Page MenuHomePhabricator
Create Task
Maniphest T169127

Release MediaWiki 1.30
Closed, ResolvedPublic
Actions

Description

https://www.mediawiki.org/wiki/MediaWiki_1.30

Related Objects
Search...

StatusSubtypeAssignedTask
 Resolved demonT169127 Release MediaWiki 1.30
 ResolvedReedyT168823 Tracking bug for 1.27.4/1.28.3/1.29.2 security releases
 ResolvedBawolffT128209 Reflected File Download from api.php
 ResolvedAnomieT165846 BotPasswords doesn't throttle login attempts
 ResolvedBawolffT134100 On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password
 ResolvedBawolffT178451 XSS when $wgShowExceptionDetails=false and browser sends non-standard url escaping
 ResolvedMaxSemT176247 It's possible to mangle HTML via raw message parameter expansion
 ResolvedMoritzMuehlenhoffT179609 Obtain CVE's for 1.27.4/1.29.2 security releases
 ResolvedMaxSemT125163 id attribute on headlines allow raw > [Possible issue in combination with language converter] (CVE-2017-8812)
 ResolvedReedyT180231 MW 1.27 and 1.28 require-dev versions of phpunit with known security issues
 ResolvedReedyT180232 Document to run composer with `--no-dev`
 DeclinedNoneT180233 Set `no-dev` as the default config in composer.json
 DeclinedNoneT180235 Run composer with `--dev` flag
 ResolvedLegoktmT180237 Have composer create a .htaccess file in vendor director
 ResolvedBawolffT124404 language converter can be tricked into replacing text inside tags by adding a lot of junk after the rule definition (CVE-2017-8814)
 ResolvedBawolffT119158 Language converter: unsafe attribute injection via glossary rules (CVE-2017-8815)
 ResolvedAnomieT180488 api.log still contains passwords in plaintext due to a rebase error in 4d38a489

Event Timeline

Luke081515 created this task.Jun 28 2017, 7:10 PM
Luke081515 renamed this task from Release MediaWiki 1.29 to Release MediaWiki 1.30.
demon unsubscribed.Jun 28 2017, 7:21 PM
greg removed a project: Release-Engineering-Team.Jul 6 2017, 6:56 PM
MaxSem added a subtask: T176247: It's possible to mangle HTML via raw message parameter expansion.Oct 10 2017, 8:05 PM
Reception123 subscribed.Oct 17 2017, 6:05 AM
MacFan4000 subscribed.Nov 2 2017, 12:44 AM
Bawolff closed subtask T176247: It's possible to mangle HTML via raw message parameter expansion as Resolved.Nov 13 2017, 5:26 PM
Reedy edited subtasks, added: T168823: Tracking bug for 1.27.4/1.28.3/1.29.2 security releases; removed: T176247: It's possible to mangle HTML via raw message parameter expansion.Nov 13 2017, 10:36 PM
SamanthaNguyen subscribed.Nov 13 2017, 10:43 PM
Reedy closed subtask T168823: Tracking bug for 1.27.4/1.28.3/1.29.2 security releases as Resolved.Nov 14 2017, 11:53 PM
Kghbln subscribed.Nov 15 2017, 10:01 AM
CCicalese_WMF subscribed.Nov 21 2017, 7:38 PM
MacFan4000 closed this task as Resolved.Dec 12 2017, 2:57 AM
MacFan4000 claimed this task.

Released

MacFan4000 removed MacFan4000 as the assignee of this task.Dec 12 2017, 2:57 AM
greg assigned this task to demon.Dec 12 2017, 7:04 AM
greg added a project: Release-Engineering-Team (Kanban).
greg moved this task from Backlog to Done (within RelEng) on the Release-Engineering-Team (Kanban) board.
Phabricator_maintenance edited projects, added RelEng-Archive-FY201718-Q2; removed Release-Engineering-Team (Kanban).Dec 21 2017, 6:56 PM
Aklapper edited projects, added MediaWiki-Releasing; removed MediaWiki-General.Apr 12 2025, 8:47 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits