Foswiki Release 2.1.7

On this page:

Foswiki - The Free and Open Source Wiki

Foswiki is an enterprise collaboration and information sharing tool targeted for professional use in many types of organizations: from small businesses to multi-nationals, from one-product open source groups, to worldwide research networks.

Foswiki is a wiki: fundamentally, a website with editable web pages. It looks like a normal web site but it encourages contributions, edits, updates, questions, and answers from its users. It's a powerful way of enabling a community to communicate asynchronously using intranet and public Internet websites. Foswiki is simple to learn and use. It aims to provide a transparent way for you to publish and exchange your ideas with others over the web and eliminates the one-webmaster syndrome of outdated intranet content.

Foswiki is a structured wiki with tools that enable users without programming skills to build powerful yet simple applications to process information and support workflows. Developers can extend the functionality of Foswiki with plugins.

Foswiki is backwards compatible with content generated on all previous Foswiki versions, and even content and many plugins from TWiki installations (Foswiki ships with a TWikiCompatibilityPlugin, thus enabling most extensions made for TWiki to work in Foswiki. TWiki® is a registered trademark of Peter Thoeny.)

Foswiki is released under the GNU General Public License.

Foswiki Releases

  • Foswiki 1.0.0, the first Foswiki was released on 09 Jan 2009.
  • Foswiki 1.0.1, 1.0.2 and 1.0.3 were released internally in the development community, but were never publicly released.
  • Foswiki 1.0.4 was built 19 Mar 2009. It is a patch release with more than 120 bug fixes relative to 1.0.0 and only very few minor enhancements.
  • Foswiki 1.0.5 was built 25 Apr 2009. It is a patch release with more than 150 bug fixes relative to 1.0.0 and a few enhancements. This patch release further enhances the robustness and the security of the Foswiki software.
  • Foswiki 1.0.6 was built 21 Jun 2009. It is a patch release with more than 200 bug fixes relative to 1.0.0 and some enhancements. This version introduces a major enhancement in security against Cross-Site Request Forgery. Further more a central translation framework got introduced which ease the translation process and enables all users to contribute to translations.
  • Foswiki 1.0.7 was built 20 Sep 2009. It is a patch release with more than 240 bug fixes relative to 1.0.0 and some enhancements. This release fixes some serious issues introduced by the CSRF fix and the redirect cache fix in 1.0.6. Major enhancement that also fixes many annoying editor bugs is the upgrade of the Tiny MCE editor to version 3.2.2.
  • Foswiki 1.0.8 was built 29 Nov 2009. It is a patch release with more than 280 bug fixes relative to 1.0.0 and some enhancements. This release fixes a short list of quite annoying old bugs incl a bug that prevented efficient use of MailerContrib for producing newsletters. The Wysiwyg editor has been upgraded with the latest Tiny MCE editor release 3.2.7.
  • Foswiki 1.0.9 was built 17 Jan 2010. It is a patch release with more than 320 bug fixes relative to 1.0.0 and several enhancements. This release fixes many bugs in the Wysiwyg editor, bugs related to more advanced wiki applications and bugs in the Plugin API. It contains several bug fixes and enhancements related to security and spam fighting.
  • Foswiki 1.0.10 was built 08 Sep 2010 as a patch release with more than 410 bug fixes relative to 1.0.0. It is assumed to be the last 1.0.X release.
  • Foswiki 1.1.0 was built 04 Oct 2010. It is a release with more than 270 bug fixes relative to 1.0.10 and more than 680 bug fixes relative to 1.0.0. And the release adds more than 100 enhancements. Foswiki 1.1.0 introduces jQuery Javascript user interface framework, improved topic history display, new QUERY and FORMAT macros, better user interfaces for groups, much improved WYSIWYG editor, facelift of the default skin, much improved configure tool, and many more enhancements.
  • Foswiki 1.1.1 was built 25 Oct 2010. It is a release that fixes some important bugs that were introduced in 1.1.0. It is highly recommended that all running 1.1.0 upgrade to 1.1.1.
  • Foswiki 1.1.2 was built 09 Nov 2010. It is a release that fixes some very important bugs incl. a security related bug. Installations running 1.1.0 and 1.1.1 should be upgraded to 1.1.2
  • Foswiki 1.1.3 was built 16 Apr 2011. It is a release that fixes more than 150 bugs. jQuery has been updated to 1.4.3. The default PatternSkin has some usability improvements.
  • Foswiki 1.1.4 was built 20 Dec 2011. It is a release that fixes some very important including some security related issues. It contains 143 fixes and 27 enhancements. jQuery has been updated to 1.7.1.
  • Foswiki 1.1.5 was built 10 Apr 2012. It is a release that fixes some very important issues including some security related issues. It contains 100 fixes and 20 enhancements.
  • Foswiki 1.1.6 was built 02 Dec 2012. It is a release that fixes some important issues including some minor security related issues. It contains 94 fixes and 27 enhancements.
  • Foswiki 1.1.7 was built 01 Feb 2013. It is a release that fixes CVE-2012-6329 and CVE-2012-6330. It contains 20 fixes and 4 enhancements.
  • Foswiki 1.1.8 was built 28 Feb 2013. It is a release that fixes CVE-2013-1666. It contains 4 fixes.
  • Foswiki 1.1.9 was built 18 Nov 2013. It is a release that contains 44 fixes and 4 enhancements..
  • Foswiki 1.1.10 was built 23 Nov 2015. It is a release that contains 8 fixes and 8 enhancements.
  • Foswiki 2.0.0 was built on 04 Jul 2015. It is a release that contains 312 fixes and 157 enhancements, and closes 59 Feature Requests.
  • Foswiki 2.0.1 was built on 03 Aug 2015. It is a release that contains 28 fixes and 3 enhancements.
  • Foswiki 2.0.2 was built on 01 Oct 2015. It is a release that contains 65 fixes and 5 enhancements.
  • Foswiki 2.0.3 was built on 15 Nov 2015. It is a release that contains 17 fixes and 1 enhancement.
  • Foswiki 2.1.0 was built on 02 Feb 2016. It is a release that contains 37 fixes and 14 enhancements. It closes 7 Feature Requests.
  • Foswiki 2.1.1 was built on 30 Apr 2016. It is a release that contains 36 fixes and 21 enhancements.
  • Foswiki 2.1.2 was built on 02 May 2016. It is a release that contains 1 fix.
  • Foswiki 2.1.3 was built on 12 Feb 2017. It is a release that contains 68 fixes and 21 enhancements.
  • Foswiki 2.1.4 was built on 31 May 2017. It is a release that contains 31 fixes.
  • Foswiki 2.1.5 was built on 22 Jan 2018. It is a release that contains 43 fixes and 5 enhancements.
  • Foswiki 2.1.6 was built on 27 Feb 2018. It is a release that contains 11 fixes, including some critical security related fixes.

Pre-installed Extensions

Foswiki 2.1 is shipped with the following:
  • Plugins: AutoViewTemplatePlugin, CommentPlugin, ConfigurePlugin, EditRowPlugin, EmptyPlugin, HistoryPlugin, HomePagePlugin, InterwikiPlugin, JQueryPlugin, NatEditPlugin, PreferencesPlugin, PubLinkFixupPlugin, RenderListPlugin, SlideShowPlugin, SmiliesPlugin, SpreadSheetPlugin, SubscribePlugin, TablePlugin, TinyMCEPlugin, TwistyPlugin, UpdatesPlugin, WysiwygPlugin
  • Contribs: CompareRevisionsAddOn, FamFamFamContrib, FastCGIEngineContrib, JEditableContrib, JSCalendarContrib, JsonRpcContrib, MailerContrib, ModPerlEngineContrib, PlainFileStoreContrib, RCSStoreContrib, TipsContrib, TopicUserMappingContrib
  • Skins: PatternSkin
  • Compatibility support - TWikiCompatibilityPlugin

Known issues

For up-to-date information, see Known issues of Foswiki 2.1

Use of non-default {Store}{Encoding}

WARNING About {Store}{Encoding}: If you intend to use high-bit characters in attachment filenames (such as umlauts and accents), then links to these attachments on Foswiki pages will not work on a non-utf-8 Store without modification. This is because Foswiki works internally using Unicode, but the store saves files to disk using your chosen {Store}{Encoding}. Running the Store with other than utf-8 encoding is considered a transitional step and not recommended for long-term operation. The strongly recommended solution is to convert your store to UTF8 at the earliest opportunity.

A partial workaround is implemented in the PubLinkFixupPlugin This Plugin will attempt to rewrite broken links. This generally gets linked images and other attachments working. However the TinyMCEPlugin is still unable to render image links while editing a topic.

See Item13696 for up-to-date details.

Important changes in Foswiki 2.1.7

Multiple cross-site scripting vulnerability in jQuery and jQuery UI

These fixes are described in

  • CVE-2021-41182: XSS in the `altField` option of the Datepicker widget in jQuery UI < 1.30.0
  • CVE-2021-41183: XSS in `*Text` options of the Datepicker widget in jQuery UI < 1.30.0
  • CVE-2021-41184: XSS in the `of` option of the `.position()` util in jQuery UI &kt; 1.30.0
  • CVE-2016-7103: XSS in closeText option of Dialog in jQuery UI < 1.12.0
  • Fixes for CVE-2015-9251 and CVE-2019-11358 have been backported from jquery-3.x to jquery-2.x which is being used by default

Regular Expression Denial of Service vulnerability in jquery.validate

Details in CVE-2021-21252

Possible server site request forgery exposing the session id

For decades Foswiki and TWiki had ways to access the session id of a user and make it available on a wiki page using the %SESSIONID macro. Anybody that has got access to a session id can use this session in behalf of the user that is associated with it. There are multiple ways to leak this information to the outside using this macro. Therefore the two related macros %SESSIONID and %SESSIONVAR are deprecated for security reasons and have been disabled by default using the {Sessions}{HideSessionVariable} setting. Note that these macros will be removed completely in the next minor release.

QUERY macro does not check access rights

While macros such as %FORMFIELD only allowed access only to information the current user has got view rights for, the %QUERY macro does not.

Reimplementation of livequery using mutation observer

The LiveQuery module is at the core of Foswiki's javascript framework, alas was abandoned upstream. In the meantime modern browsers now all support a feature called "mutation observer" to monitor changes to the DOM in an efficient standardized way. Thus a new module called Observer has been implemented on this base to initialize javascript modules in a declarative way as it has been done before using LiveQuery.

Important changes in Foswiki 2.1.6

CVE-2018-7446

This is a critical Security Release, addressing CVE-2018-7446. In addition to installing this patch release, site adminstrators should follow the recommended changes in Support.SecurityAlert-CVE-2018-7446 to ensure that certain critical topic are protected.

Additional default topic protections

A number of "operational" topics shipped in the Main and Sandbox web are not protected from modifications by users. This release adds an ACL to most of the default topics shipped in the Main and Sandbox webs to restrict modifications to the Admin group.

The _default template web does not provide individual topic protections. The site administrators should customize the desired permissions before allowing users to create new webs.

Issues with NatEditPlugin Permissions tab not supporting certain ACLs.

It was discovered that the NatEditPlugin under some conditions will lose topic ACLs:
  • When a topic is copied, the ACLs in the source topic are not applied to the new topic.
  • If a topic contains crafted ACLs set using the More topic actions -> Edit settings dialog, they can be lost when the topic is edited by NatEdit. Specifically:
    • DENYTOPIC* ACLs (except for DENY = WikiGuest) are not supported by NatEdit and were silently discarded.
NatEditPlugin version 9.21 (shipped with this release) resolves this issue by disabling the "Permissions" tab when unsupported ACLs are detected.a

Support for CaptchaPlugin in User Registration

A change has been made to the validate.js javascript used by the UserRegistration page. This will permit easier integration of the Captcha Plugin to the default user registration page.

Important changes in Foswiki 2.1.5

New zone added as a default zone.

The body zone has been added as a default zone. It is rendered at the end of the body, just before the <body> tag. This improves compatibity of PatternSkin with Foswiki:Extensions.NatSkin. A number of extensions released for NatSkin will not function correctly without this zone. No changes are required unless you have replaced the foswiki.tmpl or foswiki.pattern.tmpl with a local version.

Additional support for Proxy configurations.

Foswiki has a new option under bin/configure -> Security and Authentication -> Proxies: {PROXY}{UseForwardedForHeader}. Enable this setting if the Foswiki is accessed through a reverse proxy. Foswiki will the use the X-Forwarded-For header to determine the Client IP address. This has several effects:
  • Foswiki will log the real Client IP address instead of the address of the reverse proxy server.
  • Session IP matching will use the real client IP when determining if the CGI Session is for the correct client.
  • Plugins that perform security functions based upon the IP address will see the real client IP address.
This setting should only be enabled if the majority of the clients access the server via the reverse proxy. It is possible for clients to spoof the X-Forwarded-For header, so only enable this setting when appropriate to avoid client IP Address spoofing.

Change in HTTP status return for authentication failures.

The fix for Item14445 changes the HTTP status return for authentiation errors from 401 - Unauthorized to 200 - OK when returning the Template Login screen. The 401 status is not valid unless it returns a WWW-Authentication challenge that can be processed by the agent. This is only valid when using HTTP authentication. The REST and JSONRPC actions will still return a 401, so that it can be handled by javascript.

Note: This change requires a corresponding fix for the LdapContrib. If you use the LdapContrib, you should not apply this release until an update of LdapContrib is available.

Running Foswiki on a Windows based web server

This release fixes a critical error that prevented Foswiki from being installed on Windows. Foswiki mistakenly used a reserved filename for a module which blocked installaion on Windows. This has been corrected in this release.

Important changes in Foswiki 2.1.3

Security issues addressed in this release.

This release addresses 7 Severity 3 security vulnerabilities which are described in further detail in Support.SecurityAlert-XSSIssues-2017-0201. See Security Alert Process for more details on how the Foswiki project handles security issues.

Possible data loss in DataForms

A possible data loss issue was discovered in DataForms migrated from Foswiki 1.x. A new configuration setting ({LegacyFormfieldNames}) was added to restore the old Foswiki 1.x behavior.

If your site uses DataForms that use non-Ascii field names, the form data will require manual migration, or you must enable {LegacyFormfieldNames} in the configuration.
  • Releases prior to Foswiki 2.0 stripped characters other than A-Z, a-z, 0-9 and _. So a field named Fühler would be stored as Fhler.
  • The same DataForms definition on Foswiki 2.0 would be stored as Fühler.
With the mismatch of field name, the form field will be lost when the topic is saved.

If you do not enable {LegacyFormfieldNames}, then you will need to find and update the META:FIELD definitions in the topics. This would need to be done external to Foswiki.
  %META:FIELD{name="Fhler" title="Fühler" value="123"}%
would need to be changed to
  %META:FIELD{name="Fühler" title="Fühler" value="123"}%

See Item14256 for more details.

