Release notes/1.35

= MediaWiki 1.35 =

MediaWiki 1.35.13
This is a maintenance release of the MediaWiki 1.35 branch.

Changes since MediaWiki 1.35.12

 * Tarball release to fix backport issues with patch for T341529.

MediaWiki 1.35.12
This is a security and maintenance release of the MediaWiki 1.35 branch.

Changes since MediaWiki 1.35.11

 * Localisation updates.
 * (T333050, CVE-2023-45363) SECURITY: Fix infinite loop for self-redirects with variants conversion.
 * (T341434) WikiImporter: Improve error message output.
 * (T341737) ApiBase: Cast $id to string in filterIDs.
 * (T342632) ApiComparePages: Add help url.
 * (T347227) ImportReporter: Make callback functions public.
 * doc: Improve description of type in extension.schema.v1.json.
 * (T340221, CVE-2023-45360) SECURITY: XSS via 'youhavenewmessagesmanyusers' and 'youhavenewmessages' messages.
 * (T341529, CVE-2023-45362) SECURITY: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression.
 * (T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted XML file to Special:Upload (non-standard configuration).

MediaWiki 1.35.11
This is a security and maintenance release of the MediaWiki 1.35 branch.

Changes since MediaWiki 1.35.10

 * Localisation updates.
 * (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1.
 * (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7 (1.9.0 => 1.9.1).
 * (T269636) Add Access-Control-Max-Age to $wgAllowedCorsHeaders.
 * (T322944) Add Authorization to default $wgAllowedCorsHeaders.
 * (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter.
 * (T297917) objectcache: avoid use of ctype_digit in WANObjectCache::adaptiveTTL.
 * (T330464) Work around argument corruption bug in XMLReader::open.
 * (T313157) IndexPager: Also protect against $offset being 0.
 * (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.

MediaWiki 1.35.10
This is a security and maintenance release of the MediaWiki 1.35 branch.

Changes since MediaWiki 1.35.9

 * Localisation updates.
 * (T324895) MWCallbackStream: Add explicit $stream property.
 * Remove /images .htaccess rules that are no longer relevent.
 * Disable php in .htaccess of images directory as a hardening measure.
 * (T322583) Include missing message parameter in message.
 * Fix phan error when Excimer is enabled.
 * (T274966) tests: Make pass on php8.0.
 * (T323373) Parser: Fix extractSections behavior for PHP >= 8.0.
 * (T326021) Add matrix: to $wgUrlProtocols.
 * api/en.json: api-help-datatype-expiry add missing 'may'.
 * (T225218) Wait until the recent changes are updated.
 * (T328222) Pass empty string to strlen if schema is null for PostgresDatabase.
 * (T317329) OutputPage: Fix undefined ['host'] in ImagePreconnect code.
 * (T289926) SpecialRevisionDelete: Set default of '' for wpReason.
 * (T155582, T328503) Fix XML dumps for content types with non-string getNativeData.
 * (T295958, T278847) MediaWiki-Docker: Switch PHP images to PHP7.4.
 * (T314099) revisiondelete: Replace dynamic property Status::$itemStatuses.
 * (T329198) ParamValidator: Improve paramvalidator-help-multi-max message.
 * (T292348) WikiImporter: do not fail if upload entry in dump lacks 'text' tag.
 * (T329484) API: Fix query+allimages user parameter description.
 * (T330529) SpecialEditTags: Set default of '' for wpReason.
 * (T330526) htmlform: Handle null from HTMLFormField::getDefault in multiselects.
 * (T285159, CVE-2023-29141) SECURITY: Do not apply autoblocks to untrusted XFF headers.

MediaWiki 1.35.9
This is a security and maintenance release of the MediaWiki 1.35 branch.

Changes since MediaWiki 1.35.8

 * Localisation updates.
 * (T319000) WebInstaller: Don't try and run trim on null.
 * (T320864) When calling mail, use an array for headers.
 * (T311567) In ManualLogEntry, cast the comment to string.
 * (T323082) Upgrading wikimedia/xmp-reader (0.7.0 => 0.8.5).
 * Language: Handle ronna and quetta.
 * (T304515) LCStoreStaticArray: atomically replace the cache file.
 * (T324890, T324891, T324901) Parser: Allow dynamic properties on PHP 8.2.
 * (T322637) SECURITY: sqlite should not create DB file world-readable.

MediaWiki 1.35.8
This is a security and maintenance release of the MediaWiki 1.35 branch.

Changes since MediaWiki 1.35.7

 * Localisation updates.
 * (T311568) UploadBase::setTempFile handle $tempPath being passed as null.
 * (T311559) SpecialListFiles: user parameter isn't always present.
 * (T311561) ImageListPager: Don't call htmlspecialchars on null.
 * (T311920) SpecialBlockList: Prevent passing null to trim.
 * (T311921) SpecialUserrights: Don't pass null to str_replace.
 * (T311570) SpecialWithoutInterwiki: Don't pass null through to Title::capitalize.
 * (T311574, T311576) SpecialLinkSearch: Don't pass null through to the parser.
 * (T312519, T312520) Parser::extensionSubstitution Don't run substr on null.
 * (T287564) populateInterwiki: Include not null columns iw_api/iw_wikiid.
 * (T312302) SpecialRedirect: Don't pass null to explode.
 * RemoveInvalidEmails: Fix quoting for postgres.
 * (T312678) import: UploadSourceAdapter::stream_read don't pass null to strlen.
 * (T312300) SpecialDiff: Don't pass null to explode.
 * (T312680) parser: Fix CoreParserFunctions::urlencode null coalescence $arg.
 * (T289926) Handle null passed to wfShorthandToInteger and Html::element.
 * (T289926) Ensure that strlen does not get passed a (valid) null.
 * (T312301) SpecialDiff: Don't pass null to trim.
 * Hooks: Use more meaningful name for SkinAfterPortlet hook parameter.
 * (T289926) Ensure we don't pass null to mb_strlen.
 * (T312305, T311572, T311571, T311578) HtmlForm: Null coalescence in trim calls.
 * (T289926) site: Consistently return null from Site::getDomain.
 * (T307304, T289879) filebackend,jobqueue: Add signature for FilterIterator::accept.
 * (T312183) rdbms: Adapt hasOrMadeRecentPrimaryChanges test mock for PHP 8.1.
 * Add application/vnd.ms-opentype to MIME list.
 * Allow composer/installers plugin in composer.json.
 * (T313663) Make HandlerTestTrait compatible with php8.1.
 * (T313663) [php8.1] Change override of $wgResourceBasePath for CSP tests.
 * Change type hints for BatchRowIterator and NotRecursiveIterator for compatibility with PHP 8.1.
 * (T313663) [php8] Don't use strlen on potentially null string.
 * (T313663) [php8.1] Suppress test warning about providing null.
 * (T313663) Parser will use current timestamp instead of null if passed a RevisionRecord that does not have a timestamp.
 * (T313663) Add explicit null check for $sha in FileBackend [php8.1].
 * (T313663) LogFormatter: Cast argument of ctype_digit to string [php8.1].
 * (T289879, T289926) Get rid of warnings on PHP 8.1.
 * rdbms: fix some PHP 8 warnings in Database/LoadBalancer/LBFactory.
 * (T313663) Avoid testing strlen on null in ApiQuerySiteinfo [php 8.1 compat].
 * Fix a couple deprecation warnings in the installer under PHP 8.1.
 * (T313663) Use default timezone UTC for SpecialWatchlistTest [php 8.1].
 * (T314096) Migrate use of ${var}-style string interpolation.
 * (T313663, T313662) Make default value for optional args be '' not null.
 * (T314225) SpecialCategories: Null coalescene $par.
 * (T314099) User: Allow dynamic properties on PHP 8.2.
 * (T314404) SpecialGoToInterwiki: Null coalescene $par.
 * (T314397) SpecialBlock: Better handle null in getTargetUserTitle.
 * (T314099) phpunit: Fix trivial dynamic property usages in tests.
 * (T314405) UploadStash: Check if us_prop is set in the fileMetadata.
 * (T314550) SpecialMergeHistory: Set timestamp to '' if no mergepoint.
 * (T314551) SpecialMergeHistory: Set defaults for target and dest parameters.
 * api: Add rel=nofollow to help examples.
 * (T314824) tests: Update parser test after i18n change.
 * (T263927) Add autocomplete HTML attribute to common auth form fields.
 * (T307613) Validate length of user email on Special:ChangeEmail/Special:CreateAccount.
 * (T314906, T314907) SpecialBlock: Set defaults for wpPageRestrictions and wpNamespaceRestrictions.
 * (T315309) ImportStreamSource::newFromURL Prevent passing null to fwrite.
 * (T315892) composer.json: Pin phpunit to 8.5.28.
 * (T229092) MigrateActors.php: ignore duplicate creations of actors.
 * (T313049) Bump wikimedia/parsoid to v0.12.3.
 * (T317750) session: Fix broken SessionTest case due to PHPUnit dependency change.
 * (T318460) SpecialChangeEmail: Set default for returntoquery.
 * (T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results in an IP range check on Special:Contributions.
 * (T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence of hidden users.

MediaWiki 1.35.7
This is a security and maintenance release of the MediaWiki 1.35 branch.

Changes since MediaWiki 1.35.6

 * Localisation updates.
 * (T289879) Type hints for ArrayAccess.
 * (T304783) TemplateParser: avoid warnings when called by NoLocalSettings.
 * Rebuilt vendor with composer 2.3.3.
 * (T289879) Address some deprecations for PHP 8.1.
 * Fix old_name in UserLogoutComplete hook.
 * (T286260, T307979) objectcache: normalize $exptime to a TTL in APCUBagOStuff/WinCacheBagOStuff.
 * MediaSearchWidget should declare an explicit dependency on mediawiki.user module.
 * (T288423) WikiImporter: Replace deprecated WikiRevision::setText.
 * (T309377, CVE-2022-29248, T311384, CVE-2022-27776) Updating guzzlehttp/guzzle (6.5.5 => 6.5.8).
 * (T308471) SECURITY: Escape welcomeuser message passed to showSuccessPage.
 * (T311272) Call parent constructor of AddSite maintenance script first.
 * MediaWiki: Don't eagerly initialize action name.
 * (T289926) Avoid passing null to trim in SkinTemplate.
 * (T307282) Avoid passing null to strcasecmp, for PHP 8.1.
 * (T311552) ChangesListSpecialPage: Don't pass null to FormatJson::decode.
 * (T311569) FileBackend::isStoragePath Handle being passed null.
 * (T311544) Pass int to ApiUsageException::newWithMessage's $httpCode param.
 * (T311678) SpecialEditWatchlist: Prevent passing null to strtolower.
 * (T281741) ChangeTags: Fix adding CSS classes for hidden tags.
 * (T296642) changetags: Fix management of a '0' tag.
 * (T311554) ChangeTags: Return early in formatSummaryRow if $tags === null.
 * (T303033) Handle null in ChangeTags::modifyDisplayQuery.

MediaWiki 1.35.6
This is a security and maintenance release of the MediaWiki 1.35 branch.

Changes since MediaWiki 1.35.5

 * (T298261) Fix support for Composer 2.2.
 * (T298283) composer.json: Add wikimedia/composer-merge-plugin to allow-plugins.
 * Update doctrine/dbal (3.0.0 => 3.1.5).
 * (T298564) MemcachedClient: Add support for IPv6.
 * (T297543, CVE-2022-28202) SECURITY: properly escape output used within galleries and Special:RevisionDelete.
 * (T268847) Suppress deprecation warnings from libxml_disable_entity_loader.
 * (T283275) Fix PHP 8.0 failure of WikiExporterFactoryTest.
 * (T274966) Upgrading wikimedia/html-formatter (1.0.2 => 2.0.1).
 * Fix the json schema and the extension processor for Parsoid extension modules.
 * (T299696) update.php: Avoid passing null to substr.
 * In PHP 8.1 don't throw exceptions from mysqli.
 * (T289926) SiteConfiguration: Don't pass null to str_replace.
 * (T264735) Fix deprecation warning from CURLPIPE_HTTP1.
 * (T260735) Stop using is_resource where possible.
 * (T289879) Apply ReturnTypeWillChange to various implementations of built in interfaces.
 * (T299312) Implement __serialize/__unserialize for PHP 8.1 support.
 * ExtensionRegistry: Add process cache for lazy attributes.
 * (T301041) ApiPageSet: Add "missing": true to missing revisions.
 * Allow ParsoidModules extension schema to register services.
 * (T297708) Allow setting max execution time to several special pages.
 * Upgrading wikimedia/object-factory (v2.1.0 => v2.2.0).
 * (T302540) composer.json: Add ext-calendar to require.
 * (T302540) composer.json: Add ext-simplexml to require-dev.
 * (T302540) composer.json: Add various PHP extensions to suggests.
 * Upgrading symfony/polyfill-php80 (v1.23.1 => v1.25.0).
 * (T303871) Add Title::getId as an alias for ::getArticleId.
 * (T304008) Don't re-check "Move subpages" on Special:MovePage after a warning.
 * (T293576) listFiles: Display file name instead of version.
 * (T303560) Installer: Check correct PCRE_CONFIG_NEWLINE value.
 * wrapOldPasswords: add \n to two output calls.
 * (T304993) Make editcontentmodel a part of editpage grant.
 * (T297571, CVE-2022-28201) Title::newMainPage goes into an infinite recursion loop if it points to a local interwiki.
 * (T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with many file uploads with actor as a condition can result in a DoS.

