Release Notes 2.1.x
Foswiki - The Free and Open Source Wiki
Foswiki is an enterprise collaboration and information sharing tool targeted for professional use in many types of organizations: from small businesses to multi-nationals, from one-product open source groups, to worldwide research networks.
Foswiki is a wiki: fundamentally, a website with editable web pages. It looks like a normal web site but it encourages contributions, edits, updates, questions, and answers from its users. It's a powerful way of enabling a community to communicate asynchronously using intranet and public Internet websites. Foswiki is simple to learn and use. It aims to provide a transparent way for you to publish and exchange your ideas with others over the web and eliminates the one-webmaster syndrome of outdated intranet content.
Foswiki is a structured wiki with tools that enable users without programming skills to build powerful yet simple applications to process information and support workflows. Developers can extend the functionality of Foswiki with plugins.
Foswiki is backwards compatible with content generated on all previous Foswiki versions, and even content and many plugins from TWiki installations (Foswiki ships with a TWikiCompatibilityPlugin, thus enabling most extensions made for TWiki to work in Foswiki. TWiki
® is a registered trademark of Peter Thoeny.)
Foswiki is released under the GNU General Public License.
Foswiki Releases
- Foswiki 1.0.0, the first Foswiki was released on 09 Jan 2009.
- Foswiki 1.0.1, 1.0.2 and 1.0.3 were released internally in the development community, but were never publicly released.
- Foswiki 1.0.4 was built 19 Mar 2009. It is a patch release with more than 120 bug fixes relative to 1.0.0 and only very few minor enhancements.
- Foswiki 1.0.5 was built 25 Apr 2009. It is a patch release with more than 150 bug fixes relative to 1.0.0 and a few enhancements. This patch release further enhances the robustness and the security of the Foswiki software.
- Foswiki 1.0.6 was built 21 Jun 2009. It is a patch release with more than 200 bug fixes relative to 1.0.0 and some enhancements. This version introduces a major enhancement in security against Cross-Site Request Forgery. Further more a central translation framework got introduced which ease the translation process and enables all users to contribute to translations.
- Foswiki 1.0.7 was built 20 Sep 2009. It is a patch release with more than 240 bug fixes relative to 1.0.0 and some enhancements. This release fixes some serious issues introduced by the CSRF fix and the redirect cache fix in 1.0.6. Major enhancement that also fixes many annoying editor bugs is the upgrade of the Tiny MCE editor to version 3.2.2.
- Foswiki 1.0.8 was built 29 Nov 2009. It is a patch release with more than 280 bug fixes relative to 1.0.0 and some enhancements. This release fixes a short list of quite annoying old bugs incl a bug that prevented efficient use of MailerContrib for producing newsletters. The Wysiwyg editor has been upgraded with the latest Tiny MCE editor release 3.2.7.
- Foswiki 1.0.9 was built 17 Jan 2010. It is a patch release with more than 320 bug fixes relative to 1.0.0 and several enhancements. This release fixes many bugs in the Wysiwyg editor, bugs related to more advanced wiki applications and bugs in the Plugin API. It contains several bug fixes and enhancements related to security and spam fighting.
- Foswiki 1.0.10 was built 08 Sep 2010 as a patch release with more than 410 bug fixes relative to 1.0.0. It is assumed to be the last 1.0.X release.
- Foswiki 1.1.0 was built 04 Oct 2010. It is a release with more than 270 bug fixes relative to 1.0.10 and more than 680 bug fixes relative to 1.0.0. And the release adds more than 100 enhancements. Foswiki 1.1.0 introduces jQuery Javascript user interface framework, improved topic history display, new QUERY and FORMAT macros, better user interfaces for groups, much improved WYSIWYG editor, facelift of the default skin, much improved configure tool, and many more enhancements.
- Foswiki 1.1.1 was built 25 Oct 2010. It is a release that fixes some important bugs that were introduced in 1.1.0. It is highly recommended that all running 1.1.0 upgrade to 1.1.1.
- Foswiki 1.1.2 was built 09 Nov 2010. It is a release that fixes some very important bugs incl. a security related bug. Installations running 1.1.0 and 1.1.1 should be upgraded to 1.1.2
- Foswiki 1.1.3 was built 16 Apr 2011. It is a release that fixes more than 150 bugs. jQuery has been updated to 1.4.3. The default PatternSkin has some usability improvements.
- Foswiki 1.1.4 was built 20 Dec 2011. It is a release that fixes some very important including some security related issues. It contains 143 fixes and 27 enhancements. jQuery has been updated to 1.7.1.
- Foswiki 1.1.5 was built 10 Apr 2012. It is a release that fixes some very important issues including some security related issues. It contains 100 fixes and 20 enhancements.
- Foswiki 1.1.6 was built 02 Dec 2012. It is a release that fixes some important issues including some minor security related issues. It contains 94 fixes and 27 enhancements.
- Foswiki 1.1.7 was built 01 Feb 2013. It is a release that fixes CVE-2012-6329 and CVE-2012-6330. It contains 20 fixes and 4 enhancements.
- Foswiki 1.1.8 was built 28 Feb 2013. It is a release that fixes CVE-2013-1666. It contains 4 fixes.
- Foswiki 1.1.9 was built 18 Nov 2013. It is a release that contains 44 fixes and 4 enhancements..
- Foswiki 1.1.10 was built 23 Nov 2015. It is a release that contains 8 fixes and 8 enhancements.
- Foswiki 2.0.0 was built on 04 Jul 2015. It is a release that contains 312 fixes and 157 enhancements, and closes 59 Feature Requests.
- Foswiki 2.0.1 was built on 03 Aug 2015. It is a release that contains 28 fixes and 3 enhancements.
- Foswiki 2.0.2 was built on 01 Oct 2015. It is a release that contains 65 fixes and 5 enhancements.
- Foswiki 2.0.3 was built on 15 Nov 2015. It is a release that contains 17 fixes and 1 enhancement.
- Foswiki 2.1.0 was built on 02 Feb 2016. It is a release that contains 37 fixes and 14 enhancements. It closes 7 Feature Requests.
- Foswiki 2.1.1 was built on 30 Apr 2016. It is a release that contains 36 fixes and 21 enhancements.
- Foswiki 2.1.2 was built on 02 May 2016. It is a release that contains 1 fix.
- Foswiki 2.1.3 was built on 12 Feb 2017. It is a release that contains 68 fixes and 21 enhancements.
- Foswiki 2.1.4 was built on 31 May 2017. It is a release that contains 31 fixes.
- Foswiki 2.1.5 was built on 22 Jan 2018. It is a release that contains 43 fixes and 5 enhancements.
- Foswiki 2.1.6 was built on 27 Feb 2018. It is a release that contains 11 fixes, including some critical security related fixes.
Pre-installed Extensions
Foswiki 2.1 is shipped with the following:
- Plugins: AutoViewTemplatePlugin, CommentPlugin, ConfigurePlugin, EditRowPlugin, EmptyPlugin, HistoryPlugin, HomePagePlugin, InterwikiPlugin, JQueryPlugin, NatEditPlugin, PreferencesPlugin, PubLinkFixupPlugin, RenderListPlugin, SlideShowPlugin, SmiliesPlugin, SpreadSheetPlugin, SubscribePlugin, TablePlugin, TinyMCEPlugin, TwistyPlugin, UpdatesPlugin, WysiwygPlugin
- Contribs: CompareRevisionsAddOn, FamFamFamContrib, FastCGIEngineContrib, JEditableContrib, JSCalendarContrib, JsonRpcContrib, MailerContrib, ModPerlEngineContrib, PlainFileStoreContrib, RCSStoreContrib, TipsContrib, TopicUserMappingContrib
- Skins: PatternSkin
- Compatibility support - TWikiCompatibilityPlugin
Known issues
For up-to-date information, see
Known issues of Foswiki 2.1
Use of non-default {Store}{Encoding}
WARNING About
{Store}{Encoding}
: If you intend to use high-bit characters in attachment filenames (such as umlauts and accents), then links to these
attachments on Foswiki pages
will not work on a non-utf-8 Store without modification. This is because Foswiki works internally using Unicode, but the store saves files to disk using your chosen
{Store}{Encoding}. Running the Store with other than
utf-8
encoding is considered a transitional step and not recommended for long-term operation.
The
strongly recommended solution is to convert your store to UTF8 at the earliest opportunity.
A partial workaround is implemented in the PubLinkFixupPlugin This Plugin will attempt to rewrite broken links. This
generally gets linked images and other attachments working.
However the TinyMCEPlugin is still unable to render image links while editing a topic.
See
Item13696 for up-to-date details.
Important changes in Foswiki 2.1.7
Multiple cross-site scripting vulnerability in jQuery and jQuery UI
These fixes are described in
- CVE-2021-41182: XSS in the `altField` option of the Datepicker widget in jQuery UI < 1.30.0
- CVE-2021-41183: XSS in `*Text` options of the Datepicker widget in jQuery UI < 1.30.0
- CVE-2021-41184: XSS in the `of` option of the `.position()` util in jQuery UI &kt; 1.30.0
- CVE-2016-7103: XSS in closeText option of Dialog in jQuery UI < 1.12.0
- Fixes for CVE-2015-9251 and CVE-2019-11358 have been backported from jquery-3.x to jquery-2.x which is being used by default
Regular Expression Denial of Service vulnerability in jquery.validate
Details in CVE-2021-21252
Possible server site request forgery exposing the session id
For decades Foswiki and TWiki had ways to access the session id of a user and make it available on a wiki page using the
%SESSIONID
macro.
Anybody that has got access to a session id can use this session in behalf of the user that is associated with it.
There are multiple ways to leak this information to the outside using this macro. Therefore the two related macros
%SESSIONID
and
%SESSIONVAR
are deprecated for security reasons and have been disabled by default using the
{Sessions}{HideSessionVariable}
setting. Note that these macros
will be removed completely in the next minor release.
QUERY macro does not check access rights
While macros such as
%FORMFIELD
only allowed access only to information the current user has got view rights for, the
%QUERY
macro does
not.
Reimplementation of livequery
using mutation observer
The
LiveQuery
module is at the core of Foswiki's javascript framework, alas was abandoned upstream. In the meantime modern browsers now
all support a feature called "mutation observer" to monitor changes to the DOM in an efficient standardized way. Thus a new module called
Observer
has been implemented
on this base to initialize javascript modules in a declarative way as it has been done before using
LiveQuery
.
Important changes in Foswiki 2.1.6
CVE-2018-7446
This is a critical Security Release, addressing CVE-2018-7446. In addition to installing this patch release, site adminstrators should follow the
recommended changes in Support.SecurityAlert-CVE-2018-7446 to ensure that certain critical topic are protected.
Additional default topic protections
A number of "operational" topics shipped in the Main and Sandbox web are not
protected from modifications by users. This release adds an ACL to most of the
default topics shipped in the Main and Sandbox webs to restrict modifications
to the Admin group.
The
_default
template web does not provide individual topic protections. The site
administrators should customize the desired permissions before allowing users
to create new webs.
Issues with NatEditPlugin Permissions tab not supporting certain ACLs.
It was discovered that the NatEditPlugin under some conditions will lose topic ACLs:
- When a topic is copied, the ACLs in the source topic are not applied to the new topic.
- If a topic contains crafted ACLs set using the
More topic actions
-> Edit settings
dialog, they can be lost when the topic is edited by NatEdit. Specifically:
- DENYTOPIC* ACLs (except for DENY = WikiGuest) are not supported by NatEdit and were silently discarded.
NatEditPlugin version 9.21 (shipped with this release) resolves this issue by disabling the "Permissions" tab when unsupported ACLs are detected.a
Support for CaptchaPlugin in User Registration
A change has been made to the
validate.js
javascript used by the UserRegistration page. This will permit easier integration
of the
Captcha Plugin to the default user registration page.
Important changes in Foswiki 2.1.5
New zone added as a default zone.
The
body
zone has been added as a default zone. It is rendered at the end
of the body, just before the
<body>
tag. This improves compatibity of PatternSkin with
Foswiki:Extensions.NatSkin. A number of extensions released for NatSkin will not
function correctly without this zone. No changes are required unless you
have replaced the
foswiki.tmpl
or
foswiki.pattern.tmpl
with a local
version.
Additional support for Proxy configurations.
Foswiki has a new option under bin/configure -> Security and Authentication -> Proxies:
{PROXY}{UseForwardedHeaders}
. Enable this setting
if the Foswiki is accessed through a reverse proxy. Foswiki will the use the
X-Forwarded-For
header to determine the Client IP address. This has several effects:
- Foswiki will log the real Client IP address instead of the address of the reverse proxy server.
- Session IP matching will use the real client IP when determining if the CGI Session is for the correct client.
- Plugins that perform security functions based upon the IP address will see the real client IP address.
This setting should only be enabled if the majority of the clients access the server via the reverse proxy. It is possible for clients to spoof the
X-Forwarded-For
header, so only enable this setting when appropriate to avoid client IP Address spoofing.
Change in HTTP status return for authentication failures.
The fix for
Item14445 changes the HTTP status return for authentiation errors from
401 - Unauthorized
to
200 - OK
when returning the Template Login screen. The 401 status is not valid unless it returns a WWW-Authentication challenge that can be processed by the
agent. This is only valid when using HTTP authentication. The REST and JSONRPC actions will still return a 401, so that it can be handled by javascript.
Note: This change requires a corresponding fix for the LdapContrib. If you use the LdapContrib, you should not apply this release until an update of
LdapContrib is available.
Running Foswiki on a Windows based web server
This release fixes a critical error that prevented Foswiki from being installed on Windows. Foswiki mistakenly used a reserved filename for
a module which blocked installaion on Windows. This has been corrected in this release.
Important changes in Foswiki 2.1.3
Security issues addressed in this release.
This release addresses 7 Severity 3 security vulnerabilities which are described in further detail
in
Support.SecurityAlert-XSSIssues-2017-0201.
See
Security Alert Process for more details on how the Foswiki project handles security issues.
A possible data loss issue was discovered in DataForms migrated from Foswiki 1.x. A new configuration setting (
{LegacyFormfieldNames}
) was added to restore the old Foswiki 1.x behavior.
If your site uses DataForms that use non-Ascii field names, the form data will require manual migration, or you must enable
{LegacyFormfieldNames}
in
the configuration.
- Releases prior to Foswiki 2.0 stripped characters other than A-Z, a-z, 0-9 and _. So a field named
Fühler
would be stored as Fhler
.
- The same DataForms definition on Foswiki 2.0 would be stored as
Fühler
.
With the mismatch of field name, the form field will be lost when the topic is saved.
If you do not enable
{LegacyFormfieldNames}
, then you will need to find and update the
META:FIELD
definitions in the topics. This would need to be done external to Foswiki.
%META:FIELD{name="Fhler" title="Fühler" value="123"}%
would need to be changed to
%META:FIELD{name="Fühler" title="Fühler" value="123"}%
See
Item14256 for more details.
Cookie changes
The optional (expert) configuration parameter
{Sessions}{CookieRealm}
now applies to the Domain of all cookies generated by the Foswiki core. In addition, if your site is accessed
over HTTPS, all cooikes will now have the
Secure
flag set. In prior releases, only the Foswiki session cookie used the
CookieRealm
and
Secure
flag. After upgrade to 2.1.3, users may
lose saved preferences and/or fail strikeone validation due to the cookie domain change. If using a non-default
CookieRealm
setting, users may need to delete all domain cookies after this update.
User Registration
The stored format of pending registrations has been changed to perl "Storable" in order to better support Unicode user names and other registration fields.
As this format is binary and not generally human readable, a new report:
System.PendingRegistrations has been added. It shows registrations that are
awating email verification and registrations awating approval. Registrations awaiting approval can be directly approved from the new page.
Any existing pending registrations should be resolved prior to upgrading to Foswiki 2.1.3. Existing submissions will be lost.
Usability on small screens
A user contributed WebSideBar toggle button can be enabled. This renders a small "hamburg" icon to restore the side bar when viewing
Foswiki on a small device. See
System.PatternSkinCssCookbookSidebarToggle.
Configuration bootstrap
Bootstrap should be able to detect operation behind a proxy server, and will try harder to get the protocol (HTTP or HTTPS) and the hostname used by the user
correct. If bootstrap fails to properly set up a proxy configuration, we would appreciate bug reports that will help us improve operation. Note that
operation behind a chain of multiple proxy servers is not currently detected.
Page cache tuning.
A new optional (expert) configuration parameter
{Cache}{TrackInternalLinks}
is available for tuning how the cache tracks dependencies of topic references.
Default is
on
which is the same as prior releases. Foswiki will record
every topic link as a dependency. This can result in extrememly large cache
dependency tables, especially when using a WebLeftBar that displays a large
number of webs and/or topics.
Set this to
authenticated
to track these topic references only for logged in
users. Set to
off
(not recommended) to disable all reference link tracking.
The side effect of not tracking a link dependency is that cached pages will
not reflect updates that remove or add a topic.
Note that the PageCache should be globally flushed whenever any configuration
changes are made, or after updating Foswiki or any Extensions.
JQuery
This release updates to a newer maintenance version of JQuery. You should
visit
bin/configure
and select the updated versions of JQuery.
Important changes in Foswiki 2.1.1
Page Caching
The Foswiki PageCache has added another index on the dependencies table.
After installing this update, you should issue the
refresh=all
option to
drop the foswiki cache tables, and allow them to be recreated. This will
create the new index.
New CPAN dependency, and foswiki.org changes
Due to upstream changes, the Perl LWP package has been split into two
packages. You may need to install
LWP::Protocol::https
for https support in
extension installation and accessing remote sites with the INCLUDE macro.
Important changes in Foswiki 2.1
Deprecations
The
%HTTP%
and
%HTTPS%
macros are deprecated and will be removed in a future release. These macros now restrict the available information to the
Accept-language
and
User-Agent
headers. The list of available headers is now configurable.
The PatternSkin created
contentheader
and
contentfooter
as aliases for the
beforetext
and
aftertext
templates and deprecated the older templates. As
this broke compatibity with other skins, that deprecation has been reversed. For best compatibiliy continue to use
beforetext
and
aftertext
.
API Change
The Foswiki API version is incremented to version 2.4 in Foswiki 2.1.0. Foswiki 2.1 permits template names using Unicode characters.
New Perl CPAN dependencies!
Foswiki now requires CPAN:Email::MIME. Foswiki will be unable to send email without this module. SystemRequirements has more details on CPAN dependencies and
package names for most *nix distributions.
The registration form now accepts the parameter
templatename
to override the default NewUserTemplate. In addition the registration topics have been
restructured to permit multiple custom registration pages. Customization of the registration form is greatly simplified.
Easier to restrict access to the System web.
Some sites prefer to block access to the System web documentation for guest users. Duplicated content can result in lowered search engine rank, so it is
advantageous to restrict access to the System web. Foswiki now includes
ALLOWTOPICVIEW
settings for critical system topics that are required for guest access.
Changes in permitted characters in topic and attachment names.
Foswiki has split the topic and attachment name filters. The topic name filter has become more restrictive. Attachment names now permit embedded spaces, and
attachments with spaces will no longer be renamed to underscores. If you would prefer to use the old behavior, enable
$Foswiki::cfg{AttachmentReplaceSpaces}
.
Action Required: The colon (:) has been removed from the list of legal characters permitted in topic names. The colon was in
conflict with the InterWiki links. If your existing topic use the colon in topic names, you should remove the colon from the configuration setting
$Foswiki::cfg{NameFilter}
.
Improvements in International Character Set support
Foswiki 2.1 has further improved support for
utf-8
based character sets. Topics and data forms can use utf-8 characters. They will be properly rendered and
preserved during edit. The Foswiki core has been fully converted to utf-8 and unicode. All encoding / decoding is done "at the edge", when reading from
/ writing to the Foswiki store.
- Foswiki 2.1 International support
- Emails sent by Foswiki now fully support International Character Sets.
- Foswiki now uses NFC Normalization of Unicode characters. This greatly improves compatibility with Operating Systems like OSX which use NFD form characters by default.
- Template names are no longer restricted to ASCII characters.
- Foswiki 2.0 International support
- New sites will use utf-8 by default. Internationalizaiton should just work.
- Sites migrating data from a previous installation have two choices:
- Set
{Store}{Encoding} to match the previous ={Site}{CharSet}
. (Default was iso-8859-1
)
- Migrate the data to utf-8 by using the
tools/bulk_copy.pl
script. This is the recommended solution.
- Support for Locales is still known to have issues.
{UseLocales}
should not be enabled in the configuration.
ACTION REQUIRED If you are upgrading an existing system, you
should review the existing data and determine if migration to utf-8 should be performed.
