MediaWiki

File Release Notes and Changelog

Release Name: MediaWiki-stable 20031117

Notes:
= MediaWiki release notes =

Stable branch snapshot, release 2003-11-17. This is the version of MediaWiki
that we're running on Wikipedia as of this date.

== Overview of changes from mediawiki-20031107 release: ==

* SECURITY FIX: stricter checking of include path
* Fixed user contributions next/prev bug
* Login cookies now have the database name prefixed to allow wikis
  to coexist in the same domain. This will invalidate any old saved
  password cookies.
* Update cache timestamp when talk pages are created
* Saving the login form in Mozilla no longer blanks password in prefs.
* Check existence of source page before performing a move.
* Detect invalid titles in Special:Allpages
* Q-encode headers on outgoing inter-user e-mail
* Updates to some translations.
* Added table of contents border/bg to Cologne Blue, Nostalgia skins
* Protected pages no longer appear unprotected when visited via redirect
* Swapped old Wikipedia logo for the MediaWiki sunflower logo
* install.php, update.php print warning on old PHP versions,
  added compatibility functions that might or might not help

No database changes since 20031107; upgrading should be clean.


== Overview of changes from mediawiki-20030829 release: ==

* Fixed various bugs!
* Some speed improvements from tweaks to the table indexes
* Limited support for memcached (see below)
* New translations (see below)
* Interwiki link data now kept in database for flexibility
* Friendlier read-only source view if asked to edit a page when
  the db is locked or the page is protected.
* Normal IP blocks auto-expire after 24 hours
* Optional support for blocking usernames
* Uploads disabled by default (see below)


== Security note ==

Uploads are now disabled by default. If you've set up a secure configuration
you can reenable uploads by putting:

  $wgDisableUploads = false;

into LocalSettings.php.

Earlier versions of MediaWiki included a bug that potentially allows logged-
in users to delete arbitrary files in directories writable by the web server
user by manually feeding false form data; this is now fixed.

As a reminder, disable PHP script execution in the upload directory!
You may also wish to serve HTML pages as plaintext to prevent cookie-
stealing JavaScript attacks. Example Apache config fragment:

  <Directory "/Library/MediaWiki/web/upload">
     # Ignore .htaccess files
     AllowOverride None
     
     # Serve HTML as plaintext
     AddType text/plain .html .htm .shtml
     
     # Don't run arbitrary PHP code.
     php_admin_flag engine off
     
     # If you've other scripting languages, disable them too.
  </Directory>


== Database updates ==

If you're using update.php, the necessary database changes should
be made automatically.

To manually upgrade your database from the 2003-08-29 release, run the
following SQL scripts from the maintenance subdirectory:

  archives/patch-ipblocks.sql
  archives/patch-interwiki.sql
  archives/patch-indexes.sql
  interwiki.sql

To copy in the Wikipedia language-prefix interwikis as well, add:

  wikipedia-interwiki.sql


== Translations ==

New interface localization files are included for:
  fy Frisian
  ro Romanian
  sl Slovene
  sq Albanian
  sr Serbian


== Memcached ==

Memcached is a distributed cache system. See http://www.danga.com/memcached/
MediaWiki can optionally use memcached to store some data between calls
to reduce load on the database. Currently this is limited to user and
talk page notification data, interwiki prefix/URL matches, and the
UTF-8 conversion tables.

MediaWiki includes version 1.0.10 of the (GPL'd) PHP memcached client by
Ryan Gilfether; if memcached is disabled it acts as a dummy object with
minimal overhead.

To use memcached you'll need PHP installed with sockets support (this is not
in the default configure options). See docs/memcached for some more details.

Additionally, you can store login session data in memcached instead of the
local filesystem, which can help to enable load-balancing by letting login
sessions transparently work on multiple front-end web servers. (The primary
other issue is with uploads, which requires some care in handling.)

To enable this, set $wgSessionsInMemcached = true; and set $wgCookieDomain
appropriately if exposing multiple hostnames. This system is new and may be
volatile; login sessions will fail dramatically if memcached is unavailable
when this option is turned on.


== Online documentation ==

Documentation for both end-users and site administrators is currently being
built up on Meta-Wikipedia, and is covered under the GNU Free Documentation
License:

  http://meta.wikipedia.org/wiki/MediaWiki_User%27s_Guide


== Mailing list ==

A MediaWiki-l mailing list has been set up distinct from the Wikipedia
wikitech-l list:

  http://mail.wikipedia.org/mailman/listinfo/mediawiki-l


== UseModWiki import script ==

A stripped-down UseModWiki import script is available in the maintenance
subdirectory. It is incomplete and requires a lot of manual clean-up, but
does function for the brave and pure of heart.


== Test suite removed ==

The unmaintained Java-based test suite has been removed from the tarball
release. If you really want it you can check it out from CVS.



Changes: