Release Notes for XWiki Enterprise 3.2 Milestone 1

Last modified by Thomas Mortagne on 2017/03/24

First milestone of the XWiki Enterprise 3.2 version (Roadmap). After the infrastructure-mostly 3.1 release, the 3.2 cycle comes back with several improvements, new features and bugfixes.

New and Noteworthy (since XWiki Enterprise 3.1)

CSRF prevention is enabled by default

Cross-site request forgery is an exploit done via JavaScript, which allows a malicious/broken site to include javascript that performs actions on another site on behalf of the currently logged in user. Starting with 3.2, XWiki comes with a prevention mechanism enabled by default. Although it was introduced earlier, in 2.5, it wasn't enabled by default since several actions were broken by this change. Now almost everything should work fine, please report any actions that are still broken.

Storage improvements

The version of hibernate used by XWiki has been upgraded to 3.6.4, bringing in numerous performance and compatibility improvements. The mapping and configuration files have also been reviewed, upgraded and simplified. Now InnoDB is used by default when creating a new database or table in MySQL (this used to be a recommendation only, now it's the default). Further performance enhancements for default installations come from the fact that the proper indexes needed for efficient database access are now auto-created at startup, eliminating the need for manual configuration.

Converted the panels application to the new XWiki syntax

Although only a rewrite, with no new features, this makes it easier to edit panels. Several panels have also been cleaned up and optimized, minimizing the use of inline HTML, relying on wiki markup instead.

Further progress on the extension manager

Bringing update capabilities, 3-way merging has been implemented in the extension manager. The UI now reports the progress of the ongoing actions performed by the extension manager.

For developers

  • XCOMMONS-14: Added new XML manipulation methods to the XMLUtils helper class
  • XCOMMONS-17: Added a bridge that converts LogBack log events into observable events.
  • XCOMMONS-19: Added new methods to $escapetool for encoding test into the Quoted-Printable and the B and Q MIME encodings
  • Various upgrades:
    • Logback 0.9.29
    • Hibernate 3.6.4.Final (and related dependencies)
    • Aether 1.12
    • Doxia 1.2

Translations

  • The following translations have been updated: fr sv

Known issues

Test Report

You can check the manual test report to learn about what was tested and the results on various browsers.

Backward Compatibility and Migration Notes

General Notes

If you're running in a multiwiki setup you'll also need to define the property xwiki.store.migration.databases=all to your xwiki.cfg file or explicitly name all databases to be migrated as in xwiki.store.migration.databases=db1,db2,....

You may also want to import the default wiki XAR in order to benefit from the improvements listed above.

Always make sure you compare your xwiki.cfg file with the newest version since some configuration parameters were added. Note you should add xwiki.store.migration=1 so that XWiki will attempt to automatically migrate your current database to the new schema. Make sure you backup your Database before doing anything.

API Breakages

[TODO]

Get Connected