--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-f83aec6d57
2022-09-09 11:21:56.289494
--------------------------------------------------------------------------------

Name        : mediawiki
Product     : Fedora 36
Version     : 1.37.4
Release     : 1.fc36
URL         : https://www.mediawiki.org/
Summary     : A wiki engine
Description :
MediaWiki is the software used for Wikipedia and the other Wikimedia
Foundation websites. Compared to other wikis, it has an excellent
range of features and support for high-traffic websites using multiple
servers

This package supports wiki farms. Read the instructions for creating wiki
instances under /usr/share/doc/mediawiki/README.RPM.
Remember to remove the config dir after completing the configuration.

--------------------------------------------------------------------------------
Update Information:

MediaWiki 1.37.4  This is a maintenance release of the MediaWiki 1.37 branch.
Changes since MediaWiki 1.37.3      Localisation updates.     (T311568)
UploadBase::setTempFile() handle $tempPath being passed as null.     (T311559)
SpecialListFiles: user parameter isn't always present.     (T311561)
ImageListPager: Don't call htmlspecialchars() on null.     (T311920)
SpecialBlockList: Prevent passing null to trim().     (T311921)
SpecialUserrights: Don't pass null to str_replace.     (T311570)
SpecialWithoutInterwiki: Don't pass null through to   Title::capitalize().
(T311574, T311576) SpecialLinkSearch: Don't pass null through to the parser.
(T312059) Update guzzlehttp/guzzle to 7.4.5 in vendor.     (T296435, T297669)
cache: Add four fields to LinkCache::getSelectFields.  MediaWiki 1.37.3  This is
a security and maintenance release of the MediaWiki 1.37 branch. Changes since
MediaWiki 1.37.2      Localisation updates.     (T289879) Type hints for
ArrayAccess and JsonSerializable.     (T304783) TemplateParser: avoid warnings
when called by NoLocalSettings.     Rebuilt vendor with composer 2.3.3.     Fix
old_name in UserLogoutComplete hook.     (T289879) Address some deprecations for
PHP 8.1.     (T193565) UserGroupManager: Fix dbDomain in addUserToGroup()
deferred update.     (T309114) LocalFile::prerenderThumbnails: Limit the number
of thumbnail jobs   triggered.      (T307982) Updated wikimedia/parsoid from
v0.14.0 to v0.14.1.     (T308471) SECURITY: Escape welcomeuser message passed to
showSuccessPage().     (T308473) SECURITY: Escape contributions-title msg for
use within page title.     (T311272) Call parent constructor of AddSite
maintenance script first.     MediaWiki: Don't eagerly initialize action name.
Updated wikimedia/shellbox from v2.0.0 to v2.1.1.     (T311384, CVE-2022-27776)
Updated guzzlehttp/guzzle from 7.2.0 to 7.4.5.     (T289926) Avoid passing null
to trim() in SkinTemplate.     (T311473) rollbackEdits: Pass user identity to
RollbackPage.     (T307282) Avoid passing null to strcasecmp(), for PHP 8.1.
(T311551) ShellboxClientFactory::getUrl(): Check if $this->key is null.
(T311552) ChangesListSpecialPage: Don't pass null to FormatJson::decode().
(T311569) FileBackend::isStoragePath() Handle being passed null.     (T311544)
Pass int to ApiUsageException::newWithMessage()'s $httpCode param.     (T311678)
SpecialEditWatchlist: Prevent passing null to strtolower().     (T281741)
ChangeTags: Fix adding CSS classes for hidden tags.     (T296642) changetags:
Fix management of a '0' tag.     (T311554) ChangeTags: Return early in
formatSummaryRow() if $tags === null.     (T303033) Handle null in
ChangeTags::modifyDisplayQuery.     Updated wikimedia/common-passwords from
0.3.0 to 0.4.0.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep  1 2022 Michael Cronenworth  - 1.37.4-1
- Update to 1.37.4
- https://www.mediawiki.org/wiki/Release_notes/1.37#MediaWiki_1.37.4
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2101639 - MediaWiki 1.37.2 pulls in version of dependency (Parsoid 0.14.0) broken with PHP 8.1
        https://bugzilla.redhat.com/show_bug.cgi?id=2101639
  [ 2 ] Bug #2102955 - mediawiki-1.38.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2102955
  [ 3 ] Bug #2112771 - CVE-2022-34911 mediawiki: Cross-site Scripting [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2112771
  [ 4 ] Bug #2112773 - CVE-2022-34912 mediawiki: Username not escaped in the contributions-title message [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2112773
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-f83aec6d57' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue