Release notes/1.43 - MediaWiki
Jump to content
From mediawiki.org
Release notes
This page contains
release notes
for a
legacy version
of MediaWiki.
The current version is
1.45.3
. The legacy support version is
1.44.5
. The legacy long-term support version is
1.43.8
MediaWiki
MediaWiki 1.46
(alpha
git master
MediaWiki 1.45
(stable)
MediaWiki 1.44
(legacy)
MediaWiki 1.43
LTS
Older versions
Version lifecycle
MediaWiki 1.43
edit
PHP 8.1 workboard:
PHP 8.2 workboard:
PHP 8.3 workboard:
PHP 8.4 workboard:
MediaWiki 1.43.8
edit
This is a maintenance release of the MediaWiki 1.43 branch.
Changes since 1.43.7
edit
Fixed backport issues.
MediaWiki 1.43.7
edit
This is a security and maintenance release of the MediaWiki 1.43 branch.
Changes since 1.43.6
edit
Localisation updates.
T386108
) Upgrade pear/pear-core-minimal to v1.10.17.
T412194
) Upgrading justinrainbow/json-schema (5.3.0 => 5.3.1).
T413538
) MultiHttpClient: Remove
curl_close()
call.
T413545
) Upgrading wikimedia/parsoid (v0.20.4 => v0.20.5).
T411213
) Updated wikimedia/less.php from 5.1.2 to 5.5.0.
T413565
) Search: Replace deprecated
SplObjectStorage
methods.
Mime: Change mime type "video/x-matroska" to "video/matroska".
Fix incorrect uses of
ScopedCallback
objects.
profiler: Correct function types documentation.
T413582
) ShellboxClientFactory: Handle $service being null in
getUrl()
T413672
) EtcdConfigTest: Add return value for some
MultiHttpClient
mocks.
T413675
) DBConnRefTest: Add a temporary variable for return value in
testRoleExceptions
T413580
) LanguageCodeTest: Remove unnecessary null assertion.
Allow wikimedia/testing-access-wrapper ^4.0.0.
Logging: Handle possible null as type for LogPage.
T411019
) Logging: Set default for log type on dropdown via
LogEventsList
T413690
) libs: Fix closure detection in
MemoizedCallable
T378563
) [BlockManager] Don't assume autoblocks have
::getParentBlockId
T378563
) Fix bug in
BlockManager::getUniqueBlocks
T413923
) Don't use null offsets in
BlockManager::getUniqueBlocks
SiteConfiguration: Optimize processSetting for default-only case.
SiteConfiguration: Use
\array_key_exists()
SiteConfiguration: Use function syntax.
Config: Use function
array_key_exists
some more.
T413924
T413925
) tests: PHP 8.5 compatibility in AuthManager tests.
T381842
) Fix core contributions special page tests for legacy Vector.
T380518
) ContributionsSpecialPage: Call
IndexPager::getBody
if no results.
T385876
) Improve direction of user name used in title in
Special:Contributions
T413573
) [php8.4] Use
DOMCompat::innerHTML()
instead of
Element::nodeValue
build: Upgrade PHPUnit from 9.6.19 to 9.6.21.
T413673
) tests: Fix PHP8.5 error when casting
float(INF)
as integer.
T414355
) Fix PHP 8.5 deprecation warnings in
IcuCollation
T413674
) ParamValidator: Suppress cast warning in
IntegerDef
T413577
) Parser: Ignore long user provided int in
Sanitizer::decodeCharReferences
T413576
) Rdbms: Get strings from
SQLPlatform::getDatabaseAndTableIdentifier
T413579
) Site: Handle non-stored
Site
objects in
SiteList
T413920
) tests: Mock some functions in
OutputPageTest
T413926
) Do not attempt to get handler for unknown file types.
T413919
) tests: Use real
TitleFormatter
in
LinkBatchTest
T413930
) User: Add fallback "default" to
User::getDatePreference
T413934
) JobQueueGroup: avoid PHP 8.5 deprecation from null array offsets.
T413922
) Rdbms: Handle null from
DatabaseDomain::getDatabase
in LBFactoryMulti.
T413901
) Media: Remove deprecated imagedestroy.
T413931
) tests: Set module name in
ApiBaseTest::doGetParameterFromSettings
rdbms::assertTransactionRoundStage
: Show transaction name if available.
T414350
) Language: Handle NAN coercion to string in formatting numbers.
T414336
) Disable process timeout for Composer phpunit script.
T413575
) libs>XhprofData: Handle use of NULLs as array keys for PHP8.5.
tests: Use TestingAccessWrapper to run some protected or private methods.
T406744
) tests: Don't use
ReflectionProperty::setAccessible()
, it's a no-op now.
tests: Improve mocked
ParserOptions
in
ParsoidOutputAccessTest
T415443
) Upgrading mck89/peast (v1.16.3 => v1.17.4).
Update guzzlehttp/guzzle to 7.9.3.
T414196
) Upgraded guzzlehttp/guzzle.
T413918
) tests: Mock value for
RangeChronologicalPager::getTimestampField
T413921
) LinksUpdate: Handle nullable
el_to_path
column in
ExternalLinksUpdate
T413926
) Upload: Do not attempt to get handler for unknown file types.
File: Ensure mime type is set for
LocalFile::getMimeType
T413917
) Specials: Use empty string as missing type on
Special:RevisionDelete
T415723
) Updated phpunit/phpunit from 9.6.21 to 9.6.33.
Update phpunit/phpunit from 9.6.33 to 9.6.34.
Update wikimedia/parsoid to 0.20.6 and wikimedia/remex-html to 4.1.2.
T416050
) Update psy/psysh to ^0.12.19.
FileRepo: Add "userAgent" option in ForeignAPIRepo for
$wgForeignFileRepos
T417390
) mediawiki.util: Don't throw in
addSubtitle
if the skin lacks a subtitle.
T413545
) Update wikimedia/parsoid to 0.20.7.
Make
MessageValue
JsonCodecable instead of JsonDeserializable.
Forward-compatibility patch for
MessageValue
serialization hints.
[tests] Add forward-compatibility alias for
JsonDeserializableSubClass
T367584
) JsonCodec/ParserCache: Forward-compatibility test cases.
T414884
) PostgresInstaller: Handle null password in
openConnectionToAnyDB
Forward compatibility with
ParserOutput::getTitle()
T360589
) Introduce thumbnail steps.
T360589
) media: Make
SvgHandler
respect
physicalWidth
when building URL for thumb.
T414805
T418745
T418346
) WebPHandler: Allow the original being served on the web.
T411013
) mediawiki.util: Add
adjustThumbWidthForSteps
for step sizing in JS.
T411013
) mediawiki.util,FileRepo: Improve
adjustThumbWidthForSteps
test coverage.
T411125
) Round to original file width if there is no steep between that & requested.
T411125
) File: Allow scaling up vectorized images to larger sizes.
T360589
T415598
) Move handling of
ThumbnailSteps
to media handlers.
T416518
) Disable Composer
audit.block-insecure
option.
T419183
) ParserOutputFlags: add
HAS_SLOT_HEADERS
T419479
) sql: Mark
pl_target_id
as non-nullable in abstract schema.
T329183
T417691
) Clarify documentation for
action=query&list=tags
T391524
) EditPage: Handle MWException when serializing the preloaded content.
T417819
) ParserOutputFlags: Back-port new flags added in 1.46 for forward compat.
MediaWiki 1.43.6
edit
This is a security and maintenance release of the MediaWiki 1.43 branch.
Changes since 1.43.5
edit
Localisation updates.
T394396
) Revert "SECURITY: Escape rawElement $content".
T394059
) DeduplicateStyles: Only transform possible style nodes.
UserGroupManager: Use MainConfigNames::PrivilegedGroups rather than string literal.
T406391
) RemexCompatFormatter: Don't encode HTML entities in raw-text elements.
T402438
) api: Allow ApiResult to override imagerepository key in prop=imageinfo.
ParserOutput: Add default values for JSON deserialization.
T355853
T407172
) Make the login and signup forms wider.
T292868
) Forward-compatibility: allow output flags to be serialized in `OutputFlags`.
ResourceLoader: Update cssjanus/cssjanus to wikimedia/cssjanus.
T85085
) Improve CSS checking in SVG filter.
T405064
) Fix the premature loop exit in Parser.cleanUpTocLine.
T407289
) i18n: deprecate double-underscore magic words which don't start/end with __.
i18n: all behavior switches should start/end with __ (part 2).
T407289
) i18n: Remove deprecated behavior switches without underscores in et/sh-latn/vep.
T407770
) Add symfony/polyfill-php84 and symfony/polyfill-php85.
maintenance/getConfiguration.php: Fix null warning and serialize error.
T328605
) ApiParse: Introduce prop=tocdata as replacement for prop=sections.
T406283
) ApiSandbox: Use POST when we have long URL.
T401987
T401995
) SECURITY: Disable xslt option by default.
T410913
) SpecialVersion: Fix "Cannot use bool as array" warning.
T410928
) resourceloader: Fix null offset in ClientHtml module sorting.
T410934
) Remove noop xml_parser_free() calls.
T410920
) Language: Prevent passing '' to ord() in ucfirst().
T410912
) Language: Fix "ord(): Providing a string that is not one byte long is deprecated."
T410912
) MessageCache: Fix "ord(): Providing a string that is not one byte long is deprecated."
T410920
) Language: Prevent passing '' to ord() in lcfirst().
