-
Notifications
You must be signed in to change notification settings - Fork 0
/
RELEASE-NOTES-1.27
623 lines (582 loc) · 34.3 KB
/
RELEASE-NOTES-1.27
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
== MediaWiki 1.27.1 ==
This is a maintenance release of the MediaWiki 1.27 branch.
=== Changes since 1.27.0 ===
* BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
made by MediaWiki via a proxy. Relying on the http_proxy environment
variable is no longer supported.
* (T139565) SECURITY: API: Generate head items in the context of the given title
* (T137264) SECURITY: XSS in unclosed internal links
* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
* (T133147) SECURITY: Require login to preview user CSS pages
* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
the top file
* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
permissions
* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
* (T115333) SECURITY: Check read permission when loading page content in ApiParse
* (T57548) Remove support for $wgWellFormedXml = false, all output is now well formed
* (T139670) Move 'UserGetRights' call before application of Session::getAllowedUserRights()
== MediaWiki 1.27 ==
=== PHP version requirement ===
As of 1.27, MediaWiki now requires PHP 5.5.9 or higher (see Compatibility
section). Additionally, the following PHP extensions are required:
* ctype
* iconv
* json
* mbstring (new requirement in 1.27)
* xml
The following PHP extensions are strongly recommended:
* openssl
=== Configuration changes in 1.27 ===
* $wgAllowMicrodataAttributes and $wgAllowRdfaAttributes were removed,
now always enabled. If you use RDFa on your wiki, you now have to explicitly
set $wgHtml5Version to 'HTML+RDFa 1.0' or 'XHTML+RDFa 1.0'.
* $wgUseLinkNamespaceDBFields was removed.
* Deprecated $wgResourceLoaderMinifierStatementsOnOwnLine and
$wgResourceLoaderMinifierMaxLineLength, because there was little value in
making the behavior configurable. The default values (`false` for the former,
1000 for the latter) are now hard-coded.
* $wgDebugDumpSqlLength was removed (deprecated in 1.24).
* $wgDebugDBTransactions was removed (deprecated in 1.20).
* $wgUseXVO has been removed, as it provides functionality only used by
custom Wikimedia patches against Squid 2.x that probably noone uses in
production anymore. There is now $wgUseKeyHeader that provides similar
functionality but instead of the MediaWiki-specific X-Vary-Options header,
uses the draft Key header standard.
* $wgScriptExtension (and support for '.php5' entry points) was removed. See the
deprecation notice in the release notes for version 1.25 for advice on how to
preserve support for '.php5' entry points via URL rewriting.
* Password handling via the User object has been deprecated and partially
removed, pending the future introduction of AuthManager. In particular:
** expirePassword(), getPasswordExpireDate(), resetPasswordExpiration(), and
getPasswordExpired() have been removed. They were unused outside of core.
** The mPassword, mNewpassword, mNewpassTime, and mPasswordExpires fields are
now private and will be removed in the future.
** The getPassword() and getTemporaryPassword() methods now throw
BadMethodCallException and will be removed in the future.
** The ability to pass 'password' and 'newpassword' to createNew() has been
removed. The only users of it seem to have been using it to set invalid
passwords, and so shouldn't be greatly affected.
** setPassword(), setInternalPassword(), and setNewpassword() have been
deprecated, pending the introduction of AuthManager.
** User::randomPassword() is deprecated in favor of a new method
PasswordFactory::generateRandomPasswordString()
** User::getPasswordFactory() is deprecated, callers should just create a
PasswordFactory themselves.
** A new constructor, User::newSystemUser(), has been added to simplify the
creation of passwordless "system" users for logged actions.
* $wgMaxSquidPurgeTitles was removed.
* $wgAjaxWatch was removed. This is now enabled by default.
* $wgUseInstantCommons now hotlinks Commons images by default instead of
downloading originals and thumbnailing them locally. This allows wikis to save
on CPU and bandwidth while reducing time to first byte for pages, even without
a thumbnail handler. See $wgForeignFileRepos documentation for tweaks.
* (T27397) WebP is enabled by default as an uploadable filetype.
* (T48998) $wgArticlePath must now be either a full url, or start with a "/".
* $wgRateLimitLog was removed; use $wgDebugLogGroups['ratelimit'] instead.
* Deprecated API formats dbg, txt, and yaml have been removed.
