Log message:
Update to 1.32.1

Upstream changes:
== MediaWiki 1.32.1 ==

=== Changes since MediaWiki 1.32.0 ===
* (T213577) rdbms: avoid transaction status errors from ping() in rollback().
* rdbms: Pass required parameter.
* rdbms: do not treat SAVEPOINT and RELEASE SAVEPOINT as write queries.
* (T204531) rdbms: reduce LoadBalancer replication log spam.
* (T213489) Avoid session double-start in Setup.php.
* (T213717) Correct namespace 'Template' for gom-deva
* (T198054) Fix login page crash caused by unknown language via ?uselang
* (T215324) (T210937) list=users mistakenly reports user as missing.
* (T209483) Add ILBFactory::redefineLocalDomain method. This is intended for
  use with scripts like addWiki.php to avoid mismatched domain errors.
* (T208871) The hard-coded Google search form on the database error page was
  removed.
* (T204800) Fix Title::getFragmentForURL for bad interwiki prefix
* (T215566) Fix installer being unable to determine if the database exists
  during a fresh installation.

Log message:
Update to 1.32.0

Upstream changelog is too long, please visit:
https://www.mediawiki.org/wiki/Release_notes/1.32

Log message:
Update to 1.31.1
Update my email

Upstream changelog is too long, please visit :
https://www.mediawiki.org/wiki/Release_notes/1.31

Log message:
Recursive bump for perl5-5.28.0

Log message:
*: Move SUBST_STAGE from post-patch to pre-configure

Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.

Log message:
Update to 1.30.0

Upstream changes:
MediaWiki 1.30.0
Changes since MediaWiki 1.30.0-rc.0

    Upgraded Moment.js from v2.15.0 to v2.19.3.
    Add ip_changes to postgres/tables.sql.
    Skip null shell parameters.
    Add wfWaitForSlaves() to maintenance/migrateComments.php.
    (T182245) Fix join conditions in ImageListPager.
    (T178626) Revert #contentSub and #jump-to-nav margin changes.

MySQL version requirement in 1.30

As of 1.30, MediaWiki now requires MySQL 5.5.8 or higher (see Compatibility section).
Configuration changes in 1.30

    The "C.UTF-8" locale should be used for $wgShellLocale, if \ 
available, to avoid unexpected behavior when code uses locale-sensitive string \ 
comparisons. For example, the Scribunto extension considers "bar" < \ 
"Foo" in most locales since it ignores case.
    $wgShellLocale now affects LC_ALL rather than only LC_CTYPE. See \ 
documentation of $wgShellLocale for details.
    $wgShellLocale is now applied for all requests. wfInitShellLocale() is \ 
deprecated and a no-op, as it is no longer needed.
    $wgJobClasses may now specify callback functions as an alternative to plain \ 
class names. This is intended for extensions that want control over the \ 
instantiation of their jobs, to allow for proper dependency injection.
    $wgResourceModules may now specify callback functions as an alternative to \ 
plain class names, using the 'factory' key in the module description array. This \ 
allows dependency injection to be used for ResourceLoader modules.
    $wgExceptionHooks has been removed.
    (T163562) $wgRangeContributionsCIDRLimit was introduced to control the size \ 
of IP ranges that can be queried at Special:Contributions.
    (T45547) $wgUsePigLatinVariant added (off by default).
    (T152540) MediaWiki now supports a section ID escaping style that allows to \ 
display non-Latin characters verbatim on many modern browsers. This is \ 
controlled by the new configuration setting, $wgFragmentMode.
    $wgExperimentalHtmlIds is now deprecated and will be removed in a future \ 
version, use $wgFragmentMode to migrate off it to a modern alternative.
    $wgExternalInterwikiFragmentMode was introduced to control how fragments in \ 
sinterwikis going outside of current wiki farm are encoded.
    (T120333) Soft-deprecated the use of PHP extension 'mysql' in favor of \ 
'mysqli'. This PHP extension was deprecated in PHP 5.5 and removed in PHP 7.0. \ 
MediaWiki auto-selects the 'mysqli' driver since MediaWiki 1.22, except if \ 
explicitly requested through the configuration parameter $wgDBservers. However \ 
some maintenance scripts (bitnami?) still may rely on "mysql".
    $wgOOUIEditPage was removed, as it is now the default. This was documented \ 
as a temporary variable during the migration period.