T410963
) Upgrade wikimedia/xmp-reader from 0.9.4 to 0.10.2.
T411016
) Upgrading wikimedia/cldr-plural-rule-parser (v2.0.0 => v3.0.0).
T411075
) Api: Initialise reference variable.
T411018
) IndexPager: Set '' as default value for 'order'.
T410914
) Language: Fix PHP 8.5 warnings for NAN/INF string coercion in formatNumInternal.
T410914
) Language: Fix PHP 8.5 warnings for NAN/INF string coercion in parseFormattedNumber.
T338103
T411214
) ApiResult: Fix "ord(): Providing a string that is not one byte long is deprecated."
T356544
) Replace uses of Xml::fieldset(), deprecated since 1.42.
T393790
) htmlform: Fix rendering contents for cloner fields.
T391882
) HTMLFormFieldCloner: Fix multiple bugs related to conditional states.
T406374
) htmlform: Load ooui before infusing field cloner buttons.
T411199
) initEditCount: Fix count for users with no edits.
T411827
) SpecialPageFactory: Handle resolveAlias() returning null in getPage() and exists().
T411968
) Installer: Do not use null as array offset.
Add support for HTTP/3 in MultiHttpClient.
T295568
) mediawiki.jqueryMsg: Support self-closing HTML tags.
T411968
) EditResultBuilder: Do not use null as array offset.
MediaWiki 1.43.5
edit
This is a security and maintenance release of the MediaWiki 1.43 branch.
Changes since MediaWiki 1.43.4
edit
Add missing backport for
Extension:DiscussionTools
Add missing backport for
Extension:Thanks
T406322
CVE-2025-11261
) SECURITY: Escape system messages in
mw.language.listToText
MediaWiki 1.43.4
edit
This is a security and maintenance release of the MediaWiki 1.43 branch.
Changes since MediaWiki 1.43.3
edit
Localisation updates.
Rest: Move ModuleConfigurationException into correct folder.
Cache: Move MessageCache hook interfaces into correct folder.
uppercaseTitlesForUnicodeTransition: Add missing return.
installer: Always check return of
IDatabase::fieldInfo
in postgres.
autoload: Expand
Autoloader::CORE_NAMESPACES.
T378163
) mediawiki.page.ready: Fix undefined mw.user during temp user logout.
T375530
) Define and store MediaWiki REST API ‘page’ endpoint responses as JSON schemas.
T376603
) REST: JSON schema definitions for additional response bodies.
T399672
) mime: Add mime types for *.less.
T391180
) docs: Add link to CORS setting for REST API.
T388729
) Parser: Handle regex failure in
extractBody
method.
T399064
Parser::extractBody
: Use possessive matcher and once-only subpattern.
T399793
) PermissionManager: Fix
missingPermissionError()
not returning early when
$short
is true.
rdbms: Fix GTID style detection for MySQL servers.
ParserCacheSerializationTestCases: back port ParserOutput changes from 1.45.
ParserCacheSerializationTestCases: distinguish empty ToC from missing ToC.
Fix
attachLatest --regenerate-all
creating invalid SQL command.
diff: Avoid Phan warning with some Wikidiff2 versions.
T327439
) ParserOutput: Prepare to allow JsonCodec serialization of TOCData.
media: Remove pass-by-ref in
Exif::exifGPStoNumber
T386208
) Exif: Handle malformed gps tags.
i18n: Add Special:MyLanguage to mediawiki.org links.
T380423
) Show user a human readable message when
$wgLocaltimezone
is set to an invalid timezone.
maintenance: Fix sql for touched-only option of refreshLinks script.
T393028
) ImagePage: Remove PNG previews line for native SVG rendering.
T374042
) PostgresUpdater: Fix typo in sites_group index renaming instruction.
T401088
) maintenance: Fix paging in findMissingFiles.php.
T401570
) rdbms: Fix read-only detection for MariaDB 12.
T400881
) filerepo: Improve identification of ForeignAPIRepo requests.
T397900
) Don't use RequestContext in CommentParserFactory construction.
T402037
) config: Change Reauthenticate Time Default.
WebPHandler: Read all of the VP8L canvas height.
T264389
T161647
) Make Content JsonCodecable.
maintenance: Fix SQL range for moveToExternal.
Use JsonCodec to serialize SelserContext.
Forward-compat data for SelserContext w/ JSON-encoded Content.
T372444
T404230
) DeletedContribsPager: Use the UserIdentity object instead of the raw target string.
T401099
CVE-2025-61638
) Upgrading wikimedia/parsoid (v0.20.3 => v0.20.4).
T394968
) Metadata: ignore
LocationCreated
, similar to
LocationShown
T366083
) OutputTransform: Fix double IDs on headings.
T381617
) Use Remex/HtmlHelper to implement
Parser::replaceTableOfContents
Re-apply "Use Remex for DeduplicateStyles transform".
T400505
) Regenerate
patch-drop-page_restrictions-pr_user.sql
for SQLite.
T387478
CVE-2025-61634
) SECURITY: REST: Set cache-control value of max-age=60 for redirects.
T394396
CVE-2025-61636
) SECURITY: Escape rawElement $content.
T394856
CVE-2025-61637
) SECURITY: Escape three system messages used by live preview.
T401099
CVE-2025-61638
) SECURITY: Sanitize data- attributes.
T280413
CVE-2025-61639
) SECURITY: Use
ManualLogEntry::getDeleted
in
::getRecentChange
T402075
CVE-2025-61640
) SECURITY: Parse messages instead of inserting them as HTML.
T298690
CVE-2025-61641
) SECURITY: api: Disable maxsize in QueryAllPages in miser mode.
T402313
CVE-2025-61642
) SECURITY: Escape submit button label for Codex-based HTMLForms.
T403757
CVE-2025-61643
) SECURITY: Don't send suppressed recent changes to RCFeeds.
T398706
CVE-2025-61646
) SECURITY: Prevent leaking hidden usernames in Watchlist/RecentChanges.
MediaWiki 1.43.3
edit
This is a maintenance release of the MediaWiki 1.43 branch.
Changes since MediaWiki 1.43.2
edit
Localisation updates.
Fix test failures related to 1.43.2.
T398269
) Fixup vendor issues related to symfony/polyfill-php.
MediaWiki 1.43.2
edit
This is a security and maintenance release of the MediaWiki 1.43 branch.
Changes since MediaWiki 1.43.1
edit
Localisation updates.
T388708
) Diffs: avoid getContentHandler on null error.
filebackend: Avoid passing null to FileBackend::normalizeContainerPath.
T390001
) UploadBase: makeWarningsSerializable() should accept MessageParam objects.
tests: Add test cases for UploadFromChunks.
T382086
) swagger-ui: Add licenses of packages used by Swagger UI bundle.
T392086
) specials: Fix PHP Warning on
Special:PasswordReset
for crafted input.
T386175
) SECURITY: Escape newpage message in FeedUtils.
T391179
) installer: fix MySQL create user permissions check.
T391169
) INSTALL: Document requirement for bcmath/gmp on 32-bit systems.
T389260
) language: Avoid warning when 'namespaceGenderAliases' is null.
T391867
) http: Handle accept header with incomplete q.
Update Pingback address.
T387684
) filerepo: No exception on redirect without width in ThumbnailEntryPoint.
T393879
) objectcache: Cast explicitly to integer.
tests: Use GLOB_BRACE in JsonSchemaAssertionTraitTest.
tests: Fix casing of MediaWiki in @covers.
T394989
) FormatMetadata::formatFraction: Don't risk passing null to preg_match.
T374314
) Link mw.Uri migration guide in docs and log warnings.
T395214
) title: Reset cached Title objects between tests.
T395214
) phpunit: Remove superfluous Title::clearCaches() calls.
T221560
) Remove hyphens from legal search characters for MySQL-based database searches.
T393628
) Use anonymous user when creating named account from temp account.
T71997
T382963
) Update RfC links to bypass redirect.
T351055
) Improve BrokenRedirects display.
T382963
) Sync up core repo with Parsoid.
T382963
) Update wikimedia/parsoid to 0.20.3.
T395834
) Treat File::getShortDesc() as possibly unsafe HTML.
tests: Match deprecation message under php8.4 in DeprecationHelperTest.
T379445
) debug: Migrate E_USER_ERROR to throw Error in DeprecationHelper.
T221560
) Setup: Switch vendor error from echo+E_USER_ERROR to echo+exit.
Setup: Update error message for composer dependencies check.
T381341
T379445
) widget: Remove outdated try/catch wrapper from SpinnerWidget.
T379445
) phpunit: Remove unused trigger_error from TestLogger.
T356451
) logger: Make log() methods return void.
T328921
T359868
) Drop PHP 7.4/8.0 support from master (forward-port from MW 1.42).
Drop a few phan PhanImpossibleTypeComparison suppressions now we've dropped PHP 7.4.
Clean up resource type and phan suppression in postgres code.
structure tests: allow PHP 8.1 syntax and autoload enums.
MediaWiki 1.43.1
edit
This is a security and maintenance release of the MediaWiki 1.43 branch.
Changes since MediaWiki 1.43.0
edit
Localisation updates.
T375707
) exception: Convert E_STRICT errors to E_USER_NOTICE.
T380755
) session: Do not set session.use_trans_sid.
T382987
) $wgDnsBlacklistUrls now defaults to an empty array. See the comment in the "Configuration changes for system administrators" section.
T383037
) MimeMap: add gltf and glb mime types.
