This page contains release notes for an unsupported version of MediaWiki.
This is a security and maintenance release of the MediaWiki 1.36 branch.
Changes since MediaWiki 1.36.3
- (T298261) Fix support for Composer 2.2.
- (T298283) composer.json: Add wikimedia/composer-merge-plugin to allow-plugins.
- Update doctrine/dbal (3.0.0 => 3.1.5).
- (T296898) Add entry point name to disabled Session exception if possible.
- (T298564) MemcachedClient: Add support for IPv6.
- (T297543, CVE-2022-28202) SECURITY: properly escape output used within galleries and Special:RevisionDelete.
- (T268847) Suppress deprecation warnings from libxml_disable_entity_loader().
- (T283275) Fix PHP 8.0 failure of WikiExporterFactoryTest.
- Fix the json schema and the extension processor for Parsoid extension modules.
- (T299696) update.php: Avoid passing null to substr.
- In PHP 8.1 don't throw exceptions from mysqli.
- (T289926) SiteConfiguration: Don't pass null to str_replace().
- (T264735) Fix deprecation warning from CURLPIPE_HTTP1.
- (T260735) Stop using is_resource() where possible.
- (T289879) Apply ReturnTypeWillChange to various implementations of built in interfaces.
- (T299312) Implement __serialize/__unserialize for PHP 8.1 support.
- ExtensionRegistry: Add process cache for lazy attributes.
- (T301041) ApiPageSet: Add "missing": true to missing revisions.
- Allow ParsoidModules extension schema to register services.
- (T297708) Allow setting max execution time to several special pages.
- (T302540) composer.json: Add ext-calendar to require.
- (T302540) composer.json: Add ext-simplexml to require-dev.
- (T302540) composer.json: Add various PHP extensions to suggests.
- Upgrading symfony/polyfill-php80 (v1.23.1 => v1.25.0).
- (T304008) Don't re-check "Move subpages" on Special:MovePage after a warning.
- (T293576) listFiles: Display file name instead of version.
- (T303871) Fix @since of Title::getId().
- (T303560) Installer: Check correct PCRE_CONFIG_NEWLINE value.
- wrapOldPasswords: add \n to two output calls.
- (T297571, CVE-2022-28201) Title::newMainPage() goes into an infinite recursion loop if it points to a local interwiki.
- (T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with many file uploads with actor as a condition can result in a DoS.
This is a security and maintenance release of the MediaWiki 1.36 branch.
Changes since MediaWiki 1.36.2
- (T280363) mediawiki.page.ready: Introduce wikipage.indicators hook.
- (T290697) Add symfony/polyfill-php80.
- IcuCollation: Add some more icu to unicode version mappings.
- ApiBase: Annotate deprecated constants individually.
- PHPVersionCheck: Mark PHP 7.4.0 - 7.4.2 as buggy.
- (T293044) installer: Fix 5th param to sourceFile() in DatabaseUpdater.
- (T291127) Always encode spaces in cookie values as "%20".
- Use LocalFile::getHookRunner instead of LocalFile::hookRunner.
- (T293564) mediawiki.page.ready: Fire hook 'wikipage.indicators' with children.
- HistoryBlobStub: add getLocation() to get $mOldId.
- Fix checkStorage.php.
- checkStorage: pass no parameters to WikiRevision::getContent().
- (T292763, CVE-2021-44854) SECURITY: Do not cache private wiki completion results.
- (T294316) Revert "Mark ApiClientLogin/ApiLogin as requiring write mode".
- (T294796) JobQueueRedis: Replace deprecated zSize with zCard.
- (T278037) NoLocalSettings: Pass an EmptyBagOStuff to TemplateParser.
- (T212428, T267468) Allow populateContentTables to continue when there are bad blobs.
- (T295191) ApiQuerySiteinfo: Fix "rightsinfo"/"url" when $wgRightsPage is set.
- Update pear/mail_mime to 1.10.11.
- Update deprecated Guzzle Psr7 function calls.
- (T281972) Follow-Up: I10fbd4b6a: Update @since tags as those were backported.
- Tweak error message for missing composer dependencies.
- (T296112) Allow inserting new sections named '0'.
- nukeNS: don't run purgeRedundantText() after every change.
- (T286779, T297031) installer: Fix Postgres mistakes in using changeField method.
- (T225888) RollbackAction: fix missing pagetitle.
- (T297322, CVE-2021-44858, CVE-2021-44857) SECURITY: Fix permissions checks in undo actions.
- (T297574, CVE-2021-45038) SECURITY: Fix permissions check in action=rollback.
- (T34716, T297416) SECURITY: Require 'read' right for most actions.
- (T271037, CVE-2021-44856) SECURITY: Fix use of EditFilterMergedContent hook when changing content model.
This is a security and maintenance release of the MediaWiki 1.36 branch.
Changes since MediaWiki 1.36.1
- Don't access MWServices prematurely in Maintenence.php.
- (T283394) Mark ApiClientLogin/ApiLogin as requiring write mode.
- Installer: Fix foundation.wikimedia.org link in config-pingback-help.
- (T283273) Make postgres IRC channel point to libera.chat.
- composer.json: Promote and pin monolog/monolog to require from require-dev.
- (T287526) Update wikimedia/minify to 2.2.4.
- (T289108) ExtensionProcessor: Remove loaderScripts from extension.json schemas.
- (T281549) Installer: Fix mediawiki-announce auto subscription code.
- FormatJson: Optimize encode() for supported PHP versions.
- (T290398) renameRestrictions.php: Update protected_titles as well.
- (T290489) objectcache: Fix PHP warning for ReplicatedBagOStuff::setMulti.
- (T51097, T290273) resourceloader: Call getStyleFiles from FileModule::getFileHashes.
- (T277788) parser: Avoid calling ParserOptions::getOption() too many times.
