontentformat' parameters are deprecated. Specify the new 'fromslots' and 'toslots' to identify which slots have text supplied and the corresponding templated parameters for each slot.
 * The behavior of 'fromsection' and 'tosection' of extracting one section's content is not being preserved. 'fromsection-{slot}' and 'tosection-{slot}'  instead expand the given text as if for a section edit. This effectively  declines T183823 in favor of T185723.
 * (T198214) The 'disabletidy' parameter to action=parse has been deprecated; untidy output will not be supported by future wikitext parsers.
 * Added intestactionsdetail to action=query&prop=info to allow retrieving the reasons an action is not allowed.
 * Deprecated action=query&prop=info inprop=readable in favor of intestactions=read.
 * (T212356) When using action=delete on pages with many revisions, the module may return a boolean-true 'scheduled' and no 'logid'. This signifies that the deletion will be processed via the job queue.

Action API internal changes in 1.32

 * Added 'ApiParseMakeOutputPage' hook.
 * Parameter names may no longer contain '{' or '}', as these are now used for templated parameters.
 * (T194950) Added 'ApiMaxLagInfo' hook.
 * The following methods now take a RevisionRecord rather than a Revision. No external callers are known.
 * ApiFeedContributions::feedItemAuthor
 * ApiFeedContributions::feedItemDesc
 * ApiQueryRevisionsBase::extractRevisionInfo
 * The following deprecated methods have been removed:
 * ApiBase::profileIn (deprecated in 1.25)
 * ApiBase::profileOut (deprecated in 1.25)
 * ApiBase::safeProfileOut (deprecated in 1.25)
 * ApiBase::profileDBIn (deprecated in 1.25)
 * ApiBase::profileDBOut (deprecated in 1.25)
 * ApiBase::dieUsage (deprecated in 1.29)
 * ApiBase::dieUsageMsg (deprecated in 1.29)
 * ApiBase::dieUsageMsgOrDebug (deprecated in 1.29)
 * ApiBase::getErrorFromStatus (deprecated in 1.29)
 * ApiBase::parseMsg (deprecated in 1.29)
 * ApiBase::setWarning (deprecated in 1.29)
 * ApiPageSet::getInvalidTitles (deprecated in 1.26)
 * ApiQueryLogEvents::addLogParams (deprecated in 1.25)
 * ApiUsageException::getCodeString (deprecated in 1.29)
 * ApiUsageException::getMessageArray (deprecated in 1.29)
 * Class UsageException, deprecated in 1.29, has been removed.
 * ApiErrorFormatter: Added getFormat and newWithFormat. In particular, you can now easily test $formatter->getFormat === 'bc', and then call $formatter->newWithFormat( 'plaintext' ) to get a non-BC formatter.

Languages updated in 1.32
MediaWiki supports over 350 languages. Many localisations are updated regularly. Below only new and removed languages are listed, as well as changes to languages because of Phabricator reports.


 * (T193566) Added language support for Ambonese Malay (abs).
 * (T194047) Added language support for Shawiya, Latin script (shy-latn).
 * (T195940) Added language support for Batak Mandailing (btm).
 * (T137491) Added language support for Standard Moroccan Amazigh (zgh).
 * (T198132) Added language support for Manipuri (mni).
 * (T201276) Added language support for Western Armenian (hyw).
 * (T201583) Added language support for Mon (mnw).
 * (T213717) Fixed a translation error on Goan Konkani (gom-deva) translations for NS_TEMPLATE.