T383037
) MimeAnalyzer: detect magic number for gltf binary.
Commit swagger-ui's NOTICE.
T382484
) dumps: Use proc_close() to close proc_open() subprocess.
T375707
) MWExceptionHandler: Add error suppression to constant( 'E_STRICT' ).
T384879
) FormatMetadata: Prevent running preg_match() on null.
T384995
) specialpage: Improve handling of invalid lang codes on login/signup.
T385055
) resourceloader: Fix hash computation for virtual files with versionFilePath.
T385169
) MultiUsernameFilter: Don't try to split ids if they're not a string.
T385567
) parser: Gracefully handle invalid ParsoidRenderID keys.
T385568
) rest: Return a 400 for invalid render IDs.
T383646
) installer: Simplify the information box.
T384524
) installer: Fix conflation between warning and info messages.
T376711
) language: Use fallback chain to create NumberFormatter.
T384524
) installer: Restore success messages.
T384524
) installer: Restore "complete" success message.
T385332
) feeds: Fix str_replace() deprecation warnings on PHP 8.
T386891
) Revert "maintenance: Use DatabaseSqlite for type-hinting instead of DBConnRef".
T381205
) Add explanation text for "Allow emails from brand-new users".
T380880
) ExternalLinks: fix mailto: links reversal.
T381033
) RateLimiter: Fix peek mode.
initEditCount: Join from user to actor to revision.
T387130
,CVE-2025-32699) SECURITY: Update wikimedia/parsoid to 0.20.2.
T385519
) Sanitizer::normalizeWhitespace warn on preg_replace error.
T387638
) RevDelList: Ensure setVisibility always includes itemStatuses in value if applicable.
T388296
) ImportImages: Exit with non-zero code if import fails.
Request: Improve log message when headers already sent.
T386368
T387397
) REST page metadata endpoints: handle supressed data gracefully.
T388066
) Avoid trying to load the session user in MW_NO_SESSION endpoints.
T388171
) HttpError: Cast Message to string.
T384197
) permissions: Avoid potential infinite loop if BlockDisablesLogin = true.
T388255
) ApiLogin: Don't break BotPasswords if password or user is blank, just error.
T388924
) MagicWord::replace*: Make sure we don't pass null into preg_match/preg_replace.
T388944
) Html: Fix "substr(): Passing null to parameter #1 ($string) of type string is deprecated".
T388728
T385519
) Sanitizer::normalizeSectionNameWhitespace: Apply same anti-null fix as 270499b.
T387690
) upload: Suppress warnings from iconv().
T388733
) Sanitizer::normalizeWhitespace: simplify redundant preg_replace.
T315573
) Fix GREATEST usage in site_stats.
T304474
, CVE-2025-32696) SECURITY: Apply proper restrictions on file revert action.
T24521
T62109
T140010
, CVE-2025-32697) SECURITY: PermissionManager: Differentiate between cascading protection of file content and file pages.
T387507
) ResourceLoader: update wikimedia/minify from 2.8.0 to 2.8.1.
T388273
T388335
) Upgrading pear/net_url2 (v2.2.2 => v2.2.3).
T390063
T277675
) ResourceLoader: update wikimedia/minify to 2.9.0.
T384851
) FileBackend: PHP Deprecated: strrpos(): Passing null to parameter #1 ($haystack).
T378622
) Parameterize ChangeTags::buildTagFilterSelector to support various tag sets.
T344352
) ChangeTags: Optimize label and description parsing.
In .htaccess deny files, use "Satisfy All".
T322672
T387478
) REST: Remove unused setUseParserCache() as potential footgun.
T389028
) block: Fix DBS::acquireTarget() race using GET_LOCK().
T388807
) LanguageConverter: Only set mTablesLoaded once they're really loaded.
RestrictionStore: Remove short-circuit mode when fetching cascading sources.
T385958
, CVE-2025-32698) SECURITY: LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions.
T387130
, CVE-2025-32699) SECURITY: Potential javascript injection attack enabled by Unicode normalization in Action API.
T358689
, CVE-2025-3469) SECURITY: i18n XSS vulnerability in HTMLMultiSelectField when sections are used.
MediaWiki 1.43.0
edit
Changes since MediaWiki 1.43.0-rc.0
edit
T381728
) Use PHP 8.3 in MediaWiki-Docker
T382375
) Misaligned label margins on Special:MathStatus
T382196
) \overbrace rendered below (not above) in MathML and client-side Mathjax
T381310
) Math Popup not working in newer version of Popup-Extension
T380079
) This page is using the deprecated ResourceLoader module "mediawiki.Uri" on page load
T381311
) Preview has wrong location in MathML mode
T381046
) Preview not working with MathML rendering
T381102
in MathML and MathJax renders with one prime symbol too much
T380184
vec
crashes with native MathML
T380654
) vertical space between multline equations is ignored
T375274
) mediawiki_function_names math functions eat the following paren in native MML mode
T373732
) Audit SUL3 shared-domain i18n messages for XSS
T381068
) PHP Deprecated: Creation of dynamic property MediaWiki\\Auth\\ButtonAuthenticationRequest::$skipReset is deprecated at AuthenticationRequest.php:182
T20110
) Define AbuseFilter consequence to display a CAPTCHA
T332743
) On private wikis the ellipsis should not appear above 720px (wikitech, office, translate wiki)
MediaWiki 1.43.0-PRERELEASE
edit
Upgrading notes for 1.43
edit
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed per-version upgrade instructions from the
oldest supported upgrading version, MediaWiki 1.35.
Some specific notes for MediaWiki 1.43 upgrades are below:
It is now necessary that the OpenSSL PHP extension is installed.
Users of the Linter extension should note that update.php updates that extension's database table with two migration scripts that can take a long time to run: with the provided settings, each migration script updates roughly 500 rows per second. If at all possible, it is highly recommended to let update.php run these migration scripts. However, if this is deemed too long a maintenance operation (depending on the number of rows in the Linter database table), it is possible, for an upgrade from 1.40 onwards, to run the migration scripts before updating the MediaWiki and extensions files to 1.43: set
$wgLinterWriteNamespaceColumnStage
and
$wgLinterWriteTagAndTemplateColumnsStage
to true, and run the extensions/Linter/maintenance/migrateNamespace.php and extensions/Linter/maintenance/migrateTagTemplate.php migration scripts before proceeding with any other code update. When upgrading from a version <= 1.39, a multi-step update is necessary to be able to run the migration scripts independently from update.php: first update to 1.42, then proceed as indicated. For further details see
#Removed configuration
below and
Extension:Linter#Upgrading to MediaWiki 1.43.x
For notes on 1.42.x and older releases, see HISTORY.
Configuration changes for system administrators in 1.43
edit
$wgBlockTargetMigrationStage
, which was introduced in 1.42, is now deprecated and has no effect.
New configuration
edit
T13555
$wgParserEnableLegacyHeadingDOM
- Defaults to `true`, can be set to `false` to enable new, more accessible HTML markup for wikitext headings. Note that each skin must also use the 'supportsMwHeading' option to allow it. More information:
Heading HTML changes
In a future release the new markup will become the default, and later this option will be removed.
T12347
$wgEnableProtectionIndicators
- Defaults to false, setting it to true shows a lock icon indicator on protected pages.
T373480
$wgSortedCategories
- Defaults to false, setting it to true will sort the categories shown on article pages. This is an experimental setting; its future will depend on community adoption and feedback on the phab task is welcome.
T45646
$wgAllowRawHtmlCopyrightMessages
- Defaults to true, can be set to false to disable the use of the localisation messages 'copyright' and 'history_copyright' and the hook 'SkinCopyrightFooter', which have been deprecated in this release. This helps protect your wiki against attacks by a rogue administrator account and will become the default in the future.
T4085
$wgParserEnableUserLanguage
- Defaults to false, can be set to true to let
{{USERLANGUAGE}}
magic word return the user's language, instead of the page language. Beware that accessing the user language may reduce the efficiency of the parser cache.
Changed configuration
edit
$wgPageLinksSchemaMigrationStage
– (
T299947
) This temporary setting, which controls the database schema migration for the page links table, is now set by default to write to both old and new data and read from the new data.
$wgFooterIcons
– (
T256190
) The default "Powered by MediaWiki" button icon has been updated to an SVG icon, and the footer icons are now wrapped as buttons in HTML, rather than faking it within the icons themselves. You should adjust any footer icons you provide or over-ride to match.
The "error-json" channel, configurable via
$wgDebugLogGroups
, has been removed. For structured logging, use the "error" channel directly instead. Since MediaWiki 1.25, structured logging is supported via Monolog for all channels, including the "error" channel. For silenced errors, you use the "silenced-error" channel added in MediaWiki 1.42. (
T193472
$wgResourceLoaderUseObjectCacheForDeps
- (
T343492
) This is now enabled by default. This means ResourceLoader writes information to the MainStash instead of a core database table, which can be set to a separate database via
$wgMainStash
. If you find issues, please drop a comment on T343492. It is now deprecated and will be removed in MediaWiki 1.44.
Removed configuration
edit
$wgSessionInsecureSecrets
has been removed since OpenSSL is now a required PHP extension.
$wgTemplateLinksSchemaMigrationStage
has been removed.
$wgSamplingStatsdClient
has been removed. It was introduced in MW 1.28 for use in the Wikibase extension, but never used. The new StatsFactory service should be used for new instrumentations, which already supports sampling. Beware that sampling is generally not needed even at scale, and that sampling does not significantly reduce runtime overhead, thus making it slow to instrument very hot code even with built-in sampling.
T294397
) The 'writeapi' userright, which controlled access to some API modules, has been removed.
T331883
) The variables
$wgLinterWriteTagAndTemplateColumnsStage
$wgLinterUserInterfaceTagAndTemplateStage
$wgLinterWriteNamespaceColumnStage
, and
$wgLinterUseNamespaceColumnStage
have been removed. The namespace, tag and template column of the Linter database table are now written and used. The existing data from the Linter database is migrated to the new columns by extensions/Linter/maintenance/migrateNamespace.php and extensions/Linter/maintenance/migrateTagTemplate.php, which are both called by the update script (
T367207
).
New user-facing features in 1.43
edit
T338341
) Support reading XMP and EXIF from WebP files
T365636
) Wiki's with
$wgAllowExternalImages
enabled now detect urls with AVIF, SVG and WebP images.
T242346
) Special:TalkPage is a new special page that will redirect to the associated talk namespace page, e.g.
Special:TalkPage/Foo
redirects to
Talk:Foo
Special:TalkPage/Project:Foo
goes to
Project talk:Foo
. This allows for links by templates and tools without having to parse what namespaces are valid and have associated talk pages.
New preference: "Send password reset emails only when both email address and username are provided."
T4085
) Added new magic word
{{USERLANGUAGE}}
which returns the language code of the interface set by the user.
T263513
) Special:NamespaceInfo is a new special page that displays a list of namespaces available on the wiki, their descriptions and configuration.
New features for sysadmins in 1.43
edit
New developer features in 1.43
edit
StatusValue class gained new method getMessages(): MessageSpecifier[], allowing the errors to be inspected and displayed more easily, for example:
foreach
$status
->
getMessages
()
as
$msg
if
$msg
->
getKey
()
!==
'ignored-message'
$this
->
getOutput
()
->
addWikiMsg
$msg
);
T358779
) The MessageValue class can now be used instead of Message in most places (in methods that accept the MessageSpecifier interface). This allows using localisation messages in code that doesn't know the user's language, such as many hooks, without relying on global state. To convert between them, use MessageValue::newFromSpecifier() and Message::newFromSpecifier().
The REST API framework now supports defining redirects in route definition files. See MediaWiki\Rest\Handler\RedirectHandler for details.
T13555
) Skins can enable the 'supportsMwHeading' option for new, more accessible HTML markup for wikitext headings. MediaWiki's own styles and scripts have been updated to support it, but your skin may also need updates. More information:
Heading HTML changes
A future release will emit deprecation warnings for skins with 'supportsMwHeading' set to false.
The AuthPreserveQueryParams hook was added.
T219397
) New `Language::formatDurationBetweenTimestamps()` function added which takes two timestamps and a precision in order to calculate a more accurate text representation of duration.
Added an interactive mode to the install.php maintenance script.
The ResourceLoaderModifyEmbeddedSourceUrls hook was added.
The AuthManagerFilterProviders hook was added.
The AuthManagerVerifyAuthentication hook was added.
The OutputPageRenderCategoryLink hook was added, as a replacement for the deprecated OutputPageMakeCategoryLinks hook.
PreAuthenticationProvider, PrimaryAuthenticationProvider, and SecondaryAuthenticationProvider now receive a `canAlwaysAutocreate` flag in the options of the `testUserForCreation` invocation. This flag is true when the session provider is exempt from autocreate user permissions checks.
The CentralIdLookup service gained the isOwned() method, which can be used to check if a local username is reserved for a central user, even if a local user account does not exist yet. This can be used by extensions to look up information about the central user.
T251790
) A Jest-based test suite has been introduced for testing front-end code such as Vue components. Tests can be run via `npm run jest`, and test files live in `tests/jest/`. See
Jest
for more information.
The SpreadAnyEditBlock hook was added.
The ConditionalDefaultOptionsAddCondition hook was added.
External library changes in 1.43
edit
The OOjs Router library has been merged into core and will be archived upstream.
New external libraries
edit
New development-only external libraries
edit
T251790
) Some development-only external libraries have been added for the new testing tools for front-end Vue components:
Added jest and jest-environment-jsdom at v29.7.0.
Added @vue/test-utils v2.4.6.
Added @vue/vue3-jest v29.2.6.
Added @babel/preset-env v7.25.4.
Added pinia v2.0.16 (already available via ResourceLoader).
Added @pinia/testing v0.0.12.
Codex, already available via ResourceLoader, now has the npm versions, i.e. @wikimedia/codex and @wikimedia/codex-icons, also installed for testing.
Changed external libraries
edit
Updated codex, codex-design-tokens and codex-icons from v1.3.6 to v1.14.0.
Updated composer/semver from 3.4.0 to 3.4.3.
Updated guzzlehttp/guzzle from 7.7.1 to 7.9.2.
Updated jquery.i18n from 1.0.7 to 1.0.10.
Updated justinrainbow/json-schema from 5.2.13 to 5.3.0.
Updated pear/mail from 1.6.0 to 2.0.0.
Updated pear/net_smtp from 1.11.1 to 1.12.1.
Updated mck89/peast from v1.16.2 to 1.16.3.
Updated monolog/monolog from 2.9.2 to 2.9.3.
Updated symfony/yaml from 5.4.35 to 5.4.45.
Updated OOUI from v0.49.1 to v0.51.2.
Updated wikimedia/at-ease from 2.1.0 to 3.0.0.
Updated wikimedia/json-codec from 3.0.1 to 3.0.3.
Updated wikimedia/less.php from 4.2.1 to 5.1.2.
Updated wikimedia/minify from 2.7.0 to 2.8.0.
Updated wikimedia/normalized-exception from 1.0.1 to 2.0.0.
Updated wikimedia/php-session-serializer from 2.0.1 to 3.0.0.
Updated wikimedia/purtle from 1.0.8 to 2.0.0.
Updated wikimedia/relpath from 4.0.0 to 4.0.1.
Updated wikimedia/remex-html from 4.1.0 to 4.1.1.
Updated wikimedia/request-timeout from 1.2.0 to 2.0.0.
Updated wikimedia/scoped-callback from 4.0.0 to 5.0.0.
Updated wikimedia/services from 3.0.0 to 4.0.0.
Updated wikimedia/shellbox from 4.0.2 to 4.1.1.
Updated wikimedia/xmp-reader from 0.9.1 to 0.9.4.
Updated vue from 3.3.9 to 3.4.27.
Updated symfony/polyfill-php80 from 1.29.0 to 1.31.0.
Updated symfony/polyfill-php81 from 1.29.0 to 1.31.0.
Updated symfony/polyfill-php82 from 1.29.0 to 1.31.0.
Updated symfony/polyfill-php83 from 1.29.0 to 1.31.0.
Changed development-only external libraries
edit
Updated doctrine/dbal from 3.7.2 to 3.8.4.
Updated eslint-config-wikimedia from 0.26.0 to 0.27.0.
Updated mediawiki/mediawiki-codesniffer from 43.0.0 to 45.0.0.
Updated phpunit/phpunit from 9.6.16 to 9.6.19.
Updated seld/jsonlint from 1.10.1 to 1.10.2.
Removed external libraries
edit
Bug fixes in 1.43
edit
When using the 'runMaintenance' method in a LoadExtensionSchemaUpdates hook handler, only the script's class name is required, not its path. (
T367918
QueryPage::recache() (used by the updateSpecialPages.php maintenance script) no longer attempts to ignore database errors. (
T278543
Action API changes in 1.43
edit
APIQueryUserInfo now returns null in the field registrationdate for users created before December 2005 (their registration date was not recorded).
Action API internal changes in 1.43
edit
Languages updated in 1.43
edit
MediaWiki supports over 350 languages. Many localisations are updated regularly. Below only new and removed languages are listed, as well as changes to languages because of Phabricator reports.
T375891
) Updated the autonym for Kadazan Dusun (dtp)
T357853
) Added unidirectional script conversion for Meitei to Bengali script.
T367377
) Updated the autonym for Tai Nuea (tdd)
T375947
) Updated the autonym for Komering (kge)
T354937
T362041
) Added language support for Minnan (Traditional Han script) (nan-hant).
T290657
) Added language support for Levantine Arabic (apc).
T364291
) Added language support for Musi, also known as Palembang (mui).
T364737
) Added language support for Haryanvi (bgc).
T365365
) Added language support for Chakma (ccp).
T367991
) Added language support for Iban (iba).
T367688
) Added language support for Interslavic (Latin) (isv-latn).
T375360
) Added language support for Interslavic (Cyrillic) (isv-cyrl).
T370123
) Added language support for Nupe (nup).
T371051
) Added language support for Saint Lucian Creole (acf).
T354937
T370987
) Added language support for Minnan (Pe̍h-ōe-jī) (nan-latn-pehoeji).
T354937
T369899
) Added language support for Minnan (Tâi-lô) (nan-latn-tailo).
T375052
) Added language support for Tigre (tig).
T375999
) Added language support for Luba-Lulua (lua).
T376248
) Added language support for Duala (dua).
T375377
) Added language support for Southern Ndebele (nr). This is done experimentally, with only a Names.php entry and namespace translations, before we have actual localized strings. For details, see
Future of Language Incubation
T356144
) Deprecated the Kanuri language (kr) and replaced it with Central Kanuri (knc). The language code kr is kept for backwards compatibility and falls back to knc.