* CLDRPluralRule* classes have been replaced with
wikimedia/cldr-plural-rule-parser.
* Removed $wgProfilePerHost, $wgUDPProfilerHost, $wgUDPProfilerPort,
$wgUDPProfilerFormatString, $wgStatsMethod, $wgAggregateStatsID,
$wgStatsFormatString, and $wgProfileCallTree (deprecated since 1.20).
* For proper operation of LocalIdLookup with shared user tables, ensure that
$wgSharedDB and $wgSharedTables are properly set even on the "central" wiki
that all others are sharing from and that $wgLocalDatabases is set to the
full list of sharing wikis on all those wikis.
* Massive overhaul to session handling:
** $wgSessionsInObjectCache is no longer supported and must be true, due to
MediaWiki\Session\SessionManager. $wgSessionHandler is similarly no longer
used.
** ObjectCacheSessionHandler is removed, replaced with
MediaWiki\Session\PhpSessionHandler.
** PHP session handling in general ($_SESSION, session_id(), and so on) is
deprecated. Use MediaWiki\Session\SessionManager instead. A new config
variable, $wgPHPSessionHandling, is available to cause use of $_SESSION to
issue a deprecation warning or to cause most PHP session handling to throw
exceptions.
** Deprecated UserSetCookies hook. Session-handling extensions should generally
be creating a custom subclass of CookieSessionProvider. Other extensions
messing with cookies can no longer count on user data being saved in cookies
versus other methods.
** Deprecated UserLoadFromSession hook, extensions should create a
MediaWiki\Session\SessionProvider.
** The User cannot be loaded from session until after Setup.php completes.
Attempts to do so will be ignored and the User will remain unloaded.
** CSRF tokens may be fetched from the MediaWiki\Session\Session, which uses
the MediaWiki\Session\Token class.
* MediaWiki will now auto-create users as necessary, removing the need for
extensions to do so. An 'autocreateaccount' right is added to allow
auto-creation when 'createaccount' is not granted to all users.
* Deprecated AuthPluginAutoCreate hook in favor of LocalUserCreated.
* Most cookie-handling methods in User are deprecated.
* $wgAllowAsyncCopyUploads and $CopyUploadAsyncTimeout were removed. This was an
experimental feature that has never worked.
* Login and createaccount tokens now vary by timestamp.
* LoginForm::getLoginToken() and LoginForm::getCreateaccountToken()
return a MediaWiki\Session\Token, and tokens must be checked using that
class's methods.
* $wgEnotifUseJobQ was removed and the job queue is always used.
* The functionality of the ApiSandbox extension has been merged into core. The
extension should no longer be used.
* $wgPreloadJavaScriptMwUtil was removed (deprecated in 1.26).
Extensions, skins, gadgets and scripts that use the mediawiki.util module must
express a dependency on it.
* $wgIncludeLegacyJavaScript, deprecated in MediaWiki 1.26, now defaults false.
Extensions, skins, gadgets and scripts that need the mediawiki.legacy.wikibits
module should express a dependency on it.
* Removed configuration option $wgCopyrightIcon (deprecated since 1.18). Use
$wgFooterIcons['copyright']['copyright'] instead.
* If the openssl and mcrypt PHP extensions are both unavailable, secure
session storage (used for login) will raise an exception. This exception may
be bypassed by setting $wgSessionInsecureSecrets = true.
* Massive overhaul to authentication:
** AuthPlugin and AuthPluginUser are deprecated.
** LoginForm and associated templates are deprecated. Extensions which called
static LoginForm methods should be converted into authentication providers.
** The following hooks are deprecated:
*** AbortAutoAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead)
*** AbortLogin (create a MediaWiki\Auth\PreAuthenticationProvider instead)
*** AbortNewAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead)
*** AddNewAccount (use LocalUserCreated instead)
*** AuthPluginSetup (create a MediaWiki\Auth\PrimaryAuthenticationProvider instead)
*** ChangePasswordForm (use AuthChangeFormFields instead, or security levels)
*** LoginUserMigrated (create a MediaWiki\Auth\PreAuthenticationProvider instead)
*** UserCreateForm (create a MediaWiki\Auth\AuthenticationProvider of some type instead)
*** UserLoginForm (create a MediaWiki\Auth\AuthenticationProvider of some type instead)
** The following hooks are removed:
*** AbortChangePassword
*** LoginPasswordResetMessage
*** PrefsPasswordAudit
** The UserLoginComplete hook will no longer be called for all logins, only for
those via the web UI. Use UserLoggedIn if you need to do something on all
logins.
