MediaWiki 1.31.0 has now been officially released. This is a Long Term Support (LTS) release, meaning it will receive bugfixes and security updates for a period of 3 years (until June 2021). Below is a highlight of some of the release notes. To view the full release notes, click here.
New System Requirements
MediaWiki 1.31 now requires PHP 7.0 or higher. HHVM 3.18.5+ is still supported, but any users still on HHVM should look into migrating into PHP 7, as HHVM will no longer be supported in the future as Facebook will be dropping PHP support from the product.
More Bundled Extensions
The following extensions are now bundled with the MediaWiki download:
CodeEditor -- provides a more friendly editing UI when editing CSS and JS pages
MultimediaViewer -- opens clicked images in a lightbox instead of leading directly to the image page
OATHAuth -- provides 2-factor authentication (2FA) support using apps such as Google Authenticator
Replace Text -- provides a special page for admins to perform replacements across multiple pages of the wiki, for both page content and page titles
When upgrading MediaWiki versions, it is always important to take a backup of both your files as well as your database, as upgrades cannot be "rolled back" once performed. It is recommended to unpack the new files into a new, empty directory and then move over needed files (LocalSettings.php, images, extensions, skins) rather than unpacking the new files directly over the old ones. Unpacking over the old ones could cause files that were removed in 1.31 to remain in your directory tree, which could cause PHP errors down the line or cause security issues as those files will no longer be updated. The database changes in this release could take a while to run on large wikis.
From Sam Reed on MediaWiki-announce. This is a security release. It is recommended you take action immediately in order to patch your MediaWiki installations.
This security release includes a fix for a Remote Code Execution (RCE) vulnerability present in some configurations of MediaWiki. Not everyone is impacted. To test if you are impacted by this vulnerability, after following all patch instructions in the email (including running the "composer update --no-dev" command if you are installing MediaWiki from git instead of tarball), look through your server access logs for hits to a file named "eval-stdin.php". If you see this entry in your access logs, your server may have been compromised, take additional steps to investigate and secure the server. If you need assistance in how to proceed with this, or have any difficulty checking or validating if you were impacted, post in our support forum.
MediaWiki Users aims to be the premiere experience for obtaining support with the MediaWiki software. We have free community forums where you can ask questions from knowledgeable peers as well as a place where you can request or advertise for-pay MediaWiki services.
MediaWiki Users is ad-free and supported by selling its own services for MediaWiki. Creating an account is free and easy, so join today!