PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB` === Changes since MediaWiki 1.40.0 === * Localisation updates. * (T333050, CVE-2023-PENDING) SECURITY: Fix infinite loop for self-redirects with variants conversion. * docs: Fix a few typos in MainConfigSchema. * (T290464) Add DiscussionTools bundling to release notes. * (T309714) mime: Add support for 'font/sfnt' mime type. * (T341434) WikiImporter: Improve error message output. * (T341737) ApiBase: Cast $id to string in filterIDs. * (T286291, T296188) Merge zh and zh-tw namespace translations back to zh-hans, zh-hant, zh-hk respectively. * (T337875) WRStats: Round up SequenceSpec::hardExpiry to the nearest integer. * (T237898) installer: Check MariaDB version in updater/installer. * (T342632) ApiComparePages: Add help url. * (T326182, T324903) EditPage: Add #[AllowDynamicProperties]. * (T342351) rdbms: Fix postgres db function call. * (T343675) user: Use {@} to escape annotation when writting about annotation. * (T343797) LanguageWa: Fix double timezone adjustment. * (T343669) skins: Avoid function call on array. * (T326454) Update pear/mail to 1.5.1. * (T343622) docs: Set the tag back to optional. * (T330528) Upgrade wikimedia/html-formatter from 3.0.1 to 4.0.3. * Updated jQuery from v3.6.1 to v3.7.1. * (T337463) wdio-mediawiki: await saveScreenshot. * (T208477) $wgPrivilegedGroups – Users belonging in some of the listed groups will be audited more aggressively. * doc: Improve description of "type" in extension.schema.v2.json. * Added PrivilegedGroups attribute for extension.json / skin.json, which lets you add any new user groups you define to wgPrivilegedGroups (see above). * (T288624) MultiHttpClient: Unset $this->cmh after closing it. * (T345039) Do not run SkinAfterBottomScripts hook twice unconditionally. * (T265734) API Help: Note that parameters may be inherited from other context. * (T285545) i18n: Split apihelp for standard dir parameter. * (T285545) i18n: Split apihelp for redirects/linkshere/transcludedin/fileusage show. * (T285545) i18n: Split apihelp for parameter list=deletedrevs&drprop=. * (T285545) i18n: Split apihelp for parameter list=allpages&apprexpiry=. * (T285545) i18n: Split apihelp for parameter action=opensearch&redirects=. * (T285545) i18n: Split apihelp for parameter action=managetags&operation=. * (T285545) api: Add message for list=watchlist&wlprop=expiry. * (T334011) ApiComparePages: expose 'difftype' param if wikidiff2 is installed. * (T342633) api: Add message for action=compare&prop=timestamp. * API: revids=… does not necessarily return the queried revisions. * (T235207) Get correct main page in API call examples. * doc: Make extension.schema.v2.json a valid JSON schema. * (T326696) Add since tag to UserOptionsManager::MAX_BYTES_OPTION_VALUE. * updateSpecialPages.php: Avoid implicit float conversion on modulo. * (T347227) ImportReporter: Make callback functions public. * (T346898) importDump: Unconditionally call $importer->setUsernamePrefix(). * doc: Improve description of type in extension.schema.v1.json. * (T340217, CVE-2023-PENDING) SECURITY: Vector 2022: Numerous unescaped messages leading to potential XSS. * (T340220, CVE-2023-PENDING) SECURITY: Vector 2022: vector-intro-page message is assumed to yield a valid title. * (T340221, CVE-2023-PENDING) SECURITY: XSS via 'youhavenewmessagesmanyusers' and 'youhavenewmessages' messages. * (T341529, CVE-2023-PENDING) SECURITY: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression. * (T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted XML file to Special:Upload (non standard configuration). === Changes since MediaWiki 1.40.0-rc.0 === * Localisation updates. * (T330464) Work around argument corruption bug in XMLReader::open. * build: Updating mediawiki/mediawiki-phan-config to 0.12.1. * Fix frame and frameless rdfa depending on file existing. * (T329214) Pass whether current rev of file exists to Linker::makeBrokenImageLinkObj. * (T334659) Handle thumb errors when !$enableLegacyMediaDOM. * A manualthumb that doesn't exist should be considered a thumb error. * (T313157) IndexPager: Also protect against $offset being 0. * (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker. == MediaWiki 1.40.0-rc.0 == == Upgrading notes for 1.40 == Don't forget to always back up your database before upgrading! See the file UPGRADE for more detailed per-version upgrade instructions from the oldest supported upgrading version, MediaWiki 1.35. Some specific notes for MediaWiki 1.40 upgrades are below: * Maintenance scripts should now be executed using maintenance/run.php, e.g. maintenance/run.php update not maintenance/update.php as before. * Four extensions have now been bundled with MediaWiki: * The Echo extension, which provides a system of user notifications. * The Linter extension, which warns about use of deprecated wikitext. * The LoginNotify extension, which warns users about failed attempted logins. * The Thanks extension, which lets users thank editors for edits. * The Renameuser extension has been moved to MediaWiki core. It is now possible to rename users without installing an extension. The extension had already been bundled with MediaWiki since 1.18.