MediaWiki 1.35.5
This is a security and maintenance release of the MediaWiki 1.35 branch.

Changes since MediaWiki 1.35.4

 * (T290697) Add symfony/polyfill-php80.
 * IcuCollation: Add some more icu to unicode version mappings.
 * ApiBase: Annotate deprecated constants individually.
 * PHPVersionCheck: Mark PHP 7.4.0 - 7.4.2 as buggy.
 * (T293044) installer: Fix 5th param to sourceFile in DatabaseUpdater.
 * (T291127) Always encode spaces in cookie values as "%20".
 * Use LocalFile::getHookRunner instead of LocalFile::hookRunner.
 * HistoryBlobStub: add getLocation to get $mOldId.
 * Fix checkStorage.php.
 * checkStorage: pass no parameters to WikiRevision::getContent.
 * (T292763, CVE-2021-44854) SECURITY: Do not cache private wiki completion results.
 * (T294316) Revert "Mark ApiClientLogin/ApiLogin as requiring write mode".
 * (T250068) resources: Upgrade jQuery from 3.4.1 to 3.6.0.
 * (T250068) resources: Upgrade jquery-migrate from 3.1.0 (patched) to 3.3.2 (patched).
 * (T294796) JobQueueRedis: Replace deprecated zSize with zCard.
 * (T212428, T267468) Allow populateContentTables to continue when there are bad blobs.
 * (T295191) ApiQuerySiteinfo: Fix "rightsinfo"/"url" when $wgRightsPage is set.
 * Update pear/mail_mime to 1.10.11.
 * Update deprecated Guzzle Psr7 function calls.
 * Tweak error message for missing composer dependencies.
 * (T296112) Allow inserting new sections named '0'.
 * nukeNS: don't run purgeRedundantText after every change.
 * (T225888) RollbackAction: fix missing pagetitle.
 * (T297322, CVE-2021-44858, CVE-2021-44857) SECURITY: Fix permissions checks in undo actions.
 * (T297574, CVE-2021-45038) SECURITY: Fix permissions check in action=rollback.
 * (T34716, T297416) SECURITY: Require 'read' right for most actions.
 * (T271037, CVE-2021-44856) SECURITY: Fix use of EditFilterMergedContent hook when changing content model.

MediaWiki 1.35.4
This is a security and maintenance release of the MediaWiki 1.35 branch.

Changes since MediaWiki 1.35.3

 * (T283394) Mark ApiClientLogin/ApiLogin as requiring write mode.
 * (T283273) Make postgres IRC channel point to libera.chat.
 * (T289108) ExtensionProcessor: Remove loaderScripts from extension.json schemas.
 * (T281549) Installer: Fix mediawiki-announce auto subscription code.
 * FormatJson: Optimize encode for supported PHP versions.
 * (T290398) renameRestrictions.php: Update protected_titles as well.
 * $wgMimeTypeBlacklist - This configuration array now prohibits the RFC 4329 form of JavaScript, 'application/javascript', as well as previous MIME types.
 * (T51097, T290273) resourceloader: Call getStyleFiles from FileModule::getFileHashes.
 * (T277788) parser: Avoid calling ParserOptions::getOption too many times.
 * (T285515, CVE-2021-41798) SECURITY: XSS vulnerability in Special:Search.
 * (T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full table scan.
 * (T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of Special:Contributions.

MediaWiki 1.35.3
This is a security and maintenance release of the MediaWiki 1.35 branch.

Changes since MediaWiki 1.35.2

 * (T259685) SQLite compatibility with ZeroConf VisualEditor was fixed in 1.35.2.
 * (T196906, T242751) Fix the test MonologSpiTest::testDefaultChannel.
 * (T279964) Parser: Trim trailing whitespace as the last step in pre-save transform.


 * (T278026) rdbms: Add DB_PRIMARY to replace DB_MASTER.
 * (T252853) Update updateSearchIndex.php to 2006+ standards.
 * (T276945) Define a batch size in maintenance/manageJobs.php.
 * (T276945) Implement JobQueueDB::getAllAbandonedJobs.
 * (T269676) authevents: strval variables passed to status when logging.
 * (T280944) $wgIncludejQueryMigrate - This setting allows the jQuery Migrate plugin to be disabled. It has been enabled by default since MediaWiki 1.27.


 * (T281584) apihelp-query+iwlinks-param-prop: s/interlanguage/interwiki/.
 * (T281635) Delete maintenance/cleanupAncientTables.php.
 * (T282133) RedisConnectionPool: Suppress phan issue.
 * (T281549) WebInstaller: Don't show the announce-l subscribe checkbox temporarily.


 * (T278266) Fix annoying E_NOTICE about undefined 'alt' index in Skin#makeFooterIcon.


 * (T264214) UserRightsProxy::addGroup has to be allowed to update the old group as well, which is used for granting interwiki rights.


 * (T269776, T278266) getFooterIcons should not return empty arrays.
 * (T274966) Skip AvroFormatterTest::testSchemaNotAvailable on PHP 8.0.
 * phpunit: fail on warnings.
 * (T283247) Freenode -> Libera per wikimedia moving from freenode to libera.


 * (T243124) Make phpunit:unit accept extension*.json to populate the classes.
 * (T142663) Add extension.json merge strategy "provide_default".
 * (T283540) HookContainer: Fix normalization of callback for static handler.
 * (T283464) Fix array order for array_replace_recursive merge strategy.
 * (T247223) Optimise MessageCache::isMainCacheable for the single-message case.


 * (T278579) Don't send headers on ob_end_clean.
 * (T280226, CVE-2021-35197) SECURITY: Prevent blocked users from purging pages.

MediaWiki 1.35.2
This is a security and maintenance release of the MediaWiki 1.35 branch.

MediaWiki 1.35.2 supports Composer 2.0. It is recommended to make sure your libraries are up to date on Composer 1.x, before running Composer 2.x.

While normally running update.php isn't required for point releases, it is recommended to run it for 1.35.2 so that iwlinks.iwl_prefix is updated to take 32 characters.

Changes since MediaWiki 1.35.1

 * (T270450) The confusingly-named User->isLoggedIn method has been deprecated in favour of the method it wraps, User->isRegistered.
 * Upgrade pimple/pimple from 3.3.0 to 3.3.1 for PHP 8.0 support.
 * Upgrade seld/jsonlint from 1.7.1 to 1.8.3 for PHP 8.0 support.
 * Upgrade doctrine/dbal from 2.10.4 to 3.0.0 for PHP 8.0 support.
 * (T270734) Fix display of Special:Preferences URL in password reset email.
 * (T252774, T271441) resourceloader: Give SkinModule 'features' option an extensible default.
 * (T271441) Unknown features shouldn't break style output.
 * (T264986) Make use of CURLMOPT_MAX_HOST_CONNECTIONS conditional on having curl >= 7.30.0.
 * DefaultSettings.php: Update $wgPingback documentation.
 * Fix docs for LanguageConverter::translate.
 * (T272250) Don't rely on implicit string->int cast in comparison.
 * (T272327) Exif::isSlong: Cast input to float so PHP 8.0 abs doesn't whine.
 * (T272328) UploadBase: Don't call MimeAnalyzer if mTempPath is null.
 * Remove nonfunctional default sampling for WANObjectCache metrics.
 * (T258851) Prevent service injection to LoadExtensionSchemaUpdates hook.
 * (T270852) Hooks: Map dash character to underscore when generating hook names.
 * (T271551, T270145) Fix fetching ipblock-exempt within BlockManager::getUserBlock.
 * PHPVersionCheck: The PHP Group only supports PHP >= 7.3.0.
 * (T248925) Set empty closures in DatabaseTest to fix PHP 8 tests.
 * (T34217) rdbms: Remove outdated MySQL 4 references and fix doc URLs.
 * (T248925) Special:Contributions reports negative namespace error on PHP 8.
 * (T248925) objectcache: Fix non-numeric string check in HashBagOStuff for PHP 8.
 * (T248925) Fix CacheTime::getCacheExpiry for PHP 8.
 * (T259685) Allow REST API POST handlers to opt out of mandatory SQLite locking.
 * (T91820, T259685) MWLBFactory: rename magic HTTP header for opting out of SQLite write lock.
 * (T272326) Fix DeprecationHelperTest on PHP 8.
 * Upgrade wikimedia/less.php from 3.0.0 to 3.1.0 for PHP 8.0 support.
 * (T236639) OutputPage: Make $wgDebugRedirects work again.
 * (T274648) registration: Allow reusing cached metadata between wikis.
 * CdnCacheUpdate: Send full URL instead of path to Curl for purge.
 * Upgrade monolog/monolog from 1.25.3 to 2.2.0 for PHP 8.0 support.
 * FileBackend: Do not use SOCKET_ENOENT on windows.
 * (T275441) ApiQueryUserInfo: Allow all uiprops to be requested at once.
 * (T275261) Escape wikitext in the title in invalid title error messages.
 * (T275242) Extend iwlinks.iwl_prefix to VARBINARY(32) on MySQL.
 * (T246594, T270228) PHPVersionCheck: Complain about known-bad versions above minimum.
 * (T275824) Upgrade wikimedia/composer-merge-plugin from 1.4.1 to 2.0.1 for Composer 2.0 support.
 * (T269293) Record all used options in metadata.
 * Allow usage of Composer 2.0 to install MediaWiki's dependencies.
 * (T259872) skins: Call headElement after getTemplateData in SkinMustache.
 * (T277009, CVE-2021-30158) SECURITY: Allow blocked users to access Special:ResetTokens.
 * (T272412) Add "Account data" section to user preferences.
 * (T268310) Add list of thumbnail urls to LocalFilePurgeThumbnails hook.
 * (T277520) registration: Allow specifying immovable namespaces in extension.json.
 * (T275619) Maintenance::hasOption and Maintenance::getOption now behave as documented and are not altered by previous calls to these methods.
 * (T254688) Remove page inner join from subquery in SpecialWhatLinksHere.
 * (T122124) signup: added help message for security.
 * (T278014, CVE-2021-30154) SECURITY: Escape mediastatistics-header-* messages on Special:NewFiles.
 * (T278058, CVE-2021-30157) SECURITY: Escape rcfilters-filter-* messages on ChangesList pages.
 * (T277414) HTMLFormField: Use non namespaced class name rather than static::class.
 * (T268673) maintenance: Don't create SearchUpdate in rebuildtextindex.php for page_namespace below 0.
 * (T246594, T270228) Mark ParserOptionsTests skipped on PHP 7.4.0-7.4.8.
 * (T268230) Switch to new MediaWiki logo by Serhio Magpie.
 * (T271735) Expand config-pingback-help, link to privacy policy in config-pingback.
 * Fix documentation of user-global in $wgRateLimits.
 * BackupDumper: Add -o as shortcode for --output.
 * (T235554) Disable DEFER_SET_LENGTH_AND_FLUSH headers to avoid HTTP errors.
 * (T270713, CVE-2021-30152) SECURITY: Allow user to only apply protection they have right to do so via action=protect.
 * (T272386, CVE-2021-30159) SECURITY: Non-admin deleted enwiki page in fast double move.
 * (T270988, CVE-2021-30155) SECURITY: ContentModelChange: Check that user cancreate pages.
 * (T279451, CVE-2021-30458) SECURITY: Parsoid comment fostering allows for inserting mostly arbitrary tags.

MediaWiki 1.35.1
This is a security and maintenance release of the MediaWiki 1.35 branch.

While normally running update.php isn't required for point releases, it is recommended to run it for 1.35.1 so that sites.site_language is updated to take 35 characters.

Watchlist Expiry is no longer considered experimental, but is off by default. To enable it, set $wgWatchlistExpiry = true; in your LocalSettings.php.

