One Hat Cyber Team
Your IP :
216.73.216.232
Server IP :
162.240.106.28
Server :
Linux server.ganesand.com 3.10.0-1160.80.1.el7.x86_64 #1 SMP Tue Nov 8 15:48:59 UTC 2022 x86_64
Server Software :
Apache
PHP Version :
7.1.33
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
var
/
softaculous
/
mw14
/
Edit File:
changelog.txt
=== Changes since MediaWiki 1.43.1 === * Localisation updates. * (T388708) Diffs: avoid getContentHandler on null error. * filebackend: Avoid passing null to FileBackend::normalizeContainerPath. * (T390001) UploadBase: makeWarningsSerializable() should accept MessageParam objects. * tests: Add test cases for UploadFromChunks. * (T382086) swagger-ui: Add licenses of packages used by Swagger UI bundle. * (T392086) specials: Fix PHP Warning on Special:PasswordReset for crafted input. * (T386175, CVE-2025-32072) SECURITY: Escape newpage message in FeedUtils. * (T391179) installer: fix MySQL create user permissions check. * (T391169) INSTALL: Document requirement for bcmath/gmp on 32-bit systems. * (T389260) language: Avoid warning when 'namespaceGenderAliases' is null. * (T391867) http: Handle accept header with incomplete q. * Update Pingback address. * (T387684) filerepo: No exception on redirect without width in ThumbnailEntryPoint. * (T393879) objectcache: Cast explicitly to integer. * tests: Use GLOB_BRACE in JsonSchemaAssertionTraitTest. * tests: Fix casing of MediaWiki in @covers. * (T394989) FormatMetadata::formatFraction: Don't risk passing null to preg_match. * (T374314) Link mw.Uri migration guide in docs and log warnings. * (T395214) title: Reset cached Title objects between tests. * (T395214) phpunit: Remove superfluous Title::clearCaches() calls. * (T221560) Remove hyphens from legal search characters for MySQL-based database searches. * (T393628) Use anonymous user when creating named account from temp account. * (T71997, T382963) Update RfC links to bypass redirect. * (T351055) Improve BrokenRedirects display. * (T382963) Sync up core repo with Parsoid. * (T382963) Update wikimedia/parsoid to 0.20.3. * (T395834) Treat File::getShortDesc() as possibly unsafe HTML. * tests: Match deprecation message under php8.4 in DeprecationHelperTest. * (T379445) debug: Migrate E_USER_ERROR to throw Error in DeprecationHelper. * (T221560) Setup: Switch vendor error from echo+E_USER_ERROR to echo+exit. * Setup: Update error message for composer dependencies check. * (T381341, T379445) widget: Remove outdated try/catch wrapper from SpinnerWidget. * (T379445) phpunit: Remove unused trigger_error from TestLogger. * (T356451) logger: Make log() methods return void. * (T328921, T359868) Drop PHP 7.4/8.0 support from master (forward-port from MW 1.42). * Drop a few phan PhanImpossibleTypeComparison suppressions now we've dropped PHP 7.4. * Clean up resource type and phan suppression in postgres code. * structure tests: allow PHP 8.1 syntax and autoload enums. * rdbms: fix table prefixing in "FOR UPDATE" clause generation in Postgres. * (T388406) RefreshLinksJob: Check hastext before comparing HTML. * (T397521) Api: Fix permission checks in action=compare. * (T397883, T397643) htmlform: fix min/max validations on empty input in int/float fields. * specials: SpecialTalkPage: Use config from request context. * (T380456) exception: Avoid service container init in exception handler. * (T387408) exception: Skip use of HookRunner when not autoloaded. * (T397470) Remove feature flagged Swagger UI based Special:RestSandbox. * (T391343, CVE-2025-6589) SECURITY: BlockList: Hide rows containing suppressed users. * (T392746, CVE-2025-6590) SECURITY: Escape usernames in HTMLUserTextField validation errors. * (T392276, CVE-2025-6591) SECURITY: API: Escape i18n messages in action=feedcontributions. * (T396230, T31856, CVE-2025-6593) SECURITY: fix IP leak to unverified email. * (T395063, CVE-2025-6594) SECURITY: apisandbox: Fix reflected XSS when invalid 'format' is provided. * (T389009, CVE-2025-6597) SECURITY: Do not treat autocreation as login for reauthentication. * (T389010, CVE-2025-6926) SECURITY: Allow extensions to supress the reauth flag on login. * (T397595, CVE-2025-6927) SECURITY: Fix autoblocks visibility when bl_deleted=1. * (T397595, CVE-2025-6927) SECURITY: Fix leak of hidden usernames via autoblocks of those users. === Changes since MediaWiki 1.43.0 === * Localisation updates. * (T375707) exception: Convert E_STRICT errors to E_USER_NOTICE. * (T380755) session: Do not set session.use_trans_sid. * (T382987) $wgDnsBlacklistUrls now defaults to an empty array. See the comment in the "Configuration changes for system administrators" section. * (T383037) MimeMap: add gltf and glb mime types. * (T383037) MimeAnalyzer: detect magic number for gltf binary. * Commit swagger-ui's NOTICE. * (T382484) dumps: Use proc_close() to close proc_open() subprocess. * (T375707) MWExceptionHandler: Add error suppression to constant( 'E_STRICT' ). * (T384879) FormatMetadata: Prevent running preg_match() on null. * (T384995) specialpage: Improve handling of invalid lang codes on login/signup. * (T385055) resourceloader: Fix hash computation for virtual files with versionFilePath. * (T385169) MultiUsernameFilter: Don't try to split ids if they're not a string. * (T385567) parser: Gracefully handle invalid ParsoidRenderID keys. * (T385568) rest: Return a 400 for invalid render IDs. * (T383646) installer: Simplify the information box. * (T384524) installer: Fix conflation between warning and info messages. * (T376711) language: Use fallback chain to create NumberFormatter. * (T384524) installer: Restore success messages. * (T384524) installer: Restore "complete" success message. * (T385332) feeds: Fix str_replace() deprecation warnings on PHP 8. * (T386891) Revert "maintenance: Use DatabaseSqlite for type-hinting instead of DBConnRef". * (T381205) Add explanation text for "Allow emails from brand-new users". * (T380880) ExternalLinks: fix mailto: links reversal. * (T381033) RateLimiter: Fix peek mode. * initEditCount: Join from user to actor to revision. * (T387130,CVE-2025-32699) SECURITY: Update wikimedia/parsoid to 0.20.2. * (T385519) Sanitizer::normalizeWhitespace warn on preg_replace error. * (T387638) RevDelList: Ensure setVisibility always includes itemStatuses in value if applicable. * (T388296) ImportImages: Exit with non-zero code if import fails. * Request: Improve log message when headers already sent. * (T386368, T387397) REST page metadata endpoints: handle supressed data gracefully. * (T388066) Avoid trying to load the session user in MW_NO_SESSION endpoints. * (T388171) HttpError: Cast Message to string. * (T384197) permissions: Avoid potential infinite loop if BlockDisablesLogin = true. * (T388255) ApiLogin: Don't break BotPasswords if password or user is blank, just error. * (T388924) MagicWord::replace*: Make sure we don't pass null into preg_match/ preg_replace. * (T388944) Html: Fix "substr(): Passing null to parameter #1 ($string) of type string is deprecated". * (T388728, T385519) Sanitizer::normalizeSectionNameWhitespace: Apply same anti-null fix as 270499b. * (T387690) upload: Suppress warnings from iconv(). * (T388733) Sanitizer::normalizeWhitespace: simplify redundant preg_replace. * (T315573) Fix GREATEST usage in site_stats. * (T304474, CVE-2025-32696) SECURITY: Apply proper restrictions on file revert action. * (T24521, T62109, T140010, CVE-2025-32697) SECURITY: PermissionManager: Differentiate between cascading protection of file content and file pages. * (T387507) ResourceLoader: update wikimedia/minify from 2.8.0 to 2.8.1. * (T388273, T388335) Upgrading pear/net_url2 (v2.2.2 => v2.2.3). * (T390063, T277675) ResourceLoader: update wikimedia/minify to 2.9.0. * (T384851) FileBackend: PHP Deprecated: strrpos(): Passing null to parameter #1 ($haystack). * (T378622) Parameterize ChangeTags::buildTagFilterSelector to support various tag sets. * (T344352) ChangeTags: Optimize label and description parsing. * In .htaccess deny files, use "Satisfy All". * (T322672, T387478) REST: Remove unused setUseParserCache() as potential footgun. * (T389028) block: Fix DBS::acquireTarget() race using GET_LOCK(). * (T388807) LanguageConverter: Only set mTablesLoaded once they're really loaded. * RestrictionStore: Remove short-circuit mode when fetching cascading sources. * (T385958, CVE-2025-32698) SECURITY: LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions. * (T387130, CVE-2025-32699) SECURITY: Potential javascript injection attack enabled by Unicode normalization in Action API. * (T358689, CVE-2025-3469) SECURITY: i18n XSS vulnerability in HTMLMultiSelectField when sections are used. === Changes since MediaWiki 1.43.0-rc.0 === * (T381728) Use PHP 8.3 in MediaWiki-Docker * (T382375) Misaligned label margins on Special:MathStatus * (T382196) \overbrace rendered below (not above) in MathML and client-side Mathjax * (T381310) Math Popup not working in newer version of Popup-Extension * (T380079) This page is using the deprecated ResourceLoader module "mediawiki.Uri" on page load * (T381311) Preview has wrong location in MathML mode * (T381046) Preview not working with MathML rendering * (T381102) <math>\left(a\right)'</math> in MathML and MathJax renders with one prime symbol too much * (T380184) <math>\operatorname{vec}</math> crashes with native MathML * (T380654) vertical space between multline equations is ignored * (T375274) mediawiki_function_names math functions eat the following paren in native MML mode * (T373732) Audit SUL3 shared-domain i18n messages for XSS * (T381068) PHP Deprecated: Creation of dynamic property MediaWiki\\Auth\\ButtonAuthenticationRequest::$skipReset is deprecated at AuthenticationRequest.php:182 * (T20110) Define AbuseFilter consequence to display a CAPTCHA * (T332743) On private wikis the ellipsis should not appear above 720px (wikitech, office, translate wiki)
Simpan