MediaWiki 1.41.1
3 April 2024
MediaWiki version 1.41.1 is now available (security release).
Upgrading to MediaWiki 1.41.1
MediaWiki 1.41.1 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply MediaWiki updates as new versions are released, or use Installatron's Clone feature to duplicate an existing MediaWiki install to test the 1.41.1 upgrade prior to applying it live. Get started managing your MediaWiki installations with Installatron
What's New in MediaWiki 1.41.1
This is a security and maintenance release of the MediaWiki 1.41 branch.
Security
- (CVE-2024-PENDING) XSS in edit summary parser.
 
- (CVE-2024-PENDING) Denial of service vector via GET request to Special:MovePage on pages with thousands of subpages.
 
Bug Fixes and Changes
- Localisation updates.
 
- CategoryViewer: Fix "count(): Argument #1 ($value) must be of type Countable|array, null given".
 
- ActiveUsersPager: Count actions only once.
 
- composer: Use @php instead of php.
 
- Headings in the license pickers should not be selected.
 
- Indent JsonContent using tabs.
 
- Correct deprecation version of mediawiki.ui resource loader module.
 
- Resources.php: Replace short urls with full urls.
 
- authmanager: Improve AuthenticationRequest docs.
 
- Tweak docs for UseLegacyMediaStyles.
 
- Parse custom edit intro as content to enable language conversion.
 
- ForeignResourceManager: Add trailing newline in validateLicense.
 
- ForeignResourceManager: Make it clearer what is being skipped for documentation-only.
 
- Add missing space in Special:RecentChangesLinked.
 
- composer.json Add ext-bcmath and ext-gmp to suggests.
 
- PHPVersionCheck: Update text to match currently supported upstream PHP versions (8.1+).
 
- API: mark HTML output as non-cacheable.
 
- filerepo: Fix img_major_mime for files with a non-standard extensions.
 
- MimeAnalyzer: Add @since to isValidMajorMimeType.
 
- ZhConverter: Fix language variant fallback chain.
 
- Add 'maxlength' and 'minlength' support to HTMLTextAreaField.
 
- Parser::getExternalLinkAttribs: Don't set rel attribute to null.
 
- LockManagerGroupIntegrationTest: Remove test depending on DBLockManager.
 
- LinkRendererTest: Add missing import for LinkTarget.
 
- ApiResetPassword: Allow both user and email parameters to be passed for reset.
 
- updateCollation: Explicitly cast $scale to int.
 
- api: Improve linking of language codes lists in top level i18n messages.
 
- Make sure MovePage::isValidFileMove matches UploadBase::getTitle.
 
- Respect $maxConcurrency when queuing async FileOps.
 
- Follow-up "ZhConverter: Fix language variant fallback chain".
 
- Restore ability to disable footer links with "-".
 
- Fix use of array keys in SessionManager::getVaryHeaders().
 
- build: Restore Doxygen output for MediaWiki release tags.
 
- HistoryPager: Add #[AllowDynamicProperties].
 
- Update Apache config syntax in .htaccess files.
 
- Update wikimedia/parsoid to 0.18.2.
 
- docs: Remove use of $IP from mwdocgen.php.
 
- build: Restore Doxygen output for MediaWiki release tags (take 3).
 
- docs: Set stable permalink on markdown files.
 
- WebRequest: detectServer appends default ports that should be omitted.
 
- allow maintenance/deleteBatch.php to accept page ID.