- (T291244) Unserialize objects in ParserCache->mExtensionData as objects.
- MysqlUpdater: Add updatelog entries for dropDefault.
- (T290776) Fix $phase check in OutputHandler.
- The wikimedia/parsoid library has been upgraded from v0.13.0 to v0.13.1.
- (T285515, CVE-2021-41798) SECURITY: XSS vulnerability in Special:Search.
- (T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full table scan.
- (T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of Special:Contributions.
This is a security and maintenance release of the MediaWiki 1.36 branch.
Changes since MediaWiki 1.36.0
- (T283942) DatabaseInstaller.php: Only run core schema file if specified table doesn't already exist.
- (T247223) Optimise MessageCache::isMainCacheable() for the single-message case.
- (T284391) Fix SkinModule to correctly prepend remote path on document root installs.
- (T235554) Disable DEFER_SET_LENGTH_AND_FLUSH headers to avoid HTTP errors.
- (T278579) Don't send headers on ob_end_clean().
- (T285287) MultiHttpClient: Replace PHP version check with defined().
- (T280226, CVE-2021-35197) SECURITY: Prevent blocked users from purging pages.
Changes since MediaWiki 1.36.0-rc.0
- (task T248481) rdbms: Use server time in DatabaseMysqlBase::getLagFromPtHeartbeat().
- (task T281549) WebInstaller: Don't show the announce-l subscribe checkbox for now.
- (task T264214) Follow-ups for UserGroupManager.
- (task T282280) resourceloader: Fix path-only URLs in wiki modules when script path is docroot.
- (task T281972) UserIdentityValue: Introduce convenience static factory methods.
- (task T230428) Make page_is_redirect and page_is_new unsigned.
- (task T280292) Legacy feature should not load thumbnail style rules (only layout).
- (task T283247) Freenode -> Libera per wikimedia moving from freenode to libera.
- (task T280270) composer: Lock Parsoid version to specific 0.13.0 release.
- (task T142663) Add extension.json merge strategy "provide_default".
- (task T283540) HookContainer: Fix normalization of callback for static handler.
- (task T283464) registration: Fix array order for array_replace_recursive merge strategy.
- (task T283539) Interwiki: Fix calling "onInterwikiLoadPrefix" hook.
- (task T282594) Timeless: Re-branch to 40eb3dad1for REL1_36.
Upgrading notes for 1.36
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed per-version upgrade instructions from the oldest supported upgrading version, MediaWiki 1.27.
Some specific notes for MediaWiki 1.36 upgrades are below:
- MediaWiki 1.36 now requires the PHP internationalization extension (commonly referred to as Intl, ext-intl, or php-intl).
- MediaWiki:Autoblock_whitelist has been moved to MediaWiki:Block-autoblock-exemptionlist. If you use this feature, please move the MediaWiki:Autoblock_whitelist page.
- (task T275334) $wgExtensionFunctions is sometimes used to change configuration settings. This is not safe; extension functions are run relatively late, some services are already initialized by that point and so they use the old configuration. Changes in 1.36 make this kind of breakage even more common. You can use the MediaWikiServices hook instead. (In the future there might be a dedicated hook for configuration changes.)
For notes on 1.35.x and older releases, see HISTORY.
Configuration changes for system administrators in 1.36
MediaWiki update script, maintenance/update.php, used to accept `--nopurge` option to prevent clearing caches stored in the database during upgrade, this is no longer recommended and the option has been removed.
- (task T256001) $wgManualRevertSearchRadius – This setting introduces a feature that marks edits as reverts if they restore the page to an exact previous state. This configuration variable sets the maximum number of revisions of a page that will be checked against every new edit. Set this to 0 to disable the feature entirely.
- (task T244058) $wgOldRevisionParserCacheExpireTime — This setting was added to control caching of ParserOutput for old revisions.
- (task T265263) $wgRememberMe - This setting configures the "remember me" checkbox on account log-in systems via RememberMeAuthenticationRequest.
- (task T157145) $wgSkinMetaTags – This setting allows configuration of skins to support meta tags. These tags make sharing of MediaWiki pages on a variety of social platforms more contentful and thus useful.
- (task T280944) $wgIncludejQueryMigrate - This setting allows the jQuery Migrate plugin to be disabled. It has been enabled by default since MediaWiki 1.27.
- $wgLogos – The default value for the site logo, which is shown in an install if you have not set one, will now be the new logo of MediaWiki.
- (task T274695) $wgAjaxEditStash — This setting, to disable the edit stashing feature when users start writing an edit summary, has been deprecated. In future releases, this feature will always be enabled.
- $wgUploadStashScalerBaseUrl – This setting, to enable remote on-demand media scaling, was deprecated. Use the `thumbProxyUrl` setting in $wgLocalFileRepo instead.
- $wgSlaveLagWarning and $wgSlaveLagCritical – These settings have been renamed, to $wgDatabaseReplicaLagWarning & $wgDatabaseReplicaLagCritical respectively. The former configuration variable names are deprecated, but will be used as the fall back if they are still set, and remain temporarily available for extensions which try to read them.
- $wgWANObjectCaches - The "coalesceKeys" option was removed without deprecation. A new "coalesceScheme" option takes its place, and is "hash_stop" by default. If you use Dynomite, then set the new "coalesceKeys" option to "hash_tag".
- $wgWANObjectCaches - The "cluster" and "mcrouterAware" options were removed without deprecation. Use "broadcastRoutingPrefix" instead.
- $wgUseTwoButtonsSearchForm — This setting, deprecated in 1.35, has been removed.
