MediaWiki 1.38.6
31 March 2023
MediaWiki version 1.38.6 is now available (security release).
Upgrading to MediaWiki 1.38.6
MediaWiki 1.38.6 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply MediaWiki updates as new versions are released, or use Installatron's Clone feature to duplicate an existing MediaWiki install to test the 1.38.6 upgrade prior to applying it live. Get started managing your MediaWiki installations with Installatron
What's New in MediaWiki 1.38.6
This is a security and maintenance release of the MediaWiki 1.38 branch.
Security
- (T285159, CVE-2023-PENDING) SECURITY: Do not apply autoblocks to untrusted XFF headers.
Bug Fixes and Changes
- Localisation updates.
- (T325872) ChangeTags: Remove table name from condition.
- (T324895) MWCallbackStream: Add explicit $stream property.
- (T297031, T326039) PostgresUpdater: Move setDefault ahead of changeNullableField.
- Remove /images .htaccess rules that are no longer relevent.
- Disable php in .htaccess of images directory as a hardening measure.
- (T322583) Include missing message parameter in message.
- Fix phan error when Excimer is enabled.
- (T323373) Parser: Fix extractSections() behavior for PHP >= 8.0
- (T326021) Add matrix: to $wgUrlProtocols.
- (T326377) rdbms: Use DBConnRef in SelectQueryBuilder.
- api/en.json: api-help-datatype-expiry add missing 'may'.
- (T328222) Pass empty string to strlen() if schema is null for PostgresDatabase.
- (T317329) OutputPage: Fix undefined ['host'] in ImagePreconnect code.
- (T289926) SpecialRevisionDelete: Set default of '' for wpReason.
- (T155582, T328503) Fix XML dumps for content types with non-string getNativeData().
- (T314099) revisiondelete: Replace dynamic property Status::$itemStatuses.
- (T329198) ParamValidator: Improve paramvalidator-help-multi-max message.
- (T292348) WikiImporter: do not fail if upload entry in dump lacks 'text' tag.
- (T295637) Add no to fallback chain of nb and nn.
- (T329484) API: Fix query+allimages user parameter description.
- (T330529) SpecialEditTags: Set default of '' for wpReason.
- (T330526) htmlform: Handle null from HTMLFormField::getDefault in multiselects.