Breaking changes in 1.32

 * , deprecated in 1.25, was removed. Use $_SERVER['REQUEST_TIME_FLOAT'] or WebRequest::getElapsedTime instead.
 * The MediaWikiI18N class, deprecated in 1.31, was removed.
 * QuickTemplate::setTranslator, deprecated in 1.31, was removed. Use Skin::msg instead.
 * wfInitShellLocale, deprecated in 1.30, was removed.
 * wfShellExecDisabled, deprecated in 1.30, was removed.
 * The type string for the parameter $lang of DateFormatter::getInstance, deprecated in 1.31, was removed.
 * The EDIT_TOKEN_SUFFIX constant deprecated in 1.27, was removed. Use MediaWiki\Session\Token::SUFFIX instead.
 * EditPage::isOouiEnabled deprecated in 1.30, was removed.
 * mw.util.wikiGetlink, deprecated in 1.23, was removed. Use mw.util.getUrl instead.
 * (T61113) The following methods and constants from the Revision class, which were deprecated in 1.25, have now been removed:
 * Revision::getRawUser
 * Revision::getRawUserText
 * Revision::getRawComment
 * window.gM from mediawiki.jqueryMsg, deprecated in 1.23, was removed. Use mw.msg or mw.message instead.
 * mw.util.escapeId, deprecated in 1.30, was removed. Use mw.util.escapeIdForAttribute or mw.util.escapeIdForLink instead.
 * mw.util.updateTooltipAccessKeys, deprecated in 1.24, was removed. Use jquery.accessKeyLabel instead.
 * The SqlDataUpdate class, deprecated in 1.28, has been removed.
 * The Html5Internal and Html5Depurate tidy driver classes were removed, along with the Balancer tidy implementation. Both implementations were experimental, and were replaced by RemexHtml.
 * (T179624) Job::insert and ::batchInsert, deprecated in 1.21, were both removed. Use JobQueueGroup::singleton->push instead.
 * The jquery.footHovzer module, for mediawiki.debug, was removed.
 * The es5-shim module, empty and deprecated since 1.29, was removed.
 * the dom-level2-shim module, empty and deprecated since 1.29, was removed.
 * the json module, empty and deprecated since 1.29, was removed.
 * The mediawiki.widgets.visibleByteLimit module alias, deprecated in 1.32, was removed. Use mediawiki.widgets.visibleLengthLimit instead.
 * The jquery.farbtastic module, unused since 1.18, was removed.
 * The 'jquery.expandableField' module, unused since 1.22, was removed.
 * The hooks 'PreferencesFormPreSave' and 'PreferencesGetLegend' may provide any HTMLForm object rather than PreferencesForm.
 * The non namespaced TimestampException class, deprecated in 1.29, was removed. Use Wikimedia\Timestamp\TimestampException instead.
 * The global functions codepointToUtf8, hexSequenceToUtf8, utf8ToHexSequence, utf8ToCodepoint, and escapeSingleString (deprecated in 1.25) were removed. The UtfNormal\Utils class from the utfnormal library should be used instead.
 * The deprecated UTF8_ and UNICODE_ constants were removed. The class constants from the UtfNormal\Constants class from the utfnormal library should be used
 * The protected methods PHPSessionHandler::returnSuccess and returnFailure, only needed for PHP5 compatibility, have been removed. It now uses the boolean values `true` and `false` respectively.
 * The $parserMemc global and wfGetParserCacheStorage, deprecated since 1.30, were removed. Use the ParserCache class instead.
 * ScopedCallback (deprecated in 1.28) was removed. Use Wikimedia\ScopedCallback instead.
 * Support for ResourceLoaderModule::getModifiedTime and getModifiedHash, deprecated since 1.26, was removed. Use getDefinitionSummary instead.
 * (T195256) Skins are recommended not to rely on JavaScript for the "mw-jump" and "jump-to-nav" accessibility links. To this end, the "jquery.mw-jump" is no longer loaded by default. The Vector and MonoBook skins have made a minor change to implement the toggle feature with CSS instead. To restore prior functionality, either explicitly load "jquery.mw-jump" in your skin or refer to T195256 for details on how to make the same change.
