Wiki source code of Release Notes for XWiki 14.6

Last modified by Michael Hamann on 2023/01/10
Show last authors
1 {{velocity}}
2 #set ($rnObject = $doc.getObject('ReleaseNotes.Code.ReleaseNoteClass'))
3 #set ($product = $rnObject.product)
4 #set ($version = $rnObject.version)
5 #set ($versionPrefix = $stringtool.substringBefore($version, '-'))
6 #set ($versionParts = $stringtool.split($versionPrefix, '.'))
7 #set ($isRC = $version.contains('rc'))
8 #set ($isFinal = !$isRC)
9 #set ($isFirstFinal = $versionParts.size() == 2 && $isFinal)
10 {{/velocity}}
11
12 {{box cssClass="floatinginfobox" title="**Contents**"}}
13 {{toc/}}
14 {{/box}}
15
16 This is the release notes for [[XWiki Commons>>http://commons.xwiki.org]], [[XWiki Rendering>>http://rendering.xwiki.org]] and [[XWiki Platform>>http://platform.xwiki.org]]. They share the same release notes as they are released together and have the same version.
17
18 This release brings paginated attachments, multiple categories support for wiki macros and cancelable multi-page PDF exports. Admins can now control where the PDF export is performed (server-side or client-side) and also security related aspects, such as what HTML elements attributes are allowed in wiki syntax or the HTML macro. The old events store has also been moved to legacy, as it will eventually stop being bundled by default. On the other hand, the CKEditor integration was moved from Contrib into XWiki Platform. Finally, an important security-related migration is now available and configurable regarding the notification and regeneration of user passwords for potentially affected users.
19
20 {{error}}
21 The following regressions were introduced in this release (and found after it was released). Please check them out and if they impact you we recommend waiting to upgrade to a version where they are fixed.
22
23 {{velocity}}
24 #if ($isFirstFinal)
25 #set ($affectedVersions = "${version}-rc-1, ${version}")
26 #set ($fixVersionJQL = " and (fixVersion != ${version}-rc-1 or fixVersion is empty)")
27 #else
28 #set ($affectedVersions = "${version}")
29 #set ($fixVersionJQL = "")
30 #end
31 {{jira id="xwikiorg" source="jql"}}
32 category = 10000 and affectedVersion in ($affectedVersions)${fixVersionJQL}and priority = Blocker and resolution in (Fixed, Unresolved)
33 {{/jira}}
34 {{/velocity}}
35 {{/error}}
36
37 = New and Noteworthy (since {{velocity}}$product{{/velocity}} 14.5) =
38
39 [[Full list of issues fixed and Dashboard for 14.6>>https://jira.xwiki.org/secure/Dashboard.jspa?selectPageId=15095]].
40
41 {{releasenotechanges/}}
42
43 === Moved Modules ===
44
45 [[CKEditor Integration>>doc:extensions:Extension.CKEditor Integration.WebHome]] is now part of XWiki Platform. The extension will still be maintained as an independent contribution extension, for bug fixes only, until the ##14.4.x## and ##13.10.x## branches become unsupported. Please create new issues on the [[XWiki Plaform>>https://jira.xwiki.org/projects/XWIKI/issues]] Jira project. Issues can still be created in the [[CKEditor Integration>>https://jira.xwiki.org/projects/CKEDITOR/issues/]] Jira project only for bug that are impacting branches ##14.4.x## and ##13.10.x##.
46
47 === Upgrades ===
48
49 The following runtime dependencies have been upgraded (they have a different release cycle than [[XWiki Commons>>http://commons.xwiki.org]], [[XWiki Rendering>>http://rendering.xwiki.org]] and [[XWiki Platform>>http://platform.xwiki.org]]):
50
51 * [[node 16.15.1>>https://jira.xwiki.org/browse/XWIKI-19881]]
52 * [[@vue/cli-plugin-babel 5.0.8>>https://jira.xwiki.org/browse/XWIKI-19882]]
53 * [[vue-i18n 8.27.2>>https://jira.xwiki.org/browse/XWIKI-19883]]
54 * [[vue-tippy 4.14.0>>https://jira.xwiki.org/browse/XWIKI-19942]]
55 * [[eslint-plugin-vue 8.7.1>>https://jira.xwiki.org/browse/XWIKI-19946]]
56 * [[less 4.1.3>>https://jira.xwiki.org/browse/XWIKI-19943]]
57 * [[less-loader 10.0.0>>https://jira.xwiki.org/browse/XWIKI-18940]]
58 * [[@testing-library/jest-dom 5.16.4>>https://jira.xwiki.org/browse/XWIKI-19947]]
59 * [[@babel/eslint-parser 7.18.2>>https://jira.xwiki.org/browse/XWIKI-19884]]
60 * [[Woodstox 6.3.0>>https://jira.xwiki.org/browse/XCOMMONS-2458]]
61 * [[JNA 5.12.1>>https://jira.xwiki.org/browse/XWIKI-19889]]
62 * [[Protobuf Java 3.21.2>>https://jira.xwiki.org/browse/XCOMMONS-2455]]
63 * [[Byte Buddy 1.12.12>>https://jira.xwiki.org/browse/XCOMMONS-2454]]
64 * [[Liquibase 4.12.0>>https://jira.xwiki.org/browse/XWIKI-19890]]
65 * [[MariaDB connector 3.0.6>>https://jira.xwiki.org/browse/XWIKI-19915]]
