The latest #MediaWiki security release is now available in #Debian https://lists.debian.org/debian-security-announce/2020/msg00174.html
I also updated the packages in my PPA as well.
The newest stable release, 1.35, should be ready for unstable later today or tomorrow.
Discussion at https://github.com/magnusmanske/mediawiki_rust/issues/19
Latest #MediaWiki security release is in #Debian unstable now: https://tracker.debian.org/news/1155620/accepted-mediawiki-11318-1-source-into-unstable/
We're not planning to issue a security update for this given that it's not exploitable using the set of extensions available in Debian. It'll get bundled with the next one...
#MediaWiki packages for the latest #Ubuntu 20.04 LTS release are now available: https://blog.legoktm.com/2020/05/12/mediawiki-packages-for-ubuntu-2004-focal-available.html
The latest #MediaWiki security update has hit #Debian - https://lists.debian.org/debian-security-announce/2020/msg00053.html
Only buster users need to update as stretch did not contain the vulnerable code (yay?).
End of an era, #MediaWiki will no longer silently accept "A potato" as part of a valid timestamp: https://lists.wikimedia.org/pipermail/mediawiki-api-announce/2019-June/000146.html
(Don't worry, PHP will still take it!)
There's a new #MediaWiki security release out today. 11 security issues in total, plus plenty of bug fixes.
Updated #Debian packages will be available shortly for stretch, and buster. I've already updated sid/unstable and my Ubuntu PPA: https://launchpad.net/~legoktm/+archive/ubuntu/mediawiki-lts
This is the official end of upstream support for the 1.27.x LTS, but I'll be backporting patches for the entire lifetime of stretch. More details to come.
Tim is working on a new profiler for PHP, since there are issues with xhprof/tideways that really aren't worth dealing with...and that we can do better in profiling. He's written up some details on https://phabricator.wikimedia.org/T205059, and there's some initial code in our Gerrit.
I've done the initial Debian packaging at https://salsa.debian.org/mediawiki-team/php-excimer - my goal will be to have it in NEW by the end of the month.
I wrote up a bunch of notes about why we rewrote the #MediaWiki tarball release script: https://blog.legoktm.com/2018/09/24/writing-a-new-mediawiki-tarball-release-script.html
Still a lot more things to improve for the release process, but we're heading in the right direction. I hope!
The #MediaWiki security update has been pushed to #Debian stable after a few hiccups (thanks Moritz!): https://lists.debian.org/debian-security-announce/2018/msg00232.html
I also pushed an update for Xenial users to my PPA: https://launchpad.net/~legoktm/+archive/ubuntu/mediawiki-lts
Those packages are for 1.27, which is the older LTS version. 1.31 hit unstable today, so I'll be providing backports for it shortly!
VW code: when your code detects that it is under test, and modifies its behavior accordingly
(from #mediawiki-core on IRC)
New project: Road to +2
We do outreach for newcomers to #MediaWiki development, but not really for people who fall in the middle. They're established patch contributors, but not yet maintainers.
The goal is to provide a guide and mentors on how a "middle" contributor can move up and become a maintainer with +2. This is a quick draft, edits welcome!
Introducing CoverMe: find the most called MediaWiki code lacking test coverage: https://blog.legoktm.com/2018/05/29/introducing-coverme-find-the-most-called-mediawiki-code-lacking-test-coverage.html
The tool itself: https://tools.wmflabs.org/coverme/ :)
This is a short term transition to help test something that is close to the next LTS version: 1.31 (out in June!).
LuaSandbox is now available for Xenial in https://launchpad.net/~legoktm/+archive/ubuntu/mediawiki-lts
MediaWiki core dev, Debian Developer, Wikipedian. Inactive journalist, believer in free software and free knowledge.
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!