 * Hook 'EditPageBeforeEditChecks' was removed; use 'EditPageGetCheckboxesDefinition' instead.
 * Linker::getLinkColour and DummyLinker::getLinkColour, deprecated since 1.28, were removed. LinkRenderer::getLinkClasses should be used instead.
 * Wikimedia\Rdbms\LoadBalancer::getLaggedSlaveMode, deprecated in 1.28, has been removed. Use Wikimedia\Rdbms\LoadBalancer::getLaggedReplicaMode instead.
 * mw.widgets.CategoryMultiselectWidget now uses TagMultiselectWidget instead of CapsuleMultiselectWidget. The following methods may no longer be used:
 * setItemsFromData: Use setValue instead
 * getItemsData: Use getItems instead and get the data property
 * Two OutputPage methods, addMetadataLink and getMetadataAttribute, were removed. Use addLink instead.
 * Another two OutputPage methods, setPageTitleActionText and getPageTitleActionText, were removed. They did nothing since 1.15 (almost ten years). Use setHTMLTitle directly.
 * The return value of OutputPage::adaptCdnTTL has been removed. The value returned was misleading and probably not what any caller would have wanted.
 * All MagicWord static member variables have been removed. Use appropriate hooks or MagicWordFactory methods instead.
 * MagicWord::clearCache has been removed. Instead, create a new MagicWordFactory, such as by calling resetServiceForTesting( 'MagicWordFactory' ) on a MediaWikiServices.
 * mw.util.init has been removed. This function is not needed anymore and was a no-op function since 1.30.
 * SpecialPageFactory::resetList is a no-op. Call overrideMwServices instead.
 * MediaWiki no longer supports a StartProfiler.php file. Instead, you can set  and.
 * The mw.loader.addSource is now considered a private method, and no longer supports the `id, url` signature. Use the `Object` parameter instead.
 * The backwards-compatibility code in HTMLForm to add a drop-down control to an option that is not set to be a drop-down if the "mw-chosen" class is present, is now removed.
 * Several collations were removed. They were workarounds for bugs in the ICU library and they are no longer needed (as of ICU 57.1):
 * 'uppercase-se' (NorthernSamiUppercaseCollation) - use 'uca-se' instead
 * 'xx-uca-et' (CollationEt) - use 'uca-et' instead
 * 'xx-uca-fa' (CollationFa) - use 'uca-fa' instead
 * LanguageCode::bcp47 now always returns a valid BCP 47 code. This means that some MediaWiki-specific language codes, such as `simple`, are mapped into valid BCP 47 codes (eg `en-simple`).
 * The hooks 'SpecialRecentChangesFilters' & 'SpecialWatchlistFilters' deprecated in 1.23 were removed. Instead, use 'ChangesListSpecialPageStructuredFilters'. The ChangesListSpecialPage code for these legacy hooks, and their use in SpecialRecentchanges.php and SpecialWatchlist, was also removed:
 * ChangesListSpecialPage->getCustomFilters
 * ChangesListSpecialPage->getFilterGroupDefinitionFromLegacyCustomFilters
 * ChangesListSpecialPage::customFilters
 * The global function wfUseMW, deprecated since 1.26, has now been removed. Use the "requires" property of static extension registration instead.
 * no longer accepts array syntax, deprecated since 1.18.
 * The MailAddress constructor can no longer be called with a User object, behaviour which has been deprecated since 1.24.
 * LBFactory, deprecated since 1.28, has been removed. Instead, use Wikimedia\Rdbms\LBFactory.
 * The MimeMagic class, deprecated since 1.28 has been removed. Get a MimeAnalyzer instance from MediaWikiServices instead.
