MediaWiki 1.32 has been officially released. Below is a highlight of some of the release notes; you can view the full list here.
A new "Interface administrators" group was added, which has the ability to edit sitewide CSS/JS and the CSS/JS of other users. By default, no other group (not even "Administrators") has this capability anymore.
- We recommend that you do not grant this group to all of your existing administrators, instead only granting it to those who will be responsible for maintaining CSS/JS pages on the wiki. This increases your site's security in the event that an administrator account is compromised.
The old editing toolbar has been removed (see image below if you aren't sure what toolbar this is). Use an extension such as WikiEditor, which is bundled with the tarball release, instead to provide an editing toolbar. If your wiki has customizations to add additional buttons to this toolbar, work on a migration plan to add them to the WikiEditor toolbar instead.
(Image from Wikimedia Commons)
- The MediaWiki API (api.php) is now unconditionally enabled and can no longer be disabled.
- A cookie can now be set when an IP user is blocked to track that user if they move to a new IP address. This feature is disabled by default but can be enabled by setting $wgCookieSetOnIpBlock = true; in your LocalSettings.php.
The on-wiki external image whitelist (MediaWiki:External image whitelist) is now disabled by default. If you were making use of this feature, set $wgEnableImageWhitelist = true; in your LocalSettings.php. This feature allowed for allowing embedding of external images ("hotlinking") from domains that wiki administrators specifically allow.
- Hotlinked images do not feature any controls such as resizing or adding captions, and leak your visitor's IP addresses to the external source. Furthermore, there is no guarantee that the image will remain available in the future, or that it will not be changed to something else. As such, we recommend that you always upload images locally if possible and do not use this feature.
- The Watchlist will now show 7 days of changes by default, up from 3.
When upgrading MediaWiki versions, it is always important to take a backup of both your files as well as your database, as upgrades cannot be "rolled back" once performed. It is recommended to unpack the new files into a new, empty directory and then move over needed files (LocalSettings.php, images, extensions, skins) rather than unpacking the new files directly over the old ones. Unpacking over the old ones could cause files that were removed in 1.32 to remain in your directory tree, which could cause PHP errors down the line or cause security issues as those files will no longer be updated. The database changes in this release could take a while to run on large wikis.