** $wgRequirePasswordforEmailChange is removed.
* $wgWellFormedXml has been removed.
=== New features in 1.27 ===
* $wgDataCenterUpdateStickTTL was also added. This decides how long a user
sticks to the primary DC (via cookies) after they make changes to the site.
* Added a new hook, 'UserMailerTransformContent', to transform the contents
of an email. This is similar to the EmailUser hook but applies to all mail
sent via UserMailer.
* Added a new hook, 'UserMailerTransformMessage', to transform the contents
of an emai after MIME encoding.
* Added a new hook, 'UserMailerSplitTo', to control which users have to be
emailed separately (ie. there is a single address in the To: field) so
user-specific changes to the email can be applied safely.
* $wgCdnMaxageLagged was added, which limits the CDN cache TTL
when any load balancer uses a DB that is lagged beyond the 'max lag'
setting in the relevant section of $wgLBFactoryConf.
* User::newSystemUser() may be used to simplify the creation of passwordless
"system" users for logged actions from scripts and extensions.
* Extensions can now return detailed error information via the API when
preventing user actions using 'getUserPermissionsErrors' and similar hooks
by using ApiMessage instances instead of strings for the $result value.
* $wgAPIMaxLagThreshold was added to limit bot changes when databases lag
becomes too high.
* Skins and extensions can now use FlexBox mixins (.flex-display(@display: flex)
and .flex(@grow: 1, @shrink: 1, @width: auto, @order: 1)) in Less to create
cross-browser-compatible FlexBox rules. Users will still need to add fallback
float rules or the like for compatibility with IE9- separately.
* Added MWTimestamp::getTimezoneString() which returns the localized timezone
string, if available. To localize this string, see the comments of
$wgLocaltimezone in includes/DefaultSettings.php.
* Added CentralIdLookup, a service that allows extensions needing a concept of
"central" users to get that without having to know about specific central
authentication extensions.
* $wgMaxUserDBWriteDuration added to limit huge user-generated transactions.
Regular web request transactions that takes longer than this are aborted.
* Added a new hook, 'TitleMoveCompleting', which runs before a page move is
committed.
* $wgCdnReboundPurgeDelay was added to provide secondary delayed purges of URLs
from CDN to mitigate DB replication lag and WAN cache purge lag.
* (T49162) Installer will default to setting CACHE_ACCEL as the main cache type
if it is available.
* It is now possible to patrol file uploads (both for new files and new versions
of existing files). Special:NewFiles has gained an option to filter by patrol
status. This functionality can be disabled using $wgUseFilePatrol.
* MediaWiki\Session infrastructure allows for easier use of session mechanisms
other than the usual cookies.
** SessionMetadata and SessionCheckInfo hooks allow for setting and checking
custom session metadata.
* Added MWGrants and associated configuration settings $wgGrantPermissions and
$wgGrantPermissionGroups to hold configuration for authentication features
such as OAuth that want to allow restricting the user rights a user may make
use of.
** If you're already using the OAuth extension, these new variables are
identical to (and will replace) $wgMWOAuthGrantPermissions and
$wgMWOAuthGrantPermissionGroups.
* Added MWRestrictions as a class to check restrictions on a WebRequest, e.g.
to assert that the request comes from a particular IP range.
* Added bot passwords, a rights-restricted login mechanism for API-using bots.
* Whitelisted the following HTML attributes for all elements in wikitext:
aria-describedby, aria-flowto, aria-label, aria-labelledby, aria-owns.
* Removed "presentation" restriction on the HTML role attribute in wikitext.
All values are now allowed for the role attribute.
* $wgContentHandlers now also supports callbacks to create an instance of the
appropriate ContentHandler subclass.
* Added $wgAuthenticationTokenVersion, which if non-null prevents the
user_token database field from being exposed in cookies. Setting this would
be a good idea, but will log out all current sessions.
* $wgEventRelayerConfig was added, for managing PubSub event relay configuration,
specifically for reliable CDN url purges.