- $wgAllowImageMoving — This setting, deprecated in 1.35, has been removed. Use group permission settings instead. For example, to prevent sysops from moving files, set `$wgGroupPermissions['sysop']['movefile'] = false;`
- $wgExtNewTables, $wgExtNewFields, $wgExtNewIndexes, $wgExtPGNewFields, $wgExtPGAlteredFields, $wgExtModifiedFields — These settings were removed. They became obsolete after 1.17 overhauled the database updater, but were kept for backwards compatibility. The LoadExtensionSchemaUpdates hook should be used instead.
- $wgParserConf - This setting, deprecated in 1.35, has been removed. The preprocessor configuration which used to live within this setting was deprecated in 1.34 and removed in 1.35.
- $wgEnableRestAPI - This setting, ignored since 1.35, has been removed.
- $wgPagePropsHaveSortkey – This temporary setting has been removed, along with the schema change upgrade path it controlled. If your site is still using it, meaning you have not yet applied the `pp_sortkey` schema change from 1.24, you must now apply it before upgrading.
- The deprecated password policies PasswordCannotMatchBlacklist and PasswordNotInLargeBlacklist were removed. Please use PasswordCannotMatchDefaults and PasswordNotInCommonList instead.
New user-facing features in 1.36
- The logo of MediaWiki has changed. This means that the "Powered By MediaWiki" button shown in the skin footer will be different.
- All HTML5 named entities are now accepted in wikitext.
- (task T106263) The file description page's alternate sizes now include 2048px.
New developer features in 1.36
- Parser test files can now declare a dependency on a specific extension being loaded, not just on the presence of a certain extension tag hook. This is a better fit for extensions like TimedMediaHandler, which affect the output but don't register parser hooks. Use `extension:Foo` in the `!! hooks` section of your parser test file to declare a dependency on the `Foo` extension being loaded.
- To expose code previously present in SpecialBlock/SpecialUnblock to other parts of the code, or to extensions, the new BlockUser and UnblockUser command objects were added. Use the BlockUserFactory and UnblockUserFactory services to create them.
- The hook UsersPagerDoBatchLookupsHook takes now a \Wikimedia\Rdbms\IDatabase, instead of \Wikimedia\Rdbms\DBConnRef, as the first parameter.
- MediaHandlers can now customize the formatting of the metadata they emit by over-riding MediaHandler::formatTag( $key, $value ). The default for unknown tags is numeric formatting; non-EXIF tags which are non-numeric should always use this method to specify the desired formatting.
- The new 'title' type can be used to validate action API and REST API inputs.
- The new ArticleParserOptions hook allows customizing the parser options used to parse wikitext for an article, based on user preferences, title, etc.
- The new 'raw' type can be used to validate action API inputs. It bypasses the Unicode NFC normalization done on inputs of type 'string', so it more suitable when the input is binary or may contain deprecated Unicode sequences or characters (such as U+2001) that should be passed unmodified.
- (task T260330) A new abstraction for running shell commands has been introduced, called BoxedCommand. A BoxedCommand object can be obtained with MediaWikiServices::getInstance()->getCommandFactory()->createBoxed().
- ResourceLoader modules can now mark themselves as ES6-only by setting `'es6' => true` in their module definition. ES6-only modules will not be executed in browsers that don't support ES6, such as IE11.
External library changes in 1.36
New external libraries
- Added wikimedia/minify 2.2.1.
- Added wikimedia/request-timeout 1.1.0.
- Added wikimedia/shellbox 1.0.4.
- Added WVUI 0.1.0.
- Added symfony/symfony/polyfill-php80 1.23.1.
Changed external libraries
- Updated composer/semver from 1.5.1 to 3.2.4.
- Updated guzzlehttp/guzzle from 6.5.4 to 7.2.0.
- Updated jQuery from v3.4.1 to v3.6.0.
- Updated jQuery Migrate from v3.1.0 to v3.3.2.
- Updated jquery.client from 2.0.2 to 3.0.0.
- Updated OOUI from 0.39.3 to 0.41.3.
- Updated pear/mail_mime from 1.10.8 to 1.10.9.
- Updated pear/net_smtp from 1.9.1 to 1.9.2.
- Updated pimple/pimple from 3.3.0 to 3.3.1.
- Updated wikimedia/at-ease from 2.0.0 to 2.1.0.
- Updated wikimedia/cldr-plural-rule-parser from 1.0.0 to 2.0.0.
- Updated wikimedia/common-passwords from 0.2.0 to 0.3.0.
- Updated wikimedia/composer-merge-plugin from 1.4.1 to 2.0.1.
- Updated wikimedia/html-formatter from 1.0.2 to 3.0.1.
- Updated wikimedia/ip-set from 2.1.0 to 3.0.0.
- Updated wikimedia/ip-utils from 1.0.0 to 3.0.2.
- Updated wikimedia/less.php from 3.0.0 to 3.1.0.
- Updated wikimedia/object-factory from 2.1.0 to 3.0.0.
- Updated wikimedia/php-session-serializer from 1.0.7 to 2.0.0.
- Updated wikimedia/remex-html from 2.2.0 to 2.2.2.
- Updated wikimedia/utfnormal from 2.0.0 to 3.0.2.
- Updated wikimedia/wait-condition-loop from 1.0.1 to 2.0.1.
- Updated wikimedia/xmp-reader from 0.7.0 to 0.8.1.
Changed development-only external libraries
- Updated composer/spdx-licenses from 1.5.3 to 1.5.4.
- Updated doctrine/dbal from 2.10.2 to 3.0.0.
- Updated doctrine/sql-formatter from 1.1.0 to 1.1.1.
- Updated mediawiki/mediawiki-phan-config from 0.10.2 to 0.10.6.
- Updated monolog/monolog from 1.25.3 to 2.2.0.
- Updated nikic/php-parser from 4.4.0 to 4.10.2.
- Updated psy/psysh from 0.10.4 to 0.10.5.
- Updated seld/jsonlint from 1.7.1 to 1.8.3.