66 * [[jsoup 1.15.2>>https://jira.xwiki.org/browse/XWIKI-19934]]
67 * [[Tika 2.4.1>>https://jira.xwiki.org/browse/XWIKI-19891]]
68 * [[Revapi Java 0.27.0 and Maven plugin 0.14.7>>https://jira.xwiki.org/browse/XCOMMONS-2462]]
69 * [[log4j API 2.18.0>>https://jira.xwiki.org/browse/XCOMMONS-2461]]
70 * [[Commons Configuration 2.8.0>>https://jira.xwiki.org/browse/XCOMMONS-2460]]
71 * [[Hibernate 5.6.10>>https://jira.xwiki.org/browse/XWIKI-19991]]
72
73 = Translations =
74
75 The following translations have been updated:
76
77 {{language codes="de, es, fr, sv"/}}
78
79 = Tested Browsers & Databases =
80
81 {{include reference="TestReports.ManualTestReportSummaryXWiki146.WebHome"/}}
82
83 {{comment}}
84 TODO: uncomment and update with proper links when the report is ready.
85
86 = Performances tests compared to <last super stable version> =
87
88 {{display reference="test:Performances.Jetty HSQLDB single wiki xxx to yyy" section="HSummary"/}}
89
90 More details on [[performance comparison on single wiki between x.x and y.y>>test:Performances.Jetty HSQLDB single wiki xxx to yyy]].
91 {{/comment}}
92
93 = Known issues =
94
95 * [[Bugs we know about>>https://jira.xwiki.org/issues/?jql=category%20%3D%2010000%20AND%20issuetype%20%3D%20Bug%20AND%20resolution%20%3D%20Unresolved%20ORDER%20BY%20updated%20DESC]]
96
97 = Backward Compatibility and Migration Notes =
98
99 == General Notes ==
100
101 * When upgrading make sure you compare and merge the following XWiki configuration files since some parameters may have been modified, removed or added:
102 ** ##xwiki.cfg##
103 ** ##xwiki.properties##
104 ** ##web.xml##
105 ** ##hibernate.cfg.xml##
106 * Add ##xwiki.store.migration=1## in ##xwiki.cfg## so that XWiki will attempt to automatically migrate your current database to any new schema. Make sure you backup your Database before doing anything.
107
108 == Issues specific to {{velocity}}$product $version{{/velocity}} ==
109
110 === Migration sending emails ===
111
112 A migration is provided as part of this upgrade that might trigger a reset password of some users. As part of this operation, some emails are automatically being sent by default: a first mail informing about a possible data leak, and a second mail for asking users to reset their password.
113
114 It's possible to chose whether the mails should be sent or not by editing the following properties:
115
116 {{code}}
117 #-# [Since 14.6RC1]
118 #-# [Since 14.4.3]
119 #-# [Since 13.10.8]
120 #-# This option is only used when performing a migration from a wiki before the versions mentioned above.
121 #-#
122 #-# This parameter defines if as part of the migration R140600000XWIKI19869 the passwords of impacted user should be
123 #-# reset or not. It's advised to keep this value as true, now for some usecases advertised administrators might want
124 #-# their users to keep their passwords nevertheless, then enable the configuration and set it to false before the
125 #-# migration is executed.
126 # security.migration.R140600000XWIKI19869.resetPassword = true
127
128 #-# [Since 14.6RC1]
129 #-# [Since 14.4.3]
130 #-# [Since 13.10.8]
131 #-# This option is only used when performing a migration from a wiki before the versions mentioned above.
132 #-#
133 #-# This parameter defines if reset password emails should be sent as part of the migration R140600000XWIKI19869.
134 #-# By default this value is set to true, so emails will be automatically produced. Now it's possible for admin to set
135 #-# this option to false: note that in such case a file containing the list of users for whom a reset password email
136 #-# should be sent will still be created in the permanent directory (named 140600000XWIKI19869DataMigration-users.txt).
137 #-# If this file exists and this property is set back to true after the migration, the file will still be consumed to
138 #-# send the emails, so it's possible to perform the migration and send the emails only later if needed.
139 # security.migration.R140600000XWIKI19869.sendResetPasswordEmail = true
140
141 #-# [Since 14.6RC1]
142 #-# [Since 14.4.3]
143 #-# [Since 13.10.8]
144 #-# This option is only used when performing a migration from a wiki before the versions mentioned above.
145 #-#
146 #-# This parameter defines if a security email information should be sent as part of the migration R140600000XWIKI19869.
147 #-# By default this value is set to true, so emails will be automatically produced. Now it's possible for admin to set
148 #-# this option to false: note that in such case a file containing the list of users for whom a reset password email