Breaking changes in 1.43
edit
T358779
) The format of parameters used by the Message class has changed. Instead of arrays in a special format, they are now MessageParam objects. Code that simply called methods like Message::numParam() and didn't look inside the values they return should be unaffected. Code that depended on the formatted params being arrays or accessed their keys will need updates. Example patches:
ErrorPageError public properties 'msg' and 'title' may now contain any MessageSpecifier object, not just Message.
Reset button functionality suppressReset() and $mShowReset from HTMLForm was removed without replacement.
UserGroupMembership::getGroupName(), deprecated in 1.38, and UserGroupMembership::getGroupMemberName(), deprecated in 1.40, have been removed.
SerializedValueContainer::isUnified(), deprecated in 1.42, has been removed.
Parser::getFreshParser(), deprecated in 1.39, has been removed.
ParserOutput::getLanguageLinks() no longer returns a reference to the internal array.
ConfigFactory::getDefaultInstance(), deprecated since 1.27, has been removed.
wfGetLangObj(), deprecated since 1.41, has been removed in favor of LanguageFactory::getLanguage().
wfRemoveDotSegments(), deprecated in 1.39, has been removed.
IReadableDatabase::getReplicaPos() has been removed without deprecation as it's not used anywhere.
CommentFormatter::formatStringsAsBlock() has been removed without deprecation as it's not used anywhere.
ILoadBalancer::laggedReplicaUsed() has been moved to ILoadBalancerForOwner:: effectively making it internal.
Define DB_MASTER, deprecated since 1.36, has been removed.
ILoadBalancer::DB_MASTER, deprecated since 1.36, has been removed.
Overriding MWException::getHTML(), ::getText(), ::getPageTitle(), and ::reportHTML() in order to display custom exception messages is no longer supported.
In PageHandlerTestTrait, the newRouter() method was renamed to newRouterForPageHandler() to avoid a conflict with a method of the same name in RestTestTrait. Also, PageHandlerTestTrait is no longer marked as "stable to use". It was marked this way by accident, the functionality it provides is specific to certain handlers implemented in MediaWiki core.
MediaWikiIntegrationTestCase::addCoreDBData(), deprecated since 1.41, has been removed.
wfUnpack(), deprecated since 1.42, has been removed in favor of StringUtils::unpack().
UIDGenerator, deprecated since 1.35, has been removed.
TablePager::getBody(), final and deprecated since 1.24, has been removed. Use ::getBodyOutput() or ::getFullOutput() instead.
ImportableUploadRevisionImporter::downloadSource(), deprecated in 1.31, is now private. Its only known external caller was removed in 1.40.
The following methods in the User class have been removed:
Deprecated in 1.33:
User::isBlockedFrom()
Deprecated in 1.34:
User::isBlocked()
Deprecated in 1.35:
User::addGroup()
User::getAllGroups()
User::getGroups()
User::getGroupMemberships()
User::getImplicitGroups()
User::getOption()
User::removeGroup()
Deprecated in 1.37:
User::isBlockedFromCreateAccount()
BotPassword::invalidateAllPasswordsForCentralId() and BotPassword::removeAllPasswordsForCentralId(), deprecated in 1.37, have been removed.
Title::getBrokenLinksFrom(), deprecated in 1.42, has been removed.
The $type parameter to Skin::getCopyright(), deprecated in 1.40, has been removed.
The module `mediawiki.icon`, deprecated in 1.42, has been removed.
The `@vue/composition-api` module, a deprecated alias for `vue` since 1.41, has been removed. Use `vue` directly.
SiteConfiguration::extractVar() and ::extractGlobal(), deprecated in 1.41, have been removed.
Skin::footerLink(), deprecated in 1.40, has been removed.
Skin::getAction(), deprecated in 1.39, has been removed.
Skin::makeSearchInput(), deprecated in 1.35, has been removed.
Skin::makeSearchButton(), deprecated in 1.39, has been removed.
SkinTemplate::buildContentNavigationUrls(), deprecated in 1.38, has been removed.
Title::getCdnUrls() and Title::purgeSquid(), deprecated in 1.35, have been removed.
The `mediawiki.pager.tablePager` module, deprecated in 1.38, has been removed in favor of the more generic `mediawiki.pager.styles`.
BagOStuff::setNewPreparedValues(), deprecated in 1.40, has been removed.
Constructing MWHttpRequest objects now requires timeout and connectTimeout to be set; this was deprecated in 1.35.
Hooks that were run from SpecialContributions are now run from the parent, ContributionsSpecialPage. The page passed in is a ContributionsSpecialPage type, and documentation and type comparisons may need to be updated. Affected hooks are: ContributionsBeforeMainOutputHook, ContributionsToolLinksHook, SpecialContributions__getForm__filtersHook.
Hooks that were run from ContribsPager are now run from the parent, ContributionsPager. If a pager is passed in, it is a ContributionsPager type, and documentation and type comparisons may need to be updated. Affected hooks are: ContribsPager__reallyDoQueryHook, ContribsPager__getQueryInfoHook, ContributionsLineEndingHook, SpecialContributions__formatRow__flagsHook.
Hooks that were run from DeletedContribsPager are now run from the parent, ContributionsPager. If a pager is passed in, it is a ContributionsPager type, and documentation and type comparisons may need to be updated. Affected hooks are: DeletedContribsPager__reallyDoQueryHook and DeletedContributionsLineEndingHook.
The public method ContributionsSpecialPage::getUserLinks has been made protected. Although not marked @internal, the method was public to be called from SpecialDeletedContributions (call now removed), and was not called from anywhere else.
DatabaseBlock::purgeExpired, deprecated since 1.38, has been removed.
AbstractBlock::getPermissionsError, deprecated since 1.35, has been removed.
IDatabase::namedLocksEnqueue() has been removed without deprecation.
IDatabase::getTopologyRole() has been removed without deprecation.
IDatabase::getTopologyBasedServerId() has been removed without deprecation. Use IDatabase::getServerName() instead.
IReadableDatabase::wasReadOnlyError() has been removed without deprecation. Use IDatabase::isReadOnly() instead.
IReadableDatabase::wasDeadlock() has been removed without deprecation.
ILoadBalancer::getWriterIndex() has been removed without deprecation. Use ServerInfo::WRITER_INDEX constant instead.
MaintainableDBConnRef, deprecated since 1.39, has been removed.
ILoadBalancer::reuseConnection(), deprecated since 1.39, has been removed.
The $domain parameter to ILoadBalancer::getReadOnlyReason(), deprecated in 1.40, has been removed.
WikiPage::doDeleteArticleBatched, hard deprecated since 1.37, has been removed.
SpecialEmailUser::submit, deprecated since 1.41, has been removed.
SpecialEmailUser::validateTarget, deprecated since 1.41, has been removed.
SpecialEmailUser::getPermissionsError, deprecated since 1.41 has been removed.
SpecialBlock::getTargetAndType, deprecated since 1.36, has been removed.
ApiQueryBlockInfoTrait::addBlockInfoToQuery(), deprecated since 1.42, has been removed.
Linker::makeExternalLink() has been deprecated in favor of LinkRenderer::makeExternalLink(), which has a improved API to help phan's SecurityCheckPlugin provide more accurate checks for escaping issues.
Linker::makeHeadline(), Linker::generateTOC(), Linker::tocIndent(), Linker::tocUnindent(), Linker::tocLine(), Linker::tocLineEnd(), and Linker::tocList(), deprecated in 1.42, have been removed.
Linker::formatComment(), Linker::formatLinksInComment(), Linker::commentBlock(), and Linker::revComment(), deprecated in 1.38, have been removed.
UserCache::singleton(), deprecated in 1.43, now emits deprecation warnings. Use MediaWikiServices::getInstance()->getUserCache() instead.
DummyLinker has been removed. The former DummyLinker parameter to the 'ImageBeforeProduceHTML' hook is now null.
The following methods of IDatabase have been moved to internal interface IDatabaseForOwner without deprecation. These methods are internal and shouldn't be used outside of rdbms library:
::pendingWriteCallers()
::flushSession()
::lastDoneWrites()
::setTransactionListener()
::serverIsReadOnly()
::getPrimaryPos()
::pendingWriteQueryDuration()
::writesOrCallbacksPending()
::writesPending()
::primaryPosWait()
IMaintainableDatabase::listViews(), deprecated since 1.42, has been removed.
IMaintainableDatabase::truncate(), deprecated since 1.42, has been removed.
IMaintainableDatabase::textFieldSize() was removed without deprecation.
ReplicatedBagOStuff, deprecated since 1.42, has been removed.
The 'replicaOnly' option to SqlBagOStuff has been removed without deprecation. It existed for internal use by SqlBagOStuff only.
Support for WinCache as local server cache has been removed, because WinCache is not available for supported versions of PHP. The WinCacheBagOStuff class has been removed. Use MediaWikiServices::getLocalServerObjectCache() instead, or the CACHE_ACCEL type instead, which automatically selects APCu when available.
The "wincache" cache type (e.g. to ObjectCache::getInstance, and in "wg*CacheType" configuration) remains supported as an alias for CACHE_ACCEL.
LockManager::sha1Base16Absolute(), has been removed without deprecation.
The "options" parameter to User::createNew() and the $data parameter to UserOptionsManager::loadUserOptions() were removed.
`.list-style-image()` mixin from mediawiki.mixins.less, deprecated since 1.38, has been removed.
`.background-image()` mixin from mediawiki.mixins.less, deprecated since 1.38, has been removed.
IDatabase::nextSequenceValue(), deprecated since 1.30, was removed.
$wgAPIRequestLog
was removed without deprecation. Use "api" and "api-request"
$wgDebugLogGroups
channels or SPI instead.
The setStats() method in MediaWiki\Rest\Router now expects a StatsFactory rather than a StatsdDataFactoryInterface. The method has been marked @internal and should not be called by extensions.
All `@width-breakpoint-*` Less variables have been removed. Use `@min-width-breakpoint-*`/`@max-width-breakpoint-*` instead.
The MessageContent class, deprecated since 1.38, is now removed. This also means that the Message::content() method is also removed.
The following ParserOption methods, deprecated since 1.35, were removed: - ::setAllowExternalImages() - ::setAllowExternalImagesFrom() - ::setEnableImageWhitelist()
Sanitizer::removeHTMLtags(), deprecated since 1.38, has been removed.
OutputPage::getCSPNonce(), deprecated since 1.35, has been removed.
UserMailer::rfc822Phrase(), deprecated since 1.38, has been removed.
QueryPage::getSQL(), deprecated since 1.39, has been removed. The replacement QueryPage::getQueryInfo() is now abstract.
update-keys.sql was removed. It is not recommended to install MediaWiki by manually sourcing SQL files, but if you are doing this, run `update.php --initial` instead of sourcing update-keys.sql.
MediaWikiVersionFetcher, deprecated since 1.42 has been removed.
Support for using Skin::addToBodyAttributes() method, which was deprecated in 1.35, has been removed. Use OutputPageBodyAttributesHook instead.
Skins since 1.39 have not supported rendering content outside the body tag. The bodyOnly=false option has now been removed, meaning this is no longer supported.
CentralIdLookup::factoryNonLocal(), deprecated since 1.37, has been removed.
CryptHKDF and MWCryptHKDF were removed without deprecation, in part because no past or present use could be found. hash_hkdf() can be used instead of HKDF(). While generate() and generateHex() have no direct replacement, random_bytes() and MWCryptRand::generateHex() can be used instead.
Deprecations in 1.43
edit
The methods StatusValue::getErrors() and StatusValue::getErrorsByType(), as well as Status::getErrorsArray() and Status::getWarningsArray(), have been deprecated in favor of new method StatusValue::getMessages().
PermissionManager::getPermissionErrors() has been deprecated in favor of getPermissionStatus().
PermissionStatus::toLegacyErrorArray() is deprecated with no replacement.
PermissionsError properties $errors and $permission are deprecated. To display the error, throw it or use ->report().
T166010
) All PHP code in MediaWiki is slowly being moved to be in a class namespace as appropriate, so that we can use PSR-4 auto-loading, which will speed up general code loading of MediaWiki. The old global namespace class names are being left behind as deprecated aliases.
In this release of MediaWiki, XYZ classes now have a namespace and XYZ do not yet (XYZ% done, up from 69% in MediaWiki 1.42.0). The following have newly been moved:
MediaWiki\Api:
ApiAMCreateAccount
ApiAcquireTempUserName
ApiAuthManagerHelper
ApiBase
ApiBlock
ApiBlockInfoTrait
ApiCSPReport
ApiChangeAuthenticationData
ApiChangeContentModel
ApiCheckToken
ApiClearHasMsg
ApiClientLogin
ApiComparePages
ApiContinuationManager
ApiCreateTempUserTrait
ApiDelete
ApiDisabled
ApiEditPage
ApiEmailUser
ApiErrorFormatter
ApiErrorFormatter_BackCompat
ApiExpandTemplates
ApiFeedContributions
ApiFeedRecentChanges
ApiFeedWatchlist
ApiFileRevert
ApiFormatBase
ApiFormatFeedWrapper
ApiFormatJson
ApiFormatNone
ApiFormatPhp
ApiFormatRaw
ApiFormatXml
ApiFormatXmlRsd
ApiHelp
ApiHelpParamValueMessage
ApiImageRotate
ApiImport
ApiImportReporter
ApiLinkAccount
ApiLogin
ApiLogout
ApiMain
ApiManageTags
ApiMergeHistory
ApiMessage
ApiMessageTrait
ApiModuleManager
ApiMove
ApiOpenSearch
ApiOpenSearchFormatJson
ApiOptions
ApiOptionsBase
ApiPageSet
ApiParamInfo
ApiParse
ApiPatrol
ApiProtect
ApiPurge
ApiQuery
ApiQueryAllCategories
ApiQueryAllDeletedRevisions
ApiQueryAllImages
ApiQueryAllLinks
ApiQueryAllMessages
ApiQueryAllPages
ApiQueryAllRevisions
ApiQueryAllUsers
ApiQueryAuthManagerInfo
ApiQueryBacklinks
ApiQueryBacklinksprop
ApiQueryBase
ApiQueryBlockInfoTrait
ApiQueryBlocks
ApiQueryCategories
ApiQueryCategoryInfo
ApiQueryCategoryMembers
ApiQueryContributors
ApiQueryDeletedRevisions
ApiQueryDeletedrevs
ApiQueryDisabled
ApiQueryDuplicateFiles
ApiQueryExtLinksUsage
ApiQueryExternalLinks
ApiQueryFileRepoInfo
ApiQueryFilearchive
ApiQueryGeneratorBase
ApiQueryIWBacklinks
ApiQueryIWLinks
ApiQueryImageInfo
ApiQueryImages
ApiQueryInfo
ApiQueryLangBacklinks
ApiQueryLangLinks
ApiQueryLanguageinfo
ApiQueryLinks
ApiQueryLogEvents
ApiQueryMyStashedFiles
ApiQueryPagePropNames
ApiQueryPageProps
ApiQueryPagesWithProp
ApiQueryPrefixSearch
ApiQueryProtectedTitles
ApiQueryQueryPage
ApiQueryRandom
ApiQueryRecentChanges
ApiQueryRevisions
ApiQueryRevisionsBase
ApiQuerySearch
ApiQuerySiteinfo
ApiQueryStashImageInfo
ApiQueryTags
ApiQueryTokens
ApiQueryUserContribs
ApiQueryUserInfo
ApiQueryUsers
ApiQueryWatchlist
ApiQueryWatchlistRaw
ApiRawMessage
ApiRemoveAuthenticationData
ApiResetPassword
ApiResult
ApiRevisionDelete
ApiRollback
ApiRsd
ApiSerializable
ApiSetNotificationTimestamp
ApiSetPageLanguage
ApiStashEdit
ApiTag
ApiUnblock
ApiUndelete
ApiUpload
ApiUsageException
ApiUserrights
ApiValidatePassword
ApiWatch
ApiWatchlistTrait
IApiMessage
SearchApi
MediaWiki\Content:
AbstractContent
CodeContentHandler
Content
ContentHandler
ContentModelChange
CssContent
CssContentHandler
FallbackContent
FallbackContentHandler
FileContentHandler
JavaScriptContent
JavaScriptContentHandler
JsonContent
JsonContentHandler
TextContent
TextContentHandler
WikitextContent
WikitextContentHandler
WikiTextStructure
MediaWiki\Debug:
DeprecationHelper
MWDebug
MediaWiki\Deferred:
RefreshSecondaryDataUpdate
MediaWiki\FileBackend:
FileBackendGroup – FIXME: Should this be in Wikimedia\FileBackend instead?
MediaWiki\Json:
FormatJson
MediaWiki\Language:
Language
LanguageCode
ILanguageConverter
LanguageConverter
ConverterRule
ReplacementArray
MediaWiki\Maintenance:
BackupDumper
Benchmarker
DeleteLocalPasswords
FakeMaintenance
LoggedUpdateMaintenance
MWDoxygenFilter
Maintenance
SchemaMaintenance
SevenZipStream
TextPassDumper
MediaWiki\Parser:
BlockLevelPass
CacheTime
CoreMagicVariables
CoreParserFunctions
CoreTagHooks
DateFormatter
DateFormatterFactory
LinkHolderArray
MWTidy
PPCustomFrame_Hash
PPDPart_Hash
PPDStackElement_Hash
PPDStack_Hash
PPFrame
PPFrame_Hash
PPNode
PPNode_Hash_Array
PPNode_Hash_Attr
PPNode_Hash_Text
PPNode_Hash_Tree
PPTemplateFrame_Hash
ParserCache
ParserFactory
ParserOptions
Preprocessor
Preprocessor_Hash
StripState
MediaWiki\RCFeed:
FormattedRCFeed
IRCColourfulRCFeedFormatter
JSONRCFeedFormatter
MachineReadableRCFeedFormatter
RCFeed
RCFeedFormatter
RedisPubSubFeedEngine
UDPRCFeedEngine
XMLRCFeedFormatter
MediaWiki\RenameUser:
RenameUserJob
MediaWiki\Registration:
ExtensionDependencyError
ExtensionJsonValidationError
ExtensionJsonValidator
ExtensionProcessor
ExtensionRegistry
MissingExtensionException
Processor
VersionChecker
MediaWiki\RevisionList:
RevisionItem
RevisionItemBase
RevisionList
RevisionListBase
MediaWiki\Watchlist:
ActivityUpdateJob
ClearUserWatchlistJob
ClearWatchlistNotificationsJob
NoWriteWatchedItemStore
WatchedItem
WatchedItemQueryService
WatchedItemQueryServiceExtension
WatchedItemStore
WatchedItemStoreInterface
WatchlistExpiryJob
MediaWiki\Xml:
Xml
XmlSelect
Wikimedia\FileBackend:
FSFileBackend
FSFileBackendDirList
FSFileBackendFileList
FSFileBackendList
FileBackend
FileBackendError
FileBackendMultiWrite
FileBackendStore
FileBackendStoreShardDirIterator
FileBackendStoreShardFileIterator
FileBackendStoreShardListIterator
FileOpBatch
HTTPFileStreamer
MemoryFileBackend
SwiftFileBackend
SwiftFileBackendDirList
SwiftFileBackendFileList
SwiftFileBackendList
Wikimedia\FileBackend\FileOps:
CopyFileOp
CreateFileOp
DeleteFileOp
DescribeFileOp
FileOp
FileStatePredicates
MoveFileOp
NullFileOp
StoreFileOp
Wikimedia\FileBackend\FileOpHandle:
FSFileOpHandle
SwiftFileOpHandle
FileBackendStoreOpHandle
Wikimedia\FileBackend\FSFile:
FSFile
TempFSFile
TempFSFileFactory
Wikimedia\Http:
MultiHttpClient
Wikimedia\Message:
MessageSpecifier
Wikimedia\Mime:
MSCompoundFileReader
MimeAnalyzer
XmlTypeCheck
Wikimedia\ObjectCache:
APCUBagOStuff
BagOStuff
CachedBagOStuff
EmptyBagOStuff
HashBagOStuff
IStoreKeyEncoder
MediumSpecificBagOStuff
MemcachedBagOStuff
MemcachedPeclBagOStuff
MemcachedPhpBagOStuff
MultiWriteBagOStuff
RESTBagOStuff
RedisBagOStuff
WANObjectCache
WinCacheBagOStuff
RedisConnectionPool
RedisConnRef
Wikimedia\Rdbms:
DBAccessObjectUtils
IDBAccessObject
Wikimedia\Stats:
BufferingStatsdDataFactory
IBufferingStatsdDataFactory
NullStatsdDataFactory
PrefixingStatsdDataFactoryProxy
SamplingStatsdClient
StatsdAwareInterface
MessageCache::get() with $language other than Language or null is deprecated and emits deprecation warnings. or high-level access, use wfMessage() or RequestContext::msg() instead.
