HEX
Server: LiteSpeed
System: Linux server257.web-hosting.com 4.18.0-553.54.1.lve.el8.x86_64 #1 SMP Wed Jun 4 13:01:13 UTC 2025 x86_64
User: salhiscp (12590)
PHP: 8.4.12
Disabled: NONE
$ pwd: /proc/thread-self/root/var/softaculous/mw14/
Upload Files
File: //proc/thread-self/root/var/softaculous/mw14/changelog.txt
== MediaWiki 1.44.1 ==

This is a security and maintenance release of the MediaWiki 1.44 branch.

=== Changes since MediaWiki 1.44.0 ===
* Localisation updates.
* (T385890, T398448) ApiQueryCategoryMembers: Use correct index for
  categorylinks.
* (T398860) Straight join collation table to make sure it is last.
* updateCollation: Drop 'order by cl_from' from query.
* (T399672) mime: Add mime types for *.less.
* (T388729) Parser: Handle regex failure in extractBody method.
* (T399064) Parser::extractBody: Use possessive matcher and once-only
  subpattern.
* (T399450) file: Init LocalFile::$upgraded with false.
* (T399793) PermissionManager: Fix missingPermissionError() not returning early
  when $short is true.
* rdbms: Fix GTID style detection for MySQL servers.
* ParserCacheSerializationTestCases: back port ParserOutput changes from 1.45.
* ParserCacheSerializationTestCases: distinguish empty ToC from missing ToC.
* diff: Avoid Phan warning with some Wikidiff2 versions.
* (T327439) ParserOutput: Prepare to allow JsonCodec serialization of TOCData.
* (T386208) Exif: Handle malformed gps tags.
* i18n: Add Special:MyLanguage to mediawiki.org links.
* (T381699) Do not use Special:MyLanguage for category links.
* maintenance: Fix sql for touched-only option of refreshLinks script.
* (T393028) ImagePage: Remove PNG previews line for native SVG rendering.
* (T394796) installer: Use input type from params if provided.
* (T374042) PostgresUpdater: Fix typo in sites_group index renaming instruction.
* (T401088) maintenance: Fix paging in findMissingFiles.php.
* (T401570) rdbms: Fix read-only detection for MariaDB 12.
* (T400881) filerepo: Improve identification of ForeignAPIRepo requests.
* (T386761) docs: Mention deprecated Skin::appendSpecialPagesLinkIfAbsent in
  release notes.
* (T397900) Don't use RequestContext in CommentParserFactory construction.
* (T402037) config: Change Reauthenticate Time Default.
* WebPHandler: Read all of the VP8L canvas height.
* Forward-compatibility serialization data for SelserContext.
* (T264389, T161647) Make Content JsonCodecable.
* maintenance: Fix SQL range for moveToExternal.
* (T403922) Installer: SQLite searchindex step depends on tableinstall.
* Use JsonCodec to serialize SelserContext.
* Forward-compat data for SelserContext w/ JSON-encoded Content.
* (T402066) Skin: Table width should not exceed content width.
* (T372444, T404230) DeletedContribsPager: Use the UserIdentity object instead
  of the raw target string.
* (T403922) Installer: Merge applySourceFile status into Task status.
* (T401099, CVE-2025-61638) Upgrading wikimedia/parsoid (v0.21.0 => v0.21.1).
* (T394968) Metadata: ignore LocationCreated, similar to LocationShown.
* (T387478, CVE-2025-61634) SECURITY: REST: Set cache-control value of
  max-age=60 for redirects.
* (T394396, CVE-2025-61636) SECURITY: Escape rawElement $content.
* (T394856, CVE-2025-61637) SECURITY: Escape three system messages used by
  live preview.
* (T401099, CVE-2025-61638) SECURITY: Sanitize data- attributes.
* (T280413, CVE-2025-61639) SECURITY: Use ManualLogEntry::getDeleted in
  ::getRecentChange.
* (T402075, CVE-2025-61640) SECURITY: Parse messages instead of inserting
  them as HTML.
* (T298690, CVE-2025-61641) SECURITY: api: Disable maxsize in QueryAllPages
  in miser mode.
* (T402313, CVE-2025-61642) SECURITY: Escape submit button label for Codex-based
  HTMLForms.
* (T403757, CVE-2025-61643) SECURITY: Don't send suppressed recent changes to
  RCFeeds.
* (T403761, CVE-2025-61645) SECURITY: Fix i18n XSS in CodexTablePager.
* (T398706, CVE-2025-61646) SECURITY: Prevent leaking hidden usernames in
  Watchlist/RecentChanges.
@ Telegram