New features in 1.30

    (T37247) Output from Parser::parse() will now be wrapped in a div with \ 
class="mw-parser-output" by default. This may be changed or disabled \ 
using ParserOptions::setWrapOutputClass().
    (T163562) Added ability to search for contributions within an IP ranges at \ 
Special:Contributions.
    Added 'ChangeTagsAllowedAdd' hook, enabling extensions to allow software- \ 
specific tags to be added by users.
    Added a 'ParserOptionsRegister' hook to allow extensions to register \ 
additional parser options.
    (T45547) Included Pig Latin, a language game in English, as a \ 
LanguageConverter variant. This allows English-speaking developers to develop \ 
and test LanguageConverter more easily. Pig Latin can be enabled by setting \ 
$wgUsePigLatinVariant to true.
    Added RecentChangesPurgeRows hook to allow extensions to purge data that \ 
depends on the recentchanges table.
    Added JS config values wgDiffOldId/wgDiffNewId to the output of diff pages.
    (T2424) Added direct unwatch links to entries in Special:Watchlist (if the \ 
'watchlistunwatchlinks' preference option is enabled). With JavaScript enabled, \ 
these links toggle so the user can also re-watch pages that have just been \ 
unwatched.
    Added $wgParserTestMediaHandlers, where mock media handlers can be passed to \ 
MediaHandlerFactory for parser tests.
    Edit summaries, block reasons, and other "comments" are now stored \ 
in a separate database table. Use the CommentFormatter class to access them.
        This is currently gated by $wgCommentTableSchemaMigrationStage. Most \ 
wikis can set this to MIGRATION_NEW and run maintenance/migrateComments.php as \ 
soon as any necessary extensions are updated.
    (T138166) Added ability for users to prohibit other users from sending them \ 
emails with Special:Emailuser. Can be enabled by setting \ 
$wgEnableUserEmailBlacklist to true.
    (T67297) $wgBrowserBlackList is deprecated, and changing it will have no \ 
effect. Instead, users using browsers that do not support Unicode will be unable \ 
to edit and should upgrade to a modern browser instead.

External library changes in 1.30
Upgraded external libraries

    Updated justinrainbow/json-schema from v3.0 to v5.2.
    Updated mediawiki/mediawiki-codesniffer from v0.7.2 to v0.12.0.
    Updated wikimedia/composer-merge-plugin from v1.4.0 to v1.4.1.
    Updated wikimedia/relpath from v1.0.3 to v2.0.0.
    Updated OOjs from v2.0.0 to v2.1.0.
    Updated OOUI from v0.21.1 to v0.23.0.
    Updated QUnit from v1.23.1 to v2.4.0.
    Updated phpunit/phpunit from v4.8.35 to v4.8.36.
    Upgraded Moment.js from v2.15.0 to v2.19.3.

New external libraries

    The class \TestingAccessWrapper has been moved to the external library \ 
wikimedia/testing-access-wrapper and renamed \Wikimedia\TestingAccessWrapper.
    Purtle, a fast, lightweight RDF generator.

Removed and replaced external libraries

    …

Bug fixes in 1.30

    (T151633) Ordered list items use now Devanagari digits in Nepalese (thanks \ 
to Sfic)

Action API changes in 1.30

    (T37247) action=parse output will be wrapped in a div with \ 
class="mw-parser-output" by default. This may be changed or disabled \ 
using the new 'wrapoutputclass' parameter.
    When errorformat is not 'bc', abort reasons from action=login will be \ 
formatted as specified by the error formatter parameters.
    action=compare can now handle arbitrary text, deleted revisions, and \ 
returning users and edit comments.
    (T164106) The 'rvdifftotext', 'rvdifftotextpst', 'rvdiffto', \ 
'rvexpandtemplates', 'rvgeneratexml', 'rvparse', and 'rvprop=parsetree' \ 
parameters to prop=revisions are deprecated, as are the similarly named \ 
parameters to prop=deletedrevisions, list=allrevisions, and \ 
list=alldeletedrevisions. Use action=compare, action=parse, or \ 
action=expandtemplates instead.

Action API internal changes in 1.30

    ApiBase::getDescriptionMessage() and the "apihelp-*-description" \ 
messages are deprecated. The existing message should be split between \ 
"apihelp-*-summary" and "apihelp-*-extended-description".
    (T123931) Individual values of multi-valued parameters can now be marked as \ 
deprecated.

Languages updated in 1.30

MediaWiki supports over 350 languages. Many localisations are updated regularly. \ 
Below only new and removed languages are listed, as well as changes to languages \ 
because of Phabricator reports.

    Added: kbp (Kabɩyɛ / Kabiyè)
    Added: skr (Saraiki, سرائیکی)
    Added: tay (Tayal / Atayal)
    Removed: tokipona (Toki Pona)

Pig Latin added

    (T45547) Added Pig Latin, a made-up English variant (en-x-piglatin), for \ 
easier variant development and testing. Disabled by default. It can be enabled \ 
by setting $wgUsePigLatinVariant to true.

