Page MenuHomePhabricator

Write and send release announcements for MediaWiki 1.31.8/1.33.4/1.34.2
Closed, ResolvedPublic

Description

Previous T240395

I would like to announce the release of MediaWiki 1.34.2, 1.33.4 and 1.31.8!

These releases also serve as a maintenance release for these branches.

We've noted that this is minor, and as such you don't need to apply them as quickly as with other security releases, if you're unable to do so, or if you're not running a private wiki. We therefore decided to continue with getting the security (and maintenance) release out for this quarter as planned, even with the global situation as is.

While tarballs have already been uploaded, git tags will follow later on today.

An "MediaWiki Extensions Security Release Supplement" email will follow this one.

As mentioned in the pre-release announcement, this will be the final release of the MediaWiki 1.33 branch, barring any unforeseen issues. If you are currently running 1.33, you are advised to upgrade to a newer, supported version of MediaWiki, which as of writing is MediaWiki 1.34 (as 1.35 has not been released yet). MediaWiki 1.34 will be supported until November 2020. A separate notification of this will be sent out too.

== Security fixes ==
* (T248947) img_auth.php may leak private extension images into the public cache. CVE-2020-15005

== Links to all mentioned tasks ==
* https://phabricator.wikimedia.org/T248947

== Release notes ==

Full release notes for 1.31.8:
https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_31/RELEASE-NOTES-1.31
https://www.mediawiki.org/wiki/Release_notes/1.31

Full release notes for 1.33.4:
https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_33/RELEASE-NOTES-1.33
https://www.mediawiki.org/wiki/Release_notes/1.33

Full release notes for 1.34.2:
https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_34/RELEASE-NOTES-1.34
https://www.mediawiki.org/wiki/Release_notes/1.34

For information about how to upgrade, see
<https://www.mediawiki.org/wiki/Manual:Upgrading>

**********************************************************************
Download:
https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.8.tar.gz

Download without bundled extensions:
https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.8.tar.gz

Patch to previous version (1.31.7):
https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.8.patch.gz

GPG signatures:
https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.8.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.8.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.8.patch.gz.sig

Public keys:
https://www.mediawiki.org/keys/keys.html

**********************************************************************
Download:
https://releases.wikimedia.org/mediawiki/1.33/mediawiki-1.33.4.tar.gz

Download without bundled extensions:
https://releases.wikimedia.org/mediawiki/1.33/mediawiki-core-1.33.4.tar.gz

Patch to previous version (1.33.3):
https://releases.wikimedia.org/mediawiki/1.33/mediawiki-1.33.4.patch.gz

GPG signatures:
https://releases.wikimedia.org/mediawiki/1.33/mediawiki-core-1.33.4.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.33/mediawiki-1.33.4.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.33/mediawiki-1.33.4.patch.gz.sig

Public keys:
https://www.mediawiki.org/keys/keys.html

**********************************************************************
Download:
https://releases.wikimedia.org/mediawiki/1.34/mediawiki-1.34.2.tar.gz

Download without bundled extensions:
https://releases.wikimedia.org/mediawiki/1.34/mediawiki-core-1.34.2.tar.gz

Patch to previous version (1.34.1):
https://releases.wikimedia.org/mediawiki/1.34/mediawiki-1.34.2.patch.gz

GPG signatures:
https://releases.wikimedia.org/mediawiki/1.34/mediawiki-core-1.34.2.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.34/mediawiki-1.34.2.tar.gz.sig
https://releases.wikimedia.org/mediawiki/1.34/mediawiki-1.34.2.patch.gz.sig

Public keys:
https://www.mediawiki.org/keys/keys.html

Event Timeline

Reedy changed the subtype of this task from "Security Issue" to "Task".
Reedy updated the task description. (Show Details)
Reedy updated the task description. (Show Details)
Reedy claimed this task.
Reedy changed the visibility from "Custom Policy" to "Public (No Login Required)".
Reedy changed the edit policy from "Custom Policy" to "All Users".