 * The '--tidy' option to maintenance/parse.php has been removed. Tidying the output is now the default. Use '--no-tidy' to bypass the tidy phase.
 * The global function wfErrorLog, deprecated since 1.25, has now been removed. Use MWLoggerLegacyLogger::emit or UDPTransport.
 * The hooks 'SpecialRecentChangesQuery' & 'SpecialWatchlistQuery', deprecated in 1.23, were removed. Instead, use ChangesListSpecialPageStructuredFilters or ChangesListSpecialPageQuery.
 * The global function wfUsePHP, deprecated since 1.30, has now been removed. To assert a newer version of PHP than MediaWiki does, use extension registration.
 * The hook 'ChangesListSpecialPageFilters', deprecated in 1.29, has now been removed. Use the 'ChangesListSpecialPageStructuredFilters' hook instead.
 * DeferredUpdates::setImmediateMode, deprecated since 1.29, has been removed.
 * File / MediaHandler::getStreamHeaders, deprecated since 1.30, was removed.
 * The hook 'DoEditSectionLink', deprecated since 1.25, has been removed. Use the hook 'SkinEditSectionLinks' instead.
 * The hook 'UserGetImplicitGroups', deprecated since 1.25, has been removed.
 * The global function wfRunHooks, deprecated since 1.25, has now been removed. Use Hooks::run.
 * The hook 'UnknownAction', deprecated since 1.19, has now been removed.
 * The hook 'ParserLimitReport', deprecated since 1.22, has been removed. Use the hooks 'ParserLimitReportPrepare' and 'ParserLimitReportFormat' instead.
 * The following deprecated API methods have been removed:
 * ApiBase::profileIn (deprecated in 1.25)
 * ApiBase::profileOut (deprecated in 1.25)
 * ApiBase::safeProfileOut (deprecated in 1.25)
 * ApiBase::profileDBIn (deprecated in 1.25)
 * ApiBase::profileDBOut (deprecated in 1.25)
 * ApiBase::dieUsage (deprecated in 1.29)
 * ApiBase::dieUsageMsg (deprecated in 1.29)
 * ApiBase::dieUsageMsgOrDebug (deprecated in 1.29)
 * ApiBase::getErrorFromStatus (deprecated in 1.29)
 * ApiBase::parseMsg (deprecated in 1.29)
 * ApiBase::setWarning (deprecated in 1.29)
 * ApiPageSet::getInvalidTitles (deprecated in 1.26)
 * ApiQueryLogEvents::addLogParams (deprecated in 1.25)
 * ApiUsageException::getCodeString (deprecated in 1.29)
 * ApiUsageException::getMessageArray (deprecated in 1.29)
 * Class UsageException, deprecated in 1.29, has been removed.
 * MediaWiki no longer has a 'JavaScript-powered' wikitext toolbar built in. The old "bulletin board style toolbar", known as "the 2006 wikitext editor", has been removed, and instead sysadmins will be required to choose one (or more) of the several extensions available for this purpose if they need the functionality. The MediaWiki "tarball" releases have included the replacement extension for this, the WikiEditor extension aka "the 2010 wikitext editor", for many years now. As part of this, several parts of MediaWiki have been removed or simplified:
 * The user option 'showtoolbar' (shown as "Show edit toolbar") is no longer available; if an extension adds a toolbar via the EditPageBeforeEditToolbar  hook, it will be shown; extensions should provide a specific user preference  to disable themselves as needed.
 * The public methods Language::getImageFile and ::getImageFiles, and the related specification of $imageFiles within individual languages' code file,   as well as the referenced static media assets, all of which were only used   inside MediaWiki itself for providing the icons for the old toolbar, have   been removed without explicit deprecation.
 * The internal ResourceLoader module "mediawiki.toolbar", which is unused  except by MediaWiki itself and back-compatibility code, has been removed.
 * The internal ResourceLoaderEditToolbarModule class has been removed.