- Updated symfony/yaml from ~3.4|~4.3|~5.0.5 to ~3.4|~5.1.
- Updated wikimedia/testing-access-wrapper from 1.0.0 to 2.0.0.
Removed external libraries
- The html5shiv library has been removed, as support for Internet Explorer 8 has been dropped.
- The wikimedia/avro suggested development-only library has been removed, as the support for logging in Avro format has been dropped.
Bug fixes in 1.36
- (task T190285) ApiEditPage module used to switch 'undo' and 'undoafter' parameters, if it founds you reversed them (based on assumption that higher revision ID indicates a later revision). The assumption is not always true, and is hindering proper edit undoing in some cases, hence the logic has been removed. Reversing the parameters will now lead to edit conflict or undefined behavior.
- (task T263340) In history merging, pages with a content model that does not support redirects will now be recorded as deleted if no revision is being left in the source page (that's if all revisions of the page have been merged to another).
Action API changes in 1.36
- (task T269636) `Access-Control-Max-Age` was added to the default list of headers allowed for cross-origin API requests ($wgAllowedCorsHeaders).
- (task T258108) Accounts with the 'bot' right no longer have pages automatically added to the watchlist when making API edits, regardless of their preferences. This is to reduce the size of the watchlist data in the database. To add API bot edits to the watchlist, explicitly set the 'watch' option.
Languages updated in 1.36
MediaWiki supports over 350 languages. Many localisations are updated regularly. Below only new and removed languages are listed, as well as changes to languages because of Phabricator reports.
- (task T258975) Added a Latin/Cyrillic script converter for the Talysh language.
- (task T245359) Split Bali script locale from "ban" (Balinese) (ban-bali).
- (task T259330) Added language support for Mara (mrh).
- (task T263968) Added language support for Nias (nia).
- (task T264582) Added language support for Madurese (mad).
- (task T270365) Added language support for Tyap (kcg).
- (task T276745) Added language support for Wayuu (guc).
Breaking changes in 1.36
- (task T249459) wfIsBadImage(), deprecated in 1.34, has been removed.
- (task T176526) EditPage::getContextTitle() will now throw an exception if a context title was not set using setContextTitle(). Previously, this mis-use would only cause a deprecation warning to be emitted.
- The DeferredStringifier class, deprecated since 1.31, was removed.
- Multiple methods that fell back to the $wgUser global variable were individually hard deprecated previously. The following have now been removed:
- The SpecialPageFactory class, deprecated in 1.32, has been removed. Use the SpecialPageFactory service instead.
- Multiple methods previously had optional User parameters, with fallbacks to the $wgUser global variable. Not passing a User to those methods was previously hard deprecated, and support for not passing a User has now been removed:
- LogEventsList::getExcludeClause (only needed for the 'user' audience)
- LogPage::addEntry (also accepts user id instead)
- Title::getNotificationTimestamp (though the entire method is deprecated)
- WikiPage::getComment (only needed for the FOR_THIS_USER audience)
- WikiPage::getCreator (only needed for the FOR_THIS_USER audience)
- WikiPage::getUser (only needed for the FOR_THIS_USER audience)
- WikiPage::getUserText (only needed for the FOR_THIS_USER audience)
- The following hooks have been removed:
- LogEventsList::typeAction previously accepted an optional right parameter, and checked if the context user ($wgUser) had that right. Passing a right was hard deprecated in 1.35, and support for passing a right has now been removed.
- WikiPage::doDeleteArticleReal previously accepted an optional user as its fifth parameter, and fell back to $wgUser if not user was provided. The signature changed to have the user as the second parameter, and the old signature was hard deprecated in 1.35. Support for the old signature has now been removed.
- User::addNewUserLogEntry, deprecated since 1.27, was removed.
- As part of refactoring the EditPage class, EditPage::setPreloadedContent, which had no known callers was removed entirely. Additionally, the following public methods were made private:
- EditPage::matchSpamRegex and ::matchSummarySpamRegex, deprecated in 1.35, were removed. Use the SpamChecker service instead.
- The global function `wfWaitForSlaves`, deprecated in 1.27 and hard-deprecated in 1.35, has been removed. Use LBFactory::waitForReplication() instead.
- Calling Action::factory() with null as the first parameter, rather than a string, was deprecated in 1.35 and support was now removed.
- Calling Action::factory() with an object that wasn't an Article as the second parameter was deprecated in 1.35 and support was now removed.
- The global variable $wgMemc, deprecated since 1.35, has been removed. Usage should generally be migrated to WANObjectCache, or if you really need the internal object, use ObjectCache::getLocalClusterInstance instead.
- The preprocessDump.php maintenance script was removed.
- CategoryFinder, which was deprecated in 1.31 and hard-deprecated in 1.35, has been removed.
- GenderCache::singleton(), which was deprecated in 1.28 and hard-deprecated in 1.35, has been removed.
- Sanitizer::escapeId(), deprecated in 1.30, has been removed.
- Direct invocation of Parser::__construct() (instead of via a ParserFactory) now throws an exception; support has also been removed for several deprecated variants on the arguments passed to Parser::__construct. Direct invocation of Parser::__construct was deprecated in 1.34.
- Parser::setFunctionTagHook(), deprecated in 1.35, has been removed.
- The following properties of Parser, deprecated in 1.35, have been made private:
- $mTagHooks - use Parser::getTags()
- $mFunctionHooks - use Parser::getFunctionHooks()
- $mOutput - use Parser::getOutput()
- $mPreprocessor - use Parser::getPreprocessor()
- The ParserBeforeTidy hook, deprecated in 1.35, has been removed.
- The ParserBeforeTidy, ParserBeforeStrip, and ParserAfterStrip hooks, deprecated in 1.35, have been removed.
