		Status
Resolved	dancy	T302086 Set scap minimum python version to 3.7
Resolved	None	T247045 Migrate all of production metal and VMs to Buster or later
Resolved	akosiaris	T249724 Track and remove jessie based container images from production
Resolved	Jdforrester-WMF	T224908 Drop jessie testing support
Resolved	Jdforrester-WMF	T224907 Drop php55 testing support
Resolved	Reedy	T205039 Release MediaWiki 1.27.6/1.30.2/1.31.2/1.32.2
Resolved	Reedy	T205041 Tracking bug for 1.27.6/1.30.2/1.31.2/1.32.2 security release
Resolved	Bawolff	T197279 Direct POST to Special:ChangeEmail will bypass reauth check
Resolved	Anomie	T204729 Potential enwiki DOS due to slow WatchedItemStore::countVisitingWatchersMultiple
Resolved	Bawolff	T207603 CVE-2019-12471: Loading JS from user space where the username is not a registered account is dangerous and should be banned
Resolved	Bawolff	T208881 CSS using var() to create exponential sized calc() on wiki page will crash visitor's browser
Resolved	Legoktm	T199540 Forbid blocking IP ranges as big as /1 and /2, as done on ruwikiquote using the API
Resolved	• Lucas_Werkmeister_WMDE	T212118 API responses for unpatrolled or (not) autopatrolled recent changes require privileges but may be cached publicly
Resolved	Bawolff	T209794 Need to make a limit of count of attempts to change email address
Resolved	sbassett	T222036 Exposed suppressed username or log in Special:EditTags
Resolved	sbassett	T222038 Exposed suppressed log in RevisionDelete page
Resolved	Jdforrester-WMF	T221739 Patch jQuery due to CVE-2019-11358
Resolved	sbassett	T25227 Use token when logging out
Resolved	sbassett	T221868 Send out wikitech-l post for T25227 ("Use token when logging out")
Resolved	Reedy	T205042 Write and send release announcements for 1.27.6/1.30.2/1.31.2/1.32.2 security releases
Resolved	Reedy	T205043 Write and send pre-release Announcements for MediaWiki 1.27.6/1.30.2/1.31.2/1.32.2
Resolved	Jdforrester-WMF	T205044 Update onwiki release notes for 1.27.6/1.30.2/1.31.2/1.32.2
Resolved	Reedy	T205046 Update HISTORY in master after 1.27.6/1.30.2/1.31.2/1.32.2
Resolved	Reedy	T205047 Tag MW 1.27.6/1.30.2/1.31.2/1.32.2
Resolved	Reedy	T224499 RELEASE-NOTES for 1.27.6/1.30.2/1.31.2/1.32.2
Resolved	Jdforrester-WMF	T224912 Update MediaWiki.org links and versions
Resolved	Jdforrester-WMF	T224913 EOL REL1_27 and REL1_30 onwiki
Resolved	Reedy	T225201 Formally announce EOL of MW 1.27 and 1.30
Resolved	Reedy	T225149 Update CVEs and publish them
Resolved	Reedy	T205048 Obtain CVEs for 1.27.6/1.30.2/1.31.2/1.32.2 security releases

Mentioned In: T225151: Release MediaWiki 1.31.4/1.32.4/1.33.1
Mentioned Here: T213595: Release 1.32.1 as a maintenance release
T199021: Release MediaWiki 1.27.5/1.29.3/1.30.1/1.31.1

Event Timeline

Reedy created this task.Sep 20 2018, 9:45 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 20 2018, 9:45 PM

Reedy added a project: MediaWiki-Releasing.Sep 20 2018, 9:46 PM

Jdforrester-WMF subscribed.Nov 14 2018, 9:27 PM

Bawolff added a subtask: T209794: Need to make a limit of count of attempts to change email address.Nov 21 2018, 5:41 PM

Reedy renamed this task from Release MediaWiki 1.27.6/1.30.2/1.31.2 to Release MediaWiki 1.27.6/1.30.2/1.31.2/1.32.1.Feb 13 2019, 2:23 AM

Reedy updated the task description. (Show Details)

greg added subscribers: Legoktm, greg, • mmodell.Feb 22 2019, 5:00 AM

Comment Actions

In T213595#4974431, @mmodell wrote:

! In T213595#4972704, @greg wrote:

! In T213595#4949955, @Legoktm wrote:
Can we bundle the planned security release with this?

Did that ^ happen?

I'm not aware of any security patches that landed in 1.32.1 but I haven't announced the release yet if we want to rebuild the tarballs it's fine with me.