Deprecations in 1.32

 * HTMLForm::setSubmitProgressive is deprecated. No need to call it. Submit button is already marked as progressive.
 * Skin::setupSkinUserCss is deprecated. Adding of modules to load has been centralised to Skin::getDefaultModules, which is now capable of queueing style modules as well.
 * OutputPage::addModuleScripts and ParserOutput::addModuleScripts are deprecated. Use addModules instead.
 * Overriding SearchEngine::{searchText,searchTitle,searchArchiveTitle} in extending classes is deprecated. Extend related doSearch* methods instead.
 * The following 'mediawiki.api' plugin modules were merged into mediawiki.api and deprecated: mediawiki.api.category, mediawiki.api.edit, mediawiki.api.login, mediawiki.api.options, mediawiki.api.parse, mediawiki.api.upload, mediawiki.api.user, mediawiki.api.watch, mediawiki.api.messages, and mediawiki.api.rollback.
 * ApiBase::truncateArray is deprecated. No replacement, as nothing is known to use it.
 * WatchAction::getUnwatchToken is deprecated. Use WatchAction::getWatchToken with the 'unwatch' action parameter instead.
 * IcuCollation::getICUVersion is deprecated, as you can just use the PHP constant INTL_ICU_VERSION directly in all versions that MediaWiki supports.
 * Parser::fetchFile is deprecated. Use ::fetchFileAndTitle instead.
 * The ApiQueryContributions class has been renamed to ApiQueryUserContribs.
 * The XMPInfo, XMPReader, and XMPValidate classes have been deprecated in favor of the namespaced classes provided by the wikimedia/xmp-reader library.
 * SearchResultSet::{next,rewind} are deprecated. Calling code should use foreach on the SearchResultSet, or the extractResults method. Extending code should override extractResults.
 * Instantiating SearchResultSet directly is deprecated. SearchEngine implementations must subclass SearchResultSet for their purposes.
 * SearchResult::setExtensionData argument has been changed from accepting an array to accepting a Closure that returns the array when called.
 * Class CryptRand, everything in MWCryptRand except generateHex and function MediaWikiServices::getCryptRand are deprecated, use random_bytes to generate cryptographically secure random byte sequences.
 * Parser::getConverterLanguage is deprecated. Use ::getTargetLanguage instead.
 * Language::markNoConversion is deprecated. It confused readers because it had unexpected behavior (only marking text if it looked like a URL) and was only used in a single place in the code.  Use LanguageConverter::markNoConversion instead.
 * (T197492) Language::truncate was soft deprecated in 1.31 and is hard deprecated in this release. It has been split into two similar methods, Language::truncateForVisual and Language::truncateForDatabase, which measure length in characters and bytes, respectively.  Use Language::truncateForVisual when possible to provide equity to users of multibyte scripts.
 * (T176526) EditPage::getContextTitle falling back to  when the context title is unset is now deprecated; anything creating an EditPage instance should set the context title via ::setContextTitle.
 * The 'jquery.hidpi' module (polyfill for IMG srcset) is deprecated.
 * ResourceLoaderStartUpModule::getStartupModules and ::getLegacyModules are deprecated. These concepts are obsolete and have no replacement.
 * String type for $lang of DifferenceEngine::setTextLanguage is deprecated.
 * The following methods of OutputPage are now deprecated in favour of using showFatalError directly: OutputPage::showFileDeleteError OutputPage::showFileNotFoundError, OutputPage::showFileRenameError OutputPage::showFileCopyError and OutputPage::showUnexpectedValueError.
 * The Replacer, DoubleReplacer, HashtableReplacer, and RegexlikeReplacer classes are now deprecated. Use a Closure instead.
 * (T194263) ContentHandler::makeParserOptions is deprecated. Use WikiPage::makeParserOptions or ParserOptions::newCanonical instead.
 * (T100681) Use of the Parsoid v1 API with the VirtualRESTService, deprecated in MediaWiki 1.26, is now hard-deprecated. All known clients were converted to the Parsoid v3 API in May 2015.
 * $input is deprecated in hook 'LogEventsListGetExtraInputs'. Use $formDescriptor instead.
 * SearchEngine::transformSearchTerm( $term ) should no longer be called prior to running searchText. This method was mainly implemented to support the 'prefix' URI param in SpecialSearch, but there are no reasons to expose this logic as it should be handled internally by SearchEngine implementations supporting this feature. SearchEngine implementations should no longer override this methods.
 * SearchEngine::replacePrefixes( $query ) should no longer be called prior to running searchText/searchTitle.
 * (T199657) Messages for  labels should be no longer be in the 'log-show-hide-[type]' format. Instead use 'logeventslist-[type]-log'.
 * Global functions wfArrayFilter and wfArrayFilterByKey are deprecated. use array_filter directly.
 * The  global is deprecated and nonfunctional. Set   and/or   instead.
 * The  global is deprecated and nonfunctional. Set   instead.
 * Public access to the DifferenceEngine properties mOldid, mNewid, mOldRev, mNewRev, mOldPage, mNewPage, mOldContent, mNewContent, mRevisionsLoaded, mTextLoaded and mCacheHit is deprecated. Use getOldid / getNewid / getOldRevision / getNewRevision for the first four (note that the revision ones return a RevisionRecord, not a Revision), do your own lookup for page/content.
 * The  value 'wikidiff2' is deprecated. To use wikidiff2 just enable the PHP extension, and it will be autodetected.