- All methods of MWTidy except for MW::tidy() have been removed. These were each either marked as @internal or deprecated in 1.35.
- (task T248062) Mixins `.background-image-svg()` and `.background-image-svg-quick()` (provided by mediawiki.mixins.less), which have been deprecated since 1.35, have now been removed. MediaWiki no longer supports any browser which would require this SVG-fallback PNG support, so you can simply use the regular CSS `background-image:` declaration instead.
- The ResourceLoader module `mediawiki.legacy.oldshared` and its file 'oldshared.css', deprecated since 1.35 has been removed (task T248357).
- `ResourceLoader::__construct` now requires a Config parameter. The optional nature of this parameter was deprecated in 1.34.
- The LinkBegin and LinkEnd hooks, deprecated in 1.28, have been removed. You can instead use the HtmlPageLinkRendererBegin and HtmlPageLinkRendererEnd hooks, respectively.
- The EmailUser hook passes its fifth param, $error, by reference, to allow hook handlers to add error messages, indicate that they have sent the email instead of core, etc. Setting the parameter to something other than a Status object, true, false, an empty string, an array, or a MessageSpecifier, object, which had been deprecated in 1.29, is no longer supported, and now results in an MWException being thrown.
- Skin::getDynamicStylesheetQuery(), deprecated in 1.32, has been removed. You should use action=raw&ctype=text/css directly.
- Skin::makeI18nUrl(), deprecated in 1.35, has been removed.
- The following User methods, deprecated and moved to BlockManager in 1.34, were removed:
- Support for v1 of the parser tests file format has been removed; it was deprecated in 1.35. (task T174199)
- SpecialUnblockUser::processUIUnblock() now returns a Status object instead of an array of messages or a boolean value. This function was also marked as @internal and is no longer safe to call it publicly.
- mw.Title.getDotExtension() from the 'mediawiki.Title' module was removed without deprecation. You should use mw.Title.getExtension() and prepend the dot if need be.
- Profiler::getTemplated and Profiler::setTemplated, deprecated in 1.34, have been removed.
- Removed HookContainer::getOriginalHooksForTest() without deprecation. This method was introduced in 1.35 for internal use, and appears unused outside of MediaWiki core.
- ParserCache::__construct() now requires three parameters.
- Message->getFormat(), deprecated in 1.29, has been removed.
- Support for passing Article to ParserCache::get, deprecated in 1.35, has been removed.
- ParserCache::singleton(), deprecated in 1.30, has been removed.
- DatabaseBlock::deleteIfExpired and ::fromMaster, deprecated in 1.35, have been removed.
- Some deprecated AbstractBlock methods have been removed:
- ::prevents, deprecated in 1.33
- ::shouldTrackWithCookie, deprecated in 1.34
- ::getBlocker, deprecated in 1.35
- ::setBlocker, deprecated in 1.35
- ::getBlockErrorParams, deprecated in 1.35
- Multiple DatabaseBlock methods dealing with cookies, deprecated in 1.34, have been removed:
- The public static callback function SpecialUnblock::processUIUnblock has been removed. This method was for internal use only, and appears unused outside of MediaWiki core.
- ChangeTags::truncateTagDescription, deprecated in 1.35, has been removed.
- Deprecated null fallbacks in PasswordReset constructor have been removed.
- User::isEveryoneAllowed and User::getAllRights, deprecated in 1.34, has been removed.
- The following methods of the UserGroupMembership class, deprecated in 1.35, has been removed:
- ::newFromRow - use UserGroupManager::newGroupMembershipFromRow
- ::selectFields - use UserGroupManager::getQueryInfo
- ::delete - use UserGroupManager::removeUserFromGroup
- ::insert - use UserGroupManager::addUserToGroup
- ::purgeExpired - use UserGroupManager::purgeExpired
- ::getMembershipsForUser - use UserGroupManager::getUserGroupMemberships
- ::getMembership - use UserGroupManager::getUserGroupMemberships
- The public static callback function SpecialBlock::validateTargetField has been removed. This method was for internal use only, and appears unused outside of MediaWiki core.
- The public static callback function SpecialUploadStash::tryClearStashedUploads has been removed. This method was for internal use only, and appears unused outside of MediaWiki core.
- SpecialComparePages::showDiff() ::revOrTitle(), ::checkExistingTitle(), and ::checkExistingRevision() were marked as @internal to allow for breaking changes. They are no longer safe to call. The methods were unused outside of MediaWiki core.
- Each special page within core now uses service injection via it constructor. When extending these special pages, a call to the grandparent constructor (`SpecialPage::__construct()`) in the sub-class would now break the derived special page, as the fallback code in the parent constructor cannot set the services as needed. Be sure to call the parent constructor when extending core special pages. Extending core's special pages is not part of the stable interface, and should generally be avoided.
- Language::getExtraUserToggles and ::viewPrevNext, deprecated in 1.34, have been removed.
- StreamFile::send404Message and ::parseRange, deprecated in 1.34, have been removed.
- SVGMetadataExtractor class, deprecated in 1.34, has been removed.
- ProcessCacheLRU class, deprecated in 1.32, has been removed.
- wfForeignMemcKey(), deprecated in 1.35, has been removed.
- LoadBalancer::safeWaitForMasterPos(), deprecated in 1.34, has been removed.
- JobQueue::factory() now requires its `idGenerator` option. The optional nature of this option was deprecated in 1.35.
- ApiFeedRecentChanges::getFeedObject has been changed to private, and appears unused outside of MediaWiki core.
- Skin::subPageSubtitle() has been changed to private method. Callers should use Skin::prepareSubtitle().
- RevisionDeleter::checkRevisionExistence was removed without deprecation. It had no known callers.
- wfForeignMemcKey() and wfMemcKey(), deprecated in 1.35, have been removed.