The optional (expert) configuration parameter {Sessions}{CookieRealm} now applies to the Domain of all cookies generated by the Foswiki core. In addition, if your site is accessed over HTTPS, all cooikes will now have the Secure flag set. In prior releases, only the Foswiki session cookie used the CookieRealm and Secure flag. After upgrade to 2.1.3, users may lose saved preferences and/or fail strikeone validation due to the cookie domain change. If using a non-default CookieRealm setting, users may need to delete all domain cookies after this update.

User Registration

The stored format of pending registrations has been changed to perl "Storable" in order to better support Unicode user names and other registration fields. As this format is binary and not generally human readable, a new report: System.PendingRegistrations has been added. It shows registrations that are awating email verification and registrations awating approval. Registrations awaiting approval can be directly approved from the new page.

Any existing pending registrations should be resolved prior to upgrading to Foswiki 2.1.3. Existing submissions will be lost.

Usability on small screens

A user contributed WebSideBar toggle button can be enabled. This renders a small "hamburg" icon to restore the side bar when viewing Foswiki on a small device. See System.PatternSkinCssCookbookSidebarToggle.

Configuration bootstrap

Bootstrap should be able to detect operation behind a proxy server, and will try harder to get the protocol (HTTP or HTTPS) and the hostname used by the user correct. If bootstrap fails to properly set up a proxy configuration, we would appreciate bug reports that will help us improve operation. Note that operation behind a chain of multiple proxy servers is not currently detected.

Page cache tuning.

A new optional (expert) configuration parameter {Cache}{TrackInternalLinks} is available for tuning how the cache tracks dependencies of topic references. Default is on which is the same as prior releases. Foswiki will record every topic link as a dependency. This can result in extrememly large cache dependency tables, especially when using a WebLeftBar that displays a large number of webs and/or topics.

Set this to authenticated to track these topic references only for logged in users. Set to off (not recommended) to disable all reference link tracking.

The side effect of not tracking a link dependency is that cached pages will not reflect updates that remove or add a topic.

Note that the PageCache should be globally flushed whenever any configuration changes are made, or after updating Foswiki or any Extensions.

JQuery

This release updates to a newer maintenance version of JQuery. You should visit bin/configure and select the updated versions of JQuery.

Important changes in Foswiki 2.1.1

Page Caching

The Foswiki PageCache has added another index on the dependencies table. After installing this update, you should issue the refresh=all option to drop the foswiki cache tables, and allow them to be recreated. This will create the new index.

New CPAN dependency, and foswiki.org changes

Due to upstream changes, the Perl LWP package has been split into two packages. You may need to install LWP::Protocol::https for https support in extension installation and accessing remote sites with the INCLUDE macro.

Important changes in Foswiki 2.1

Deprecations

The %HTTP% and %HTTPS% macros are deprecated and will be removed in a future release. These macros now restrict the available information to the Accept-language and User-Agent headers. The list of available headers is now configurable.

The PatternSkin created contentheader and contentfooter as aliases for the beforetext and aftertext templates and deprecated the older templates. As this broke compatibity with other skins, that deprecation has been reversed. For best compatibiliy continue to use beforetext and aftertext.

API Change

The Foswiki API version is incremented to version 2.4 in Foswiki 2.1.0. Foswiki 2.1 permits template names using Unicode characters.

New Perl CPAN dependencies!

Foswiki now requires CPAN:Email::MIME. Foswiki will be unable to send email without this module. SystemRequirements has more details on CPAN dependencies and package names for most *nix distributions.

Enhanced Registration form

The registration form now accepts the parameter templatename to override the default NewUserTemplate. In addition the registration topics have been restructured to permit multiple custom registration pages. Customization of the registration form is greatly simplified.

Easier to restrict access to the System web.

Some sites prefer to block access to the System web documentation for guest users. Duplicated content can result in lowered search engine rank, so it is advantageous to restrict access to the System web. Foswiki now includes ALLOWTOPICVIEW settings for critical system topics that are required for guest access.

Changes in permitted characters in topic and attachment names.

Foswiki has split the topic and attachment name filters. The topic name filter has become more restrictive. Attachment names now permit embedded spaces, and attachments with spaces will no longer be renamed to underscores. If you would prefer to use the old behavior, enable $Foswiki::cfg{AttachmentReplaceSpaces}.

Action Required: The colon (:) has been removed from the list of legal characters permitted in topic names. The colon was in conflict with the InterWiki links. If your existing topic use the colon in topic names, you should remove the colon from the configuration setting $Foswiki::cfg{NameFilter}.

Improvements in International Character Set support

Foswiki 2.1 has further improved support for utf-8 based character sets. Topics and data forms can use utf-8 characters. They will be properly rendered and preserved during edit. The Foswiki core has been fully converted to utf-8 and unicode. All encoding / decoding is done "at the edge", when reading from / writing to the Foswiki store.

  • Foswiki 2.1 International support
    • Emails sent by Foswiki now fully support International Character Sets.
    • Foswiki now uses NFC Normalization of Unicode characters. This greatly improves compatibility with Operating Systems like OSX which use NFD form characters by default.
    • Template names are no longer restricted to ASCII characters.

  • Foswiki 2.0 International support
    • New sites will use utf-8 by default. Internationalizaiton should just work.
    • Sites migrating data from a previous installation have two choices:
      • Set {Store}{Encoding} to match the previous ={Site}{CharSet}. (Default was iso-8859-1)
      • Migrate the data to utf-8 by using the tools/bulk_copy.pl script. This is the recommended solution.
    • Support for Locales is still known to have issues. {UseLocales} should not be enabled in the configuration.

ALERT! ACTION REQUIRED If you are upgrading an existing system, you should review the existing data and determine if migration to utf-8 should be performed. See the UpgradeGuide for more details. Note that the topic and attachment name filters no longer filter international characters, so migration to utf-8 is strongly recommended.

Due to the extensive internal changes, extensions may require changes for compatibility with this release.

Translation Status

As of this release,
  • Italian and Ukrainian are 100% complete.
  • Traditional Chinese, French and German are >99% complete.
  • Czech, Danish are >95% complete.

For more details on translation status, see TranslationTeam and Foswiki's Weblate translation server. Foswiki thanks the Translators for their efforts. If you are interesting in helping with the translation, please contact foswiki-translations@lists.sourceforge.net.

Foswiki Release 2.1 Details

New Features

AddConcatOptionToAttrs Add +"more" and key+"more" options to Foswiki::Attrs
CompleteMIMESupportInEmail Wrap all outgoing mails into uniform and safe MIME envelope.
CustomNewUserTemplates Enhance register script to specify a templatetopic param instead of hard-coded 'NewUserTemplate'
DeprecateHTTPandHTTPS Deprecate and restrict System.VarHTTP and System.VarHTTPS macros due to security concerns
MakeItEasierToBlockSystemWebGuestAccess Simplify hiding the System web documentation.
MakeZonesLessIntrusive Make zones less intrusive, especially for non-HTML output
SplitTopicAttachmentNameFilters Separate the topic and attachment name filters, allow spaces in attachment names, remove colon from Topic names.

Fixes

Item10916 Pencils disappear after row move when both js and non-js controls are present.
Item11609 No information how to un-set a topic parent.
Item12067 Removing members via WikiGroups not possible when login name different from WikiName.
Item12569 Sorting in tableplugin is wrong in German.
Item13405 Unicode Normalisation.
Item13677 regression: extension tabs in configure aren't sorted alphabetically anymore.
Item13699 Mail sending fails when non-latin text in utf8 is being sent.
Item13857 Mac OS X RCS "not found" by configure.
Item13860 UploadFilter isn't blocking HTML attachments.
Item13863 FileAttachment: generated filenames are not correct foswiki 2.0.3 mod_cgi, utf-8 store when uploaded from OS X.
Item13865 Configure file permissions checker detects ,pfv directories as possible webs.
Item13869 FoswikiServerInformation warns about undefined variables.
Item13870 RCSStoreContrib configure check error by syntax shell command error in RCSChecker.pm.
Item13875 Configure fails to perserve permissions when backing up config.
Item13877 Certificate wizards not functional, always generates CSR, dependencies not documented.
Item13880 TML rendered in head and script zones causes malformed html in WebCreateNewTopic.
Item13881 Table header problem in unicode named web/topic.
Item13885 PatternSkin should be backwards compatible to Foswiki 1.1.
Item13886 Default id="foswikiTOC" creates illegal duplicate CSS IDs when multiple TOC macros are present.
Item13889 Processing of dynamically generated META in a new topic template is displayed as plain text until saved.
Item13890 bulk_copy ignores --latest option.
Item13891 bulk_copy.pl does not copy user information for attachment histories.
Item13893 Performance fixes for Foswiki 2.0.4.
Item13894 RcsStore double-encodes utf8 comments into the attachment revision log.
Item13896 TWISTY incorrectly used in Sandbox.WebHome, generates broken HTML.
Item13898 JQueryAjaxHelper jumpbox code does not work with short URLs.
Item13899 save: ignores new topic text if it is empty.
Item13900 Logout redirects to wrong path when ForceDefaultHostUrl is enabled.
Item13903 Redirect for authentication breaks utf8 topic names.
Item13906 EditRowPlugin create table row without spaces.
Item13912 perldoc does not process bulk_copy.pl correctly because of missing POD marker.
Item13913 CLI scripts broken on windows. setlib.cfg issues "require CGI" which sets binmode on STDIN and breaks prompts.
Item13917 NameFilter not working on 2.0 / 2.1 if configure reset to default is used.
Item13924 Old style UserRegistration pages not working on 2.1 beta 1.
Item13925 Leading spaces in DefaultUrlHost causes malformed URL links.
Item13926 ModPerlEngineContrib is not backwards compatible with Foswiki 1.1.x.
Item13927 Configure rcs checker crashes if configured command is not found.