See the
UpgradeGuide for more details. Note that the topic and
attachment name filters no longer filter international characters, so migration to utf-8 is
strongly recommended.
Due to the extensive internal changes, extensions may require changes for
compatibility with this release.
Translation Status
As of this release,
- Italian and Ukrainian are 100% complete.
- Traditional Chinese, French and German are >99% complete.
- Czech, Danish are >95% complete.
For more details on translation status, see
TranslationTeam and
Foswiki's Weblate translation server.
Foswiki thanks the Translators for their efforts. If you are interesting in helping with the translation, please contact
foswiki-translations@listsNOspamPlease.sourceforge.net.
Foswiki Release 2.1 Details
New Features
Fixes
Item10916 |
Pencils disappear after row move when both js and non-js controls are present. |
Item11609 |
No information how to un-set a topic parent. |
Item12067 |
Removing members via WikiGroups not possible when login name different from WikiName. |
Item12569 |
Sorting in tableplugin is wrong in German. |
Item13405 |
Unicode Normalisation. |
Item13677 |
regression: extension tabs in configure aren't sorted alphabetically anymore. |
Item13699 |
Mail sending fails when non-latin text in utf8 is being sent. |
Item13857 |
Mac OS X RCS "not found" by configure. |
Item13860 |
UploadFilter isn't blocking HTML attachments. |
Item13863 |
FileAttachment: generated filenames are not correct foswiki 2.0.3 mod_cgi, utf-8 store when uploaded from OS X. |
Item13865 |
Configure file permissions checker detects ,pfv directories as possible webs. |
Item13869 |
FoswikiServerInformation warns about undefined variables. |
Item13870 |
RCSStoreContrib configure check error by syntax shell command error in RCSChecker.pm. |
Item13875 |
Configure fails to perserve permissions when backing up config. |
Item13877 |
Certificate wizards not functional, always generates CSR, dependencies not documented. |
Item13880 |
TML rendered in head and script zones causes malformed html in WebCreateNewTopic. |
Item13881 |
Table header problem in unicode named web/topic. |
Item13885 |
PatternSkin should be backwards compatible to Foswiki 1.1. |
Item13886 |
Default id="foswikiTOC" creates illegal duplicate CSS IDs when multiple TOC macros are present. |
Item13889 |
Processing of dynamically generated META in a new topic template is displayed as plain text until saved. |
Item13890 |
bulk_copy ignores --latest option. |
Item13891 |
bulk_copy.pl does not copy user information for attachment histories. |
Item13893 |
Performance fixes for Foswiki 2.0.4. |
Item13894 |
RcsStore double-encodes utf8 comments into the attachment revision log. |
Item13896 |
TWISTY incorrectly used in Sandbox.WebHome, generates broken HTML. |
Item13898 |
JQueryAjaxHelper jumpbox code does not work with short URLs. |
Item13899 |
save: ignores new topic text if it is empty. |
Item13900 |
Logout redirects to wrong path when ForceDefaultHostUrl is enabled. |
Item13903 |
Redirect for authentication breaks utf8 topic names. |
Item13906 |
EditRowPlugin create table row without spaces. |
Item13912 |
perldoc does not process bulk_copy.pl correctly because of missing POD marker. |
Item13913 |
CLI scripts broken on windows. setlib.cfg issues "require CGI" which sets binmode on STDIN and breaks prompts. |
Item13917 |
NameFilter not working on 2.0 / 2.1 if configure reset to default is used. |
Item13924 |
Old style UserRegistration pages not working on 2.1 beta 1. |
Item13925 |
Leading spaces in DefaultUrlHost causes malformed URL links. |
Item13926 |
ModPerlEngineContrib is not backwards compatible with Foswiki 1.1.x. |
Item13927 |
Configure rcs checker crashes if configured command is not found. |
Enhancements
Item12560 |
NameFilter should reject colon, conflicts with Interwiki links. Restructure filters to improve flexibility. |
Item13436 |
Adding the class parameter to the TablePlugin. |
Item13444 |
Foswiki::Net::getExternalResource does a poor job of parsing URLs. |
Item13553 |
Add form-definition-table template. |
Item13554 |
Foswiki doesn't work with accented Template names. |
Item13594 |
Implement feature AddConcatOptionToAttrs. |
Item13848 |
Deprecate, and restrict HTTP and HTTPS macros. |
Item13849 |
Implement MakeZonesLessIntrusive. |
Item13854 |
Implemement MakeItEasierToBlockSystemWebGuestAccess. |
Item13864 |
Implement CustomNewUserTemplates - Registration can override the template for the user topic. |
Item13866 |
Add a file permission fixer script to tools. |
Item13867 |
bin/upload failed from the command line. |
Item13874 |
Don't encode URLs in links inserted by Upload. |
Item13914 |
rewriteshebang should use setlib, don't make user enter -I ../lib. |
Foswiki Release 2.1.1 Details
Fixes
Item975 |
BulkRegistration should work with ApacheLogin. |
Item13795 |
Redundant url params generated by %SCRIPTURLPATH macro. |
Item13941 |
%EDITTABLE macro visible in print mode. |
Item13944 |
Foswiki::Func::addToHEAD (deprecated in 2010) breaks with Foswiki 2.1 Zones rewrite. |
Item13945 |
Software error with Perl 5.10. Can't find Ascii Unicode entity. |
Item13947 |
Issues in Store Implementaton and Cache Implementation checkers. |
Item13950 |
Refresh cache needs better controls, to minimize bot clicks. |
Item13957 |
TinyMCEPlugin does not handle indent correctly. |
Item13958 |
The indent feature with colon does not render an empty line. |
Item13960 |
Wysiwyg editor cannot right align a table cell if the content of the cell is a "0". |
Item13975 |
Do a deep merge gathering foswikiPreferences. |
Item13989 |
When you disable guest sessions you also disable all registration and reset of password. |
Item13995 |
Search $changes renders a simple summary. |
Item13997 |
Incorrect assumption about encodings in Foswiki::Store. |
Item14000 |
Wrong row is deleted by EditRowPlugin in full table edit mode. |
Item14004 |
EditRowPlugin textarea doesn't honor the dimensions. |
Item14008 |
Configure checker should warn/error if AutoAttachPubFiles is used with PlainFile store. |
Item14010 |
Add mime type for woff2. |
Item14011 |
Make sure HTTP2 is always compressing HTML. |
Item14012 |
Prevent page caching under certain conditions. |
Item14013 |
Make sure zones are stable when reloading a page. |
Item14014 |
Comment plugin unable to use template files in hierarchical webs in Foswiki 2.1. |
Item14022 |
All internal links should be changed to https://foswik.org to avoid redirects. |
Item14024 |
JQueryPlugin (v6.32) might not initialise correctly with current JSON (v2.90) / JSON-XS (v3.02) modules w/o allow_nonref. |
Item14025 |
JsonRpcContrib requires allow_nonref (when using JSON-XS v3.02). |
Item14032 |
INCLUDE doesn't rewrite other webs' links in 2.1. |
Item14035 |
Plain file logger fails to rotate the log. |
Item14037 |
PageCache needs an index on the to_topic field. |
Item14038 |
PageCache generates too many dependencies on System.ParentList. |
Item14039 |
System.SkinBrowser takes too long to render due to Search performance. |
Item14042 |
Typo in JQueryPlugin defaults causes missing jquery version. |
Item14049 |
Configure hangs if URL has a trailing slash. |
Item14050 |
Link to missing topic in WelcomeGuest. |
Item14051 |
Page cache not respecting the Host URL. |
Item14053 |
Registration confirmation emails BCC the Webmaster. Causes too much noise. |
Item14055 |
If beforeUploadHandler modifies an attachment, it is recorded with the wrong size. |
Enhancements
Item13970 |
Modernize BUTTON. |
Item13971 |
Add latest jquery and remove some outdated versions. |
Item13972 |
Update fontawesome and extend %JQICON to be able to use fontawesome icons. |
Item13973 |
Deprecate bgiframe and media jquery plugins. |
Item13974 |
Update jquery.form to latest upstream version. |
Item13976 |
Update localScroll, scrollTo and serialScroll. |
Item13977 |
Update JQuery maskedInput. |
Item13978 |
Update JQuery masonry and externalize imagesLoaded module. |
Item13979 |
Update jquery.migrate. |
Item13980 |
Update jquery.queryObject. |
Item13981 |
Update jquery.render. |
Item13982 |
Update jquery.sprintf. |
Item13983 |
Update jquery.stars. |
Item13984 |
Update jquery superfish. |
Item13985 |
Update jquery.tabpane. |
Item13996 |
BulkRegistration should process the AddToGroups field. |
Item14005 |
Custom registration needs to pass user template name to email templates. |
Item14028 |
Add jquery-1.12.1 / jquery-2.2.1. |
Item14042 |
Add jquery-1.12.3 / jquery-2.2.3. |
Item14047 |
Simplify the htaccess configuration examples. |
Item4992 |
Work out how to translate Javascript strings. |
Foswiki Release 2.1.2 Details
Fixes
Item14061 |
Non-admin users are unable to refresh the page cache using the refresh query param. It's silently ignored. |
Foswiki Release 2.1.3 Details
Fixes
Item11548 |
INCLUDE{warn="custom"} only works for topic-missing warnings. |
Item13206 |
Upgrade to latest jquery-ui. |
Item13785 |
ExtensionInstaller fails to replace files under some conditions. |
Item13831 |
JS error in System.LanguageSelector |
Item13892 |
CALC doesn't work in %SEARCH despite of what documention says. |
Item13928 |
Mistypes to be fixed in the core. |
Item13929 |
FileUtil doesn't work correctly with BSD tar. |
Item13963 |
Foswiki::Form::getField() might generate 'use of undefined value' warnings. |
Item13986 |
Any changes to a topic text made after pushing the topic to the context stack are ignored even changes are related to topic-level preferences. |
Item14009 |
Comment plugin does not properly identify location to insert comment. |
Item14063 |
Bootstrap fails to correctly detect path when mod_rewrite engine is disabled. |
Item14064 |
Bad link in index.html in 2.1.0 and 2.1.2. |
Item14066 |
Performance issue sorting list based on NFKD. |
Item14068 |
Excessive calls of getPreferences(LINKTOOLTIP) causes performance issues. |
Item14069 |
Attach filename parameter needs further sanitization. |
Item14071 |
Register script reports zero values as missing registration fields. |
Item14077 |
INCLUDE{"topic,list"} fails if first topic is access denied. |
Item14078 |
Wysiwyg merges horizontal rules (---) into a preceeding list and looses the TML markup. |
Item14098 |
Approve User Registration should not require Verify User Registration. |
Item14102 |
Documentation suggest a Short URL configuration (renaming view script to xview) which is no longer supported. |
Item14104 |
Plain text password is sent by email in registration approval request. |
Item14107 |
Cancel doesn't undo add/delete row or move row actions. Document the restriction. |
Item14125 |
"Start Presentation" button needs further sanitization. |
Item14128 |
WebTopicEditTemplate not readable in restricted system web. |
Item14139 |
debugenableplugins not correctly handled. |
Item14146 |
Configure permissions checker fails to check some files, excessively checks others and crashes trying to report utf8 names. |
Item14150 |
Reload of a page in the cache fails to recompute strikeone keys. |
Item14169 |
Verification for {FeatureAccess}{Configure} in configure fails to handle login names. |
Item14171 |
Error message of jquery.render needs sanitization. |
Item14172 |
jquery.stars width incorrect in modal dialogs. |
Item14173 |
Invalid call to foswiki.getScriptUrl() in foswiki.getPreference(). |
Item14174 |
Missing files in MANIFEST of EditRowPlugin. |
Item14176 |
Don't add POSTDATA to TOC or QUERYSTRING. |
Item14195 |
Loop in Foswiki::UI::View::revisionsAround under some conditions. |
Item14199 |
Registration confirmation process corrupts utf-8 wiki names. |
Item14202 |
PageCache tweaks to control dependency growth. |
Item14204 |
Port JsonRpcContrib unit tests from master to Release02x01 - and fix error with redirectto revealed by test. |
Item14205 |
Autoconfig Email failing with recent versions of IO::Socket::SSL. |
Item14209 |
Email wizard for SSLCaFile and SSLCaPath doesn't return any results. |
Item14211 |
System.DataForms topic use the NEW macro. Should be N. |
Item14213 |
EditRowPlugin: "Use of uninitialized value in addition" warning when clicking on Edit button. |
Item14216 |
MailerContrib mailnotify fails with wide character print when run from Web when unicode webnames are in use. |
Item14218 |
EditRowPlugin: edit button does not work when using Internet Explorer. |
Item14227 |
Potential use of uninitialized value in a rating formfield. |
Item14235 |
Sanitize some template fields. |
Item14236 |
EditTablePlugin doesn't create compressed / gzipped css and js. |
Item14238 |
Documentation for the reverted META:CREATEINFO is still in the release. |
Item14249 |
Foswiki::Net uses userinfo functions not available in older versions of LWP. |
Item14250 |
Wait for images by default in jquery.masonry. |
Item14251 |
Remove non-functional caching of dialogs loaded via ajax. |
Item14253 |
WysiwygPlugin inserts extra spaces in front of square bracket links. |
Item14256 |
Data loss of certain formfield names when moving content from 1.x to 2.x. |
Item14258 |
EditRowPlugin will crash with empty column format. |
Item14263 |
Mistype in Foswiki::Configure::Item |
Item14265 |
NatEdit plugin leaves UI blocked after some save errors |
Item14266 |
Error enabling internationalization and languages |
Item14279 |
CLI tools/configure fails to encode Password when run in prompting mode |
Item14281 |
Cookie related changes. Inconsistent use of the domain and secure flags. |
Item14285 |
Don't try to action upon disabled toobar buttons |
Item14286 |
PatternSkin*Navigation topics are broken, and difficult to tailor. |
Item14287 |
Configure needs to encode reported configuration values. |
Item14305 |
Eliminate sporadic alert() by TinyMCE. |
Item14308 |
Configure extensions review crashes for some older extensions. |
Item14309 |
Old SVN based extensions don't compare as older than new Decimal versioned extensions. |
Item14312 |
Don't destroy dialogs on close. |
Item14315 |
ASSERT in Meta.pm when viewing prior revisions of topics with attachments. |
Item14317 |
Under some conditions, JEditableContrib attempts to load an .uncompressed.js source, which is not in the distribution. |
Item14321 |
Some InterwikiPlugin links are out of date. |
Enhancements
Item10918 |
Improve javascript api to address individual tabs. |
Item13578 |
Configure guesses relative path names with .. in them. |
Item13936 |
Need an altenate from address for wiki generated email. |
Item14086 |
FCGI Service file is needed for systemd systems. |
Item14092 |
attach.pattern.tmpl needs a hook for plugins to add properties. |
Item14120 |
Remove outdated yuicompressor tool. |
Item14121 |
Use svg in jquery.stars. |
Item14122 |
Upgrade to fontawesome 4.7.0. |
Item14123 |
foswiki.getPubUrlPath() fails with an uninitialized parameter. |
Item14124 |
Make skin of a jquery.loader backend configurable. |
Item14143 |
Configure should recommend setting SafeEnvPath for improved security. |
Item14145 |
PatternSkin deprecation of beforetext/aftertext templates breaks compatibility with other skins. |
Item14170 |
Improve slideshow navigation - increase size of buttons. |
Item14180 |
Bootstrap enhancements and refactoring. |
Item14181 |
Bootstrap detects incorrect hostname, and may mis-detect https when behind a proxy. |
Item14201 |
Add Pending Registrations report. |
Item14219 |
Add a contributed WebSideBar toggle cookbook. |
Item14226 |
Performance improvements to $.i18n(). |
Item14228 |
Upgrade JQueryPlugin to blockui 2.70. |
Item14229 |
Upgrade JQueryPlugin to jsrender 0.9.83. |
Item14230 |
jquery.maskedinput initializer does not match documentation. |
Foswiki Release 2.1.4 Details
Fixes
Item12090 |
Field name -with description- in Forms not working properly. |
Item13246 |
Context header_text needs better documentation. |
Item13339 |
Warning or errors icons in configure get stuck unless page is reloaded. |
Item13766 |
EditRowPlugin columns widths are jumping to wider size when you hoover the mouse over the table. |
Item13907 |
UpdatesPlugin Report of required update should list the backlevel extensions. |
Item13954 |
Extensions with "pluggable" components cause errors: No such value {Store}{Implementation}. |
Item14234 |
Clicking pencil for first row (erp_row=0) opens editor on entire table. |
Item14324 |
Perl 5.25.10 reports unescaped left brace in regular expression errors. |
Item14328 |
Foswiki::Net crashes with uninitialized value in pattern match when sending email for older CPAN modules. |
Item14337 |
SCRIPTURL paths and inline scripts make javascript signing more difficult than needed. |
Item14346 |
Systemd service file has issues, needs better documentation. |
Item14347 |
Prune the cruft from the tools dir and improve tools script documentation. |
Item14349 |
EditRowPlugin Edit Table button not functional on IE 11. |
Item14350 |
OopsException documentation has incorrect example. |
Item14351 |
Uninitialized value warning when changerows is used with EditRowPlugin. |
Item14366 |
use CGI::Carp in bin scripts BEGIN block cannot be found via LocalLib.cfg override. |
Item14368 |
Failure to handle edge cases leads to obscure bug in RCS. |
Item14369 |
Document parameters for USERNAME, WIKINAME and WIKIUSERNAME macros. |
Item14370 |
Foswiki::Func::removeUserFromGroup docmentation is incorrect. |
Item14372 |
JQueryPlugin ui-draggable got dropped from Config.spec. |
Item14377 |
Error message requires some encoding. |
Item14381 |
mod_perl unexpectedly decodes the URI, and X-FoswikiURI header should be debug only. |
Item14388 |
NatEditPlugin does not honor the ScriptSuffix setting, and doesn't accommodate short URLs. |
Item14392 |
WebPreferences topics contain empty DENY rules that would be honored if {AccessControlACL}{EnableDeprecatedEmptyDeny} is enabled. |
Item14396 |
Don't redirect to relative paths. 302 redirects should be absolute Locations. |
Item14440 |
Configure settings leak into the global $Foswiki::cfg hash in fcgi environment. |
Item14401 |
Foswiki crashes if PageCache is enabled with missing dependencies. |
Item14402 |
Invalid default in FastCGIEngineContrib example foswiki.defaults file. |
Item14404 |
NatEdit Save and Continue action fails on mod_perl systems. |
Item14405 |
Redirect after validation with HTTPS proxy for HTTP site results in unsafe redirect. |
Item14406 |
Configue LANGUAGES pluggable crashes in Locale::Code for unknown languages with Perl 5.26. |
Foswiki Release 2.1.5 Details
Fixes
Item11491 |
FCGI has de facto file upload limit - add note in documentation for fix. |
Item12495 |
In form fields of type "select", space after a value and before the delimiting comma makes the value selectable and it saves but will reset on next edit. |
Item13350 |
Document why Mailnotify appears to skip notification of some changes. |
Item13380 |
Remove the Web/Topic from the login URL to prevent flooding the browser password cache. |
Item13835 |
Title Field in Natedit gone, even when used. |
Item14395 |
InterwikiPlugin failure to check result from readTopic causes error. |
Item14415 |
TopicUserMapping places non-ASCII users in wrong position in WikiUsersTopic. |
Item14429 |
tools/configure generates invalid perl structure. |
Item14431 |
Dependencies check for DBD and DBI::Pg are broken by unexpected VERSION strings. |
Item14434 |
Translated text with reserved characters used in System.WebCreateNewTopicComponents will create wrong HTML. |
Item14445 |
Excel fails to open a password protected link to Foswiki. |
Item14446 |
Unwritable work_area results in mega-spam with mailnotify run. |
Item14448 |
UpdatesPlugin plugin list is empty on page reload. |
Item14455 |
Malformed System.AdminDocumentationCategory. |
Item14460 |
Login/Logon actions should create session when guest sessions are disabled. |
Item14461 |
Formfield select values containing entities will reset on next save. |
Item14462 |
{AuthScripts} is hidden unless Template Login is in use. |
Item14471 |
HistoryPlugin not properly rendering date tokens as stated in documentation. |
Item14472 |
Use jquery.prop instead of attr to get/set properties. |
Item14488 |
PatternSkin is missing "body" zone used by NatSkin and many extensions |
Item14490 |
EditRowPlugin Edit button image not displaying correctly. |
Item14492 |
HtPasswdUser implements bcrypt with a hard coded cost. {Htpasswd}{BCryptCost} is ignored. |
Item14515 |
Foswiki 2.1.3 cannot run on Windows "Aux" is a reserved filename on windows. |
Item14529 |
UpdatesPlugin should not use the cookie realm. |
Item14536 |
Configure leaves "wait" cursor spinning while waiting for user action. |
Item14544 |
SCRIPTURL breaks when X-FORWARDED-HOST has multiple values. |
Item14549 |
Prevent User/WikiName cache pollution by faulty call of internal user api. |