Changes since MediaWiki 1.35.0

 * purgeList.php Fix all-namespaces option to match one used in code.
 * ParserCache::get - fix wfDeprecated call.
 * WatchlistExpiryWidget: Move focus to expiry dropdown after hitting Tab.
 * Preload mediawiki.watchstar.widgets before api request.
 * ApiEditPage: Show existing watchlist expiry if status is not being changed.
 * Fix PHP 8 compat with strcspn $length parameter exceeding string.
 * Remove final modifier on private function.
 * Remove ipb_anon_only from ipb_address_unique index addition.
 * Add days left messages to changes-lists' clock icons.
 * Fix order of wfDeprecated parameters in ExternalStoreDB::getSlave.
 * Preload class used in HeaderCallback.
 * Normalize WatchedItem expiry field.
 * Remove doTable check from (Mysql|Sqlite)Updater::indexHasFields.
 * ApiPageSet: Avoid infinite loop when merging redirects.
 * Empty Monolog loggers are now real blackholes.
 * WatchAction: avoid UPDATE when old and new watch period is indefinite.
 * Parser: Adjust typehint to show that getTitle can return null.
 * media: Fix case of FlashPixVersion in FormatMetadata::makeFormattedData.
 * BaseTemplate: Guard against passing zero arg to array_merge.
 * Fix base path handling for MessagePosterModule registration.
 * Fix Database::getTempTableWrites for multi table DDLs.
 * Fix switch/case indentation per mediawiki coding conventions.
 * Flip Yoda conditionals.
 * Move SkinTemplate::getFooterLinks to Skin.
 * build: Updating mediawiki/mediawiki-codesniffer to 33.0.0.
 * Make ImageBuilder::checkMissingImage public.
 * Updating guzzlehttp/guzzle (6.5.4 => 6.5.5).
 * Support new style hook registration on install and update.
 * Fix unsetting of copyright icon in FooterIcons.
 * upload.js: Don't assume that warnings array will include 'code' key.
 * upload.js: Fix typo in upload API.
 * Pass along ignorewarnings param to all individual chunks being uploaded.
 * importTextFiles.php: Replace deprecated WikiRevision:setText.
 * composer.json: add requirement for composer-plugin-api ^1.1.
 * Add ARIA attributes to watchlink and its notification.
 * Change invalid 'Content-Encoding: none' header.
 * Fix trailing ; in patch-sites-site_language-35.sql.
 * wfAssembleUrl: Handle empty query field in URL bits.
 * Updating wikimedia/testing-access-wrapper (1.0.0 => 2.0.0).
 * migrateComments: Cast array keys back to string before passing to the DB.
 * Introduce new $wgThumbPath config.
 * MemcachedClient: Cast Resource to integer.
 * Use the old HookContainer to set up the post-reset services.
 * Change "site cache" to just "cache" in the right-purge message.
 * [UploadedFileStreamTest] Skip test with chmod.
 * Updating composer/semver (1.5.1 => 1.7.2).
 * Updating mediawiki/mediawiki-codesniffer (33.0.0 => 34.0.0).
 * , BotPassword::save now returns a Status object for the result rather than a bool. The length of the bot password grants and restriction fields are now validated, and an error will be thrown if it would be truncated by the database.
 * Fix English/*nix specific error messages in FSFileBackend.
 * Split dropping of image.img_user_timestamp.
 * [FileTest] Do not assume /tmp exists on windows.
 * Clean up temp files correctly after unit tests.
 * Skip undo related phpunit tests when diff3 is missing.
 * rdbms: Remove outer parentheses in insert query for Postgres.
 * In MWExceptionHandler::report, catch all throwables.
 * SECURITY: Use Html::element in ChangeListSpecialPage for sanity.
 * Use Xml::element in SpecialUserrights for sanity.
 * SECURITY: Pass escaped html to LogFormatter::makePageLink for sanity.
 * Fixed mixed escaping in Language::translateBlockExpiry.
 * UserOptionsManager: don't differentiate anons caches.
 * HeaderCallback: pre-cache request ID.
 * Parsoid updated to v0.12.1.
 * SECURITY: Unable to change visibility of log entries when MediaWiki:Mainpage uses Special:MyLanguage.
 * SECURITY: Divergent behavior for contributions and user pages of hidden users and missing users.
 * Fix condition that can lead to using APCOND_BLOCKED in $wgAutopromote to cause an OOM in PHP.

Changes since MediaWiki 1.35.0-rc.3

 * Remove checks for ancient ImageMagick versions in BitmapHandler.
 * Don't include null page ids in query list for category dumps.
 * Check existing watchitem when saving action=watch.
 * Correct success messages for action=watch.
 * mediawiki.page.ready: Simpler tablesorter/makeCollapsible call.
 * mediawiki.page.ready: Fix skin override config flags, wrong way round.
 * Remove requirement for ApiWatchlistTrait to be in ApiBase.
 * Watchlist: Fix updateWatchLink removing css class when action=watch.
 * mediawiki.notification: Don't close notif when clicking element.
 * Sanitizer: Truncate IDs to a reasonable length.
 * Parsoid updated to v0.12.0.
 * watch.ajax: Add expiry support to watchpage.mw event.
 * Fix failure of rebuildLocalisationCache.php due to ResourceLoader hook.
 * Hard deprecate File::userCan with $user=null.
 * Use localized success message after watching via action=watch.
 * Fix typo 'Watchlst' in `apihelp-edit-param-watchlistexpiry`.
 * Installer: consistently reset Language objects.
 * Installer: consistently reset Language objects.
 * Explicitly wrap some XML calls in libxml_disable_entity_loader.
 * Ensure dropdown label is always on its own line.
 * resourceloader: Use a local HookRunner.
 * Have findBadBlobs.php require Maintenance.php rather than cleanupTable.inc.
 * Set fake time, to avoid flaky tests.
 * Add FindMissingActors script.
 * shell: Don't blacklist /run/firejail.
 * NewPagesPager: Ignore nonexistent namespaces.
 * Update specialPageAliases and magicWords for Egyptian Arabic (arz).
 * ParserOutput: don't throw on bad editsection.
 * SpecialUserrights: If a viewer lacks `hideuser`, ignore hidden users.
 * SECURITY: Unescaped message used in HTML on Special:Contributions.
 * SECURITY: Unescaped message used in HTML within LogEventsList.
 * SECURITY: Prevent invoking firejail's --output functionality.
 * SECURITY: mediawiki.jqueryMsg: Sanitize URLs and 'style' attribute.
 * SECURITY: mediawiki.js: Escape HTML in mw.message( ... ).parse.
 * SECURITY: ActorMigration: Load user from the correct database.
 * SECURITY: ensure actor ID from correct wiki is used.
 * Add Finnish special page aliases.
 * Fix GuzzleHttpRequest request headers.
 * Fix description for pruneFileCache.php.
 * emptyUserGroup.php: handle more than 5000 users.
 * Make ApiSandbox copyable URL absolute.
 * Add a link from a deleted page to that page's logs.

Changes since MediaWiki 1.35.0-rc.2

 * mediawiki.visibleTimeout: Update the nextVisibleTimeoutId value.
 * Ensure Parsoid doesn't throw when is used w/o Cite installed.
 * Remove maintenance/createCommonPasswordCdb.php.
 * Increase "sites.site_global_key" to varbinary(64).
 * Fix shell edge-cases in Windows.
 * Drop PHP 7.2 support; require 7.3.19.
 * SECURITY: User::pingLimiter: add user-global rate limit type.
 * User: enforce pingLimiter expiry time.
 * Rest: Handle Uri constructor exception.
 * Fix RequestFromGlobalsTest failing in Travis CI.
 * Rest: Use try/catch to handle URIs with embedded colon.

Changes since MediaWiki 1.35.0-rc.1

 * uuid: Fix filenames on Windows.
 * Remove Gruntfile.js and package-lock.json from the tarball.
 * firejail: Strengthen by copying from Wikimedia's profile.
 * ResourceLoaderOOUIImageModule: loadOOUIDefinition may return false.
 * The installer supports using a Postgres server running on a custom port other than 5432.
 * Support private wikis in Parsoid zero configuration mode.
 * Fix bad use of `|=` PHP bit operation where `= … ||` bool is intended.
 * SpecialBlock: Show error if a block could not be inserted or found.
 * UserOptionsManager: fix options reset.
 * WatchAction: avoid unnecessary UPDATEs when expiry is unchanged.
 * Allow skins to override mediawiki.page.ready initialisation.
 * mediawiki.page.ready: Allow skins to disable search lazy load.
 * Update language in watchlist expiry.
 * Use IPset in MWRestrictions::checkIP.
 * Fix race condition on edit page.
 * Hide watchlist expiry label in edit form.
 * mime: Fix docs of MIME_EXTENSIONS, they're arrays, not space-seperated.
 * Add application/font-sfnt to MimeMap for ttf files.
 * WatchedItemStore: Cache single WatchedItems with preexisting expiry.
 * Add a maintenance script to create bot passwords.
 * Add Traditional Chinese zh-hant as fallback for Amis (ami).
 * Improve wfParseUrl docs.
 * Add multi index fields in ImageListPager for unique paginate.
 * Guard against 'Widget not found' error.

Changes since MediaWiki 1.35.0-rc.0

 * Fix RecentChanges watchlist filters when WatchlistExpiry is off.
 * Update time period for watchlist expiry pop-up.
 * Fix expiry dropdown not getting disabled on edit page.
 * Add license information for promise-polyfill.
 * Remove executable bit from scripts without shebang.
 * Fix bold of watched items on Special:RecentChangesLinked.
 * Edit page expiry dropdown should keep state after disabling/enabling.
 * Translate expiry period in pop-up message for watchlist expiry.
 * Add watchlist clock icon to RecentChanges.
 * Permit temporary table writes on replica DB connections.
 * Add UI support in Special:EditWatchlist for watchlist expiry.
 * Disable wgLegacyJavaScriptGlobals by default.
 * Add Edge to MediaWiki:Clearyourcache.
 * Add mediawiki.ui Less variable deprecation note.
 * Fixed reassignEdits.php to work with anonymous users.
 * Fix Circular dependency when creating service in DBLoadBalancerFactory.
 * Default to using watchlist expiry of old page when moving pages.

Upgrading notes for 1.35
1.35 requires PHP 7.3.19 or above (up from 7.2.9). 

1.35 has several database changes since 1.34, and will not work without schema updates. Note that due to changes to some very large tables like the revision table, the schema update may take quite long (minutes on a medium sized site, many hours on a large site).

Don't forget to always back up your database before upgrading!

MediaWiki 1.35 is the next LTS after 1.31, and will be supported for around 3 years.

MediaWiki has a lot of both soft and hard deprecations, and code removed. As always, make sure your versions of extensions match the MediaWiki version, and updates may be required to any custom extensions.

See the file UPGRADE for more detailed upgrade instructions, including important information when upgrading from versions prior to 1.11.

Some specific notes for MediaWiki 1.35 upgrades are below:
 * Zeroconf (zero-configuration) VisualEditor/Parsoid doesn't work using SQLite as the database backend for MediaWiki. This is due to the lack of write concurrency in SQLite. If you wish to use this feature, it is recommended to use MySQL/MariaDB rather than SQLite.

For notes on 1.34.x and older releases, see HISTORY.

Configuration changes for system administrators in 1.35

 * is now false by default. This feature will be completely removed in a later MediaWiki release.

New configuration

 * — This can be used to specify the difference engine to use, rather than MediaWiki choosing the first of, wikidiff2, or php that is usable.
 * — This configuration setting controls whether users can set a new preference, search-match-redirect, which decides if search should redirect them to exact matches is available. By default, this is set to false, which maintains the previous behaviour without preference bloat. Change your site's default by setting ['search-match-redirect'].
 * ['SpecialContributions'] — Per-user concurrency in the use of SpecialContributions can now be limited by setting this appropriately.
 * — PasswordCannotBeSubstringInUsername is a new password policy check. Similar to the existing PasswordCannotMatchUsername check, this check ensures that a user's (case-insensitive) password cannot be a part of their username. e.g. password = MyPass, username = ThisUsersPasswordIsMyPass.
 * — This new configuration setting combines the now-deprecated and  settings into a single, associative array. It provides support for a new key, 'wordmark', for setting a horizontal wordmark to show next to the graphical logo. To do this, set 'wordmark' to an array with 'src' set to the path of the wordmark image, and 'width' and 'height' for its dimensions in pixels.  inherits the existing support provided by its predecessor settings: '1x' mapping to the path of the logo as a 135x135px raster image (equivalent to ), and '1.5x', '2x', and 'svg' operating as before for . If  is unset,  and  values are read for temporary backwards compatibility.
 * — (EXPERIMENTAL) This enables the new watchlist expiry feature. The database table (watchlist_expiry) for this is created regardless of this setting, but all other aspects of the expiry feature are controlled by it. Enabling in production is discouraged for the time being. A future MediaWiki 1.35 release will advertise this feature once it is stable.
 * — This sets the chance of expired watchlist items being purged on each page edit. Only has effect if is true.
 * — This is the maximum definite relative duration for watchlist expiries. Only has effect if is true.
 * – This can be used to override the path prefix used when handling img_auth.php requests.
 * — This is a list of headers which can be used in a cross-site API request.
 * and — These allow site administrators to limit the timeouts used by the HTTP client libraries. This only affects callers using HttpRequestFactory and the deprecated wrappers in the Http class.
 * — This controls the Cache-Control s-maxage header for page views when PoolCounter lock contention indicates that a stale cache entry should be sent.
 * — This makes the HTTP to HTTPS redirect be unconditional and suppresses various hacks needed to support mixed HTTP/HTTPS wikis. We recommend this be set to true on pure HTTPS wikis.
 * — This setting allows login cookies to be sent with SameSite=None. This is required for cross-site CentralAuth auto-login after Chrome 84.
 * — This adds a compatibility hack to SameSite=None cookies for browsers which implemented an incompatible draft version of the specification.

