MediaWiki 1.31.12
18 December 2020
MediaWiki version 1.31.12 is now available (security release).
Upgrading to MediaWiki 1.31.12
MediaWiki 1.31.12 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply MediaWiki updates as new versions are released, or use Installatron's Clone feature to duplicate an existing MediaWiki install to test the 1.31.12 upgrade prior to applying it live. Get started managing your MediaWiki installations with Installatron
What's New in MediaWiki 1.31.12
1.31.12
Bug Fixes
- Fixed issues relating to User::isRegistered() not existing in 1.31.
1.31.11
Security
- SECURITY: Use Xml::element in SpecialUserrights for sanity. (CVE-2020-35475)
- SECURITY: BlockLogFormatter can output raw html. (CVE-2020-35479)
- SECURITY: Unable to change visibility of log entries when MediaWiki:Mainpage uses Special:MyLanguage. (CVE-2020-35477)
- SECURITY: Divergent behavior for contributions and user pages of hidden users and missing users. (CVE-2020-35480)
Bug Fixes and Changes
- Fix undefined $wgRedirectOnLogin.
- CentralIdLookup::factoryNonLocal can return null.
- media: Fix case of FlashPixVersion in FormatMetadata::makeFormattedData().
- BaseTemplate: Guard against passing zero arg to array_merge().
- composer.json: add requirement for composer-plugin-api ^1.1.
- BotPassword::save() now returns a Status object for the result rather than a bool. The length of the bot password grants and restriction fields are now validated, and an error will be thrown if it would be truncated by the database.
- SectionProfiler: Do not attempt to use null values as arrays.
- MemcachedClient: Cast Resource to integer.