* Requests have unique IDs, equal to the UNIQUE_ID environment variable (when
MediaWiki is behind Apache+mod_unique_id or something similar) or a randomly-
generated 24-character string. This request ID is used to annotate log records
and error messages. It is available client-side via mw.config.get( 'wgRequestId' ).
The request ID supplants exception IDs. Accordingly, MWExceptionHandler::getLogId()
is deprecated.
* (T33313) Add a preference for watching uploads by default, also applies
to API-based upload tools.
* $wgJpegPixelFormat was added to override chroma subsampling for JPEG image
thumbnails created via ImageMagick. Defaults to 'yuv420', providing bandwidth
savings versus the previous behavior on many files.
* MediaWiki\Auth infrastructure (called "AuthManager") allows for more flexible
configuration of multiple authentication pieces that was possible with
AuthPlugin. For example, it's now easy to plug in second-factor
authentication, or add additional checks to the login process, or to support
multiple login methods at once, or to support non-password-based login methods.
** Providers are configured via the global setting $wgAuthManagerConfig.
** New hook, AuthChangeFormFields, to adjust the form fields on
AuthManager-related special pages.
** New hook, AuthManagerLoginAuthenticateAudit, for additional logging of
AuthManager-related authentication requests.
** New hook, ChangeAuthenticationDataAudit, for additional logging of
AuthManager-related authentication data changes.
** New hook, SecuritySensitiveOperationStatus, to work with the new mechanism
for requiring a recent login before taking security-sensitive operations
like changing a password.
** Two new globals, $wgChangeCredentialsBlacklist and $wgRemoveCredentialsBlacklist
can be used to prevent the web UI and the API changing certain authentication data.
* The file upload dialog (available if you install WikiEditor or VisualEditor)
can now be configured using $wgUploadDialog.
=== External library changes in 1.27 ===
==== Upgraded external libraries ====
* Updated oojs/oojs-ui from v0.12.12 to v0.13.3.
* Updated composer/semver from v1.0.0 to v1.2.0.
* Updated liuggio/statsd-php-client to 1.0.18.
* Updated QUnit from v1.18.0 to v1.22.0.
==== New external libraries ====
* Added wikimedia/base-convert v1.0.1.
* Added wikimedia/cldr-plural-rule-parser v1.0.0.
* Added wikimedia/relpath v1.0.3.
* Added wikimedia/running-stat v1.1.0.
* Added wikimedia/php-session-serializer v1.0.3.
==== Removed and replaced external libraries ====
=== Bug fixes in 1.27 ===
* Special:Upload will now display correct maximum allowed file size when running
under HHVM (T116347).
* (T54077) The APIEditBeforeSave hook will once again give only the content of
the section being edited, rather than the whole revision. This reverts the
change made in MediaWiki 1.22.
=== Action API changes in 1.27 ===
* Added list=allrevisions.
* generator=recentchanges now has the option to generate revids.
* ApiPageSet::setRedirectMergePolicy() was added. This allows generator
modules to define how generator data for a redirect source gets merged
into the redirect destination.
* prop=imageinfo&iiprop=uploadwarning will no longer include the possibility of
"was-deleted" warning.
* Added difftotextpst to query=revisions which preforms a pre-save transform on
the text before diffing it.
* Deprecated formats dbg, txt, and yaml have been removed.
* (T47988) The protect log event details now use new-style formatting.
* The following response properties from action=login are deprecated, and may
be removed in the future: lgtoken, cookieprefix, sessionid. Clients should
handle cookies to properly manage session state.
* action=login transparently allows login using bot passwords. Clients should
merely need to change the username and password used after setting up a bot
password.
* action=upload no longer understands statuskey, asyncdownload or leavemessage.
* action=login is deprecated for uses other than bot passwords.
* list=users can now indicate if a missing username is creatable.
* action=createaccount is changed in a non-backwards-compatible manner.
* Added action=query&meta=authmanagerinfo.
* Added action=clientlogin to be used to log into the main account instead of
action=login.
* Added action=linkaccount.
* Added action=unlinkaccount.
* Added action=changeauthenticationdata.
* Added action=removeauthenticationdata.
* Added action=resetpassword.
=== Action API internal changes in 1.27 ===
* ApiQueryORM removed.