Other changes in 1.30

    The use of an associative array for $wgProxyList, where the IP address is in \ 
the key instead of the value, is deprecated (e.g. [ '127.0.0.1' => 'value' \ 
]). Please convert these arrays to indexed/sequential ones (e.g. [ '127.0.0.1' \ 
]).
    mw.user.bucket (deprecated in 1.23) was removed.
    LoadBalancer::getServerInfo() and LoadBalancer::setServerInfo() are \ 
deprecated. There are no known callers.
    File::getStreamHeaders() was deprecated.
    MediaHandler::getStreamHeaders() was deprecated.
    Title::canTalk() was deprecated. The new Title::canHaveTalkPage() should be \ 
used instead.
    MWNamespace::canTalk() was deprecated. The new \ 
MWNamespace::hasTalkNamespace() should be used instead.
    The ExtractThumbParameters hook (deprecated in 1.21) was removed.
    The OutputPage::addParserOutputNoText and ::getHeadLinks methods (both \ 
deprecated in 1.24) were removed.
    wfMemcKey() and wfGlobalCacheKey() were deprecated. BagOStuff::makeKey() and \ 
BagOStuff::makeGlobalKey() should be used instead.
    (T146304) Preprocessor handling of LanguageConverter markup has been \ 
improved. As a result of the new uniform handling, '-{' may need to be escaped \ 
(for example, as '-<nowiki/>{') where it occurs inside template arguments \ 
or wikilinks.
    (T163966) Page moves are now counted as edits for the purposes of \ 
autopromotion, i.e., they increment the user_editcount field in the database.
    Two new hooks, LogEventsListLineEnding and NewPagesLineEnding, were added \ 
for manipulating Special:Log and Special:NewPages lines.
    The OldChangesListRecentChangesLine, EnhancedChangesListModifyLineData, \ 
PageHistoryLineEnding, ContributionsLineEnding and \ 
DeletedContributionsLineEnding hooks have an additional parameter, for \ 
manipulating HTML data attributes of RC/history lines. \ 
EnhancedChangesListModifyBlockLineData can do that via the $data['attribs'] \ 
subarray.
    (T130632) The OutputPage::enableTOC() method was removed.
    WikiPage::getParserOutput() will now throw an exception if passed \ 
ParserOptions that would pollute the parser cache. Callers should use \ 
WikiPage::makeParserOptions() to create the ParserOptions object and only change \ 
options that affect the parser cache key.
    Article::viewRedirect() is deprecated.
    IP::isValidBlock() was deprecated. Use the equivalent IP::isValidRange().
    DeprecatedGlobal no longer supports passing in a direct value, it requires a \ 
callable factory function or a class name.
    The $parserMemc global, wfGetParserCacheStorage(), and \ 
ParserCache::singleton() are all deprecated. The main ParserCache instance \ 
should be obtained from MediaWikiServices instead. Access to the underlying \ 
BagOStuff is possible through the new ParserCache::getCacheStorage() method.
    .mw-ui-constructive CSS class (deprecated in 1.27) was removed.
    Sanitizer::escapeId() was deprecated, use escapeIdForAttribute(), \ 
escapeIdForLink() or escapeIdForExternalInterwiki() instead.
    Title::escapeFragmentForURL() was deprecated, use one of the aforementioned \ 
Sanitizer functions or, if possible, Title::getFragmentForURL().
    Second parameter to Sanitizer::escapeIdReferenceList() ($options) now does \ 
nothing and is deprecated.
    mw.util.escapeId() was deprecated, use escapeIdForAttribute() or \ 
escapeIdForLink().
    MagicWord::replaceMultiple() (deprecated in 1.25) was removed.
    WikiImporter now requires the second parameter to be an instance of the \ 
Config, class. Prior to that, the Config parameter was optional (a behavior \ 
deprecated in 1.25).
    Removed 'jquery.mwExtension' module. (deprecated since 1.26)
    mediawiki.ui: Deprecate greys, which are not part of WikimediaUI color \ 
palette any more.
    CdbReader, CdbWriter, CdbException classes (deprecated in 1.25) were \ 
removed. The namespaced classes in the Cdb namespace should be used instead.
    IPSet class (deprecated in 1.26) was removed. The namespaced IPSet\IPSet \ 
should be used instead.
    RunningStat class (deprecated in 1.27) was removed. The namespaced \ 
RunningStat\RunningStat should be used instead.
    MWMemcached and MemCachedClientforWiki classes (deprecated in 1.27) were \ 
removed. The MemcachedClient class should be used instead.
    EditPage underwent some refactoring and deprecations:
        EditPage::isOouiEnabled() is deprecated and will always return true.
        EditPage::getSummaryInput() and ::getSummaryInputOOUI() are deprecated. \ 
Please use ::getSummaryInputWidget() instead.
        EditPage::getCheckboxes() and ::getCheckboxesOOUI() are deprecated. \ 
Please use ::getCheckboxesWidget() instead.
        Creating an EditPage instance without calling \ 
EditPage::setContextTitle() should be avoided and will be deprecated in a future \ 
release.
        EditPage::safeUnicodeInput() and ::safeUnicodeOutput() are deprecated \ 
and no-ops.
        EditPage::$isCssJsSubpage, ::$isCssSubpage, and ::$isJsSubpage are \ 
deprecated. The corresponding methods from Title should be used instead.
        EditPage::$isWrongCaseCssJsPage is deprecated. There is no replacement.
        EditPage::$mArticle and ::$mTitle are deprecated for public usage. The \ 
getters ::getArticle() and ::getTitle() should be used instead.
        Trying to control or fake EditPage context by overriding $wgUser, \ 
$wgRequest, $wgOut, and $wgLang is no longer supported and won't work. The \ 
IContextSource returned from EditPage::getContext() must be modified instead.
    Parser::getRandomString() (deprecated in 1.26) was removed.
    Parser::uniqPrefix() (deprecated in 1.26) was removed.
    Parser::extractTagsAndParams() now only accepts three arguments. The fourth, \ 
$uniq_prefix was deprecated in 1.26 and has now been removed.
    (T172514) The following tables have had their UNIQUE indexes turned into \ 
proper PRIMARY KEYs for increased maintainability: categorylinks, imagelinks, \ 
iwlinks, langlinks, log_search, module_deps, objectcache, pagelinks, \ 
query_cache, site_stats, templatelinks, text, transcache, user_former_groups, \ 
user_properties.
    IDatabase::nextSequenceValue() is no longer needed by any database backends \ 
(formerly it was needed by PostgreSQL and Oracle), and is now deprecated.
    (T146591) The lc_lang_key index on the l10n_cache table has been changed \ 
into a PRIMARY KEY.
    (T157227) bot_password.bp_user, change_tag.ct_log_id, change_tag.ct_rev_id, \ 
page_restrictions.pr_user, tag_summary.ts_log_id, tag_summary.ts_rev_id and \ 
user_properties.up_user have all been made unsigned on MySQL.
    DB_SLAVE is deprecated. DB_REPLICA should be used instead.
    wfUsePHP() is deprecated.
    wfFixSessionID() was removed.
    wfShellExec() and related functions are deprecated, use Shell::command(). \ 
This also slightly changes the behavior of how execution time limits are \ 
calculated when only some of defaults are overridden per-call. When in doubt, \ 
always override both wall clock and CPU time.
    (T138166) SpecialEmailUser::getTarget() now requires a second argument, the \ 
sending user object. Using the method without the second argument is deprecated.
    (T67297) Browsers that don't support Unicode will have their edits rejected.
    (T178450) The module 'jquery.badge' is deprecated and will be removed in a \ 
future release. For notifying the user of an event, the Notifications \ 
("Echo") system should be used instead.
    (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and \ 
browser sends non-standard url escaping.
    (T165846) SECURITY: BotPassword login attempts weren't throttled