Item14550 |
Wrong initialization of {_options} hash reference in list formfields. |
Item14554 |
Remove link to unused wikiring.com domain. |
Item14556 |
Clean up page header area with PatternSkin. |
Item14557 |
PerlDependencyReport crashes under some conditions. |
Item14559 |
Regression via Item13898 - broken topic selectors. |
Item14560 |
WikiWord changes don't trigger a change event on the target element. |
Item14566 |
Don't cache a null result in foswiki.getPreference(). |
Item14573 |
Fix auto-height calculation of tabpane. |
Item14574 |
HTML cellspacing attribute has no effect. |
Item14584 |
jquery.wikiword changed interpretation of source parameter in a incompatible way. |
Item14586 |
Blinking scrollbar in natedit caused by incorrect window height. |
Item14588 |
mailnotify fills debug log with errors about "surprising mapping" and "missing mapping". |
Item14589 |
Invalid help link when editing topic preferences. |
Item14590 |
Missing closing tag in html diff of mailnotify. |
Item14591 |
Store fails to read old revisions with RcsWrap store, if .txt file is modified. |
Item14605 |
Unescaped brace in Regular Expression, Perl 5.27.8. |
Enhancements
Item14518 |
JQueryPlugin should warn configure if an older version of jquery is selected. |
Item14532 |
Allow process name override for FCGI task. |
Item14565 |
Bundle jquery.validate js files into one. |
Item14570 |
Add "use strict" to farbtastic's init and fix js errors. |
Item14577 |
Add user contributed sartup script for FreeBSD. |
Foswiki Release 2.1.6 Details
Fixes
Item14537 |
The EditRowPlugin makes tables "shaky". |
Item14616 |
The generic tools/extension_installer no longer functions on perl 5.26+. |
Item14622 |
UserRegistration validate.js is not compatible with CaptchaPlugin. |
Item14626 |
Incorrect example in System.Macros / System.PreferenceSettings. |
Item14629 |
Certain topics can be overridden without permission. |
Item14630 |
Topic ACLs are lost when copying to a new topic. |
Item14632 |
Topic autocompletion not functional anymore. |
Item14633 |
wrong language in <html> tag. |
Item14634 |
Use jquery.i18n for translations in jquery.natedit. |
Item14636 |
jquery.wikiword not setting the regex options correctly. |
Item14639 |
Operational topics in Main, Sandbox webs should be protected from editing non-admins. |
Foswiki Release 2.1.7 Details
Security
Item14903 |
change password accepts "1" as an old password |
Item14918 |
backport fix of CVE-2015-9251 and CVE-2019-11358 |
Item14936 |
eliminate use of 2-args open() |
Item15024 |
QUERY macro does not check access rights |
Item15033 |
update jquery.validate |
Item15048 |
disable access to sessionid |
Item15061 |
multiple cross-site scripting vulnerability in jQuery UI |
Fixes
Item14687 |
SET macro documentation related to INCLUDE and topic scope is incorrect. |
Item14688 |
Typos in InterwikiPlugin documentation. |
Item14773 |
configure documentation refers to FastReport . Should be JsonReport |
Item14809 |
System/InstallGuide Step 2: Ownership table lists wrong FreeBSD group |
Item14902 |
Add new Ubuntu 20.04 required perl module to requirements |
Item14660 |
missing tab id causes a javascript error |
Item14662 |
comment type "return" not functional |
Item14721 |
fix loading of language files for jquery.i18n |
Item14722 |
add jquery.browser as a separate module being removed from newer jQuery |
Item14725 |
wrong initial color of jquery.farbtastic dialog |
Item14729 |
fix regular expression for headings trying to support ExplicitNumberingPlugin |
Item14730 |
can't use path with a 0 (zero) in it |
Item14731 |
illegal json returned by attachments rest handler |
Item14741 |
EVAL(0) should return 0 not the empty string |
Item14762 |
jquery.loader does not clear timeout properly for automated reloading |
Item14873 |
rewrite and simplify UpdatesPlugin |
Item14874 |
deprecate uglify-js and yuicompressor in favor of terser and csso |
Item14890 |
breadcrumbs won't line-break on mobile devices |
Item14910 |
Remove Taint::Runtime |
Item14929 |
Single '0' (zero) not displayed in any table if plugin is activated for that topic |
Item14931 |
Error moving file with [space]WikiWord[space] name. |
Item14933 |
remove dependency on jquery.livequery module |
Item14934 |
language file compression isn't experimental anymore |
Item14935 |
leave absolute_urls context when an exception occured during registration |
Item14937 |
error parsing dotted triplets ip addresses |
Item14938 |
don't return compressed content when calling foswiki on the command line |
Item14941 |
only load comment.js and comment.css on pages where it is required |
Item14942 |
make sure isValueMapped is defined for any formfield |
Item14943 |
document publicOnly parameter in %INCLUDE and make it a true boolean |
Item14945 |
improve performance of template loader |
Item14946 |
RCS storage tests fail with a one-off second difference sometimes |
Item14990 |
remove explicit undef from return statement |
Item14991 |
improve performance of isGroup() call |
Item15000 |
fix button's behavior in disabled state |
Item15004 |
use relative urls wherever possible |
Item15007 |
extender.pl too loud on STDERR |
Item15008 |
bring back support for "dontnotify" in natedit |
Item15026 |
modernize default link protocol pattern |
Item15027 |
add jquery-3.6.0 |
Item15029 |
Meta::getPreferences() sometimes fails when called too early |
Item15030 |
encoding error including attachments |
Item15031 |
be less restrictive checking compatible acl settings in editor |
Item15032 |
tinymce cannot attach a file when strike one is disabled |
Item15038 |
select2 formfields were not validated |
Item15057 |
Add support for MariaDB |
Item15058 |
script tags for javascrit i18n should not use src attribute |
Item15066 |
rating formfield is not mergeable |
Item15067 |
jquery-ui's dialogs maniplulate the z-index of the widget on every mouseclick |
Item15069 |
improvements to radio, checkbox and label |
Item15070 |
use of uninitialized variable when there is no text |
Item15071 |
add some more useful entries to mime.types |
Item14564 |
add jquery-3 and an appropriate migrate module |
Item14685 |
permissions read from the wrong topic |
Item14689 |
Email::Address is deprecated, Email::Address::XS is the preferred module. |
Item14732 |
statistics script blocks all of foswiki |
Item14739 |
regression: cannot control logged actions anymore |
Item14766 |
deprecate all 1.x jquery, deprecate all 2.x except the latest |
Item14819 |
lost content on specific editor interactions |
Item14839 |
fix default value in textboxlist formfields |
Item14840 |
fix tooltip position in draggable elements |
Item14884 |
performance problem listing webs (hotfix available) |
Item14906 |
OP_ref has to read data relative to the topic being queried |
Item14908 |
cannot use zero as a formfield default |
Item14944 |
cannot use zero in alttext of FORMFIELD |
Item14970 |