Enhancements

Item12560 NameFilter should reject colon, conflicts with Interwiki links. Restructure filters to improve flexibility.
Item13436 Adding the class parameter to the TablePlugin.
Item13444 Foswiki::Net::getExternalResource does a poor job of parsing URLs.
Item13553 Add form-definition-table template.
Item13554 Foswiki doesn't work with accented Template names.
Item13594 Implement feature AddConcatOptionToAttrs.
Item13848 Deprecate, and restrict HTTP and HTTPS macros.
Item13849 Implement MakeZonesLessIntrusive.
Item13854 Implemement MakeItEasierToBlockSystemWebGuestAccess.
Item13864 Implement CustomNewUserTemplates - Registration can override the template for the user topic.
Item13866 Add a file permission fixer script to tools.
Item13867 bin/upload failed from the command line.
Item13874 Don't encode URLs in links inserted by Upload.
Item13914 rewriteshebang should use setlib, don't make user enter -I ../lib.

Foswiki Release 2.1.1 Details

Fixes

Item975 BulkRegistration should work with ApacheLogin.
Item13795 Redundant url params generated by %SCRIPTURLPATH macro.
Item13941 %EDITTABLE macro visible in print mode.
Item13944 Foswiki::Func::addToHEAD (deprecated in 2010) breaks with Foswiki 2.1 Zones rewrite.
Item13945 Software error with Perl 5.10. Can't find Ascii Unicode entity.
Item13947 Issues in Store Implementaton and Cache Implementation checkers.
Item13950 Refresh cache needs better controls, to minimize bot clicks.
Item13957 TinyMCEPlugin does not handle indent correctly.
Item13958 The indent feature with colon does not render an empty line.
Item13960 Wysiwyg editor cannot right align a table cell if the content of the cell is a "0".
Item13975 Do a deep merge gathering foswikiPreferences.
Item13989 When you disable guest sessions you also disable all registration and reset of password.
Item13995 Search $changes renders a simple summary.
Item13997 Incorrect assumption about encodings in Foswiki::Store.
Item14000 Wrong row is deleted by EditRowPlugin in full table edit mode.
Item14004 EditRowPlugin textarea doesn't honor the dimensions.
Item14008 Configure checker should warn/error if AutoAttachPubFiles is used with PlainFile store.
Item14010 Add mime type for woff2.
Item14011 Make sure HTTP2 is always compressing HTML.
Item14012 Prevent page caching under certain conditions.
Item14013 Make sure zones are stable when reloading a page.
Item14014 Comment plugin unable to use template files in hierarchical webs in Foswiki 2.1.
Item14022 All internal links should be changed to https://foswik.org to avoid redirects.
Item14024 JQueryPlugin (v6.32) might not initialise correctly with current JSON (v2.90) / JSON-XS (v3.02) modules w/o allow_nonref.
Item14025 JsonRpcContrib requires allow_nonref (when using JSON-XS v3.02).
Item14032 INCLUDE doesn't rewrite other webs' links in 2.1.
Item14035 Plain file logger fails to rotate the log.
Item14037 PageCache needs an index on the to_topic field.
Item14038 PageCache generates too many dependencies on System.ParentList.
Item14039 System.SkinBrowser takes too long to render due to Search performance.
Item14042 Typo in JQueryPlugin defaults causes missing jquery version.
Item14049 Configure hangs if URL has a trailing slash.
Item14050 Link to missing topic in WelcomeGuest.
Item14051 Page cache not respecting the Host URL.
Item14053 Registration confirmation emails BCC the Webmaster. Causes too much noise.
Item14055 If beforeUploadHandler modifies an attachment, it is recorded with the wrong size.

Enhancements

Item13970 Modernize BUTTON.
Item13971 Add latest jquery and remove some outdated versions.
Item13972 Update fontawesome and extend %JQICON to be able to use fontawesome icons.
Item13973 Deprecate bgiframe and media jquery plugins.
Item13974 Update jquery.form to latest upstream version.
Item13976 Update localScroll, scrollTo and serialScroll.
Item13977 Update JQuery maskedInput.
Item13978 Update JQuery masonry and externalize imagesLoaded module.
Item13979 Update jquery.migrate.
Item13980 Update jquery.queryObject.
Item13981 Update jquery.render.
Item13982 Update jquery.sprintf.
Item13983 Update jquery.stars.
Item13984 Update jquery superfish.
Item13985 Update jquery.tabpane.
Item13996 BulkRegistration should process the AddToGroups field.
Item14005 Custom registration needs to pass user template name to email templates.
Item14028 Add jquery-1.12.1 / jquery-2.2.1.
Item14042 Add jquery-1.12.3 / jquery-2.2.3.
Item14047 Simplify the htaccess configuration examples.
Item4992 Work out how to translate Javascript strings.

Foswiki Release 2.1.2 Details

Fixes

Item14061 Non-admin users are unable to refresh the page cache using the refresh query param. It's silently ignored.