Compatibility

MediaWiki 1.30 requires PHP 5.5.9 or later. There is experimental support for \ 
HHVM 3.6.5 or later.

MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used, \ 
but support for them is somewhat less mature. There is experimental support for \ 
Oracle and Microsoft SQL Server.

The supported versions are:

    MySQL 5.5.8 or later
    PostgreSQL 8.3 or later
    SQLite 3.3.7 or later
    Oracle 9.0.1 or later
    Microsoft SQL Server 2005 (9.00.1399)

Upgrading

1.30 has several database changes since 1.29, and will not work without schema \ 
updates. Note that due to changes to some very large tables like the revision \ 
table, the schema update may take a long time (minutes on a medium sized site, \ 
many hours on a large site).

Don't forget to always back up your database before upgrading!

See the file UPGRADE for more detailed upgrade instructions, including important \ 
information when upgrading from versions prior to 1.11.

For notes on 1.29.x and older releases, see HISTORY.

Log message:
Update to 1.29.2

Upstream changes:
MediaWiki 1.29.2

This is a security and maintenance release of the MediaWiki 1.29 branch.
Changes since 1.29.1

    (T166757) Avoid scoped lock errors in Category::refreshCounts() due to nesting.
    (T175439) Unbreak Postgres Updater when setting defaults for a column.
    (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
    Fixed login button label to accept RawMessage.
    Fixed case of SpecialRecentChanges class usage.
    (T174255) Declare uploadCount property in importDump.php.
    (T163646) Pass a string not an int to mysql_real_escape_string().
    (T180143) Bump justinrainbow/json-schema development dependency to ~5.2.
    Updated dev dependancy phpunit/phpunit from v4.8.35 to v4.8.36.
    (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and \ 
browser sends non-standard url escaping.
    (T165846) SECURITY: BotPassword login attempts weren't throttled.
    (T128209) SECURITY: Reflected File Download from api.php.
    (T134100) SECURITY: Do not reveal if user exists during login failure.
    (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
    (T125163) SECURITY: Make anchor for headlines escape > and <.
    (T180237) SECURITY: Protect vendor folder with .htaccess.
    (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in update.php.
    (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit.
    (T119158) SECURITY: Handle -{}- syntax in attributes safely.
    (T180488) (T125177) "api.log contains passwords in plaintext" \ 
wasn't correctly fixed in all branches in the previous security release.

Log message:
Update to 1.29.1

Upstream changes:
MediaWiki 1.29.1
Changes since 1.29.0

    (T171197) Fix bundled extensions; SimpleAntiSpam and Vector (the extension) \ 
shouldn't have been included but were, and PdfHandler and SpamBlacklist should \ 
but weren't.
    (T164999) mw.Upload.Dialog: Define .static.name
    (T172061) refreshLinks.php: Fix fatal when using --category parameter