Changed configuration

 * — This configuration array controls the max-age for HTTP caching through the Cache-Control header. It has uses the "versioned" key for urls that do have a version parameter, and the "unversioned" key for urls without a version parameter. The sub keys for "client" and "server" are no longer supported in MediaWiki 1.35.
 * — This boolean variable is deprecated and no longer used. The OpenSearch API is now always enabled.
 * and — These can now use the 'services' option in provider specifications.
 * ['modules']['parsoid'] —
 * The defaults have been updated. If you were relying on the default values, you may need to update your configuration.
 * The 'URL' parameter, previously allowed for backwards-compatibility, has been deprecated. Use 'url' instead.
 * — Default is now set to XML_DUMP_SCHEMA_VERSION_11, so dumps use the new dump format per default. Consumers of XML dumps should not be affected if they ignore any unknown tags they encounter. Also, the format is effectively unchanged for revisions that only contain the main slot. The --schema-version option can be used with the dumpBackup.php script to set the dump format.
 * — This configuration is now deprecated. It has been effectively constant since 2008, and is ignored by core code. Configure the ParserFactory service in order to customize the Parser used.
 * — This has been deprecated, and the default value changed to false.
 * — This configuration setting is now deprecated. Instead, use ; e.g., to revoke sysops' ability to move images use ['sysop']['movefile'] = false.
 * — This configuration is now deprecated; future parsers will not support direct use of the HTML tag in wikitext.
 * — This has been deprecated. If you maintain a skin that relies on this and wishes to let system administrators change it, you should convert it to a config variable specific to your skin. If you're using it to configure your wiki, you should check individual skins to see whether they have local skin config for the feature and use that.
 * — The deprecated policy 'PasswordCannotBePopular' has been removed. Use PasswordNotInCommonList instead which covers many more passwords.
 * Backwards compatibility for using an associative array (e.g. [ '127.0.0.1' => 'bad-ip' ]) for has been removed. This was deprecated since 1.30. Please convert these arrays to indexed/sequential ones (e.g. [ '127.0.0.1' ]).
 * — This now defaults to 'autodetect', which will enable sandboxing for shell commands using firejail, if it's installed. To disable restrictions, set it to false.
 * – This deprecated setting now default to false, instead of true, ahead of its planned removal.

Removed configuration

 * — This setting, deprecated in 1.34, was removed. To let sysops block email access, use ['sysop']['blockemail'].
 * — This setting had no effect anymore after support for SQL Server was removed in 1.34.
 * — This setting, deprecated in 1.23, was removed. The profiler output should instead be configured via ['output'].
 * — This setting, deprecated in 1.25, was removed. Set ['threshold'] instead.
 * — This setting was removed. It affected the text output produced via, if enabled.
 * — This setting, deprecated in 1.23, was removed. To disable a skin from being shown, use.
 * ,, , and — These, deprecated in 1.34, have been removed. Use , , , or  instead.
 * — This, deprecated in 1.25, was removed. The feature that it controlled was already removed in 1.26, but the variable remained existent with a value of `false` for backward-compatibility.
 * — This setting was removed. It only affected Preprocessor_DOM, which was deprecated in 1.34 and removed in this release.
 * and — These, deprecated in 1.33, were removed. The fixes are now always enabled for their respective languages.
 * — This, unused and deprecated since 1.34, was removed.
 * — This setting, deprecated when it was added in 1.33, was removed. Partial blocks are now always enabled.
 * — This setting, deprecated in 1.23, has been removed.
 * — This setting, deprecated in 1.34, has been removed.
 * — This setting must no longer be set locally. If the migration stage was set to anything other than SCHEMA_COMPAT_NEW locally, update.php must be run after removing the setting. Usage of the setting in code is deprecated. The setting will be removed completely in 1.36.
 * — This setting is no longer obeyed by MediaWiki core, and should not be set set locally. Usage of the setting in code is deprecated; it is now set true by default. The setting will be removed completely in 1.36.
 * — The 'slaveOnly' option for SqlBagOStuff, deprecated in 1.34, was removed. Use 'replicaOnly' instead.

New user-facing features in 1.35

 * Whitelisted the aria-hidden HTML attribute for all elements in wikitext.
 * Special:EditPage, Special:PageHistory, Special:PageInfo, and Special:Purge have been created as shortcuts for each action. Special:EditPage/Foo redirects to title=foo&action=edit, with PageHistory, PageInfo, and Purge corresponding to action= history, info, and purge respectively. When linked to, its subpage is used as the target. Otherwise, it displays a basic interface to allow the end user to specify the target manually.
 * The generated table of contents is now a navigation landmark role for assistive technologies.
 * interwiki map API doesn't report foreign language if =false
 * The form at ?action=watch has a new dropdown list to support expiry dates for watchlist items (if is true).

New developer features in 1.35

 * A Docker based local development develpoment environment configuration is included and DEVELOPERS.md has been added with usage documentation and links to further help.
 * If CSP is enabled, extensions can now add additional sources using the ContentSecurityPolicy::addDefaultSource, ::addStyleSrc and ::addScriptSrc methods (e.g. $context->getOutput->getCSP->addDefaultSrc( 'example.com' ))
 * Extensions can now specify classes and namespaces to be autoloaded by the test autoloader, by setting the "TestAutoloadNamespaces" and "TestAutoloadClasses" properties in extension.json.
 * extension.json now allows "SearchMappings" which maps the canonical name of the search engine (used in wgSearchType and wgSearchTypeAlternatives) to a specification using the ObjectFactory specification. This allows extensions to register Search Engines using namespaced classes.
 * Added getters for OutputPage's robot, index and follow policies; getRobotPolicy returns the entire policy as a string in the form &lt;index policy>,&lt;follow policy> while getIndexPolicy and getFollowPolicy return their respective policies as a string.
 * The and  hooks were added to allow changing which wiki pages these modules contain.
 * The SkinFactory now allows skins to be specified as an ObjectFactory spec, allowing the construction of skins with services injected.
 * ContentHandlerFactory for most ContentHandler static methods. It has been added to the constructors for many classes to improve SOLID / GRASP.
 * FileDeleteForm's constructor now accepts a user as the second parameter. Support for not passing a user has also been hard-deprecated and will be removed in 1.36.
 * The hook was added.
 * The hook was added.
 * The ResourceLoaderSkinModule class now has a "legacy" feature that loads the stylesheets previously part of the "mediawiki.legacy.shared" and "mediawiki.legacy.commonPrint" module. Those modules are now deprecated and no longer loaded by skins. For skins needing to retain these styles, you will need to load these styles via a module using the ResourceLoaderSkinModule class. See Vector and Monobook for examples.
 * ParserOutput now has methods addExtraCSPStyleSrc, addExtraCSPDefaultSrc, addExtraCSPScriptSrc for parser tags/functions to be able to add sources to the Content Security Policy.
 * The HtmlCacheUpdater service was added to unify the logic of purging CDN cache and HTML file cache to simplify callers and make them more consistent.
 * The MultiHttpClient code will fallover to non-curl if curl_multi* is blocked.
 * Preferences which use HTMLTitlesMultiselectField can make use of MultiTitleFilter class for saving title text to/from article IDs in user preferences.
 * OutputPage::addHtmlClasses was added to allow injecting CSS classes on to the element on page load.
 * The hook is added to allow extensions to add items to skin footers. Previously this had to be done via . Doing so using that hook is now hard deprecated.
 * A new BlockPermissionChecker service was introduced for checking block-related permissions.
 * The support of 'database' type of extensions has been added to allow 3d party databases like Percona be used as storage. See T226857, T253248.
 * Three new return parameters have been added to the hook. Handlers of this hook are no longer restricted to defining checkboxes. See the documentation of EditPage::getCheckboxesDefinition for more details.
 * New flag File::RENDER_TMP was added in order to allow File::generateAndSaveThumb and File::trasform to render a thumbnail without saving it to the storage.

New external libraries

 * Added 1.0.0.
 * Added 0.12.0.
 * Added 2.0.1.
 * Added v8.1.3.
 * Added v2.6.11.
 * Added v3.1.3.
 * Added symfony/symfony/polyfill-php80 1.23.1.

New development-only external libraries

 * Added 2.10.2.
 * Added 1.1.0.
 * Added 3.3.0.

Changed external libraries

 * was upgraded from 1.10.2 to 1.10.8.
 * was upgraded from 1.8.0 to 3.0.0.
 * Updated OOjs from 3.0.0 to 5.0.0.
 * Updated OOUI from 0.35.1 to 0.39.3.
 * was upgraded from 0.23.0 to 1.2.5.
 * Updated jQuery from v3.3.1 to v3.6.0.
 * Updated from v3.0.1 to v3.3.2.
 * Updated from 0.2.2 to 0.5.0.
 * Updated from 1.8.1 from to 1.9.1.
 * Updated from 1.0.2 to 1.1.3.
 * Updated from 1.0.5 to 1.0.7.
 * Updated from 6.3.3 to 6.5.4.
 * Updated from 0.6.3 to 0.7.0. Fixes error log spam with too-large XMP data, and adds support for GPano tags.
 * Updated from v2.0.0 to v2.0.1.
 * Updated from 1.5.0 to 1.5.1.
 * Updated from 2.1.0 to 2.2.0.
 * Replaced 0.1.4 with  0.2.0.

Changed development-only external libraries

 * Updated from 3.4.28 to 5.0.5.
 * Updated from 3.1.5 to 4.4.0.
 * Updated from v0.3.2 to v0.5.
 * Updated from v0.9.2 to v1.2.0.
 * Updated from 0.9.9 to 0.10.4.
 * Updated from 1.24.0 to 1.25.2.
 * Upgrade from 28.0.0 to 30.0.0.
 * Updated from 1.5.1 to 1.5.3.
 * Updated from 1.25.2 to 1.25.3.
 * Updated from 2.9.1 to 2.10.0.

Removed external libraries

 * (dev-only). Removing this unbreaks development on Windows systems, in exchange for losing time limits in running unit tests.
 * The jquery.getAttrs module was removed.

Action API changes in 1.35

 * The 'suggest' parameter of action=opensearch has been deprecated. The API behaves the same with and without this parameter. It was previously used by to partially disable the API if set to false. Specifically, it would deny internal frontend requests carrying this parameter, whilst accepting other requests.
 * Integer-type parameters are now validated for syntax rather than being interpreted in surprising ways. For example, the following will now return a badinteger error:
 * "1.9" (formerly interpreted as "1")
 * " 1" (formerly interpreted as "1")
 * "1e1" (formerly interpreted as "1" or "10", depending on the PHP version)
 * "1foobar" (formerly interpreted as "1")
 * "foobar" (formerly intepreted as "0") parameters. Ranges should be assumed to be enforced.
 * Many user-type parameters now accept a user ID, formatted like "#12345".
 * The 'assert' parameter used by all API modules now supports the value 'anon'. When specified, the API will return the 'assertanonfailed' error if the user is logged in.
 * action=edit now supports the 'baserevid' parameter for edit conflict detection, as an alternative to 'basetimestamp'. Note that self-conflicts will continue to be ignored if 'basetimestamp' is set, but not if only 'baserevid' is set.
 * A new module was added to change the content model of existing pages. Use action=changecontentmodel. Unlike Special:ChangeContentModel, the api module does not work for pages that do not already exist.
 * If is true, the following API changes are made:
 * action=watch accepts a new 'expiry' parameter analagous to the expiry accepted by action=userrights, action=block, etc., except it must be no greater than, or an infinity value.
 * action=query&list=watchlistraw returns pages' watchlist expiry dates.
 * action=login will now return Failed rather than NeedToken on session loss.

Action API internal changes in 1.35

 * The Action API now uses the Wikimedia\ParamValidator library for parameter validation, which brings some new features and changes. For the most part existing module code should work as it did before, but see subsequent notes for changes.
 * The values for all ApiBase PARAM_* constants have changed. Code should have been using the constants rather than hard-coding the values.
 * Several ApiBase PARAM_* constants have been deprecated, see the in-class documentation for details. Use the equivalent ParamValidator constants instead.
 * The value returned for 'upload'-type parameters has changed from WebRequestUpload to Psr\Http\Message\UploadedFileInterface.
 * Validation of 'user'-type parameters is more flexible. PARAM constants exist to specify the type of "user" allowed and to request UserIdentity objects rather than name strings. The default is to accept all types (name, IP, range, and interwiki) that were formerly accepted.
 * Maximum limits are no longer ignored in "internal mode".
 * The $paramName to ApiBase::handleParamNormalization should now include the prefix.
 * meta=siteinfo&siprop=interwikimap no longer reports language or extralanglink when is false.

Languages updated in 1.35
MediaWiki supports over 350 languages. Many localisations are updated regularly. Below only new and removed languages are listed, as well as changes to languages because of Phabricator reports.


 * The default targets for the ISBN search from Special:BookSources in English have been updated for better international suppport. They will now be BetterWorldBooks.com, OpenLibrary.org and Worldcat.org.
 * Changed the Moroccan Arabic language (ary) to the Arabic script.
 * Added language support for Amis (ami).
 * Added language support for Inari Sami (smn).
 * Added language support for Ladin (lld).
 * Added language support for Seediq (trv), also known as Taroko.