- MediaWiki now also requires the php-intl extension.
- BotPassword::save() now returns a Status object for the result rather than a bool.
- The methods in CoreTagHooks have been marked @internal and type hints have been added. The methods appeared to be unused outside of MediaWiki core.
- SquidPurgeClient and SquidPurgeClientPool, deprecated since 1.35, have been removed.
- Several methods on WikiPage will now throw an exception when called on a WikiPage instance that where constructed on a title that does not refer to a proper page (but rather a special page or interwiki link). The behavior was previously undefined and could in some cases lead to data corruption. Affected methods are: getId(), insertOn(), newPageUpdater(), doUpdateRestrictions(), doDeleteArticleReal(), doRollback(), and doEditContent().
- The ParserTestRunner no longer invokes the ParserTestTables hook. Instead, it clones all database tables before running tests, like MediaWikiIntegrationTest does. If an extension was mis-using the hook to *exclude* tables from the clone, that will no longer occur, and tests may fail.
- The following classes, which were only loaded for tests and had no uses found in public MediaWiki-related git, were removed:
- Passing Title as a second parameter to RevisionStore::getPreviousRevision and getNextRevision, hard deprecated since 1.31, was prohibited.
- (task T275619) Maintenance::hasOption and Maintenance::getOption now behave as documented and are not altered by previous calls to these methods.
- The internal class FirejailCommand was removed.
- Command::execute() now returns a Shellbox\Command\UnboxedResult instead of a MediaWiki\Shell\Result. Any type hints should be updated.
- WikiPage::$mIsRedirect was removed.
- ObjectCache::detectLocalServerCache(), deprecated in 1.35, was removed.
- The following functions from the Title class have been removed:
- The PageProps class was converted to a service. PageProps::overrideInstance was removed, and MediaWikiServices::redefineService should be used instead.
- Support for creating a MediaWikiTitleCodec object without the InterwikiLookup and NamespaceInfo services, deprecated in 1.34, was removed. Note that the MediaWikiTitleCodec class is not @newable or @stable to create, and should be retrieved from MediaWikiServices instead.
- The $wgContLang variable, deprecated in 1.32, was removed. You can instead use MediaWikiServices::getInstance()->getContentLanguage().
- User::clearAllNotifications(), hard deprecated in 1.35, was removed. Use WatchlistManager::clearAllUserNotifications() instead.
- DatabaseBlock::getBlocker can return any UserIdentity instance, not just User.
- MediaWiki::triggerJobs(), deprecated in 1.34, was removed.
- The following Article methods, deprecated in 1.35, were removed:
- The monolog-based logging system has dropped the Avro format. Because of this, the AvroFormatter class and the AvroValidator utility class have been removed without deprecation.
- AbstractBlock::$mReason, deprecated in 1.34, was removed. Use AbstractBlock::getReasonComment and AbstractBlock::setReason instead.
Deprecations in 1.36
- (task T278026) The DB_MASTER constant has been deprecated in favour of DB_PRIMARY.
- (task T245963) User::getGrantName() is now hard deprecated and will be removed in a subsequent release. Use MWGrants::grantName() instead.
- wfIncrStats() is now deprecated. Use MediaWikiServices::getInstance() ->getStatsdDataFactory()->updateCount() instead.
- WikiPage::doEditContent() is now deprecated. Use WikiPage::doUserEditContent() instead. Note that doEditContent() was also deprecated in 1.32 for unrelated reasons and doUserEditContent() is deprecated for other reasons, however, using doUserEditContent() is recommended over using doEditContent().
- WikiPage::doUserEditContent() is now deprecated. Use PageUpdater::saveRevision instead. Note that the new method expects callers to take care of checking EDIT_MINOR against the minoredit right, and to apply the autopatrol right as appropriate.
- LocalFile::recordUpload2, soft deprecated in 1.35, now emits deprecation warnings. Use ::recordUpload3 instead.
- Constructing a new instance of the ParserOptions class without providing a User object, which falls back to the global $wgUser, is now deprecated.
- The User class, which was marked as @newable in 1.35, is no longer newable, meaning that it is no longer safe to manually call the constructor via `new User`. Instead, use the UserFactory service. Additionally, the following static constructor methods were deprecated in favor of using the UserFactory service:
- The following User methods have been hard deprecated in favor of the new UserEditTracker service:
- The confusingly-named User->isLoggedIn() method has been deprecated in favour of the method it wraps, User->isRegistered().
- Use of the `preprocessor=Preprocessor_DOM` option in parser test files has been deprecated. Preprocessor_DOM was removed in 1.35.
- ParserOptions::setTidy() has been deprecated. It has had no effect since1.35.
- Sanitizer::escapeIdReferenceList() has been deprecated; it will eventually be made private to the class, as it appears to have no uses outside the Sanitizer class.
- Sanitizer::hackDocType() is deprecated; it will eventually be made private.
- Skin::getIndicatorsHTML() is deprecated. The functionality can be retained by reimplementing the method using the raw indicators data from OutputPage::getIndicators.
- Skin::makeVariablesScript() has been deprecated. Use ResourceLoader::makeInlineScript() instead.
- SpecialPageFactory::getRestrictedPages() has been deprecated. Use SpecialPageFactory::getUsablePages() instead.
- Title::nameOf() is deprecated; use Title::newFromID()->getPrefixedDBkey() instead.
- DatabaseBlock::insert, DatabaseBlock::update, DatabaseBlock::purgeExpired and DatabaseBlock::delete are deprecated. Use DatabaseBlockStore::insertBlock, DatabaseBlockStore::updateBlock, DatabaseBlockStore::purgeExpiredBlocks and DatabaseBlockStore::deleteBlock instead.
- SpecialBlock::getTargetAndType and AbstractBlock::parseTarget are deprecated. Call BlockUtils::parseBlockTarget instead.