Log message:
Update to 1.29.0

Upstream changes:
RELEASE-NOTES-1.29
== MediaWiki 1.29 ==

=== Configuration changes in 1.29 ===
* Default cookie expiration time has been reduced to 30 days. Login cookie
  expiration time is kept at 180 days.
* A new configuration variable has been added: $wgCookieSetOnAutoblock. This
  determines whether to set a cookie when a user is autoblocked. Doing so means
  that a blocked user, even after logging out and moving to a new IP address,
  will still be blocked.
* The resetpassword right and associated password reset capture feature has
  been removed.
* The $error parameter to the EmailUser hook should be set to a Status object
  or boolean false. This should be compatible with at least MediaWiki 1.23 if
  not earlier. Returning a raw HTML string is now deprecated.
* The $message parameter to the ApiCheckCanExecute hook should be set to an
  ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a
  code for ApiBase::parseMsg() will no longer work.
* ApiBase::$messageMap is no longer public. Code attempting to access it will
  result in a PHP fatal error.
* $wgUserEmailUseReplyTo is now true by default to work around restrictive DMARC
  policies.
* Subpages are now enabled by default in the Template namespace. Set
  $wgNamespacesWithSubpages[NS_TEMPLATE] to false to keep the old behavior.
* $wgRunJobsAsync is now false by default (T142751). This change only affects
  wikis with $wgJobRunRate > 0.
* (T158474) "Unknown user" has been added to $wgReservedUsernames.
* (T156983) $wgRateLimitsExcludedIPs now accepts CIDR ranges as well as single IPs.
* $wgDummyLanguageCodes is deprecated. Additional language code mappings may be
  added to $wgExtraLanguageCodes instead.
* (T161453) LocalisationCache will no longer use the temporary directory in it's
  fallback chain when trying to work out where to write the cache.
* The user right 'editusercssjs' (deprecated in 1.16) was removed. Use
  'editusercss' and 'edituserjs' in $wgGroupPermissions and elsewhere instead.

=== New features in 1.29 ===
* (T5233) A cookie can now be set when a user is autoblocked, to track that user
  if they move to a new IP address. This is disabled by default.
* Added ILocalizedException interface to standardize the use of localized
  exceptions, largely so the API can handle them more sensibly.
* Blocks created automatically by MediaWiki, such as for configured proxies or
  dnsbls, are now indicated as such and use a new i18n message when displayed.
* Added new $wgHTTPImportTimeout setting. Sets timeout for
  downloading the XML dump during a transwiki import in seconds.
* Parser limit report is now available in machine-readable format to JavaScript
  via mw.config.get('wgPageParseReport').
* Added $wgSoftBlockRanges, to allow for automatically blocking anonymous edits
  from certain IP ranges (e.g. private IPs).
* (T59603) Added new magic word {{PAGELANGUAGE}} which returns the language code
  of the page being parsed.
* HTML5 form validation attributes will no longer be suppressed. Originally
  browsers had poor support for them, but modern browsers handle them fine.
  This might affect some forms that used them and only worked because the
  attributes were not actually being set.
* Expiry times can now be specified when users are added to user groups.
* Completely new user interface for the RecentChanges page, which
  structures filters into user-friendly groups.  This has corresponding
  changes to how filters are registered by core and extensions.
* The edit form now uses pretty OOjs UI buttons, checkboxes and summary input.
  Because this change can cause problems for extensions and on-wiki
  scripts depending on the exact HTML, the old version is still available
  and can be used by setting $wgOOUIEditPage = false; in LocalSettings.php.
  This will be removed later and OOjs UI will become the only option.
  To make testing easier, users can also force either mode by adding
  &ooui=true or &ooui=false to the action=edit URL.

=== External library changes in 1.29 ===

==== Upgraded external libraries ====
* Updated QUnit from v1.22.0 to v1.23.1.
* Updated cssjanus from v1.1.2 to v1.2.0.
* Updated psr/log from v1.0.0 to v1.0.2.
* Update Moment.js from v2.8.4 to v2.15.0.
* Updated oyejorge/less.php from v1.7.0.10 to v1.7.0.14.
* Updated monolog from v1.18.2 to 1.22.1.
* Updated wikimedia/composer-merge-plugin from v1.3.1 to v1.4.0.
* Updated OOjs from v1.1.10 to v2.0.0.

==== New external libraries ====
* Added wikimedia/timestamp v1.0.0.
* Added wikimedia/remex-html v1.0.1.

==== Removed and replaced external libraries ====

=== Bug fixes in 1.29 ===
* (T62604) Core parser functions returning a number now format the number according
  to the page content language, not wiki content language.
* (T27187) Search suggestions based on jquery.suggestions will now correctly only
  highlight prefix matches in the results.
* (T157035) "new mw.Uri()" was ignoring options when using default URI.
* Special:Allpages can no longer be filtered by redirect in miser mode.
* (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is installed.
* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow redirect
  to interwiki links.
* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
  $wgAdvancedSearchHighlighting is true.
* (T125177) SECURITY: API parameters may now be marked as "sensitive" \ 
to keep
  their values out of the logs.
* (T150044) SECURITY: "Mark all pages visited" on the watchlist now \ 
requires a CSRF
  token.
* (T156184) SECURITY: Escape content model/format url parameter in message.
* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
  declaration.
* (T161453) SECURITY: LocalisationCache will no longer use the temporary directory
  in it's fallback chain when trying to work out where to write the cache.
* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion
  syntax's link parameter.
* (T108138) SECURITY: Sysops can undelete pages, although the page is protected \ 
against
  it.