Manually constructing a Language object, deprecated in 1.35, now emits deprecation warnings. Use LanguageFactory instead.
MediaWiki\Languages\Data\Names::$names is deprecated.
SearchEngineConfig::getConfig() has been deprecated, use DI with ServiceOptions to inject the required options.
ObjectCache::isDatabaseId() and ::getLocalClusterInstance() have been deprecated. Use their equivalents in ObjectCacheFactory.
Using the "post" source in parameter declarations returned from Handler::getParamSettings() is deprecated, use "body" instead.
ISQLPlatform::tableNamesN() is now deprecated.
The implementation in SQLPlatform of ISQLPlatform::tableNames(), deprecated in MediaWiki 1.39, now emits deprecation warnings.
Title::getTitleProtection(), deprecated in 1.37, now emits warnings. You can use RestrictionStore::getCreateProtection() instead.
Title::loadRestrictions(), deprecated in 1.37, now emits warnings.
Title::flushRestrictions(), deprecated in 1.37, now emits warnings.
Title::getPageViewLanguage(), deprecated in 1.42, now emits warnings.
wfUrlProtocols(), deprecated in 1.39, now emits warnings.
wfGetServerUrl(), deprecated in 1.39, now emits warnings.
wfExpandIRI(), deprecated in 1.39, now emits warnings.
The following methods, previously deprecated, now emit deprecation warnings:
ContentHandler::getDefaultModelFor(), deprecated since 1.33
ContentHandler::getAllContentFormats(), deprecated since 1.35
ContentHandler::getContentModels(), deprecated since 1.35
ContentHandler::getForContent(), deprecated since 1.35
ContentHandler::getForModelID(), deprecated since 1.35
ContentHandler::getContentText(), deprecated since 1.37
Passing a Message argument to OutputPage::setPageTitle(), which was deprecated in 1.41, now emits warnings.
OutputPage::showFatalError()
is deprecated, use
showErrorPage()
with
'internalerror'
as title instead, or throw
MediaWiki\Exception\FatalError
OutputPage::showPermissionsErrorPage() is deprecated, use showPermissionStatus() instead.
OutputPage::formatPermissionsErrorMessage(), deprecated since 1.36, now emits deprecation warnings. Use formatPermissionStatus() instead.
OutputPage::setCategoryLinks() has been deprecated and emits deprecation warnings. Use ::addCategoryLinks() instead.
OutputPage::setLanguageLinks() has been deprecated; use ::addLanguageLinks() instead.
Passing 'index' to OutputPage::setIndexPolicy() and OutputPage::setRobotPolicy() after previously passing 'noindex' has been deprecated; in a future release OutputPage will behave like ParserOutput::setIndexPolicy(), where 'noindex' takes precedence over 'index'.
T375975
) Language::embedBidi() has been deprecated; use HTML tag instead.
T375975
) Language::getDirMark() has been deprecated; use HTML tag instead.
* ({{phab|T375975}}) Language::getDirMarkEntity() has been hard deprecated; use
T375975
) The unused third parameter of Language::specialList is removed as the method isolates the title unconditionally from the details.
LoadBalancer::getConnectionRef(), deprecated since 1.39, now emits deprecation warnings. Use ::getConnection() instead.
DBAccessObjectUtils::getDBOptions() is deprecated, use SelectQueryBuilder::recency() instead.
IDatabase::lockForUpdate is deprecated, use SelectQueryBuilder::acquireRowLocks instead.
ILBFactory::flushReplicaSnapshots() is deprecated no longer needed.
wfGetUrlUtils() is deprecated; instead, get a UrlUtils from services.
DerivedPageDataUpdater::getPreparedEdit(), provided for back-compatibility, is now deprecated; use the getters directly, instead.
AuthManager::forcePrimaryAuthenticationProviders(), provided for back-compatibility, is now deprecated.
WikiPage::hasDifferencesOutsideMainSlot(), provided as a stop-gap before refactoring to support MCR, is now deprecated.
ChangesList::getTimestamp() has been deprecated; use ::revDateLink() instead.
RecentChange::doMarkPatrolled() is deprecated, use RecentChange::markPatrolled() instead.
LogFormatter::newFromRow() and LogFormatter::newFromEntry(), deprecated since 1.42, now emit deprecation warnings.
LinksUpdate::getAddedLinks(), ::getRemovedLinks(), deprecated since 1.38, now emit deprecation warnings.
TitleLinksTable::getTitleArray(), deprecated since 1.38, now emits deprecation warnings.
SiteConfig::variants() has been deprecated; use ::variantsFor().
ObjectCache::$instances and ::getInstance() have been deprecated; instead, use ObjectCacheFactory::getInstance().
WANObjectCache::clearLastError() and BagOStuff::clearLastError have been hard deprecated, use ::watchErrors() together with ::getLastErrors() instead.
BagOStuff::getSegmentationSize() and ::getSegmentedValueMaxSize() no longer have any usage. The subclass' method in MediumSpecificBagOStuff overrides also have no usage as well.
ApiBase::errorArrayToStatus() is deprecated with no replacement.
ApiTestCase::setExpectedApiException() has been deprecated; instead, use ::expectApiErrorCode() to test error codes instead of messages.
ApiPageSet::getTitles(), ApiPageSet::getGoodTitles(), ApiPageSet::getMissingTitles(), ApiPageSet::getGoodAndMissingTitles(), ApiPageSet::getRedirectTitles() and ApiPageSet::getSpecialTitles, deprecated since 1.37, now emit deprecation warnings.
QueryPage::setDBLoadBalancer() and ::getDBLoadBalancer() have been deprecated, use QueryPage::setDatabaseProvider() or ::getDatabaseProvider() instead.
User::isBlockedGlobally(), deprecated since 1.40, now emits deprecation warnings.
User::isBlockedFromEmailuser() and User::canSendEmail(), deprecated since 1.41, now emit deprecation warnings.
wfMergeErrorArrays() has been deprecated.
wfArrayDiff2() has been deprecated.
User::whoIs() and User::whoIsReal(), have been deprecated.
UserCache class and MediaWikiServices::getUserCache(), have been deprecated.
JsonUnserializable and related classes have been renamed to JsonDeserializable to make it clearer that they're related to converting serialized content back into JSON, rather than stating that things are not representable in JSON. The previous class names have been left behind as deprecated aliases:
JsonUnserializable -> JsonDeserializable
JsonUnserializableTrait -> JsonDeserializableTrait
JsonUnserializer -> JsonDeserializer
Additionally, JsonCodec's unserialize() and unserializeArray() methods have also been renamed to deserialize() and deserializeArray(), with the old names deprecated.
In the REST framework, the the BodyValidator interface and all functionality related to it are deprecated. They have been replaced by Handler::getBodyParamSettings() and Handler::parseBodyData(). The following interfaces, classes, and methods are affected:
interface BodyValidator
class JsonBodyValidator
class NullValidator
function Handler::getBodyValidator
function Validator::validateBody
StatusValue will emit deprecation warnings when an error is given as a MessageSpecifier combined with a parameters array, which is usually a mistake, as the parameters have always been ignored.
In StatusValue::replaceMessage(), ::hasMessage() and ::hasMessagesExcept() passing MessageSpecifier or MessageValue as $source has been deprecated.
PageArchive::undeleteAsUser, deprecated since 1.35, now emits deprecation warnings.