- SpecialUnblock::processUnblock was deprecated - use UnblockUserFactory service instead.
- Deprecated MediaWikiIntegrationtestCase::removeTemporaryHook() in favor of MediaWikiIntegrationtestCase::clearHook().
- Skin::getSearchLink(), also exposed as 'searchaction' option in SkinTemplate, has been deprecated. Use Title or SpecialPage methods directly.
- Skin::getAllowedSkins and ::getSkinNames have been deprecated. Use their respective equivalents in SkinFactory instead.
- The RollbackComplete hook has been deprecated, use the PageSaveComplete hook instead.
- Skin::makeUrl() has been deprecated. Title methods should be used instead.
- Skin::privacyLink(), Skin::disclaimerLink() and Skin::aboutLink() have been deprecated. Please use Skin::footerLink() instead.
- Skin::getLogo() has been deprecated. Use ResourceLoaderSkinModule instead.
- The module `mediawiki.toc.styles` has been replaced by ResourceLoaderSkinModule. If you are having problems styling table of contents ensure you have an updated skin.
- Skin::mainPageLink() has been deprecated. Use LinkRenderer service instead.
- BaseTemplate::getToolbox() method has been hard deprecated. The toolbox data is now available in a sidebar data array which you can get from any class that's extending QuickTemplate class.
- Constructing a DefaultPreferencesFactory, LinkHolderArray or PasswordReset without a $hookContainer parameter is deprecated.
- Autopromote class, soft deprecated since 1.35, now emits deprecation warnings. Use UserGroupManager instead.
- SpecialBlock::canBlockEmail has been deprecated. Please use BlockPermissionChecker::checkEmailPermissions instead.
- SpecialBlock::checkUnblockSelf has been deprecated. Please use BlockPermissionChecker::checkBlockPermissions instead.
- SpecialBlock::parseExpiryInput was deprecated - use BlockUser::parseExpiryInput instead.
- SpecialBlock::validateTarget has been deprecated, use BlockUtils instead.
- SpecialBlock::validateTargetField has been deprecated for external use, use BlockUtils instead.
- SpecialPage::getLanguageConverter has been deprecated, use LanguageConverterFactory::getLanguageConverter() directly.
- ParserCache::getKey has been deprecated. Use ParserCache::getMetadata and ParserCache::makeParserOutputKey instead.
- The PHPUnit4And6Compat class, used to provide compatibility with PHPUnit 4, was removed. MediaWiki support for PHPUnit 4 ended with the removal of HHVM support.
- The PHPUnit6And8Compat class, used to provide compatibility with PHPUnit 6, was removed without deprecation. This class was introduced during the upgrade to PHPUnit 8, but never used.
- MediaWikiIntegrationTestCase::assertType, hard-deprecated in 1.35 due to incompatibility with PHPUnit 8, was removed.
- ParserCache::getETag has been deprecated, instead build suitable etag explicitly.
- The following functions from the Language class have been hard deprecated and will be removed in a subsequent release:
- The following functions from the Title class have been hard deprecated:
- The following functions from the User class have been hard deprecated:
- The mw.language.commafy client-side method has been deprecated, to match the deprecation of Language::commafy. Use mw.language.convertNumber instead.
- The "es6-promise" module has been deprecated. Use "es6-polyfills" instead.
- Title::isDeleted() and Title::isDeletedQuick() have been deprecated. Please use Title::getDeletedEditsCount() and Title::hasDeletedEdits() instead.
- Article::getContentObject, soft-deprecated since 1.32, was hard-deprecated.
- WikiRevision::importUpload, soft-deprecated since 1.31, was hard-deprecated.
- Html::infoBox() has been deprecated. There's no replacement.
- Message::toString() without a $format parameter, soft-deprecated since 1.28, was hard-deprecated. Use explicit formatting methods instead, such as Message::text() and Message::escaped().
- BagOStuff::makeKeyInternal() usage outside of BagOStuff has been deprecated.
- BagOStuff::setDebug() is deprecated and calls to it are ignored. Debug logs are now unconditionally enabled.
- The following global functions have been hard deprecated:
- BeforeParserFetchTemplateAndtitleHook has been deprecated; replace with the new BeforeParserFetchTemplateRevisionRecord hook. (The similar ParserFetchTemplateHook was deprecated in 1.35; the new hook replaces both.)
- The InterwikiLoadPrefix hook has been deprecated; it is not compatible with future wikitext parsers (which need to enumerate all interwiki prefixes). In test cases please use $wgInterwikiCache instead.
- WikiPage instances should no longer be constructed for titles that do not represent editable pages (e.g. special pages). WikiPages were always documented to represent "MediaWiki article and history".
- Skin::getSkinStylePath() has been deprecated. Please replace usages with the direct path to the resources.
- The second argument of EnhancedChangesList::getDiffHistLinks, $query, has been deprecated.
- The ParserTestTables hook has been deprecated; it is no longer necessary after a ParserTestRunner refactoring.
- The following classes have been hard deprecated: CachedAction, SpecialCachedPage, CacheHelper, ICacheHelper. They were unused in MediaWiki ecosystem, so no replacement was provided.
- The ProtectionForm::buildForm hook has been deprecated. Please use the ProtectionFormAddFormFields hook instead.
- RevisionStore::newMutableRevisionFromArray has beed hard deprecated. Instead, MutableRevisionRecord should be constructed directly via constructor.
- UserIdentity::getActorId() is deprecated. The actor ID should not be exposed to application logic. Storage layer code should use the ActorNormalization service for normalizing and denormalizing user names.
- Constructing a UserIdentityValue with an actor ID as the third parameter is deprecated. The parameter should be omitted. Storage layer code should use the ActorNormalization service for normalizing and denormalizing user names.