Foswiki Release 2.1.3 Details

Fixes

Item11548 INCLUDE{warn="custom"} only works for topic-missing warnings.
Item13206 Upgrade to latest jquery-ui.
Item13785 ExtensionInstaller fails to replace files under some conditions.
Item13831 JS error in System.LanguageSelector
Item13892 CALC doesn't work in %SEARCH despite of what documention says.
Item13928 Mistypes to be fixed in the core.
Item13929 FileUtil doesn't work correctly with BSD tar.
Item13963 Foswiki::Form::getField() might generate 'use of undefined value' warnings.
Item13986 Any changes to a topic text made after pushing the topic to the context stack are ignored even changes are related to topic-level preferences.
Item14009 Comment plugin does not properly identify location to insert comment.
Item14063 Bootstrap fails to correctly detect path when mod_rewrite engine is disabled.
Item14064 Bad link in index.html in 2.1.0 and 2.1.2.
Item14066 Performance issue sorting list based on NFKD.
Item14068 Excessive calls of getPreferences(LINKTOOLTIP) causes performance issues.
Item14069 Attach filename parameter needs further sanitization.
Item14071 Register script reports zero values as missing registration fields.
Item14077 INCLUDE{"topic,list"} fails if first topic is access denied.
Item14078 Wysiwyg merges horizontal rules (---) into a preceeding list and looses the TML markup.
Item14098 Approve User Registration should not require Verify User Registration.
Item14102 Documentation suggest a Short URL configuration (renaming view script to xview) which is no longer supported.
Item14104 Plain text password is sent by email in registration approval request.
Item14107 Cancel doesn't undo add/delete row or move row actions. Document the restriction.
Item14125 "Start Presentation" button needs further sanitization.
Item14128 WebTopicEditTemplate not readable in restricted system web.
Item14139 debugenableplugins not correctly handled.
Item14146 Configure permissions checker fails to check some files, excessively checks others and crashes trying to report utf8 names.
Item14150 Reload of a page in the cache fails to recompute strikeone keys.
Item14169 Verification for {FeatureAccess}{Configure} in configure fails to handle login names.
Item14171 Error message of jquery.render needs sanitization.
Item14172 jquery.stars width incorrect in modal dialogs.
Item14173 Invalid call to foswiki.getScriptUrl() in foswiki.getPreference().
Item14174 Missing files in MANIFEST of EditRowPlugin.
Item14176 Don't add POSTDATA to TOC or QUERYSTRING.
Item14195 Loop in Foswiki::UI::View::revisionsAround under some conditions.
Item14199 Registration confirmation process corrupts utf-8 wiki names.
Item14202 PageCache tweaks to control dependency growth.
Item14204 Port JsonRpcContrib unit tests from master to Release02x01 - and fix error with redirectto revealed by test.
Item14205 Autoconfig Email failing with recent versions of IO::Socket::SSL.
Item14209 Email wizard for SSLCaFile and SSLCaPath doesn't return any results.
Item14211 System.DataForms topic use the NEW macro. Should be N.
Item14213 EditRowPlugin: "Use of uninitialized value in addition" warning when clicking on Edit button.
Item14216 MailerContrib mailnotify fails with wide character print when run from Web when unicode webnames are in use.
Item14218 EditRowPlugin: edit button does not work when using Internet Explorer.
Item14227 Potential use of uninitialized value in a rating formfield.
Item14235 Sanitize some template fields.
Item14236 EditTablePlugin doesn't create compressed / gzipped css and js.
Item14238 Documentation for the reverted META:CREATEINFO is still in the release.
Item14249 Foswiki::Net uses userinfo functions not available in older versions of LWP.
Item14250 Wait for images by default in jquery.masonry.
Item14251 Remove non-functional caching of dialogs loaded via ajax.
Item14253 WysiwygPlugin inserts extra spaces in front of square bracket links.
Item14256 Data loss of certain formfield names when moving content from 1.x to 2.x.
Item14258 EditRowPlugin will crash with empty column format.
Item14263 Mistype in Foswiki::Configure::Item
Item14265 NatEdit plugin leaves UI blocked after some save errors
Item14266 Error enabling internationalization and languages
Item14279 CLI tools/configure fails to encode Password when run in prompting mode
Item14281 Cookie related changes. Inconsistent use of the domain and secure flags.
Item14285 Don't try to action upon disabled toobar buttons
Item14286 PatternSkin*Navigation topics are broken, and difficult to tailor.
Item14287 Configure needs to encode reported configuration values.
Item14305 Eliminate sporadic alert() by TinyMCE.
Item14308 Configure extensions review crashes for some older extensions.
Item14309 Old SVN based extensions don't compare as older than new Decimal versioned extensions.
Item14312 Don't destroy dialogs on close.
Item14315 ASSERT in Meta.pm when viewing prior revisions of topics with attachments.
Item14317 Under some conditions, JEditableContrib attempts to load an .uncompressed.js source, which is not in the distribution.
Item14321 Some InterwikiPlugin links are out of date.