Breaking changes in 1.35

 * MediaWiki no longer supports PHP 7.2; use PHP 7.3.19+ (T228346, T257879).
 * ResourceLoader::getLessVars, deprecated in 1.32, was removed. Use ResourceLoaderModule::getLessVars instead.
 * The jquery.tabIndex module, deprecated in 1.34, has been removed.
 * The mediawiki.RegExp module alias, deprecated in 1.34, was removed. Use the mediawiki.util module instead.
 * The easy-deflate.inflate module, unused since 1.32, was removed.
 * The easy-deflate.deflate module was removed. Use the mediawiki.deflate module instead.
 * The mediawiki.notify module was removed. The mw.notify shortcut is now available by default, without any dependency.
 * The "jquery.ui.*" and "jquery.effects.*" module aliases, deprecated in 1.34, have been removed. Use "jquery.ui" instead.
 * The "user.tokens" module has been removed. Use "user.options" instead.
 * The mw.Map#exists method in JavaScript no longer supports checking multiple keys. This affects mw.config.exists and mw.user.tokens.exists.
 * The internal variable $constructorOptions for the Parser & SpecialPageFactory, exposed only for integration purposes, are now each replaced by a const called CONSTRUCTOR_OPTIONS. This was a breaking change made without deprecation.
 * ObjectCache::getWANInstance, deprecated in 1.34, was removed. Use MediaWikiServices::getMainWANObjectCache instead.
 * ObjectCache::newWANCacheFromParams, deprecated in 1.34, was removed. Construct WANObjectCache directly instead, or use MediaWikiServices.
 * The ProfilerOutputDb class and profileinfo.php entry point, deprecated in 1.34, was removed.
 * SiteConfiguration->localVHosts, deprecated in 1.25, was removed. Use instead.
 * The read-only variable was removed. It has been a non-configurable copy of  since MW 1.8 (2006). Use  directly instead.
 * ApiQueryUserInfo::getBlockInfo, deprecated in 1.34, was removed. Use ApiBlockInfoTrait::getBlockDetails instead.
 * Password::equals, deprecated in 1.33, was removed. Use Password::verify.
 * QuickTemplate::setRef, deprecated in 1.31, was removed. Use set.
 * The mediawiki.ui.text module, deprecated in 1.28 and unused, was removed.
 * AbstractBlock::mReason, deprecated in 1.34, is no longer public.
 * The GetBlockedStatus and UserIsHidden, deprecated in 1.34, has been removed. Instead, use the hook.
 * As part of work to replace the Parser, a large number of breaking changes have been made, principally in related methods and properties being removed or made private:
 * disableCache, deprecated in 1.28.
 * serializeHalfParsedText and the helpers unserializeHalfParsedText, isValidHalfParsedText, and StripState::getSubState and StripState::merge, all deprecated in 1.31. The helper functions LinkHolderArray::mergeForeign and LinkHolderArray::getSubArray were also removed.
 * getConverterLanguage, deprecated in 1.32. Use getTargetLanguage instead.
 * A large set of methods exposed only for historical reasons, deprecated in 1.34, have now been removed or made private:
 * areSubpagesAllowed
 * armorLinks
 * createAssocArgs
 * doAllQuotes
 * doDoubleUnderscore
 * doHeadings
 * doMagicLinks
 * formatHeadings
 * getImageParams
 * getVariableValue
 * initialiseVariables
 * makeKnownLinkHolder
 * maybeDoSubpageLink
 * parseLinkParameter
 * replaceExternalLinks
 * replaceInternalLinks
 * replaceInternalLinks2
 * replaceLinkHoldersText.
 * splitWhitespace
 * stripAltText
 * testPreprocess
 * testPst
 * testSrvus
 * incrementIncludeSize, setTransparentTagHook, replaceTransparentTags, and $mTransparentTagHooks have been removed without deprecation.
 * The following constants have been made private without deprecation:
 * ::EXT_LINK_ADDR
 * ::EXT_IMAGE_REGEX
 * ::SPACE_NOT_NL
 * The following properties have been removed without deprecation:
 * ::$mDefaultStripList
 * ::$mIncludeCount
 * ::$mRevIdForTs
 * The following properties have been made private without deprecation:
 * ::$mFunctionSynonyms
 * ::$mFunctionTagHooks
 * ::$mStripList
 * ::$mVarCache
 * ::$mImageParams
 * ::$mImageParamsMagicArray
 * ::$mSubstWords
 * ::$mVariables
 * ::$mConf (deprecated in 1.34)
 * ::$mExtLinkBracketedRegex
 * ::$mUrlProtocols
 * ::$mAutonumber
 * ::$mLinkHolders
 * ::$mDefaultSort
 * ::$mTplRedirCache
 * ::$mForceTocPosition
 * ::$mTplDomCache
 * ::$mOutputType
 * ::$mLangLinkLanguages
 * ::$currentRevisionCache
 * ::$mProfiler
 * ::$mLinkRenderer
 * Parser::getTitle will now throw a TypeError if $mTitle is uninitialized. This use pattern was deprecated in 1.34.
 * ContentHandler::makeParserOptions, deprecated in 1.32, was removed. Use WikiPage::makeParserOptions or ParserOptions::newCanonical instead.
 * The hook, believed to be unused, was removed without deprecation.
 * Preprocessor_DOM and related classes, deprecated in 1.34, have been removed. Consequently, the related ParserOptions::getMaxGeneratedPPNodeCount and ::setMaxGeneratedPPNodeCount have been removed without deprecation.
 * The support for the old signature for ParserFactory::__construct, which was deprecated in 1.34, has been removed.
 * Parser::getDefaultPreprocessorClass, deprecated in 1.34, has been removed.
 * MediaWikiTestCase::prepareServices, deprecated in 1.32, has been removed
 * The method ContentHandler::getSlotDiffRendererInternal is replaced with ContentHandler::getSlotDiffRendererWithOptions. This breaks consumers which call parent::getSlotDiffRendererInternal (no instances of which are known).
 * TextContent::getHighlightHtml, deprecated since 1.24, has been removed. Use TextContent::getHtml instead.
 * ExtensionRegistry::load, deprecated in 1.34, was removed. Instead, use ExtensionRegistry::queue.
 * MWMessagePack class, deprecated in 1.34, was removed.
 * The cdb.php maintenance script was removed. Use the 'cdb' command from the wikimedia/cdb library instead.
 * User::addNewUserLogEntryAutoCreate, deprecated in 1.27, was removed.
 * FileBasedSiteLookup class, deprecated in 1.33, was removed.
 * The wfGlobalCacheKey global function, deprecated in 1.30, was removed.
 * The APCBagOStuff class was removed. MediaWiki requires PHP 7.2+ (support for HHVM was dropped) and these versions of PHP only support apcu. The default "apc" entry in now refers to APCUBagOStuff.
 * Database::bufferResults, deprecated in 1.34, has been removed.
 * CannotReplaceActiveServiceException, ContainerDisabledException, DestructibleService, NoSuchServiceException, SalvageableService, ServiceAlreadyDefinedException, ServiceContainer and ServiceDisabledException in the global namespace, deprecated in 1.33, were removed. Use the classes in the MediaWiki\\Services namespace instead.
 * The following methods in the Interwiki class were removed: ::fetch, ::isValidInterwiki, ::invalidateCache, and ::getAllPrefixes.
 * The UsersMultiselectWidget config 'allowArbitrary' is now false by default. To accept arbitrary entries, pass in true for this config.
 * OutputPage::parse and OutputPage::parseInline, deprecated in 1.32, have been removed. Use ::parseAsContent or ::parseAsInterface, as appropriate.
 * WikiPage::selectFields, deprecated in 1.31, was removed. Use ::getQueryInfo.
 * The remaining static methods for MagicWord, deprecated in 1.32, were removed. These were MagicWord::get, ::getSubstIDs, ::getDoubleUnderscoreArray, ::getVariableIDs, and ::getCacheTTL. Instead, use MagicWordFactory (via MediaWikiServices).
 * ApiBase::checkTitleUserPermissions no longer accepts a User as the third parameter. Passing a user was deprecated in 1.33.
 * Sanitizer::setupAttributeWhitelist and Sanitizer::attributeWhitelist, deprecated in 1.34, have been removed. They should not have been public.
 * Passing a sequential array as the second parameter to Sanitizer::validateAttributes has been deprecated; use an associative array where keys are the allowed attributes.
 * The $warnCallback parameter to Sanitizer::removeHTMLtags, deprecated since its introduction in 1.28, has been removed.
 * SpecialRecentChanges::filterByCategories, deprecated in 1.31, was removed.
 * The `ArticleContentViewCustom` hook, deprecated in 1.32, was removed.
 * AuthManager::callLegacyAuthPlugin, deprecated in 1.33, was removed.
 * wfGetMessageCacheStorage was removed without deprecation.
 * Title::moveSubpages, deprecated in 1.34, was removed. Use the MovePage class and MovePage::moveSubpages instead.
 * Article::doEditContent, deprecated in 1.29, was removed. Instead, use WikiPage::doEditContent.
 * CommentStore::newKey, deprecated in 1.31, was removed.
 * EditPage::$hookError was changed from public to private.
 * Title::isValidMoveOperation, ::moveTo, and ::isValidMoveTarget, deprecated in 1.25, were removed. Use the MovePage class and its methods instead.
 * Title::getUserCaseDBKey, deprecated in 1.33, was removed. Use ::getDBkey.
 * StringUtils::explodeMarkup was removed without deprecation.
 * AjaxResponse methods that were unused have been removed without deprecation:
 * checkLastModified
 * loadFromMemcached
 * storeInMemcached
 * setCacheDuration
 * setVary
 * ApiDelete::delete and ::deleteFile, both of which were protected methods, have been made private to allow a signature change.
 * HistoryPager::revLink, ::curLink, ::lastLink, and ::diffButtons, which had no visibilities defined, have been made private to allow signature changes.
 * SpecialNewpages::revisionFromRcResult, which previously was protected, has been made private to allow a signature change.
 * DifferenceEngine::$mOldRev and $mNewRev, deprecated for public access in 1.32, have been removed.
 * DifferenceEngine::revisionDeleteLink, which was previosuly protected, has been made private to allow a signature change.
 * DifferenceEngine::getParserOutput, which is protected, has had a breaking signature change: the second parameter must be a RevisionRecord object, rather than a Revision object.
 * WikiPage::setLastEdit, which was previously protected, has been made private to allow a signature change.
 * Skin::getSkinNameMessages deprecated in 1.34, has been removed.
 * Skin::escapeSearchLink deprecated in 1.34, has been removed, use Skin::getSearchLink instead.
 * Skin::shouldPreloadLogo deprecated in 1.32, has been removed.
 * Revision::loadFromId and RevisionStore::loadRevisionFromId have been removed.
 * OutputPage::parserOptions doesn't accept an $options parameter anymore.
 * MessageCache::getParserOptions previously did not have a visibility set. It has been made private.
 * SpecialUndelete::showDiff previously did not have a visibilty set. It hav been made private to allow a signature change.
 * The Skin no longer loads the "mediawiki.legacy.shared" or "mediawiki.legacy.commonPrint" modules. The legacy shared styles must now be loaded by the skin explicitly, either inherited via the "mediawiki.skinning.*" modules, or by making your skin's main styles module use the ResourceLoaderSkinModule class with the "legacy" attribute. See Vector and Monobook for examples.
 * Passing an ApiMain to the constructor of ApiResult is no longer supported. This was deprecated in 1.25.
 * ResourceLoaderWikiModule::invalidateModuleCache has been declared to be @internal as part of a signature change. No known uses exist outside of MediaWiki core.
 * The hook, deprecated in 1.32, was removed. Use ArticleRevisionViewCustom to control output.
 * DatabaseBlock::isValid, deprecated in 1.33, was removed.
 * HTMLUserTextField and HTMLUsersMultiselectField previously implied required=true when exists=true. Form fields that use exists=true should also set required=true if they are required.
 * In DatabaseUpdater, the following methods are no longer public: dropTable, modifyTable, modifyField, runMaintenance, copyFile, appendLine. In PostgresUpdater, the following methods are no longer public: addPgEnumValue, addPgIndex, addPgExtIndex. This change was made without deprecation due to immediate danger of data corruption and loss, see T157651. Extensions should instead use dropExtensionTable, modifyExtensionExtensionTable, modifyExtensionField, addExtensionUpdate. The addExtensionUpdate method can still be used to access any of the protected methods on DatabaseUpdater.
 * ResourceLoader no longer provides the (always-true) variables for wgEnableAPI and wgEnableWriteAPI; they were deprecated in MediaWiki 1.31 and removed from the PHP environment in MediaWiki 1.32.
 * The wfSetupSession global function, deprecated in 1.27, was removed. Use the persist method of the right MediaWiki\Session\SessionManager object instead.
 * The wfIsHHVM global function, deprecated in 1.34, was removed.
 * GenderCache::doTitlesArray no longer accepts string values in its $titles array parameter. Use Title objects (or other LinkTarget) instead.
 * Unused CommentStore::MAX_COMMENT_LENGTH has been removed.
 * User::checkTemporaryPassword and User::checkPassword, deprecated in 1.27, were removed. Use AuthManager instead.
 * All constants and class functions now have explicit visibility modifiers. This means, per Stable interface policy, that these should now be considered stable. This also helps MW align with PSR 2 and PSR 12. This was done based on audits of the corpus of skins and extensions hosted in Gerrit. If you find any that you need to be less restrictive (i.e. public or protected), please report these so that we can re-evaluate or suggest workarounds.
 * BaseTemplate::msgWiki, deprecated in 1.33, was removed. Use ->msg or ->getMsg instead.
 * QuickTemplate::msgWiki, deprecated in 1.33, was removed. Use ->msg instead.
 * WebInstaller::getErrorBox and ::getWarningBox, deprecated in 1.34, were removed. Use Html::errorBox or ::warningBox instead.
 * SpecialVersion::getExtensionCredits and SpecialVersion::getSkinCredits have become private without deprecation.
 * As part of the migration to a new hook system, the following classes now require an additional HookContainer constructor parameter:
 * AuthManager
 * BadFileLookup
 * BlockManager
 * ClassicInterwikiLookup
 * ContentHandlerFactory
 * ContentSecurityPolicy
 * DefaultOptionsManager
 * DerivedPageDataUpdater
 * FullSearchResultWidget
 * HtmlCacheUpdater
 * LanguageFactory
 * LanguageNameUtils
 * LinkRenderer
 * LinkRendererFactory
 * LocalisationCache
 * MagicWordFactory
 * MessageCache
 * NamespaceInfo
 * PageEditStash
 * PageHandlerFactory
 * PageUpdater
 * ParserFactory
 * PermissionManager
 * RevisionStore
 * RevisionStoreFactory
 * Router
 * SearchEngineConfig
 * SearchEngineFactory
 * SearchFormWidget
 * SearchNearMatcher
 * SessionBackend
 * SpecialPageFactory
 * UserNameUtils
 * UserOptionsManager
 * WatchedItemQueryService
 * WatchedItemStore
 * The following classes now require setHookContainer to be called after construction:
 * AuthenticationProvider
 * ResourceLoaderModule
 * SearchEngine
 * The parameters to ChronologyProtector::getTouched and ILBFactory::getChronologyProtectorTouched were changed without backwards compatibility.
 * The deprecated $blacklist parameter to wfIsBadImage has been removed.
 * SpecialBlock::checkUnblockSelf no longer accepts an integer representing an user ID as part of ongoing refactoring of SpecialBlock class.
 * User::setInternalPassword and User::setPassword, deprecated in 1.27, have been removed. Use User::changeAuthenticationData instead.
 * User::selectFields, deprecated in 1.31, has been removed. Use User::getQueryInfo instead.
 * The "legacy" serialization type in RESTBagOStuff, deprecated in 1.34, has been removed.
 * The populateContentModel.php maintenance script was removed. It has been replaced by the populateContentTables.php script.
 * The findHooks.php maintenance script, for the old hooks system, was removed.
 * Calling MediaWiki\Shell\Command::restrict will now overwrite any previous restrictions rather than adding to them, making it possible to disable the default restrictions.