* The following classes have been removed:
** ApiFormatDbg
** ApiFormatTxt
** ApiFormatYaml
* ApiBase::addTokenProperties() was removed (deprecated since 1.24).
* ApiBase::getFinalPossibleErrors() was removed (deprecated since 1.24).
* ApiBase::getFinalResultProperties() was removed (deprecated since 1.24).
* ApiBase::getRequireAtLeastOneParameterErrorMessages() was removed (deprecated since 1.24).
* ApiBase::getPossibleErrors() was removed (deprecated since 1.24).
* ApiBase::getRequireMaxOneParameterErrorMessages() was removed (deprecated since 1.24).
* ApiBase::getRequireOnlyOneParameterErrorMessages() was removed (deprecated since 1.24).
* ApiBase::getResultProperties() was removed (deprecated since 1.24).
* ApiBase::getTitleOrPageIdErrorMessage() was removed (deprecated since 1.24).
* ApiBase::parseErrors() was removed (deprecated since 1.24).
* ApiQueryBase::titleToKey(), ApiQueryBase::keyToTitle() and
ApiQueryBase::keyPartToTitle() all removed (deprecated since 1.24).
* ApiQueryBase::checkRowCount() was removed (deprecated since 1.24).
* ApiQueryBase::getDirectionDescription() was removed (deprecated since 1.25).
* ApiQuery::getGenerators() was removed (deprecated since 1.21).
* ApiQuery::getModules() was removed (deprecated since 1.21).
* ApiQuery::getModuleType() was removed (deprecated since 1.21).
* ApiQuery::setGeneratorContinue() was removed (deprecated since 1.24).
* ApiMain::getModules() was removed (deprecated since 1.21).
* ApiBase::getVersion() was removed (deprecated since 1.21).
* ApiMain::getShowVersions() was removed (deprecated in 1.21).
* ApiMain::addModule() was removed (deprecated in 1.21).
* ApiMain::addFormat() was removed (deprecated in 1.21).
* ApiMain::getFormats() was removed (deprecated in 1.21).
* ApiPageSet::finishPageSetGeneration() was removed (deprecated in 1.21).
* ApiCreateAccount is deprecated, and will be removed soon.
=== Languages updated in 1.27 ===
MediaWiki supports over 350 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Phabricator reports.
* (T113688) Change default numerals from Gurmukhi to Arabic for Punjabi locale.
* (T116020) Aliases of magic words in MessagesXx.php are sorted by usage.
=== Other changes in 1.27 ===
* Added dependency injection (DI) infrastructure, see docs/injection.txt for details.
It is planned to incrementally move MediaWiki code towards using DI, using the
service locator (SL) pattern as a stepping stone.
* ProfilerOutputUdp was removed. Note that there is a ProfilerOutputStats class.
* WikiPage::doDeleteArticleReal() and WikiPage::doDeleteArticle() now
ignore the 2nd and 3rd arguments (formerly $id and $commit).
* Removed "loaderScripts" option from ResourceLoaderFileModule class.
* Removed ORM-like wrapper added in 1.20.
* LinkCache::getGoodLinks and LinkCache::getBadLinks were removed
(deprecated in 1.26).
* WikiPage::doQuickEdit() was removed (deprecated since 1.21).
* Removed SiteObject and SiteArray classes (deprecated in 1.21).
* MessageBlobStore::getInstance() was removed (deprecated since 1.25).
* (T84937) Free external links ("autolinked" urls) will now be terminated
by and HTML entity encodings of  , <, and >.
* (T36948) The default file revert message's timestamp is now in
$wgLocaltimezone, instead of UTC.
* The default name of the 'suppress' group page has been changed from
'Project:Oversight' to 'Project:Suppress'.
* DatabaseBase::resultObject() is now protected (use outside Database classes
not necessary since 1.11).
* Calling ResourceLoaderFileModule::readStyleFiles() without a
ResourceLoaderContext instance is deprecated.
* ResourceLoader::getLessCompiler() now takes an optional parameter of
additional LESS variables to set for the compiler.
* wfBaseConvert() marked as deprecated, use Wikimedia\base_convert() directly
instead.
* Obsolete maintenance scripts clearCacheStats.php and showCacheStats.php
were removed. The underlying data is sent to StatsD (see $wgStatsdServer).
* Removed msg_resource_links database table and associated code.