=== Action API changes in 1.29 ===
* Submitting sensitive authentication request parameters to action=login,
  action=clientlogin, action=createaccount, action=linkaccount, and
  action=changeauthenticationdata in the query string is now an error. They
  should be submitted in the POST body instead.
* The capture option for action=resetpassword has been removed
* action=clearhasmsg now requires a POST.
* (T47843) API errors and warnings may be requested in non-English languages
  using the new 'errorformat', 'errorlang', and 'errorsuselocal' parameters.
* API error codes may have changed. Most notably, errors from modules using
  parameter prefixes (e.g. all query submodules) will no longer be prefixed.
* ApiPageSet-using modules will report the 'invalidreason' using the specified
  'errorformat'.
* action=emailuser may return a "Warnings" status, and now returns \ 
'warnings' and
  'errors' subelements (as applicable) instead of 'message'.
* action=imagerotate returns an 'errors' subelement rather than 'errormessage'.
* action=move now reports errors when moving the talk page as an array under
  key 'talkmove-errors', rather than using 'talkmove-error-code' and
  'talkmove-error-info'. The format for subpage move errors has also changed.
* action=revisiondelete no longer includes a "rendered" property on \ 
warnings
  and errors for each item. Use errorformat=wikitext if you're wanting parsed
  output.
* action=rollback no longer returns a "messageHtml" property. Use
  errorformat=html if you're wanting HTML formatting of error messages.
* action=upload now reports optional stash failures as an array under key
  'stasherrors' rather than a 'stashfailed' text string.
* action=watch reports 'errors' and 'warnings' instead of a single 'error', and
  no longer returns a 'message' on success.
* Added action=validatepassword to validate passwords for the account creation
  and password change forms.
* action=purge now requires a POST.
* There is a new `languagevariants` siprop for action=query&meta=siteinfo,
  which returns a list of languages with active LanguageConverter instances.
* action=query&query=allpages will no longer filter redirects using a database
  query in miser mode. This may result in less results being returned than were
  requested.

=== Action API internal changes in 1.29 ===
* New methods were added to ApiBase to handle errors and warnings using i18n
  keys. Methods for using hard-coded English messages were deprecated:
  * ApiBase::dieUsage() was deprecated
  * ApiBase::dieUsageMsg() was deprecated
  * ApiBase::dieUsageMsgOrDebug() was deprecated
  * ApiBase::getErrorFromStatus() was deprecated
  * ApiBase::parseMsg() was deprecated
  * ApiBase::setWarning() was deprecated
* ApiBase::$messageMap is no longer public. Code attempting to access it will
  result in a PHP fatal error.
* The $message parameter to the ApiCheckCanExecute hook should be set to an
  ApiMessage. This is compatible with MediaWiki 1.27 and later. Returning a
  code for ApiBase::parseMsg() will no longer work.
* UsageException is deprecated in favor of ApiUsageException. For the time
  being ApiUsageException is a subclass of UsageException to allow things that
  catch only UsageException to still function properly.
* If, for some strange reason, code was using an ApiErrorFormatter instead of
  ApiErrorFormatter_BackCompat, note that the result format has changed and
  various methods now take a module path rather than a module name.
* ApiMessageTrait::getApiCode() now strips 'apierror-' and 'apiwarn-' prefixes
  from the message key, and maps some message keys for backwards compatibility.
* API parameters may now be marked as "sensitive" to keep their values \ 
out of
  the logs.

=== extension.json changes in 1.29 ===
* Extensions must set a value for "manifest_version" in their \ 
extension.json
  or skin.json files. See
  \ 
<https://www.mediawiki.org/wiki/Manual:Extension.json/Schema#manifest_version>
  for details.
* Extensions can now specify dependencies upon other extensions by using the
  "requires" key. See
  <https://www.mediawiki.org/wiki/Manual:Extension.json/Schema#requires> for
  more details.
* (T151136) Functions set as the "callback" now recieve that \ 
extension's credits
  information as the first argument.
* (T149597) "PasswordPolicy" can be set in extension.json.

=== Languages updated in 1.29 ===

MediaWiki supports over 350 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Phabricator reports.

* Based as always on linguistic studies on intelligibility and language
  knowledge by geography, language fallbacks have been expanded. When a
  translation is missing in the user's preferred interface language, the
  corresponding translation for the fallback language will be used instead.
  English will only be used as last resort when there are no translations.
  Some configurations (such as date formats and gender namespaces) have also
  been updated when using the fallback language's configuration was inadequate.
  The new or reinstated language fallbacks are (after cs ↔ sk in 1.28):
  ca ↔ oc; hsb ↔ dsb; io → eo; mdf → ru; pnt → el; \ 
roa-tara → it; rup → ro;
  sh → bs, sr-el, hr.
* (T137376) New language support: Atikamekw (atj).
* (T163600) New language support: Dinka (din).
* (T155957) Talk Namespaces for Javanese language (jv) have been updated.