DatabaseBlock::getQueryInfo() and DatabaseBlock::getRangeCond() are deprecated and emit deprecation warnings. Use the equivalent methods in DatabaseBlockStore.
DatabaseBlockStore::getReadStage() and ::getWriteStage() are deprecated. Use the new schema unconditionally.
UserOptionsManager::resetOptions(), ::listOptionKinds and ::getOptionKinds are deprecated and will emit deprecation warnings. Use the corresponding methods in PreferencesFactory and UserOptionsManager::resetOptionsByName().
The `i18n-all-lists-margins` and `interface-message-box` module of SkinModule are deprecated. The former has been merged into the `elements` module, the latter has no required replacement. See JavaScript console for instructions.
ParsoidOutputAccess and all of its methods have been deprecated. Use ParserOutputAccess with ParserOptions::setUseParsoid() instead.
ParserOutput::addJsConfigVars(), deprecated since 1.38, now emits deprecation warnings. Use ParserOutput::setJsConfigVar() instead.
The following methods of ParserOutput, most of which used to return an array by reference, have been deprecated. Use the ParserOutput::getLinkList(...) method with an appropriate link type instead:
ParserOutput::getFileSearchOptions() - ParserOutputLinkTypes::MEDIA
ParserOutput::getImages() - ParserOutputLinkTypes::MEDIA
ParserOutput::getInterwikiLinks() - ParserOutputLinkTypes::INTERWIKI
ParserOutput::getLanguageLinks() - ParserOutputLinkTypes::LANGUAGE
ParserOutput::getLinks() - ParserOutputLinkTypes::LOCAL
ParserOutput::getLinksSpecial() - ParserOutputLinkTypes::SPECIAL
ParserOutput::getTemplates() - ParserOutputLinkTypes::TEMPLATE
ParserOutput::getTemplateIds() - ParserOutputLinkTypes::TEMPLATE
ParserOutput::setLanguageLinks(null) now emits deprecation warnings. Use an empty array as an argument, not `null`.
ParserOutput::setPageProperty() now emits deprecation warnings when called with non-string values, which has been deprecated since 1.42.
Use of the reference to the internal array returned by ParserOutput::getExternalLinks() has been deprecated. In a future release it will return a copy of the array.
To support a future change allowing serializing of MessageValue objects as JSON, the methods MessageValue::objectParams(), Message::objectParams() and Message::objectParam() are deprecated. The UserGroupMembershipParam class and the ParamType::OBJECT constant are likewise deprecated.
Passing null or boolean values as message parameters, which are converted to strings "" and "1", is deprecated.
The Less mixin .column-break-after-avoid() is deprecated. Use just the CSS rule `break-after: avoid-column;` instead now.
The Less mixins .horizontal-gradient and .vertical-gradient are deprecated. Use CSS rule linear-gradient directly.
The following method are deprecated; instead call the appropriate constructor method in PageRestHelperFactory with the appropriate initialization arguments:
HtmlOutputRendererHelper::init()
HtmlMessageOutputHelper::init()
HtmlInputTransformHelper::init()
Similarly, calling the constructor method in PageRestHelperFactory without the appropriate initialization arguments is now deprecated.
Calling HtmlToContentTransform::setMetrics() and HtmlInputTransformHelper::setMetrics() with a StatsdDataFactoryInterface is deprecated and emits warnings. Pass a StatsFactory instead.
HTMLForm methods getPreText, setPreText, addPreText, getPostText, setPostText, addPostText, getHeaderText, setHeaderText, addHeaderText, getFooterText, setFooterText and addFooterText, deprecated since 1.38, now emit deprecation warnings.
FormSpecialPage methods preText and postText, deprecated since 1.38, now emit deprecation warnings.
EditPage::internalAttemptSave() is deprecated as part of cleaning up how edits are saved, see T157658 for details.
The MessageCache::get hook, deprecated since 1.41, now emits deprecation warnings.
Twelve deprecated properties of OutputPage now will emit warnings; their relevant getters or setters should be used instead:
mCategoryLinks - getCategoryLinks() and setCategoryLinks()
mCategories - getCategories()
mIndicators - getIndicators() and setIndicators()
mHeadItems - getHeadItemsArray(), hasHeadItem(), addHeadItem(), and addHeadItems()
mModules - getModules() and addModules()
mModuleStyles - getModuleStyles() and addModuleStyles()
mJsConfigVars - getJsConfigVars() and addJsConfigVars()
mTemplateIds - getTemplateIds()
mEnableClientCache - Set with enableClientCache() and disableClientCache()
mNewSectionLink - Get with showNewSectionLink()
mHideNewSectionLink - Set with forceHideNewSectionLink()
mNoGallery - getNoGallery()
The following methods from the OutputPage class were deprecated; use corresponding methods on the ParserOutput returned from OutputPage::getMetadata() instead. (For example, instead of $output->setIndexPolicy() use $output->getMetadata()->setIndexPolicy().)
::getIndexPolicy()
::setIndexPolicy() (setting 'index' after 'noindex' is deprecated)
::getPreventClickjacking()
::setPreventClickjacking()
The hook OutputPageMakeCategoryLinks is deprecated. Use the new hook OutputPageRenderCategoryLink instead.
mw.cookie.getCrossSite() has been deprecated due to the removal of
$wgUseSameSiteLegacyCookies
in MW 1.42. Use mw.cookie.get().
The 'help' key in HTMLForm descriptors is deprecated. Use the 'help-raw' key instead.
ImageGalleryBase::setWidths() and ::setHeights() will now emit a deprecation warning if they are called without ImageGalleryBase::setParser() having been called. Please set the parser appropriately when using the image gallery.
T45646
) The localisation messages 'copyright' and 'history_copyright' are deprecated in favor of 'copyright-footer' and 'copyright-footer-history'. The new messages are parsed as wikitext instead of being treated as raw HTML.
T45646
) The hook 'SkinCopyrightFooter' is deprecated in favor of 'SkinCopyrightFooterMessage'. The new hook allows specifying copyright messages that are parsed as wikitext instead of being treated as raw HTML.
T374314
) The 'mw.Uri' module has been deprecated in favour of the browser-native URL interface, which is now provided in all supported user agents. For details, see <
>.
The parameter $default in WebRequest::getRawVal() is deprecated. Use ?? instead.
SpecialBlock::processForm(), SpecialBlock::parseExpiryInput() and SpecialBlock::canBlockEmail(), deprecated since 1.36, and SpecialBlock::getSuggestedDurations(), deprecated since 1.42, now emit deprecation warnings.
The following soft deprecated Skin methods will now emit warnings:
Skin::makeSpecialUrl (use SkinComponentUtils::makeSpecialUrl instead)
Skin::makeSpecialUrlSubpage (use SkinComponentUtils::makeSpecialUrlSubpage instead)
The SkinFactory::getSkinNames deprecated in 1.37 now emits warnings, use getInstalledSkins instead.
Other changes in 1.43
edit
Class aliases to support the old PHPUnit 4 style un-namespaced `PHPUnit_` classes (such as PHPUnit_Framework_Error) have been removed.
[Temporary accounts] If
$wgAutoCreateTempUser
is enabled, then MediaWiki will create a temporary account and log the user in for unsuccessful edit attempts and null edits, in addition to edits that change content. This is a change from the previous paradigm, where temporary accounts were created only for successful edits. This change is done to support better logging support and moderation, to ensure that hooks run in a pre-save context have a user object to associate log entries and other actions with.
Several entries have been removed from the default list of interwikis used when installing new wikis. This does not affect existing wikis.
User auto-creations are now performed as the target user instead of anonymous IP user.
[Temporary accounts]
T359043
Temporary accounts for anonymous edits are enabled in DevelopmentSettings.php. To disable the feature, set `$wgAutoCreateTempUser['enabled'] = false;` in LocalSettings.php
Corrected the interpretation of empty arrays in extension configuration when the default value is null. Previously, an empty array specified by the administrator would transform into the default null value. It now appropriately retains its empty array state.
T362536
) Exempted "deletedhistory", "deletedtext", and "viewsuppressed" rights from namespace protection ($wgNamespaceProtection) since that's only meant to prevent write actions.
Image captions are no longer trimmed.
'SpecialPasswordResetOnSubmit' hook handlers can now receive both the username and the email provided by the user, instead of only one of them.
T231827
T249976
) Searchindex now uses utf8mb4, si_page is marked as PK and si_title can handle longer title values.
Compatibility
edit
MediaWiki 1.43 requires PHP 8.1.0 or later and the following PHP extensions:
ctype
dom
fileinfo
iconv
intl
json
mbstring
openssl
xml
MariaDB is the recommended database software. MySQL, PostgreSQL, or SQLite can be used instead, but support for them is somewhat less mature.
The supported versions are:
MariaDB 10.3 or higher
MySQL 5.7.0 or higher
PostgreSQL 10 or later
SQLite 3.8.0 or later
Online documentation
edit
Documentation for both end-users and site administrators is available on MediaWiki.org, and is covered under the GNU Free Documentation License (except for pages that explicitly state that their contents are in the public domain):
Special:MyLanguage/Documentation
Mailing list
edit
A mailing list is available for MediaWiki user support and discussion:
A low-traffic announcements-only list is also available:
It's highly recommended that you sign up for one of these lists if you're going to run a public MediaWiki, so you can be notified of security fixes.
IRC help
edit
There's usually someone online in #mediawiki on irc.libera.chat.
Retrieved from "
Release notes/1.43
Add topic
US