Reedy added a comment.Feb 26 2019, 10:27 PM

Comment Actions

What does anyone want to do? It's going to take probably a week or two to get things finished off with other stuff going on...

Do we want to wait with 1.32.1? Or get that out of the door, and do a 1.32.2 a few weeks later?

I know that doesn't look particularly great; though it would be worse as two security releases in a short period

• mmodell added a comment.Feb 27 2019, 8:48 PM

Comment Actions

Well, I already built the 1.32.1 tarballs but I haven't announced the release officially nor have I pushed the tags to git. I don't have a strong opinion either way.

greg added a comment.Feb 27 2019, 11:50 PM

Comment Actions

Let's do separate releases. We want to do these more frequently anyway, right?

Legoktm removed a subtask: T209794: Need to make a limit of count of attempts to change email address.Mar 8 2019, 10:26 PM

Reedy renamed this task from Release MediaWiki 1.27.6/1.30.2/1.31.2/1.32.1 to Release MediaWiki 1.27.6/1.30.2/1.31.2/1.32.2.Apr 30 2019, 6:28 PM

Reedy closed subtask T224499: RELEASE-NOTES for 1.27.6/1.30.2/1.31.2/1.32.2 as Resolved.May 29 2019, 12:32 AM

Reedy updated the task description. (Show Details)May 29 2019, 12:41 AM

Reedy updated the task description. (Show Details)May 29 2019, 1:07 AM

Reedy closed subtask T205048: Obtain CVEs for 1.27.6/1.30.2/1.31.2/1.32.2 security releases as Resolved.May 30 2019, 5:17 PM

Jdforrester-WMF added a parent task: T224907: Drop php55 testing support.Jun 3 2019, 5:08 PM

Reedy closed subtask T205043: Write and send pre-release Announcements for MediaWiki 1.27.6/1.30.2/1.31.2/1.32.2 as Resolved.Jun 5 2019, 3:52 PM

Reedy added a subtask: T225149: Update CVEs and publish them.Jun 5 2019, 8:59 PM

Reedy mentioned this in T225151: Release MediaWiki 1.31.4/1.32.4/1.33.1.Jun 5 2019, 9:19 PM

Reedy claimed this task.Jun 6 2019, 12:39 PM

Reedy closed subtask T205042: Write and send release announcements for 1.27.6/1.30.2/1.31.2/1.32.2 security releases as Resolved.Jun 6 2019, 3:51 PM

Reedy changed the visibility from "Custom Policy" to "Public (No Login Required)".Jun 6 2019, 3:58 PM

Reedy closed subtask T205041: Tracking bug for 1.27.6/1.30.2/1.31.2/1.32.2 security release as Resolved.

Jdforrester-WMF closed subtask T224912: Update MediaWiki.org links and versions as Resolved.Jun 6 2019, 5:31 PM

Jdforrester-WMF closed subtask T224913: EOL REL1_27 and REL1_30 onwiki as Resolved.Jun 6 2019, 5:47 PM

Reedy closed subtask T205047: Tag MW 1.27.6/1.30.2/1.31.2/1.32.2 as Resolved.Jun 7 2019, 12:14 AM

Reedy closed subtask T225149: Update CVEs and publish them as Resolved.Jun 7 2019, 12:24 AM

Reedy closed subtask T205046: Update HISTORY in master after 1.27.6/1.30.2/1.31.2/1.32.2 as Resolved.Jun 7 2019, 12:31 AM

Jdforrester-WMF closed this task as Resolved.Jun 7 2019, 12:34 AM

Jdforrester-WMF closed subtask T205044: Update onwiki release notes for 1.27.6/1.30.2/1.31.2/1.32.2 as Resolved.

• chasemp added a project: Security.Feb 10 2020, 10:51 PM

• chasemp removed a project: acl*security.Feb 20 2020, 8:12 PM

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits

URL: https://phabricator.wikimedia.org/T205039

⇱ ⚓ T205039 Release MediaWiki 1.27.6/1.30.2/1.31.2/1.32.2

Release MediaWiki 1.27.6/1.30.2/1.31.2/1.32.2
Closed, ResolvedPublic
Actions

Description

Related Objects

Event Timeline

URL: https://phabricator.wikimedia.org/T205039

⇱ ⚓ T205039 Release MediaWiki 1.27.6/1.30.2/1.31.2/1.32.2

Release MediaWiki 1.27.6/1.30.2/1.31.2/1.32.2Closed, ResolvedPublicActions

Description

Related Objects

Event Timeline

Release MediaWiki 1.27.6/1.30.2/1.31.2/1.32.2
Closed, ResolvedPublic
Actions