- Command::cgroup() is deprecated and no longer functional. $wgShellCgroup is now implemented as an Executor option.
- Command::restrict() is deprecated. Instead use the new separate accessors.
- MWTidy::tidy() is deprecated. Use MediaWikiServices::getTidy()-tidy() instead.
- TidyDriverBase::supportsValidate() is deprecated; it has always returned false since 1.33.
- WatchedItem::getUser hard-deprecated in favor of ::getUserIdentity.
- WatchedItemStoreInterface::enqueueWatchlistExpiryJob was hard deprecated in favor of the new method maybeEnqueueWatchlistExpiryJob that takes care of relevant configuration checks.
- LogEntry::getPerformer() and its implementations have been hard-deprecated, in favor of ::getPerformerIdentity().
- AuthManager::singleton(), deprecated in 1.35, is hard deprecated. Use MediaWikiServices::getAuthManager() instead.
- User::clearNotification(), deprecated in 1.35, is hard deprecated. Use WatchlistManager::clearTitleUserNotification() instead.
- Passing string to DatabaseBlock::setBlocker was deprecated. Only UserIdentity is now allowed.
- DatabaseBlock constructor 'byText' option was deprecated in favour of 'by' option, which now accepts UserIdentity. Passing user ID is deprecated.
- Parser::getUser was deprecated. Use Parser::getUserIdentity instead.
- DatabaseBlock::isWhitelistedFromAutoblocks was deprecated. Use DatabaseBlock::isExemptedFromAutoblocks instead.
- User::isIPRange(), deprecated in 1.35, is hard deprecated. Use the UserNameUtils service or IPUtils directly.
- BaseTemplate::getFooterIcons(), deprecated in 1.35, is hard deprecated. Read footer icons from template data requested via $this->get('footericons').
- `box-shadow()` LESS mixin from mediawiki.mixins is deprecated due to updated basic browser support. Use unprefixed property `box-shadow:` instead.
- MergeHistory::checkPermissions was deprecated. Use ::probablyCanMerge or ::authorizeMerge instead.
- User::isValidUserName(), deprecated in 1.35, is hard deprecated. Use the UserNameUtils service instead.
- The TitleArrayFromResult hook has been deprecated.
- The EditPageBeforeEditToolbar hook has been deprecated; it has become defunct after the classic edit toolbar was removed. Use one of the many other EditPage hooks instead.
- Deprecated the class name MediaWiki\User\WatchlistNotificationManager; use MediaWiki\Watchlist\WatchlistManager instead. Deprecated the method MediaWikiServices->getWatchlistNotificationManager(); use MediaWikiServices->getWatchlistManager() instead.
- The "ArticleEditUpdatesDeleteFromRecentchanges" hook, deprecated in 1.35, has been removed. Other hooks like "RecentChange_save" can be used instead.
Other changes in 1.36
- The 'tidy' key in ParserOptions (used in the parser cache) has been removed. It has had no effect since 1.35.
- A future release of MediaWiki will make `=` a built-in parser function, for use when automatically escaping the `=` character in template arguments. A tracking category and parser warning have been added to this release when `=` is used and it expands to something other than `=`.
- The implementation of TestFileReader::read has been changed to use Parsoid's parser test file parser. This should be compatible with existing code, but it only supports version 2 of the test file specification and may be more strict when parsing invalid input, including duplicate tests.
- BeforeParserFetchTemplateRevisionRecord, a new hook, unifies and replaces the old BeforeParserFetchTemplateAndtitleHook and ParserFetchTemplateHook.
- The SkinLessImportPaths attribute was added, allowing skins to add a directory to the import path for LESS stylesheets. Skins can use this to provide a custom version of mediawiki.skin.variables.less, setting skin-specific values for certain LESS variables.
- The interaction between ContentHandler::getParserOutputForIndexing() and ContentHandler::getDataForSearchIndex() has been clarified (the latter should only be called with the result of the former). Extensions may override getParserOutputForIndexing() to skip generating HTML, which may improve indexing performance. (The default implementation still generates HTML, and getDataForSearchIndex() implementations can still rely on it if they do not over-ride getParserOutputForIndexing().)
- Article::fetchContentObject, ::mContentObject, ::mContentLoaded, ::mRevIdFetched, all deprecated since 1.32, were removed.
- Article::mParserOptions and ::setParserOptions were removed.
- Article and ImagePage::getEmptyPageParserOutput, unused, were removed.
- ParserCache's default serialization format was changed from PHP serialization to JSON serialization. In case some installed extension do not support JSON yet, $wgParserCacheUseJson can be used to revert back to PHP serialization.
- PermissionManager::groupHasPermission, ::getGroupPermissions and ::getGroupsWithPermission were deprecated, use GroupPermissionsLookup service instead.
- WatchedItemStoreInterface now accepts PageIdentity where it accepted LinkTarget, calling with LinkTarget was deprecated.
- 'movable' attribute has been added to the 'namespaces' property of extension.json schema. Extensions that define namespaces can set it to `false` to disallow moving pages in the specified namespace. Extensions should either use this or NamespaceIsMovableHook, but not both. The hook overides the attribute.
MediaWiki 1.36 requires PHP 7.3.19 or later and the following PHP extensions:
MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used, but support for them is somewhat less mature.
The supported versions are:
- MySQL 5.5.8 or later
- PostgreSQL 9.4 or later
- SQLite 3.8.0 or later
Documentation for both end-users and site administrators is available on MediaWiki.org, and is covered under the GNU Free Documentation License (except for pages that explicitly state that their contents are in the public domain):
A mailing list is available for MediaWiki user support and discussion:
A low-traffic announcements-only list is also available:
It's highly recommended that you sign up for one of these lists if you're going to run a public MediaWiki, so you can be notified of security fixes.
There's usually someone online in the IRC channel #mediawiki connect.