==== No fallback for Ukrainian ====
* (T39314) The fallback from Ukrainian to Russian was removed. The Ukrainian
  language will now use the default fallback language: English. When a translation
  to Ukrainian is not available, an English string will be shown.

=== Other changes in 1.29 ===
* Database::getSearchEngine() (deprecated in 1.28) was removed. Use
  SearchEngineFactory::getSearchEngineClass() instead.
* $wgSessionsInMemcached (deprecated in 1.20) was removed. No replacement is
  required as all sessions are stored in Object Cache now.
* MWHttpRequest::execute() should be considered to return a StatusValue; the
  Status return type is deprecated.
* User::edits() (deprecated in 1.21) was removed.
* Xml::escapeJsString() (deprecated in 1.21) was removed.
* Article::getText() and Article::prepareTextForEdit() (deprecated in 1.21)
  were removed.
* Article::getAutosummary() and WikiPage::getAutosummary() (deprecated in 1.21)
  were removed.
* Hook ArticleViewCustom (deprecated in 1.21) was removed. Use \ 
ArticleContentViewCustom
  instead.
* Hooks EditPageGetDiffText and ShowRawCssJs (deprecated in 1.21) were removed.
* Class RevisiondeleteAction (deprecated in 1.25) was removed.
* WikiPage::prepareTextForEdit() (deprecated in 1.21) was removed.
* WikiPage::getText() (deprecated in 1.21) was removed.
* Article::fetchContent() (deprecated in 1.21) was removed.
* User::getPassword() (deprecated in 1.27) was removed.
* User::getTemporaryPassword() (deprecated in 1.27) was removed.
* User::isPasswordReminderThrottled() (deprecated in 1.27) was removed.
* Class FSRepo (deprecated in 1.19) was removed.
* WebRequest::checkSessionCookie() (deprecated in 1.27) was removed. Use
  \MediaWiki\Session\SessionManager::singleton()->getPersistedSessionId() instead.
* Class ImageGallery (deprecated in 1.22) was removed.
  Use ImageGalleryBase::factory instead.
* Title::moveNoAuth() (deprecated in 1.25) was removed. Use MovePage class instead.
* Hook UnknownAction (deprecated in 1.19) was actually deprecated (it will now
  emit warnings). Create a subclass of Action and add it to $wgActions instead.
* WikiRevision::getText() (deprecated since 1.21) is no longer marked deprecated.
* Linker::getInterwikiLinkAttributes() (deprecated since 1.25) was removed.
* Linker::getInternalLinkAttributes() (deprecated since 1.25) was removed.
* Linker::getInternalLinkAttributesObj() (deprecated since 1.25) was removed.
* Linker::getLinkAttributesInternal() (deprecated since 1.25) was removed.
* RedisConnectionPool::handleException (deprecated since 1.23) was removed.
* The static properties mw.Api.errors and mw.Api.warnings, containing incomplete
  and outdated lists of errors/warnings returned by the API, are now deprecated.
* wiki.phtml entry point was removed.  Refer to index.php instead. If you want \ 
"wiki.phtml"
  URLs to continue to work, set up redirects. In Apache, this can be done by enabling
  mod_rewrite and adding the following rules to your configuration:

