Maniphest T169127

Release MediaWiki 1.30
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Luke081515
	Jun 28 2017, 7:10 PM

Tags

Referenced Files

None

Subscribers

Description

https://www.mediawiki.org/wiki/MediaWiki_1.30

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Resolved		• demon	T169127 Release MediaWiki 1.30
		Resolved		Reedy	T168823 Tracking bug for 1.27.4/1.28.3/1.29.2 security releases
		Resolved		Bawolff	T128209 Reflected File Download from api.php
		Resolved		Anomie	T165846 BotPasswords doesn't throttle login attempts
		Resolved		Bawolff	T134100 On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password
		Resolved		Bawolff	T178451 XSS when $wgShowExceptionDetails=false and browser sends non-standard url escaping
		Resolved		MaxSem	T176247 It's possible to mangle HTML via raw message parameter expansion
		Resolved		MoritzMuehlenhoff	T179609 Obtain CVE's for 1.27.4/1.29.2 security releases
		Resolved		MaxSem	T125163 id attribute on headlines allow raw > [Possible issue in combination with language converter] (CVE-2017-8812)
		Resolved		Reedy	T180231 MW 1.27 and 1.28 require-dev versions of phpunit with known security issues
		Resolved		Reedy	T180232 Document to run composer with `--no-dev`
		Declined		None	T180233 Set `no-dev` as the default config in composer.json
		Declined		None	T180235 Run composer with `--dev` flag
		Resolved		Legoktm	T180237 Have composer create a .htaccess file in vendor director
		Resolved		Bawolff	T124404 language converter can be tricked into replacing text inside tags by adding a lot of junk after the rule definition (CVE-2017-8814)
		Resolved		Bawolff	T119158 Language converter: unsafe attribute injection via glossary rules (CVE-2017-8815)
		Resolved		Anomie	T180488 api.log still contains passwords in plaintext due to a rebase error in 4d38a489

Event Timeline

Luke081515 renamed this task from Release MediaWiki 1.29 to Release MediaWiki 1.30.Jun 28 2017, 7:10 PM

Luke081515 created this task.

• demon unsubscribed.Jun 28 2017, 7:21 PM

greg removed a project: Release-Engineering-Team.Jul 6 2017, 6:56 PM

MaxSem added a subtask: T176247: It's possible to mangle HTML via raw message parameter expansion.Oct 10 2017, 8:05 PM

Reception123 subscribed.Oct 17 2017, 6:05 AM

MacFan4000 subscribed.Nov 2 2017, 12:44 AM

Bawolff closed subtask T176247: It's possible to mangle HTML via raw message parameter expansion as Resolved.Nov 13 2017, 5:26 PM

Reedy edited subtasks, added: T168823: Tracking bug for 1.27.4/1.28.3/1.29.2 security releases; removed: T176247: It's possible to mangle HTML via raw message parameter expansion.Nov 13 2017, 10:36 PM

SamanthaNguyen subscribed.Nov 13 2017, 10:43 PM

Reedy closed subtask T168823: Tracking bug for 1.27.4/1.28.3/1.29.2 security releases as Resolved.Nov 14 2017, 11:53 PM

Kghbln subscribed.Nov 15 2017, 10:01 AM

CCicalese_WMF subscribed.Nov 21 2017, 7:38 PM

Released

MacFan4000 removed MacFan4000 as the assignee of this task.Dec 12 2017, 2:57 AM

greg assigned this task to • demon.Dec 12 2017, 7:04 AM

greg added a project: Release-Engineering-Team (Kanban).

greg moved this task from Backlog to Done (within RelEng) on the Release-Engineering-Team (Kanban) board.

• Phabricator_maintenance edited projects, added RelEng-Archive-FY201718-Q2; removed Release-Engineering-Team (Kanban).Dec 21 2017, 6:56 PM