 * (T194731) DifferenceEngine properties mOldContent and mNewContent and methods setContent, generateContentDiffBody, generateTextDiffBody and textDiff are deprecated. To interact with a single slot, use a SlotDiffRenderer (and subclass it to customize diff rendering); to diff custom (e.g. unsaved) content, use setRevisions. Subclassing DifferenceEngine should only be done to customize page-level diff properties (such as the navigation header).
 * The wfUseMW function, soft-deprecated in 1.26, is now hard deprecated.
 * All MagicWord static methods are now deprecated. Use the MagicWordFactory methods instead.
 * PasswordFactory::init is deprecated. To get a password factory with the standard configuration, use MediaWikiServices::getPasswordFactory.
 * is deprecated, use MediaWikiServices::getContentLanguage instead.
 * is deprecated, use MediaWikiServices::getParser instead.
 * wfGetMainCache is deprecated, use ObjectCache::getLocalClusterInstance instead.
 * wfGetCache is deprecated, use ObjectCache::getInstance instead.
 * All SpecialPageFactory static methods are deprecated. Instead, call the methods on a SpecialPageFactory instance, which may be obtained from MediaWikiServices.
 * mw.user.stickyRandomId was renamed to the more explicit mw.user.getPageviewToken to better capture its function.
 * Passing Revision objects to ContentHandler::getUndoContent is deprecated, Content object should be passed instead.
 * (T197179) Parameters 'notice', 'notice-messages', 'notice-message', previously used by OOUI HTMLForm fields, are now deprecated. Use 'help', 'help-message', 'help-messages' instead.
 * (T197179) HTMLFormField::getNotices is now deprecated.
 * The jquery.localize module is now deprecated. Use jquery.i18n instead.
 * The SecondaryDataUpdates hook was deprecated in favor of RevisionDataUpdates, or overriding ContentHandler::getSecondaryDataUpdates (T194038).
 * The WikiPageDeletionUpdates hook was deprecated in favor of PageDeletionDataUpdates, or overriding ContentHandler::getDeletionDataUpdates (T194038).
 * Content::getSecondaryDataUpdates has been deprecated in favor of ContentHandler::getSecondaryDataUpdates for overriding by extensions (T194038). Application logic should call WikiPage::doSecondaryDataUpdates (T194037).
 * Content::getDeletionUpdates has been deprecated in favor of ContentHandler::getDeletionUpdates for overriding by extensions (T194038). Application logic should call WikiPage::doSecondaryDataUpdates (T194037).
 * (T198214) Old Tidy-related configuration settings, which were soft-deprecated in MediaWiki 1.26, have now been hard deprecated. This affects,  ,  ,  ,  , and  . Use   instead.
 * All Tidy configurations other than Remex have been hard deprecated; future parsers will not emit compatible output for these configurations. In particular, running MediaWiki with tidy disabled has been deprecated.
 * (T198214) OutputPage::addWikiText, OutputPage::addWikiTextWithTitle, and OutputPage::addWikiTextTitle have been deprecated, since they can result in untidy output. In addition OutputPage::addWikiTextTidy and OutputPage::addWikiTextTitleTidy was deprecated to make naming new methods consistent.  Use OutputPage::addWikiTextAsInterface or OutputPage::addWikiTextAsContent instead, which ensures the output is tidy and clarifies whether content-language specific postprocessing should be done on the text.
 * OutputPage::parse and OutputPage::parseInline have been deprecated due to untidy output and inconsistent handling of wrapper divs and interface/content language defaults. Use OutputPage::parseAsContent, OutputPage::parseAsInterface, or OutputPage::parseInlineAsInterface as appropriate.
 * QuickTemplate::msgHtml and BaseTemplate::msgHtml have been deprecated as they promote bad practises. I18n messages should always be properly escaped.
 * Skin::getDynamicStylesheetQuery has been deprecated. It always returns action=raw&ctype=text/css which callers should use directly.
 * Class LegacyFormatter is deprecated.
 * Use of CommentStore::insertWithTempTable with 'img_description' is deprecated. Use CommentStore::insert instead.
 * Language::setCode is deprecated as public function. Use Language::factory to create a new Language object with a different language code.
 * Several classes have been moved from the MediaWiki\Storage\ namespace to the MediaWiki\Revision\ namespace. The old class names are aliased for compatibility, but are deprecated. Classes are IncompleteRevisionException, MutableRevisionRecord, MutableRevisionSlots, RevisionAccessException, RevisionArchiveRecord, RevisionFactory, RevisionLookup, RevisionRecord, RevisionSlots, RevisionStore, RevisionStoreRecord, SlotRecord, and SuppressedDataException.
 * When using OOUI HTMLForm containing an 'info' field which uses the 'rawrow' option, it is now deprecated to give its contents (the 'default' option) as a string. They should be given as a OOUI\FieldLayout object instead. Notably, this affects fields defined in the 'GetPreferences' hook, because Special:Preferences uses an OOUI form now. (If possible, don't use 'rawrow'.)
 * In Skin::doEditSectionLink omitting the parameters $tooltip and $lang is deprecated. For the $lang parameter, types other than Language are deprecated.
 * The  configuration option and the OutputPage::getKeyHeader method have been deprecated; the relevant draft IETF spec expired without becoming a standard.
 * Deprecated API action=query&prop=info inprop=readable in favor of intestactions=read.