* Removed msg_resource database table and associated code.
* Skin::getNamespaceNotice() was removed.
* wfIsConfiguredProxy() was removed (deprecated since 1.24).
* wfDebugTimer() was removed (deprecated since 1.25).
* wfIsTrustedProxy() was removed (deprecated since 1.24).
* wfGetIP() was removed (deprecated since 1.19).
* MWHookException was removed.
* OutputPage::appendSubtitle() was removed (deprecated since 1.19).
* OutputPage::loginToUse() was removed (deprecated since 1.19).
* Article::loadContent() was removed (deprecated since 1.19).
* User::editToken() was removed (deprecated since 1.19).
* Removed --force-normal option of dumpBackup.php, as it no longer served
any useful purpose since 1.22.
* The functions processOption() and processArgs() on the BackupDumper and
TextPassDumper classes have been removed.
* The maintenance/backupTextPass.inc file was deleted. You should include
maintenance/dumpTextPass.php instead.
* WikiPage::getUsedTemplates() was removed (deprecated since 1.19).
* wfEmptyMsg() was removed (deprecated since 1.18).
* OutputPage::permissionRequired() was removed (deprecated since 1.18).
* OutputPage::blockedPage() was removed (deprecated since 1.18).
* User::getSkin() was removed (deprecated since 1.18).
* OutputPage::includeJQuery() was removed (deprecated since 1.17).
* WikiPage::updateRestrictions() was removed (deprecated since 1.19).
* WikiPage::testPreSaveTransform() was removed (deprecated since 1.19).
* LogPage::logName() was removed (deprecated since 1.19).
* LogPage::logHeader() was removed (deprecated since 1.19).
* wfCheckLimits() was removed (deprecated since 1.24).
* Linker::makeKnownLinkObj() was removed (deprecated since 1.16).
* Linker::makeLinkObj() was removed (deprecated since 1.16).
* wfMsgForContentNoTrans() was removed (deprecated since 1.18).
* ChangesList::usePatrol was removed (deprecated since 1.22).
* wfMsgNoTrans() was removed (deprecated since 1.18).
* Linker::makeImageLink2 was removed (deprecated since 1.20).
* Title::userIsWatching() was removed (deprecated since 1.20).
* Removed WaitForSlave maintenance script; use SELECT MASTER_POS_WAIT()
database function directly instead.
* wfMsg() was removed (deprecated since 1.18).
* wfMsgForContent() was removed (deprecated since 1.18).
* wfMsgReal() was removed (deprecated since 1.18).
* wfMsgGetKey() was removed (deprecated since 1.18).
* wfMsgHtml() was removed (deprecated since 1.18).
* wfMsgWikiHtml() was removed (deprecated since 1.18).
* wfMsgExt() was removed (deprecated since 1.18).
* Language::armourMath() was removed (deprecated since 1.22).
* LanguageConverter::armourMath() was removed (deprecated since 1.22).
* FakeConverter::armourMath() was removed (deprecated since 1.22).
* The unused jquery.validate ResourceLoader module was removed.
* FileRepo::getRootUrl() was removed (deprecated since 1.20).
* User::generateToken() was removed (deprecated since 1.20).
* WikiPage::getRawText() was removed (deprecated since 1.21).
* ParserOutput::hasCustomDataUpdates() was removed (deprecated since 1.25).
* ParserOutput::addSecondaryDataUpdate() was removed (deprecated since 1.25).
* ParserOutput::getSecondaryDataUpdates() was removed (deprecated since 1.25).
* Gallery images with multiple caption pipes no longer concatenate them all
together but instead pick the final one, similar to image syntax.
* XML-like parser tags (such as <gallery>), when unclosed, will be left unparsed
rather than consume everything until the end of the page.
* New maintenance script resetUserEmail.php allows sysadmins to reset user emails in case
a user forgot password/account was stolen.
* wfCheckEntropy() was removed (deprecated in 1.27).
* Browser support for Internet Explorer 8 lowered from Grade A to Grade C.
* ContentHandler::supportsCategories method added. Default is true.
CategoryMembershipChangeJob updates are skipped for content that
does not support categories.
* wikidiff difference engine is no longer supported, anyone still using it are encouraged
to upgrade to wikidiff2 which is actively maintained and has better package availability.