    RewriteEngine On
    RewriteBase /
    RewriteRule ^/w/wiki\.phtml$ /w/index.php [R=301,L]
* Hook ArticleAfterFetchContent (deprecated in 1.21) was removed.
  Use ArticleAfterFetchContentObject instead.
* Hook ArticleInsertComplete (deprecated in 1.21) was removed.
  Use PageContentInsertComplete instead.
* Hook ArticleSave (deprecated in 1.21) was removed.
  Use PageContentSave instead.
* Hook ArticleSaveComplete (deprecated in 1.21) was removed.
  Use PageContentSaveComplete instead.
* Hook EditFilterMerged (deprecated in 1.21) was removed.
  Use EditFilterMergedContent instead.
* Hook EditPageGetPreviewText (deprecated in 1.21) was removed.
  Use EditPageGetPreviewContent instead.
* Hook TitleIsCssOrJsPage (deprecated in 1.21) was removed.
  Use ContentHandlerDefaultModelFor instead.
* Hook TitleIsWikitextPage (deprecated in 1.21) was removed.
  Use ContentHandlerDefaultModelFor instead.
* Article::getContent() (deprecated in 1.21) was removed.
* Revision::getText() (deprecated in 1.21) was removed.
* Article::doEdit() and WikiPage::doEdit() (deprecated in 1.21) were removed.
* Parser::replaceUnusualEscapes() (deprecated in 1.24) was removed.
* Article::doEditContent() was marked as deprecated, to be removed in 1.30
  or later.
* ContentHandler::runLegacyHooks() was removed.
* refreshLinks.php now can be limited to a particular category with --category=...
  or a tracking category with --tracking-category=...
* User-like objects that are passed to SpecialUserRights and its subclasses are
  now required to have a getGroupMemberships() method. See UserRightsProxy for
  an example.
* User::$mGroups (instance variable) was marked private. Use User::getGroups()
  instead.
* User::getGroupName(), User::getGroupMember(), User:getGroupPage(),
  User::makeGroupLinkHTML(), and User::makeGroupLinkWiki() were deprecated.
  Use equivalent methods on the UserGroupMembership class.
* Maintenance scripts and tests that call User::addGroup() must now ensure that
  User objects have been added to the database prior to calling addGroup().
* Protected function UsersPager::getGroups() was removed, and protected function
  UsersPager::buildGroupLink() was changed from a static to an instance method.
* The third parameter ($cache) to the UsersPagerDoBatchLookups hook was changed;
  see docs/hooks.txt.
* User::crypt() (deprecated in 1.24) was removed.
* User::comparePasswords() (deprecated in 1.24) was removed.
* ArchivedFile::getUserText() (deprecated in 1.23) was removed.
* HTMLFileCache::newFromTitle() (deprecated in 1.24) was removed.
* BREAKING CHANGE: Internal signature changes to ChangesListSpecialPage
  and subclasses.  It should only break if you call buildMainQueryConds
  (changed to buildQuery with new signature) or doMainQuery (new
  signature).  Subclasses are likely to call at least doMainQuery
  (possibly both), but other classes might too, because they were
  public.
  Also, some related hooks were deprecated, but this is not yet a
  breaking change.
* Removed 'jquery.arrowSteps' module. (deprecated since 1.28)
* The 'jquery.autoEllipsis' ResourceLoader module is now deprecated.
* WikiRevision::$fileIsTemp was deprecated.
* WikiRevision::$importer was deprecated.
* WikiRevision::$user was deprecated.
* Article::getLastPurgeTimestamp(), WikiPage::getLastPurgeTimestamp(), and the
  WikiPage::PURGE_* constants are deprecated, and the functions will always
  return false. They were a hack for an issue that has since been fixed.
* Hook 'EditPageBeforeEditChecks' is now deprecated. Instead use the new hook
  'EditPageGetCheckboxesDefinition', or 'EditPage::showStandardInputs:options'
  if you don't actually care about checkboxes and just want to add some HTML
  to the page.
* Selflinks are now rendered as href-less <a> tags with the class mw-selflink
  rather than <strong> tags. The old class name, "selflink", was \ 
deprecated
  and will be removed in a future release. (T160480)
* (T156184) $wgRawHtml will no longer apply to internationalization messages.
* Browser support for non-ES5 JavaScript browsers, including Android 2,
  Opera <12.10, and Internet Explorer 9, was lowered from Grade A to Grade C.
* Removed wikibits global methods deprecated since MediaWiki 1.17 (T122755):
  is_gecko, is_chrome_mac, is_chrome, webkit_version, is_safari_win, is_safari,
  webkit_match, is_ff2, ff2_bugs, is_ff2_win, is_ff2_x11, opera95_bugs,
  opera7_bugs, opera6_bugs, is_opera_95, is_opera_preseven, is_opera,
  ie6_bugs, clientPC, changeText, killEvt, addHandler, hookEvent,
  addClickHandler, removeHandler, getElementsByClassName, getInnerText,
  setupCheckboxShiftClick, addCheckboxClickHandlers, mwEditButtons,
  mwCustomEditButtons, injectSpinner, removeSpinner, escapeQuotes,
  escapeQuotesHTML, jsMsg, addPortletLink, appendCSS, tooltipAccessKeyPrefix,
  tooltipAccessKeyRegexp, updateTooltipAccessKeys.
* The ID of the <li> element containing the login link has changed from
  'pt-login' to 'pt-login-private' in private wikis.
* The old, neglected "bulletin board style toolbar" in the edit form is now
  deprecated (T30856). This old code dates from 2006, and was replaced in the
  MediaWiki release tarball and in Wikimedia production by the WikiEditor
  extension in 2010. It is only shown to users if no other editor was
  installed, and leads to confusion.
* (T92459) Loading ResourceLoader modules containing JavaScript through
  addModuleStyles() is deprecated and will log a warning server-side.

== Compatibility ==

MediaWiki 1.29 requires PHP 5.5.9 or later. There is experimental support for
HHVM 3.6.5 or later.

MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used,
but support for them is somewhat less mature. There is experimental support for
Oracle and Microsoft SQL Server.

The supported versions are:

* MySQL 5.0.3 or later
* PostgreSQL 8.3 or later
* SQLite 3.3.7 or later
* Oracle 9.0.1 or later
* Microsoft SQL Server 2005 (9.00.1399)

== Upgrading ==

1.29 has several database changes since 1.28, and will not work without schema
updates. Note that due to changes to some very large tables like the revision
table, the schema update may take quite long (minutes on a medium sized site,
many hours on a large site).

Don't forget to always back up your database before upgrading!

See the file UPGRADE for more detailed upgrade instructions, including
important information when upgrading from versions prior to 1.11.

For notes on 1.28.x and older releases, see HISTORY.

Log message:
Update to 1.28.2(security update)

Upstream changes:
MediaWiki 1.28.2

This is a security release of the MediaWiki 1.28 branch.

Due to a mistake in packaging, the releases 1.27.2 and 1.28.1 did not contain \ 
the fix for SyntaxHighlight_GeSHi. This new release does contain that fix.