149 #-# should be sent will still be created in the permanent directory (named 140600000XWIKI19869DataMigration-users.txt).
150 #-# If this file exists and this property is set back to true after the migration, the file will still be consumed to
151 #-# send the emails, so it's possible to perform the migration and send the emails only later if needed.
152 # security.migration.R140600000XWIKI19869.sendSecurityEmail = true
153 {{/code}}
154
155 Note that the mails are sent after the migration is actually performed, during the wiki intialization by reading a file named ##140600000XWIKI19869DataMigration-users.txt## created in the permanent directory during the migration. So it's possible for an administrator to set the properties for sending the emails to false for performing the migration, and to actually set them back to true before a next restart to send the emails at this moment. Be aware that the file is deleted as soon as the emails are processed to be sent: in case of failure for sending the emails, please check the administration of the wiki to see the status of the created emails.
156
157
158 It's also possible for administrators to configure the template of the first mail by creating a file named ##140600000XWIKI19869-mail.txt## in the permanent directory. The format of this template is the following:
159
160 (% class="box" %)
161 (((
162 Subject:<the subject of the email>
163 <the plain text content of the email>
164 )))
165
166 By default, the mail template is the following:
167
168 (% class="box" %)
169 (((
170 {{{Subject: Important security issue
171 Dear user,
172
173 due to a bug your password was stored in plain text in our wiki. We cannot exclude that your plain text password was exposed in a data leak. Therefore, you might receive a second email to choose a new password.
174 Please contact the administrator in case of problem or for further questions.}}}
175 )))
176
177 === Renaming of actions related to authentication ===
178
179 Two possible authentication resource URL can be used to respectively ask for a password reset, and ask for retrieving a username from an email address. The associated resource actions used to be ##/authenticate/reset## and ##/authenticate/forgot##. Since those were not very explicit we renamed them as part of fixing a bug, and they are now respectively named ##/authenticate/resetpassword## and ##/authenticate/retrieveusername##. So be careful to update your URLs if you use those in some places.
180
181 === No more legacy events migration step in the Distribution Wizard
182
183 If you upgrade from a version of XWiki older than 12.4 you will need to migrate events (notifications) if you don't want them to appear lost. There used to be a step proposing it in the Distribution Wizard but as we are preparing to remove all the legacy events code from XWiki Standard this step was removed but you can still ask for a migration from the wiki administration (Administer ##Wiki## -> ##Social## -> ##Notifications## -> ##Events migration##).
184
185 === Restrictions on allowed attributes ===
186
187 New options for [[HTML cleaning>>doc:extensions:Extension.XML Module||anchor="HHTMLCleaning"]] were added that allow precise control which attributes and elements are allowed in XWiki syntax and in the HTML macro in restricted contexts. The default settings should be fine but in case you notice any breakage due to attributes no longer working or want to restrict certain features like inline-styling, consult the [[documentation>>doc:extensions:Extension.XML Module||anchor="HHTMLCleaning"]] on these options. Do not hesitate to [[contact us>>doc:Main.Support||anchor="HCommunitySupport"]] on the [[forum>>doc:dev:Community.Discuss||anchor="HForum"]] or the [[chat>>doc:dev:Community.Chat]] in case you notice unexpected breakages or other issues with this change.
188
189 == API Breakages ==
190
191 No APIs breakage since {{velocity}}$product{{/velocity}} 14.5.
192
193 {{comment}}
194 {{velocity}}
195 {{backwardCompatibilityReport134 version="$version"/}}
196 {{/velocity}}
197 {{/comment}}
198
199 = Credits =
200
201 The following people have contributed code and translations to this release (sorted alphabetically):
202
203 Eduard Moraru
204 Manuel Leduc
205 Marius Dumitru Florea
206 Michael Hamann
207 Oana-Lavinia Florean
208 Simon Urli
209 Simpel
210 Thomas Mortagne
211 Vincent Massol
212 oanalavinia
213 xrichard

About

About

Support

Platform

User Guide

Admin Guide

Developer Guide

Projects

XWiki

Extensions

Other

Contribute

Status

Practices

Under the Hood

Get Involved

Get Connected