HISTORY: Integrate 1.35.11/1.38.7/1.39.4

Bug: T333625 Change-Id: I485cf5c2d3e4fb787cce11458cdd5df27791da69
author: Reedy <reedy@wikimedia.org> 2023-06-30 18:18:14 +0100
committer: Reedy <reedy@wikimedia.org> 2023-06-30 18:11:33 +0000
commit: 5a65632a137d61f000d90a3bbc93fd3cc8070f74 (patch)
tree: 2e3bbe9da88b9c55e1e42e041953b4f76837a46c /HISTORY
parent: 6e1d1074c1bbaf892a622718e07fb71eadcccc23 (diff)
download: mediawikicore-5a65632a137d61f000d90a3bbc93fd3cc8070f74.tar.gz
mediawikicore-5a65632a137d61f000d90a3bbc93fd3cc8070f74.zip
1 files changed, 65 insertions, 0 deletions
diff --git a/HISTORY b/HISTORY
index 01fb5b04aa42..1474ad4a678f 100644
--- a/HISTORY
+++ b/HISTORY
@@ -2,6 +2,37 @@ Change notes from older releases. For current info, see RELEASE-NOTES-1.41.
 
 = MediaWiki 1.39 =
 
+== MediaWiki 1.39.4 ==
+
+This is a security and maintenance release of the MediaWiki 1.39 branch.
+
+=== Changes since MediaWiki 1.39.3 ===
+* Localisation updates.
+* (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1.
+* (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7
+  (2.4.0 => 2.4.5).
+* (T333776) {{ACTIVEUSERS}} wasn't being updated without updateSpecialPages.php.
+* (T258860) Prevent LogicCache exception from message cache during IO errors
+  from memcache.
+* (T336868) Improve idempotency of postgres index upgrades.
+* (T322944) Add Authorization to default $wgAllowedCorsHeaders.
+* (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter.
+* A fake MessageLocalizer for use in unit tests.
+* (T338114) Title: Add forward alias.
+* composer: Add symfony/polyfill-php81 like symfony/polyfill-php80.
+* (T330464) Work around argument corruption bug in XMLReader::open.
+* Fix frame and frameless rdfa depending on file existing.
+* Fixes for the phan upgrade, part 1.
+* Fixes for the phan upgrade, part 2.
+* (T298571) build: Update mediawiki/mediawiki-phan-config to 0.12.0.
+* build: Updating mediawiki/mediawiki-phan-config to 0.12.1.
+* (T329214) Pass whether current rev of file exists to
+  Linker::makeBrokenImageLinkObj.
+* (T334659) Handle thumb errors when !$enableLegacyMediaDOM.
+* A manualthumb that doesn't exist should be considered a thumb error.
+* (T313157) IndexPager: Also protect against $offset being 0.
+* (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.
+
 == MediaWiki 1.39.3 ==
 
 This is a security and maintenance release of the MediaWiki 1.39 branch.
@@ -252,6 +283,7 @@ For notes on 1.38.x and older releases, see HISTORY.
 
 ==== New external libraries ====
 * Added Codex v0.1.1. This replaces the now deprecated wvui library.
+* Added symfony/polyfill-php81.
 
 ===== New development-only external libraries =====
 * Updated QUnit from 2.18.0 to 2.18.2.
@@ -281,6 +313,7 @@ For notes on 1.38.x and older releases, see HISTORY.
 * Updated composer/spdx-licenses from 1.5.5 to 1.5.7.
 * Updated doctrine/dbal for PHP < 7.3 from 2.13.6 to 2.13.9.
 * Updated doctrine/dbal for PHP >= 7.3 from 3.1.5 to 3.4.2.
+* Updated mediawiki/mediawiki-phan-config from 0.11.1 to 0.12.1.
 
 ==== Removed external libraries ====
 * Removed wikimedia/dodo (v0.4.0).
@@ -783,6 +816,21 @@ There's usually someone online in #mediawiki on irc.libera.chat.
 
 = MediaWiki 1.38 =
 
+== MediaWiki 1.38.7 ==
+
+This is a security and maintenance release of the MediaWiki 1.38 branch.
+
+=== Changes since MediaWiki 1.38.6 ===
+* Localisation updates.
+* (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1.
+* (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7
+  (2.4.0 => 2.4.5).
+* (T322944) Add Authorization to default $wgAllowedCorsHeaders.
+* (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter.
+* (T330464) Work around argument corruption bug in XMLReader::open.
+* (T313157) IndexPager: Also protect against $offset being 0.
+* (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.
+
 == MediaWiki 1.38.6 ==
 
 This is a security and maintenance release of the MediaWiki 1.38 branch.
@@ -3922,6 +3970,23 @@ There's usually someone online in #mediawiki on irc.libera.chat.
 
 = MediaWiki 1.35 =
 
+== MediaWiki 1.35.11 ==
+
+This is a security and maintenance release of the MediaWiki 1.35 branch.
+
+=== Changes since MediaWiki 1.35.10 ===
+* Localisation updates.
+* (T333990) composer.json: Explicitly pin psr/http-message to 1.0.1.
+* (T335203, CVE-2023-29197) SECURITY: Upgrading guzzlehttp/psr7
+  (1.9.0 => 1.9.1).
+* (T269636) Add Access-Control-Max-Age to $wgAllowedCorsHeaders.
+* (T322944) Add Authorization to default $wgAllowedCorsHeaders.
+* (T332889, CVE-2023-36675) SECURITY: Fix escaping in BlockLogFormatter.
+* (T297917) objectcache: avoid use of ctype_digit() in
+  WANObjectCache::adaptiveTTL().
+* (T330464) Work around argument corruption bug in XMLReader::open.
+* (T313157) IndexPager: Also protect against $offset being 0.
+* (T335612, CVE-2023-36674) SECURITY: Move badFile lookup to Linker.
 
 == MediaWiki 1.35.10 ==
author	Reedy <reedy@wikimedia.org>	2023-06-30 18:18:14 +0100
committer	Reedy <reedy@wikimedia.org>	2023-06-30 18:11:33 +0000
commit	5a65632a137d61f000d90a3bbc93fd3cc8070f74 (patch)
tree	2e3bbe9da88b9c55e1e42e041953b4f76837a46c /HISTORY
parent	6e1d1074c1bbaf892a622718e07fb71eadcccc23 (diff)
download	mediawikicore-5a65632a137d61f000d90a3bbc93fd3cc8070f74.tar.gz mediawikicore-5a65632a137d61f000d90a3bbc93fd3cc8070f74.zip