Deprecations in 1.35

 * The PHPUnit4And6Compat class, used to provide compatibility with PHPUnit 4, is now deprecated. MediaWiki support for PHPUnit 4 ended with the removal of HHVM support.
 * LockManagerGroup::getDefault and LockManagerGroup::getAny are deprecated. They seem to be unused. Just use get directly, and catch any exception.
 * AbstractBlock::getPermissionsError and AbstractBlock::getBlockErrorParams are deprecated. Use BlockErrorFormatter::getMessage instead.
 * The IP class is deprecated. Please instead use the Wikimedia\IPUtils class from the new wikimedia/ip-utils library instead. Additionally, the RE_IP_* constants are also deprecated. RE_IP_BYTE can be replaced with a class constant on the IPUtils class, while the others will eventually be made private.
 * The following Language methods are deprecated: getFallbackFor, getFallbacksFor, getFallbacksIncludingSiteLanguage. Use the corresponding new methods on the LanguageFallback class: getFirst, getAll, and getAllIncludingSiteLanguage.
 * FileJournal::factory is deprecated. Use the constructor directly instead.
 * AbstractBlock methods setBlocker, getBlocker are deprecated and will become internal implementation of DatabaseBlock.
 * Title::countRevisionsBetween has been deprecated and moved into RevisionStore.
 * FileBackendGroup::singleton is deprecated. Use MediaWikiServices instead.
 * FileBackendGroup::destroySingleton is deprecated. Test frameworks should instead reset MediaWikiServices between test runs. (MediaWikiIntegrationTestCase does this automatically.)
 * GenderCache::singleton, deprecated in 1.28, is hard deprecated. Use MediaWikiServices::getGenderCache instead.
 * MediaWikiIntegrationTest::setContentLang has been deprecated. Use setMwGlobals( 'wgLanguageCode', 'xxx' ) to set a different site language code, or setService( 'ContentLanguage', $myObj ) to set a specific Language object. Service resets and will be handled automatically.
 * MediaWikiIntegrationTest::assertType has been deprecated, as part of the work to move to PHPUnit 8; PHPUnit's assertInternalType was deprecated, and will be removed in PHPUnit 9. MediaWikiIntegrationTest::assertTypeOrValue, a wrapper for assertType, has been removed immediately, without deprecation.
 * AbstractBlock::getReason is deprecated, since reasons are actually stored as CommentStoreComments, and getReason returns a string with no caller control over language or formatting. Instead use AbstractBlock::getReasonComment, which returns the CommentStoreComment.
 * The global function wfGetRusage is deprecated and will now always call the getrusage function without checking for its existence.
 * The properties User::mBlock, User::mBlockedby and User::mHideName are deprecated. Instead, use User::getBlock to get the block, then use AbstractBlock::getByName or AbstractBlock::getHideName.Use the  hook to set, unset or modify a block, including hiding or unhiding a user.
 * Directly calling the MergeHistory constructor is deprecated. Instead, use the new MergeHistoryFactory class.
 * Language::factory and Language::getParentLanguage are deprecated, and so is directly calling the Language constructor. Use the new LanguageFactory class instead.
 * Language::classFromCode is deprecated. There is no reason it should be used outside the Language class itself.
 * Language::clearCaches is deprecated. Instead, reset all services and set Language::$mLangObjCache = [].
 * The following functions from Language class are deprecated in favour of respective functions in LanguageConverter:
 * autoConvert
 * autoConvertToAllVariants
 * convert
 * convertTitle
 * convertNamespace
 * hasVariants
 * hasVariant
 * convertHtml
 * convertCategoryKey
 * getVariants
 * getPreferredVariant
 * getURLVariant
 * findVariantLink
 * getExtraHashOptions
 * updateConversionTable
 * Language::classFromCode is hard deprecated and should be removed in 1.36
 * Language::getConverter is deprecated and should be removed in 1.36
 * Language::MESSAGES_FALLBACKS, Language::STRICT_FALLBACKS were deprecated. Use LanguageFallback::MESSAGES and LanguageFallback::STRICT respectively
 * Language::$mLangObjCache is deprecated and should be removed in 1.36. Use MediaWikiServices instead to get a LanguageFactory.
 * Language::getMessagesFor, getMessageFor, and getMessageKeysFor are deprecated. Use LocalisationCache's getItem, getSubitem, and getSubitemList methods directly.
 * OutputPage::getCSPNonce is deprecated, use OutputPage::getCSP->getNonce instead.
 * DerivedPageDataUpdater::prepareUpdate accepted as its second parameter an optional array of options. Specifying the value of the `oldrevision` key of the array to be a Revision object, rather than a RevisionRecord object, is hard deprecated. The same applies to the options parameter in WikiPage::doEditUpdates.
 * Skin::makeI18nUrl and makeNSUrl have been deprecated, no longer used.
 * Title::countAuthorsBetween and Title::getAuthorsBetween were hard deprecated. Use respective methods in RevisionStore instead.
 * Remove deprecated SkinCopyrightFooter &$forContent parameter
 * The following Language class static variables have been replaced with constants and deprecated: $mWeekdayMsgs, $mWeekdayAbbrevMsgs, $mMonthMsgs, $mMonthGenMsgs, $mMonthAbbrevMsgs, $mIranianCalendarMonthMsgs, $mHebrewCalendarMonthMsgs, $mHebrewCalendarMonthGenMsgs, $mHijriCalendarMonthMsgs and $durationIntervals.
 * As part of dropping security support for IE 6 and IE 7, WebRequest::checkUrlExtension has been deprecated, and now always returns true.
 * The following ApiBase::PARAM_* constants have been deprecated in favor of equivalent ParamValidator constants: PARAM_DFLT, PARAM_ISMULTI, PARAM_TYPE, PARAM_MAX, PARAM_MAX2, PARAM_MIN, PARAM_ALLOW_DUPLICATES, PARAM_DEPRECATED, PARAM_REQUIRED, PARAM_SUBMODULE_MAP, PARAM_SUBMODULE_PARAM_PREFIX, PARAM_ALL, PARAM_EXTRA_NAMESPACES, PARAM_SENSITIVE, PARAM_DEPRECATED_VALUES, PARAM_ISMULTI_LIMIT1, PARAM_ISMULTI_LIMIT2, PARAM_MAX_BYTES, PARAM_MAX_CHARS.
 * ApiBase::explodeMultiValue is deprecated. Use ParamValidator::explodeMultiValue instead.
 * ApiBase::parseMultiValue is deprecated. No replacement is provided; generally this sort of thing should be handled by fully validating the parameter.
 * ApiBase::validateLimit and ApiBase::validateTimestamp are deprecated. Use ApiParamValidator::validateValue with an appropriate settings array instead.
 * ContentHandler (use ContentHandlerFactory):
 * getForTitle
 * getForContent
 * getForModelID
 * getContentModels
 * getAllContentFormats
 * protected $handler (not need anymore)
 * cleanupHandlersCache (not need anymore)
 * The global is deprecated; instead, use MW_VERSION.
 * is deprecated, use MediaWikiServices::getLocalServerObjectCache instead.
 * ObjectCache::detectLocalServerCache is deprecated, instead use MediaWikiServices::getLocalServerObjectCache or ObjectCache::makeLocalServerCache.
 * ImagePage::getImageLimitsFromOptions is deprecated. Use static function MediaFileTrait::getImageLimitsFromOptions instead.
 * As part of work to replace the Parser, alongside the breaking changes listed above, a large number of deprecations changes been made, to simplify the API or because they will not be supported in replacement:
 * Parser::doBlockLevels (and BlockLevelPass class has been marked @internal)
 * Parser::setFunctionTagHook
 * Parser::attributeStripCallback
 * Parser::fetchTemplate - use Parser::fetchTemplateAndTitle instead.
 * Parser::enableOOUI - use $parser->getOutput->enableOOUI instead.
 * LinkHolderArray has been deprecated for public usage and will be internal part of parser.
 * The following parser-related hooks have been deprecated:
 * Use an alternative hook which doesn't expose internal half-parsed state, like or
 * Use
 * No replacement; tag wrapping will be done by core in future.
 * No replacement; MediaHandler provides for customizable media rendering
 * Use ParserAfterTidy instead to avoid exposing internal half-parsed state
 * No replacement; stripping is no longer supported.
 * No replacement; stripping is no longer supported.
 * The accessor/mutator methods Parser::Options, Parser::OutputType, and Parser::Title have been deprecated; use the appropriate Parser::get* or Parser::set* methods instead.
 * Parser::firstCallInit has been deprecated. The parser is initialized fully on construction and so ::firstCallInit no longer has any effect when manually invoked.
 * ParserOptions::setAllowExternalImages, ::setAllowExternalImagesFrom, and ::setEnableImageWhitelist have been deprecated. Future parsers will not allow per-parser configuration of image filtering; use site configuration instead.
 * ParserOptions::getTidy and ParserOptions::setTidy have been deprecated. These options no longer have any effect.
 * Most methods of MWTidy, except for MWTidy::tidy, have been deprecated; tidiness is always enabled and not configurable.
 * Version 1 of the parserTests file format has been deprecated. You'll need to update your parser tests to version 2, which uses Remex tidy on all test output by default. Support for parser tests with Remex tidy off will later be removed entirely.
 * — This global variable, soft deprecated in 1.32, has now been hard deprecated. Use MediaWikiServices::getInstance->getParser instead.
 * The signature of DefaultPreferencesFactory::__construct has been changed:
 * LanguageConverter $languageConverter has been added.
 * and its usage with old arguments is hard deprecated.
 * The public usage of the following properties of LanguageConverter have beendeprecated as there is no reason they should be used outside the LanguageConverter class and will be changed from public to private:
 * mLangObj
 * mUcfirst
 * mConvRuleTitle
 * mURLVariant
 * mUserVariant
 * mHeaderVariant
 * mMaxDepth
 * mVarSeparatorPattern
 * changed from public to protected:
 * mTables
 * The hook has been deprecated. Please use the  hook or similar instead.
 * The hook has been deprecated. Please use the  hook or similar instead.
 * The and  hooks have been hard deprecated. Please use the  hook instead.
 * ResourceLoaderFileModule::compileLessFile has been deprecated, use ResourceLoaderFileModule::compileLessString instead
 * The SquidPurgeClient and SquidPurgeClientPool classes have been deprecated. Use MultiHttpClient or HtmlCacheUpdater instead.
 * MimeAnalyzer::getExtensionsForType and ::getTypesForExtensions were deprecated in favor of MimeAnalyzer::getExtensionsFromMimeType and ::getMimeTypesFromExtension, respectively. The new methods return arrays rather than strings.
 * Calling Action::factory and Action constructor with WikiPage has been hard deprecated. Caller must provide an Article instance.
 * ApiTestCase::doLogin, soft deprecated in 1.31, was hard deprecated.
 * WebRequest::getLimitOffset is hard deprecated. Instead, use ::getLimitOffsetForUser and pass a User object.
 * PageArchive::getPreviousRevision is hard deprecated. Instead, use the new::getPreviousRevisionRecord method.
 * PageArchive::getArchivedRevision is hard deprecated. Instead, use the new ::getArchivedRevisionRecord method.
 * PageArchive::undelete is hard deprecated. Instead, use ::undeleteAsUser and pass a User object.
 * PageArchive::getRevision is hard deprecated.
 * EditPage::getBaseRevision was hard deprecated. Instead, use the new ::getExpectedParentRevision method.
 * The public variable EditPage::$mBaseRevision was hard deprecated.
 * FileDeleteForm previously did not accept a user parameter in its constructor, instead relying on the global . A user parameter has been added, and //not// providing a user is deprecated. There are no known callers outside of mediawiki core.
 * AuthManager::singleton has been deprecated. Use MediaWikiServices::getInstance->getAuthManager instead.
 * ContribsPager::tryToCreateValidRevision is hard deprecated. Instead, use ContribsPager::tryCreatingRevisionRecord.
 * The following functions all accept an optional user parameter. Not passing a user is hard deprecated, and support for calling them without passing a user will be removed in 1.36:
 * Title::getNotificationTimestamp (note however that the method is deprecated in its entirely in favor of the new WatchlistNotificationManager service)
 * PatrolLog::record
 * LogEventsList::userCan
 * LogEventsList::userCanBitfield
 * LogEventsList::userCanViewLogType
 * LogPage::addEntry
 * FileDeleteForm::doDelete
 * OldLocalFile::userCan
 * ArchivedFile::userCan
 * File::userCan
 * The following functions all accept an optional audience parameter and an optional user parameter. If the audience is FOR_THIS_USER and no user is passed, they fallback to . Not passing a user when one is needed is deprecated
 * LogEventsList::getExcludeClause
 * WikiPage::getComment
 * WikiPage::getCreator
 * WikiPage::getUser
 * WikiPage::getUserText
 * UploadBase::checkWarnings now accepts a User parameter; not providing a user is soft deprecated.
 * Article::insertProtectNullRevision and WikiPage::insertProtectNullRevision were hard deprecated. Instead, use WikiPage::insertNullProtectionRevision.
 * Article::doDeleteArticle, Article::doDeleteArticleReal, and WikiPage::doDeleteArticle are all deprecated. Instead, use WikiPage::doDeleteArticleReal.
 * Article::getComment is deprecated. Instead, use WikiPage::getComment.
 * Article::getCreator is deprecated. Instead, use WikiPage::getCreator.
 * Article::updateRevisionOn and ::updateIfNewerOn, and WikiPage::updateIfNewerOn are deprecated. Instead, use WikiPage::updateRevisionOn.
 * Article::getUser is deprecated. Instead, use WikiPage::getUser.
 * Article::getUserText is deprecated. Instead, use WikiPage::getUserText.
 * Article::prepareContentForEdit is hard deprecated. Instead, use WikiPage::prepareContentForEdit.
 * WikiPage::prepareContentForEdit previously accepted either a Revision or a RevisionRecord object as its optional second parameter. Passing a Revision is now hard deprecated.
 * Article::getUndoContent and WikiPage::getUndoContent are hard deprecated. Instead, use ContentHandler::getUndoContent.
 * Passing Revision objects to ContentHandler::getUndoContent is hard deprecated. Instead, pass the associated Content objects, as well as whether the undo is from the current revision.
 * Article::doDeleteUpdates and ::doEditUpdates are deprecated. Instead, use WikiPage::doDeleteUpdates and ::doEditUpdates.
 * WikiPage::doEditUpdates previously accepted a Revision object as its first parameter. It now accepts RevisionRecord objects, and passing Revision objects is deprecated.
 * Article::getRevisionFetched is deprecated. Instead, use the fetchRevisionRecord method, which has been converted from protected to public.
 * LocalFileDeleteBatch was migrated to a new constructor signature with the user as the second parameter. Support for the old signature is hard deprecated, and once removed the user parameter will be required. At the same time, a number of file-deletion related methods were updated
 * File::delete is hard deprecated in favor of the new ::deleteFile
 * LocalFile::delete is hard deprecated in favor of the new ::deleteFile
 * LocalFile::deleteOld is hard deprecated in favor of the new ::deleteOldFile
 * ForeignDBFile::delete is hard deprecated in favor of the new ::deleteFile
 * File::recordUpload (along with the respective methods in the LocalFile and ForeignDBFile classes) is hard deprecated, and LocalFile::recordUpload2 is soft deprecated. Use the new LocalFile::recordUpload3, which has a different signature and requires that a User parameter is passed.
 * The SpecialPageFactory class was moved from the MediaWiki\Special namespace to the MediaWiki\SpecialPage namespace. The old location remains as a deprecated alias.
 * Title::userCan, ::quickUserCan, and ::getUserPermissionsErrors, which were deprecated in 1.33, were hard deprecated. Instead, use PermissionManager::userCan, ::quickUserCan, and ::getPermissionErrors.
 * All methods of the old SpecialPageFactory, deprecated in 1.32, were hard deprecated. Instead, get a SpecialPageFactory from MediaWikiServices and use its methods.
 * User::updateNewtalk now accepts as its optional third parameter a RevisionRecord object; passing a Revision is hard deprecated.
 * User::getNewMessageRevisionId and ::getNewMessageLinks were hard deprecated.
 * DifferenceEngine::getRevisionHeader now accepts a RevisionRecord as its first parameter; passing a Revision is hard deprecated.
 * WikiPage::doDeleteUpdates now accepts as its optional third parameter a RevisionRecord object; passing a Revision is hard deprecated.
 * WikiPage::onArticleEdit now accepts as its optional second parameter a RevisionRecord object; passing a Revision is hard deprecated.
 * Global variable was soft deprecated.
 * The Revision class was soft deprecated entirely in 1.31. All methods have now been individually hard deprecated:
 * ::__construct - create MutableRevisionRecord objects instead
 * ::newFromId - use RevisionLookup::getRevisionById instead
 * ::newFromTitle - use RevisionLookup::getRevisionByTitle instead
 * ::newFromPageId - use RevisionStore::getRevisionByPageId instead
 * ::newFromArchiveRow - use RevisionFactory::newRevisionFromArchiveRow
 * ::newFromRow - use RevisionStore::newRevisionFromRow instead
 * ::loadFromPageId - use RevisionStore::getRevisionByPageId instead
 * ::loadFromTitle - use RevisionStore::getRevisionByTitle instead
 * ::loadFromTimestamp - use RevisionStore::getRevisionByTimestamp instead
 * ::getQueryInfo - use RevisionStore::getQueryInfo instead
 * ::getArchiveQueryInfo - use RevisionStore::getArchiveQueryInfo instead