Other changes in 1.32

 * (T198811) The following tables have had their UNIQUE indexes turned into proper PRIMARY KEYs for increased maintainability:, , and.
 * OOUI HTMLForm will now display help text inline after the input field, rather than in a popup. Previous behavior can be restored by using.
 * The table's  field is now unique.
 * Special:BotPasswords now requires re-authentication.
 * (T174023) Multi-Content Revision (MCR) capabilities were introduced into the storage layer and have basic support for display. No user interface exists yet for creating or managing content in slots besides the main slot. See Multi-Content Revisions for more information.
 * The database table has been removed. Since all access should be mediated by the CommentStore class, this change shouldn't affect external code.
 * (T206147) Database::close will no longer commit any open transactions.
 * (T64103) Dropped columns, , and from the PostgreSQL schema.

Compatibility
MediaWiki 1.32 requires PHP 7.0.13 or later. Although HHVM 3.18.5 or later is supported, it is generally advised to use PHP 7.0.13 or later for long term support. MediaWiki requires that the mbstring, xml, ctype, json, iconv and fileinfo PHP extensions are loaded to work.

MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used, but support for them is somewhat less mature. There is experimental support for Oracle and Microsoft SQL Server.

The supported versions are:


 * MySQL 5.5.8 or later
 * PostgreSQL 9.2 or later
 * SQLite 3.3.7 or later
 * Oracle 9.0.1 or later
 * Microsoft SQL Server 2005 (9.00.1399)

Upgrading
1.32 has several database changes since 1.31, and will not work without schema updates. Note that due to changes to some very large tables like the revision table, the schema update may take quite long (minutes on a medium sized site, many hours on a large site).

Don't forget to always back up your database before upgrading!

See the file UPGRADE for more detailed upgrade instructions, including important information when upgrading from versions prior to 1.11.

For notes on 1.31.x and older releases, see HISTORY.

Online documentation
Documentation for both end-users and site administrators is available on MediaWiki.org, and is covered under the GNU Free Documentation License (except for pages that explicitly state that their contents are in the public domain): https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation

Mailing list
A mailing list is available for MediaWiki user support and discussion: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l

A low-traffic announcements-only list is also available: https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce

It's highly recommended that you sign up for one of these lists if you're going to run a public MediaWiki, so you can be notified of security fixes.

IRC help
There's usually someone online in #mediawiki on irc.freenode.net.