* Database logic was removed from WatchedItem and a WatchedItemStore was created:
** WatchedItem::IGNORE_USER_RIGHTS and WatchedItem::CHECK_USER_RIGHTS were deprecated.
User::IGNORE_USER_RIGHTS and User::CHECK_USER_RIGHTS were introduced.
** WatchedItem::fromUserTitle was deprecated in favour of the constructor.
** WatchedItem::resetNotificationTimestamp was deprecated.
** WatchedItem::batchAddWatch was deprecated.
** WatchedItem::addWatch was deprecated.
** WatchedItem::removeWatch was deprecated.
** WatchedItem::isWatched was deprecated.
** WatchedItem::duplicateEntries was deprecated.
** EmailNotification::updateWatchlistTimestamp was deprecated.
** User::getWatchedItem was removed.
* Unit tests don't work with external PHPUnit anymore, Composer is now the only supported
way. Run `composer install` to install it and other dev dependencies to run unit tests.
* wl_id field added to the watchlist table.
* Revision::getRawText() was removed (deprecated since 1.21).
* WikiPage::replaceSection() was removed (deprecated since 1.21).
* Article::replaceSection() was removed (deprecated since 1.21).
* Language::getLangObj() was removed (deprecated since 1.24).
* Language::getLanguageName() was removed (deprecated since 1.20).
* Language::getLanguageNames() was removed (deprecated since 1.20).
* Language::getTranslatedLanguageNames() was removed (deprecated since 1.20).
* Language::specialPage() was removed (deprecated since 1.24).
* MediaWikiTestCase::assertException() was removed (deprecated since 1.22).
* OutputPage::getHeadItems() was removed (deprecated since 1.24).
* OutputPage::getScript() was removed (deprecated since 1.24).
* OutputPage::out() was removed (deprecated since 1.22).
* OutputPage::setAllowedModules() was removed (deprecated since 1.24).
* UserrightsPage::makeGroupNameListForLog() was removed (deprecated since 1.21).
* MediaWikiSite::newFromGlobalId() was removed (deprecated since 1.21).
* Title::newFromRedirect() was removed (deprecated since 1.21).
* Skin::commonPrintStylesheet() was removed (deprecated since 1.22).
* Skin::getCommonStylePath() was removed (deprecated since 1.24).
* Skin::newFromKey() was removed (deprecated since 1.24).
* Skin::getUsableSkins() was removed (deprecated since 1.23).
* LoadBalancer::pickRandom() was removed (deprecated in 1.21).
* Article::getUndoText() and WikiPage::getUndoText were removed (deprecated since
1.21).
* DifferenceEngine::setText() was removed (deprecated in 1.21).
* Title::newFromRedirectArray() was removed (deprecated in 1.21).
* UserMailer::send() no longer accepts $replyto as the 5th argument and $contentType
as the 6th. These must be passed in the options array now.
* Title::newFromRedirectRecurse() was removed (deprecated in 1.21).
* Skin::accesskey was removed (deprecated since 1.21).
* Skin::blockLink was removed (deprecated since 1.21).
* Skin::buildRollbackLink was removed (deprecated since 1.21).
* Skin::emailLink was removed (deprecated since 1.21).
* Skin::formatComment was removed (deprecated since 1.21).
* Skin::formatHiddenCategories was removed (deprecated since 1.21).
* Skin::formatLinksInComment was removed (deprecated since 1.21).
* Skin::formatRevisionSize was removed (deprecated since 1.21).
* Skin::formatSize was removed (deprecated since 1.21).
* Skin::formatTemplates was removed (deprecated since 1.21).
* Skin::generateTOC was removed (deprecated since 1.21).
* Skin::getInternalLinkAttributes was removed (deprecated since 1.21).
* Skin::getInternalLinkAttributesObj was removed (deprecated since 1.21).
* Skin::getInterwikiLinkAttributes was removed (deprecated since 1.21).
* Skin::getInvalidTitleDescription was removed (deprecated since 1.21).
* Skin::getLinkColour was removed (deprecated since 1.21).
* Skin::getRevDeleteLink was removed (deprecated since 1.21).
* Skin::getRollbackEditCount was removed (deprecated since 1.21).
* Skin::makeBrokenImageLinkObj was removed (deprecated since 1.21).
* Skin::makeCommentLink was removed (deprecated since 1.21).