 * ::getParentLengths - use RevisionStore::getRevisionSizes instead
 * ::getRevisionRecord - no replacement
 * ::getId - use RevisionRecord::getId instead
 * ::setId - use MutableRevisionRecord::setId instead
 * ::setUserIdAndName - use MutableRevisionRecord::setUser instead
 * ::getTextId - use SlotRecord::getContentAddress for retrieving an actual content address, or RevisionRecord::hasSameContent to compare content
 * ::getParentId - use RevisionRecord::getParentId instead
 * ::getSize - use RevisionRecord::getSize instead
 * ::getSha1 - use RevisionRecord::getSha1 instead
 * ::getTitle - use RevisionRecord::getPageAsLinkTarget instead
 * ::setTitle - the method was previously a no-op
 * ::getPage - use RevisionRecord::getPageId instead
 * ::getUser - use RevisionRecord::getUser and then User::getId instead
 * ::getUserText - use RevisionRecord::getUser and then User::getName instead
 * ::getComment - use RevisionRecord::getComment instead
 * ::isMinor - use RevisionRecord::isMinor instead
 * ::isUnpatrolled - use RevisionStore::getRcIdIfUnpatrolled instead
 * ::getRecentChange - use RevisionStore::getRecentChange instead
 * ::isDeleted - use RevisionRecord::isDeleted instead
 * ::getVisibility - use RevisionRecord::getVisibility instead
 * ::getContent - use RevisionRecord::getContent instead
 * ::getSerializedData - use SlotRecord::getContent for retrieving a content object, and Content::serialize for the serialized form
 * ::getContentModel - use SlotRecord::getModel instead
 * ::getContentFormat - use SlotRecord::getFormat instead, with a fallback to ContentHandler::getDefaultFormat
 * ::getContentHandler - use ContentHandlerFactory::getContentHandler instead
 * ::getTimestamp - use RevisionRecord::getTimestamp instead
 * ::isCurrent - use RevisionRecord::isCurrent instead
 * ::getPrevious - use RevisionLookup::getPreviousRevision instead
 * ::getNext - use RevisionLookup::getNextRevision instead
 * ::getRevisionText - use RevisionRecord::getContent instead
 * ::compressRevisionText - use SqlBlobStore::compressData instead
 * ::decompressRevisionText - use SqlBlobStore::decompressData instead
 * ::insertOn - use RevisionStore::insertRevisionOn instead
 * ::base36Sha1 - use SlotRecord::base36Sha1 instead
 * ::newNullRevision - use RevisionStore::newNullRevision
 * ::userCan - use RevisionRecord::userCanBitfield instead
 * ::userCanBitfield - use RevisionRecord::userCanBitfield instead
 * ::getTimestampFromId - use RevisionStore::getTimestampFromId instead
 * ::countByPageId - use RevisionStore::countRevisionsByPageId instead
 * ::countByTitle - use RevisionStore::countRevisionsByTitle instead
 * ::userWasLastToEdit - use RevisionStore::userWasLastToEdit instead
 * ::newKnownCurrent - use RevisionStore::getKnownCurrentRevision instead
 * The Revision method had a few methods that were previously protected and have been made private. They were:
 * ::getRevisionStore
 * ::getRevisionLookup
 * ::getRevisionFactory
 * ::getBlobStore
 * The $mRecord variable was also changed from protected to private.
 * Multiple hooks that include Revision objects were deprecated. The hooks, as well as suitable replacements, are noted below:
 * (hard deprecated, use the hook)
 * (hard deprecated, use the hook)
 * (hard deprecated, use the hook)
 * (hard deprecated, use the hook)
 * (hard deprecated, use the hook)
 * (hard deprecated, use the hook).
 * (hard deprecated, use the hook)
 * (hard deprecated, use the hook)
 * (soft deprecated in 1.31, now hard deprecated)
 * (hard deprecated, use the hook)
 * (hard deprecated, use the hook)
 * (hard deprecated)
 * The following RevisionStore methods were deprecated:
 * ::loadRevisionFromTitle
 * ::loadRevisionFromTimestamp
 * ::loadRevisionFromPageId
 * ::listRevisionSizes
 * WikiPage::$mLastRevision was changed from protected to private.
 * RecentChange::markPatrolled was deprecated. Use ::doMarkPatrolled instead.
 * The JobRunner class has been converted to a service class. Direct construction is deprecated, use MediaWikiServices::getJobRunner.
 * JobRunner::setLogger has been deprecated, thus using JobRunner as a LoggerAwareInterface is deprecated as well. Rely on the logger passed in the constructor instead.
 * LogEventsList::typeAction accepts an optional right to check against as the fourth parameter. Specifying such a right is deprecated.
 * SkinTemplate::makeArticleUrlDetails has been deprecated, no longer used.
 * Passing a Revision object into CategoryMembershipChange constructor is deprecated. Pass a RevisionRecord instead.
 * The "mediawiki.legacy.oldshared" module has been deprecated. Skins and extensions that are using this should copy its necessary CSS rules to their own styles module. CologneBlue and Nostalgia skins serve as examples.
 * The "mediawiki.legacy.shared" module has been deprecated. Use the "mediawiki.skinning.*" modules, or ResourceLoaderSkinModule instead.
 * The following hooks, soft deprecated in 1.24, have been hard deprecated:
 * Calling Action::factory and Action constructor with any Page implementations other than Article is deprecated.
 * Action::page property is deprecated for direct access. Use Action::getArticle or Action::getWikiPage instead.
 * LESS `.background-image-svg` mixin from 'mediawiki.mixins.less' is deprecated and should be removed in 1.36.
 * LESS `.background-image-svg-quick` mixin from 'mediawiki.mixins.less' is deprecated and should be removed in 1.36.
 * The following methods were deprecated:
 * Title::getFirstRevision (hard deprecated)
 * Title::getEarliestRevTime
 * WikiPage::getOldestRevision (hard deprecated)
 * Article::getOldestRevision (hard deprecated)
 * Use RevisionStore::getFirstRevision instead.
 * WikiPage::commitRollback and ::doRollback are declared to be internal in preparation for breaking changes. Neither method has any known callers outside of MediaWiki core. Both methods modify an array passed by reference ($resultDetails) - accessing the Revision objects added to that array (using the keys `current` and `target`) is also deprecated.
 * The following Linker methods previously accepted Revision objects as parameters. They now accept either Revision or RevisionRecord objects. Passing a Revision object is hard deprecated.
 * ::revUserLink
 * ::revUserTools
 * ::revComment
 * ::generateRollback
 * ::getRollbackEditCount
 * ::buildRollbackLink
 * ::getRevDeleteLink
 * WikiPage::hasDifferencesOutsideMainSlot previously accepted Revision objects for its two parameters. It now accepts RevisionRecord objects, and passing Revision objects is hard deprecated.
 * WikiPage::updateRevisionOn previously accepted Revision objects for its second parameter. It now accepts RevisionRecord objects, and passing Revision objects is hard deprecated.
 * The hook has been deprecated.
 * When using the hook, the following unusual uses have been deprecated: modifying the passed $magicWordId or failing to cache the returned value in $variableCache.  The related  hook has been deprecated and renamed; use the  hook instead.
 * The following Parser properties have been deprecated:
 * ::$mTagHooks
 * ::$mFunctionHooks
 * ::$mMarkerIndex
 * ::$mFirstCall
 * ::$mPreprocessor
 * ::$mOutput
 * ::$mStripState
 * ::$mLinkID
 * ::$mIncludeSizes
 * ::$mPPNodeCount
 * ::$mGeneratedPPNodeCount
 * ::$mHighestExpansionDepth
 * ::$mDoubleUnderscores
 * ::$mExpensiveFunctionCount
 * ::$mShowToc
 * ::$mUser
 * ::$mOptions
 * ::$mTitle
 * ::$ot
 * ::$mRevisionObject
 * ::$mRevisionId
 * ::$mRevisionTimestamp
 * ::$mRevisionUser
 * ::$mRevisionSize
 * ::$mInputSize
 * ::$mInParse
 * LinksUpdate::getRevision and ::setRevision are hard deprecated in favor of the new ::getRevisionRecord and ::setRevisionRecord methods.
 * A large number of exposed variables and methods of Article were deprecated as part of its planned removal:
 * Article::$mContext is deprecated; use getContext/setContext instead.
 * Article::__get, ::__set are hard deprecated, use the WikiPage properties instead.
 * These Article methods were hard deprecated; use their WikiPage equivalents:
 * ::checkFlags,
 * ::checkTouched,
 * ::clearPreparedEdit,
 * ::commitRollback,
 * ::doDeleteArticleReal,
 * ::doEditContent,
 * ::doPurge,
 * ::doRollback,
 * ::doUpdateRestrictions,
 * ::doViewUpdates,
 * ::exists,
 * ::followRedirect,
 * ::getContentHandler,
 * ::getContentModel,
 * ::getContributors,
 * ::getDeletionUpdates,
 * ::getHiddenCategories,
 * ::getId,
 * ::getLatest,
 * ::getLinksTimestamp,
 * ::getMinorEdit,
 * ::getRedirectTarget,
 * ::getRedirectURL,
 * ::getTimestamp,
 * ::getTouched,
 * ::hasViewableContent,
 * ::insertOn,
 * ::insertRedirect,
 * ::insertRedirectEntry,
 * ::isCountable,
 * ::isRedirect,
 * ::loadFromRow,
 * ::loadPageData,
 * ::lockAndGetLatest,
 * ::makeParserOptions,
 * ::pageDataFromId,
 * ::pageDataFromTitle,
 * ::prepareContentForEdit,
 * ::protectDescription,
 * ::protectDescriptionLog,
 * ::replaceSectionAtRev,
 * ::setTimestamp,
 * ::shouldCheckParserCache,
 * ::supportsSections,
 * ::triggerOpportunisticLinksUpdate,
 * ::updateCategoryCounts, and
 * ::updateRedirectOn.
 * Article::generateReason was hard deprecated; instead, please use WikiPage::getAutoDeleteReason.
 * Article::replaceSectionContent was hard deprecated, use Article::replaceSectionAtRev instead.
 * Article::getRevision and WikiPage::getRevision were hard deprecated in favor of the new WikiPage::getRevisionRecord method.
 * A new UserNameUtils service was introduced. The following User methodswere deprecated in favor of using the new service:
 * isIP
 * isIPRange
 * isValidUserName
 * isUsableName
 * isCreatableName
 * getCanonicalName
 * The signature of WikiPage::doDeleteArticleReal was changed to make the user the second parameter, and the suppression option the third parameter. Previously, the third parameter was unused. Using the old signature is hard deprecated.
 * ApiQueryRevisions::getRollbackToken, which has been soft deprecated since 1.24, accepted as its third parameter a Revision object. It now accepts a RevisionRecord, and passing a Revision is hard deprecated.
 * Passing Article to ParserCache::get was deprecated
 * ParserOptions::newCanonical with no first parameter, or null as the first parameter, which falls back to using global, is hard deprecated.
 * Parser::fetchCurrentRevisionOfTitle, ::statelessFetchRevision, and ::getRevisionObject were hard deprecated in favor of the new ::fetchCurrentRevisionRecordOfTitle, ::statelessFetchRevisionRecord, and ::getRevisionRecordObject methods respectively.
 * ParserOptions::getCurrentRevisionCallback and ::setCurrentRevisionCallback were hard deprecated in favor of the new ::getCurrentRevisionRecordCallback and ::setCurrentRevisionRecordCallback methods respectively.
 * Parser::statelessFetchTemplate returns an array; accessing the Revision object returned (via the `revision` key to the array) is deprecated. Instead, use `revision-record` to retrieve the equivalent RevisionRecord.
 * WikiPage::doEditContent returns an array, and PageUpdater::getStatus returns a Status object with an array value. For both of those arrays, accessing the Revision object returned (via the `revision` key to the array) is deprecated. Instead, use `revision-record` to retrieve the equivalent RevisionRecord.
 * Page interface was deprecated. Use Article or WikiPage instead.
 * The following DatabaseBlock methods are deprecated because they are no longer needed in core: chooseBlock, fromMaster, deleteIfExpired.
 * wfGetScriptUrl was deprecated. The script URL should be configured rather than detected. wfScript can be used to get a configured script URL.
 * Action::factory with null $action argument is hard deprecated
 * The following methods of the User class were deprecated: getDefaultOptions, getDefaultOption, getOptions, getOption, getBoolOption, getIntOption, setOption, listOptionKinds, getOptionKinds, resetOptions. Use corresponding methods in UserOptionsLookup or UserOptionsManager service classes instead.
 * hook was deprecated without replacement.
 * User::getNewtalk and ::setNewtalk were hard deprecated. Use service TalkPageNotificationManager instead.
 * EditPage::matchSpamRegex and ::matchSummarySpamRegex were hard deprecated in favor of the new SpamChecker service.
 * Title::getNotificationTimestamp, User::clearNotification, and User::clearAllNotifications were deprecated in favor of the new WatchlistNotificationManager service.
 * SpecialPage::setListed and SpecialPage::listed were deprecated. Subclass UnlistedSpecialPage to set listed as false, and use SpecialPage::isListed to get the value.
 * CategoryPage::getCategoryViewerClass and ::setCategoryViewerClass were deprecated.
 * MWHttpRequest and its subclasses PhpHttpRequest, CurlHttpRequest and GuzzleHttpRequest now require the timeout and connectTimeout options to always be specified, otherwise a deprecation warning will be raised. Most callers should use HttpRequestFactory which always sets these options.
 * Linker::normaliseSpecialPage has been deprecated, instead make use of LinkRenderer::normalizeTarget.
 * SkinTemplate::getPersonalToolsList was soft deprecated.
 * ChangeTags::truncateTagDescription has been deprecated.
 * The following methods of the User class are deprecated: getGroups, getGroupMemberships, getEffectiveGroups, getAutomaticGroups, addGroup, removeGroup, getFormerGroups, getAllGroups, getImplicitGroups, addAutopromoteOnceGroups. Use the new UserGroupManager service instead.
 * The following methods of the UserGroupMembership class were deprecated: selectFields, getMembershipsForUser, getMembership, insert, delete, newFromRow, initFromRow, purgeExpired. Use the new UserGroupManager service instead.
 * wfWaitForSlaves has been hard deprecated. Use LBFactory::waitForReplication instead. It was soft deprecated in 1.27.
 * BaseTemplate::getAfterPortlet and ::renderAfterPortlet have been deprecated in favor of the Skin::getAfterPortlet method. Skin::getAfterPortlet does not wrap the result in a div, callers are responsible for that. The hook, called by both methods has been deprecated as well and is replaced by SkinAfterPortlet.
 * Autopromote class has been soft deprecated and it's methods moved into UserGroupManager.
 * hook has been deprecated. Use hook and get the revision id from the OutputPage object.
 * BaseTemplate::getToolbox method has been soft deprecated. The toolbox data is now available in a sidebar data array which you can get from any class that's extending QuickTemplate class. The hook associated with this method, BaseTemplateToolbox, has been hard deprecated. To add items to the toolbox, use hook instead.
 * The hook is deprecated. The page mw:Manual:Hooks/SkinTemplateOutputPageBeforeExec and T60137 for recommendations for alternative approaches based on how developers previously used this hook.
 * hook has been deprecated. Use hook instead.
 * Using Skin::addToBodyAttributes method to add body attributes has been deprecated. Use hook instead.
 * Installer::getDBTypes has been hard deprecated in favor of InstallerDBSupport::getDatabases
 * The hooks, and  were deprecated, as part of a long-term plan to remove support for mixed HTTP/HTTPS wikis.
 * Skin::generateDebugHTML has been hard deprecated. Call MWDebug::getHTMLDebugLog directly.
 * ExternalStoreDB::getSlave, soft deprecated in 1.34, was hard deprecated. Use ExternalStoreDB::getReplica instead.
 * Less variables in mediawiki.ui/variables.less file that don't follow the standard variable naming scheme (compare WikimediaUI Base) including `@colorGray* variables have been deprecated. New variables are in place and aliases have been set. Replace occurrences and use the new variables instead.
 * BaseTemplate::getAfterPortlet and ::renderAfterPortlet have been deprecated in favor of the Skin::getAfterPortlet method. Skin::getAfterPortlet does not wrap the result in a div, callers are responsible for that. The hook, called by both methods has been deprecated as well and is replaced by SkinAfterPortlet.
 * Autopromote class has been soft deprecated and it's methods moved into UserGroupManager.
 * hook has been deprecated. Use hook and get the revision id from the OutputPage object.
 * BaseTemplate::getToolbox method has been soft deprecated. The toolbox data is now available in a sidebar data array which you can get from any class that's extending QuickTemplate class. The hook associated with this method, BaseTemplateToolbox, has been hard deprecated. To add items to the toolbox, use hook instead.
 * The hook is deprecated. The page mw:Manual:Hooks/SkinTemplateOutputPageBeforeExec and T60137 for recommendations for alternative approaches based on how developers previously used this hook.
 * hook has been deprecated. Use hook instead.
 * Using Skin::addToBodyAttributes method to add body attributes has been deprecated. Use hook instead.
 * Installer::getDBTypes has been hard deprecated in favor of InstallerDBSupport::getDatabases
 * The hooks, and  were deprecated, as part of a long-term plan to remove support for mixed HTTP/HTTPS wikis.
 * Skin::generateDebugHTML has been hard deprecated. Call MWDebug::getHTMLDebugLog directly.
 * ExternalStoreDB::getSlave, soft deprecated in 1.34, was hard deprecated. Use ExternalStoreDB::getReplica instead.
 * Less variables in mediawiki.ui/variables.less file that don't follow the standard variable naming scheme (compare WikimediaUI Base) including `@colorGray* variables have been deprecated. New variables are in place and aliases have been set. Replace occurrences and use the new variables instead.

