1.31.7 MediaWiki security update
The latest #MediaWiki security update has hit #Debian - https://lists.debian.org/debian-security-announce/2020/msg00053.htmlOnly buster users need to update as stretch did not contain the vulnerable code (yay?).
Posts tagged: mediawiki
mwparser on wheels
mwparserfromhell is now fully on wheels. Well...not those wheels - Python wheels! If you're not familiar with it, mwparserfromhell is a powerful parser for MediaWiki's wikitext syntax with an API that's really convenient for bots to use. It is primarily developed and maintained by Earwig, who originally wrote it for…
Celebrating 2 years of MediaWiki codesearch
It's been a little over 2 years since I announced MediaWiki codesearch, a fully free software tool that lets people make regex searches across all the MediaWiki-related code in Gerrit and much more. While I expected it to be useful to others, I didn't anticipate how popular it would become.…
Automatically rewriting links to use HTTPS on Wikimedia sites
In March 2018, Facebook began automatically rewriting links to use HTTPS using the HSTS preload list. Now all Wikimedia sites (including Wikipedia) do the same. If you're not familiar with it, the HSTS preload list tells browsers (and other clients) that the website should only be visited over HTTPS, not…
SecureLinkFixer in beta
In other #HTTPS news, a feature to automatically rewrite HTTP links on #Wikipedia to HTTPS (using domains on the HSTS preload list) just landed on our beta cluster. Full production rollout coming soon.More details: https://phabricator.wikimedia.org/T200745
LibUp 2.0 test run
I did the first test run of LibUp 2.0 (formerly libraryupgrader) last night across MediaWiki extension repositories, only hit one show-stopper bug (oops).Here's an example: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AJAXPoll/+/522645 I think the coolest new feature is the hashtags, which allow you to filter patches for exactly which libraries were upgraded, which CVEs were…
MediaWiki hates potatoes
End of an era, #MediaWiki will no longer silently accept "A potato" as part of a valid timestamp: https://lists.wikimedia.org/pipermail/mediawiki-api-announce/2019-June/000146.html(Don't worry, PHP will still take it!)
Yes, you can send a potato through the US mail
A while back, a friend mentioned to me that you could send potatoes through the mail. I was pretty skeptical at the time, but basic Internet research confirmed what they told me. So a little bit later I had the opportunity to send them something, and decided to test it…
Eliminating PHP polyfills
The Symfony project has recently created a set of pure-PHP polyfills for both PHP extensions and newer language features. It allows developers to add requirements upon those functions or language additions without increasing the system requirements upon end users. For the most part, I think this is a good thing,…
PHP 7 vs HHVM
First performance production testing of PHP 7 vs HHVM: https://phabricator.wikimedia.org/T206341#4750994Looking good so far!#MediaWiki #HHVM #PHP
New php-excimer profiler
Tim is working on a new profiler for PHP, since there are issues with xhprof/tideways that really aren't worth dealing with...and that we can do better in profiling. He's written up some details on https://phabricator.wikimedia.org/T205059, and there's some initial code in our Gerrit.I've done the initial Debian packaging at https://salsa.debian.org/mediawiki-team/php-excimer…
PoolCounter in Debian proper
I posted most of my poolcounter #Debian packaging work: https://salsa.debian.org/mediawiki-team/poolcounterThere's one remaining issue with the makefile trying to build poolcounterd twice that should get fixed upstream: https://gerrit.wikimedia.org/r/c/mediawiki/services/poolcounter/+/463700
An update on MediaWiki 1.31 in Debian
Following the MediaWiki 1.31.1 security release, I was finally able to update the Debian package to 1.31 LTS in preparation for the Debian Buster release.
Writing a new MediaWiki tarball release script
Last week's security release of MediaWiki 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1 mentioned a small hint of a new release script being used for this release. Chad came up with the concept/architecture of the new script, I wrote most of the code, and Reedy did the actual release, providing…
2018-08 MediaWiki security update
The #MediaWiki security update has been pushed to #Debian stable after a few hiccups (thanks Moritz!): https://lists.debian.org/debian-security-announce/2018/msg00232.htmlI also pushed an update for Xenial users to my PPA: https://launchpad.net/~legoktm/+archive/ubuntu/mediawiki-ltsThose packages are for 1.27, which is the older LTS version. 1.31 hit unstable today, so I'll be providing backports for it shortly!…