* Skin::makeExternalImage was removed (deprecated since 1.21).
* Skin::makeExternalLink was removed (deprecated since 1.21).
* Skin::makeHeadline was removed (deprecated since 1.21).
* Skin::makeImageLink was removed (deprecated since 1.21).
* Skin::makeMediaLinkFile was removed (deprecated since 1.21).
* Skin::makeMediaLinkObj was removed (deprecated since 1.21).
* Skin::makeSelfLinkObj was removed (deprecated since 1.21).
* Skin::makeThumbLink2 was removed (deprecated since 1.21).
* Skin::makeThumbLinkObj was removed (deprecated since 1.21).
* Skin::normaliseSpecialPage was removed (deprecated since 1.21).
* Skin::normalizeSubpageLink was removed (deprecated since 1.21).
* Skin::processResponsiveImages was removed (deprecated since 1.21).
* Skin::revComment was removed (deprecated since 1.21).
* Skin::revDeleteLink was removed (deprecated since 1.21).
* Skin::revDeleteLinkDisabled was removed (deprecated since 1.21).
* Skin::revUserLink was removed (deprecated since 1.21).
* Skin::revUserTools was removed (deprecated since 1.21).
* Skin::specialLink was removed (deprecated since 1.21).
* Skin::splitTrail was removed (deprecated since 1.21).
* Skin::titleAttrib was removed (deprecated since 1.21).
* Skin::tocIndent was removed (deprecated since 1.21).
* Skin::tocLine was removed (deprecated since 1.21).
* Skin::tocLineEnd was removed (deprecated since 1.21).
* Skin::tocList was removed (deprecated since 1.21).
* Skin::tocUnindent was removed (deprecated since 1.21).
* Skin::tooltip was removed (deprecated since 1.21).
* Skin::tooltipAndAccesskeyAttribs was removed (deprecated since 1.21).
* Skin::userTalkLink was removed (deprecated since 1.21).
* Skin::userToolLinksRedContribs was removed (deprecated since 1.21).
* wikidiff3 is now the default and only PHP diff engine. It provides improved diff
performance on complex changes. $wgExternalDiffEngine = 'wikidiff3' therefore
makes no difference now. Users are still recommended to use wikidiff2 if possible,
though.
* User::addNewUserLogEntry() was deprecated.
* User::addNewUserLogEntryAutoCreate() was deprecated.
* User::isPasswordReminderThrottled() was deprecated.
* Bot-oriented parameters to Special:UserLogin (wpCookieCheck, wpSkipCookieCheck)
were removed.
* Installer can now be customized without patching MediaWiki code, see
mw-config/overrides/README for details.
== Compatibility ==
MediaWiki 1.27 requires PHP 5.5.9 or later. There is experimental support for
HHVM 3.6.5 or later.
MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but
support for them is somewhat less mature. There is experimental support for
Oracle and Microsoft SQL Server.
The supported versions are:
* MySQL 5.0.3 or later
* PostgreSQL 8.3 or later
* SQLite 3.3.7 or later
* Oracle 9.0.1 or later
* Microsoft SQL Server 2005 (9.00.1399)
== Upgrading ==
1.27 has several database changes since 1.26, and will not work without schema
updates. Note that due to changes to some very large tables like the revision
table, the schema update may take quite long (minutes on a medium sized site,
many hours on a large site).
If upgrading from before 1.11, and you are using a wiki as a commons
repository, make sure that it is updated as well. Otherwise, errors may arise
due to database schema changes.
If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
new database fields are filled with data.
If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to
1.5 first. The upgrade script maintenance/upgrade1_5.php has been removed
with MediaWiki 1.21.
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed upgrade instructions.
For notes on 1.26.x and older releases, see HISTORY.
== Online documentation ==
Documentation for both end-users and site administrators is available on
MediaWiki.org, and is covered under the GNU Free Documentation License (except
for pages that explicitly state that their contents are in the public domain):
https://www.mediawiki.org/wiki/Documentation
== Mailing list ==
A mailing list is available for MediaWiki user support and discussion:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
A low-traffic announcements-only list is also available:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
It's highly recommended that you sign up for one of these lists if you're
going to run a public MediaWiki, so you can be notified of security fixes.
== IRC help ==
There's usually someone online in #mediawiki on irc.freenode.net.