Other changes in 1.35

 * A new maintenance script is added (purgeExpiredWatchlistItems.php) with which to delete expired watchlist items. These items will also be deleted during wiki editing if is > 0. This maintenance script only has effect if  is true. It is recommended that a cronjob or similar be set up to run it at least daily.
 * Title::purgeSquid is deprecated. Use MediaWikiServices::getHtmlCacheUpdater.
 * SpecialVersion::getExtLicenseFileName has been deprecated, use MediaWiki\ExtensionInfo::getLicenseFileNames instead.
 * SpecialVersion::getExtAuthorsFileName has been deprecated, use MediaWiki\ExtensionInfo::getAuthorsFileName instead.
 * Migration to the new content storage schema is complete, all backwards compatibility code and duplication in the database have been removed. The old schema was a 1:1 relationship modeled by revision.text_id -> text.old_id. The new schema is a n:m relationship, revision.rev_id <- slots.slot_revision_id|slots.slot_content_id -> content.content_id|content.content_address -> text.old_id. The same applies to the archive table.
 * The following fields were removed:
 * revision.rev_text_id, replaced by content.content_address
 * revision.rev_content_model, replaced by content.content_model, referencing content_models.model_id
 * revision.rev_content_format, replaced by automatic detecting in ContentHandler
 * archive.ar_text_id, replaced by content.content_address
 * archive.ar_content_model, replaced by content.content_model, referencing content_models.model_id
 * archive.ar_content_format, replaced by automatic detecting in ContentHandler
 * Migration to normalized storage of edit comments and user names is progressing. The following fields were unused and have been removed:
 * revision.rev_comment, replaced by rev_comment_id referencing comment.comment_id.
 * revision.rev_user and rev_user_text, replaced by rev_actor referencing actor.actor_id.
 * Note that archive.ar_user, archive.ar_user_text, and archive.ar_comment had already been removed in previous releases.
 * The printableversion has been marked as deprecated per T167956.
 * (T30162, T245387) The installer supports using a Postgres server running on a custom port other than 5432.

Compatibility
MediaWiki 1.35 requires PHP 7.3.19 or later, and the following PHP extensions:


 * ctype
 * dom
 * fileinfo
 * iconv
 * json
 * mbstring
 * xml

MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used, but support for them is somewhat less mature.

The supported versions are:


 * MySQL 5.5.8 or later
 * PostgreSQL 9.2 or later
 * SQLite 3.8.0 or later

Online documentation
Documentation for both end-users and site administrators is available on MediaWiki.org, and is covered under the GNU Free Documentation License (except for pages that explicitly state that their contents are in the public domain): https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation

Mailing list

 * A mailing list is available for MediaWiki user support and discussion: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
 * A low-traffic announcements-only list is also available: https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce

It's highly recommended that you sign up for one of these lists if you're going to run a public MediaWiki, so you can be notified of security fixes.

IRC help
There's usually someone online in the IRC channel.