INCLUDEing an url does not decode the retrieved content according to its charset |
Item14992 |
always display date and time of revisions |
Item14996 |
wrong url host if foswiki called via localhost |
Item15006 |
missing cpan dependencies for core engine |
Item15010 |
configure fails to accept newer rcs versions |
Item15014 |
prevent password fields from being autofilled in configure |
Item15022 |
Change notifications not send out under certain conditions |
Item15023 |
Eliminate local cache in FORMFIELD macro |
Item15025 |
FORMFIELD and QUERY don't read the correct topic object |
Item15028 |
store password during registration |
Item15041 |
global FOSWIKI_BROADCAST not initialized correctly |
Item15045 |
getRevisionInfo of an attachment always returns the revision info of the first attachment on the topic |
Item15047 |
Deep recursion if UserInterfaceInternationalisation is enabled yet no languages are enabled |
Enhancements
Item14454 |
Bundle JsViews as an option with JsRender |
Item14567 |
add keyboard navigation to jquery.stars |
Item14568 |
add chili recipes for autolisp and ini |
Item14569 |
deprecate jquery.placeholder |
Item14571 |
add manual sorting mode to textboxlist |
Item14572 |
upgrade jquery.livequery |
Item14720 |
upgrade animate.css to latest release |
Item14723 |
upgrade jquery.sprintf |
Item14724 |
enhance Makefile system to support sass and babel |
Item14726 |
better support for +values in textboxlist |
Item14727 |
improve locale support of datepicker |
Item14728 |
forward "open" event of ui-dialogs to jqUIDialogLink element |
Item14735 |
use animate.css for jquery.loader effects instead of jQuery's own ones |
Item14767 |
implement a proper icon service |
Item14837 |
update animate.css to latest upstream version |
Item14838 |
add "remember" feature to tabs |
Item14875 |
various maintenance fixes |
Item14897 |
rationalize edit template structure for better customization |
Item14901 |
Add support for XML and CERT data types in configure pages |
Item14963 |
add warmup parameter |
Item14994 |
don't generate inline @import-ed css |
Item15002 |
improve placement of content in jquery.loader |
Item15003 |
improve freebsd init script for foswiki service |
Item15005 |
too many log messages in fastcgi procmanager |
Item15018 |
rework some old css code in jQuery |
Item15019 |
give logos a proper dimension |
Item15021 |
multiple enhancements to SlideshowPlugin |
Item15040 |
add include cover |
Item15043 |
unable to configure zero max requests |
Item15044 |
improve free bsd startup scripts |
Item15059 |
JQICONs create a stray html attribute |
Item15060 |
add validation rule for foswikiMandatory css class |
Item15065 |
add jsonRpc api to foswiki namespace in javascript |
Item15068 |
don't bubble up jquery.loader events |
Foswiki Release 2.1.8 Details
Security
Item15135 |
directories in working directory are created as world writable 777 permissions |
Item15141 |
possible XSS attack in attachment comments |
Item15158 |
update to jquery-ui 1.13.2 |
Item15163 |
Local file inclusion vulnerability in viewfile |
Item15182 |
restricted allowed protocols to http and https |
Item15190 |
potential XSS vulnerability in jQuery |
Item15192 |
SpreadSheetPlugin's EVAL feature exposes infromation about paths and files on the server |
Item15198 |
Default to a secure location for temporary files not vulnerable to symlink attacks |
Item15200 |
possible XSS vulnerability in topic title field |
Fixes
Item14380 |
Foswiki should have option to use X-Forwarded-For to determine Client IP in reverse proxy configuration. |
Item14580 |
DIFF_TEXT rarely used ... and buggy |
Item15074 |
remove hardcoded options from build.pl of some extensions |
Item15075 |
deep recursion on innocent code |
Item15076 |
RCS store does not properly encode topic information |
Item15077 |
broken api to show/hide tabs in jquery tabpane |
Item15078 |
body zone merged to script zone |
Item15080 |
make {DefaultDateFormat} a text field |
Item15081 |
handle hash changes of own tabpane only |
Item15090 |
mailnotify script must run as admin user |
Item15091 |
only notify people of topics that they have view access to |
Item15113 |
jsonrpc doesn't set the web-topic context properly |
Item15129 |
FORMFIELD rev parameter broken |
Item15131 |
natedit doesn't validate mandatory formfields properly |
Item15136 |
Foswiki::Meta::save() sets topic and web too late when copying a topic |
Item15137 |
REVINFO doesn't return the top revision info with a zero rev parameter |
Item15142 |
better default labels for twisty links |
Item15145 |
add support for uploading multiple files in one request |
Item15146 |
require packages during compile time, not during runtime |
Item15160 |
Permissions editor can only auto-complete users and groups found in a topic of the users web |
Item15162 |
perl error when parsing email address of an empty header |
Item15173 |
add same-site policy to cookies |
Item15174 |
jquery.stars in +values mode |
Item15175 |
page with multiple jquery.loader mix their options |
Item15176 |
mailer fails to load language preferences for users |
Item15178 |
wrong set of permissions selecting "registered users" access in natedit |
Item15179 |
always load a proper I18N class when internationalisation is enabled |
Item15180 |
broken SCRIPTURL macro for json-rpc links |
Item15183 |
Fix version number of EditRowPlugin |
Item15184 |
don't translate < and > to their html entity counterparts |
Item15185 |
email tests fail on newer Email::MIME |
Item15186 |
random unit test failures in rcs store |
Item15189 |
Redirectto parameter breaks preview function |
Item15191 |
an uploaded html file is secured by appending txt multiple times |
Item15201 |
fix detection of edge browser |
Item15203 |
improve detection of module versions |
Enhancements
Item15138 |
IconSearchPath can't be set to empty |
Item15139 |
add optional t parameter to jquery.loader to prevent browser caching |
Item15140 |
a natedit formfield cannot be checked for mandatoryness |
Item15144 |
remove unused files from TwistyPlugin |
Item15147 |
in spec files, all {Module} settings are expert level |
Item15148 |
core's RELEASE and VERSION scheme should follow standards established in skins and extensions |
Item15149 |
improve perl doc renderer |
Item15153 |
report version numbers not release strings exploring installed extensions in configure |
Item15154 |
keep images and links in rss and atom feeds |
Item15155 |
add spaceOutWikiWord() to foswiki javascript API |
Item15157 |
update to jquery.validate 1.19.5 |
Item15181 |
update to jquery-3.6.3, remove previous jquery-3.x packages |
Item15187 |
remove stray quote from TML citations |
Item15194 |
make edit toolbar more configurable |
Item15199 |
add showcompleted and hidecompleted javascript events when the twisty opened/closed |
Item9012 |
make TwistyPlugin's mode attributes more meaningful |
Related Topic: ReleaseHistory