Enhancements

Item10918 Improve javascript api to address individual tabs.
Item13578 Configure guesses relative path names with .. in them.
Item13936 Need an altenate from address for wiki generated email.
Item14086 FCGI Service file is needed for systemd systems.
Item14092 attach.pattern.tmpl needs a hook for plugins to add properties.
Item14120 Remove outdated yuicompressor tool.
Item14121 Use svg in jquery.stars.
Item14122 Upgrade to fontawesome 4.7.0.
Item14123 foswiki.getPubUrlPath() fails with an uninitialized parameter.
Item14124 Make skin of a jquery.loader backend configurable.
Item14143 Configure should recommend setting SafeEnvPath for improved security.
Item14145 PatternSkin deprecation of beforetext/aftertext templates breaks compatibility with other skins.
Item14170 Improve slideshow navigation - increase size of buttons.
Item14180 Bootstrap enhancements and refactoring.
Item14181 Bootstrap detects incorrect hostname, and may mis-detect https when behind a proxy.
Item14201 Add Pending Registrations report.
Item14219 Add a contributed WebSideBar toggle cookbook.
Item14226 Performance improvements to $.i18n().
Item14228 Upgrade JQueryPlugin to blockui 2.70.
Item14229 Upgrade JQueryPlugin to jsrender 0.9.83.
Item14230 jquery.maskedinput initializer does not match documentation.

Foswiki Release 2.1.4 Details

Fixes

Item12090 Field name -with description- in Forms not working properly.
Item13246 Context header_text needs better documentation.
Item13339 Warning or errors icons in configure get stuck unless page is reloaded.
Item13766 EditRowPlugin columns widths are jumping to wider size when you hoover the mouse over the table.
Item13907 UpdatesPlugin Report of required update should list the backlevel extensions.
Item13954 Extensions with "pluggable" components cause errors: No such value {Store}{Implementation}.
Item14234 Clicking pencil for first row (erp_row=0) opens editor on entire table.
Item14324 Perl 5.25.10 reports unescaped left brace in regular expression errors.
Item14328 Foswiki::Net crashes with uninitialized value in pattern match when sending email for older CPAN modules.
Item14337 SCRIPTURL paths and inline scripts make javascript signing more difficult than needed.
Item14346 Systemd service file has issues, needs better documentation.
Item14347 Prune the cruft from the tools dir and improve tools script documentation.
Item14349 EditRowPlugin Edit Table button not functional on IE 11.
Item14350 OopsException documentation has incorrect example.
Item14351 Uninitialized value warning when changerows is used with EditRowPlugin.
Item14366 use CGI::Carp in bin scripts BEGIN block cannot be found via LocalLib.cfg override.
Item14368 Failure to handle edge cases leads to obscure bug in RCS.
Item14369 Document parameters for USERNAME, WIKINAME and WIKIUSERNAME macros.
Item14370 Foswiki::Func::removeUserFromGroup docmentation is incorrect.
Item14372 JQueryPlugin ui-draggable got dropped from Config.spec.
Item14377 Error message requires some encoding.
Item14381 mod_perl unexpectedly decodes the URI, and X-FoswikiURI header should be debug only.
Item14388 NatEditPlugin does not honor the ScriptSuffix setting, and doesn't accommodate short URLs.
Item14392 WebPreferences topics contain empty DENY rules that would be honored if {AccessControlACL}{EnableDeprecatedEmptyDeny} is enabled.
Item14396 Don't redirect to relative paths. 302 redirects should be absolute Locations.
Item14440 Configure settings leak into the global $Foswiki::cfg hash in fcgi environment.
Item14401 Foswiki crashes if PageCache is enabled with missing dependencies.
Item14402 Invalid default in FastCGIEngineContrib example foswiki.defaults file.
Item14404 NatEdit Save and Continue action fails on mod_perl systems.
Item14405 Redirect after validation with HTTPS proxy for HTTP site results in unsafe redirect.
Item14406 Configue LANGUAGES pluggable crashes in Locale::Code for unknown languages with Perl 5.26.

Foswiki Release 2.1.5 Details

Fixes

Item11491 FCGI has de facto file upload limit - add note in documentation for fix.
Item12495 In form fields of type "select", space after a value and before the delimiting comma makes the value selectable and it saves but will reset on next edit.
Item13350 Document why Mailnotify appears to skip notification of some changes.
Item13380 Remove the Web/Topic from the login URL to prevent flooding the browser password cache.
Item13835 Title Field in Natedit gone, even when used.
Item14395 InterwikiPlugin failure to check result from readTopic causes error.
Item14415 TopicUserMapping places non-ASCII users in wrong position in WikiUsersTopic.
Item14429 tools/configure generates invalid perl structure.
Item14431 Dependencies check for DBD and DBI::Pg are broken by unexpected VERSION strings.
Item14434 Translated text with reserved characters used in System.WebCreateNewTopicComponents will create wrong HTML.
Item14445 Excel fails to open a password protected link to Foswiki.
Item14446 Unwritable work_area results in mega-spam with mailnotify run.
Item14448 UpdatesPlugin plugin list is empty on page reload.
Item14455 Malformed System.AdminDocumentationCategory.
Item14460 Login/Logon actions should create session when guest sessions are disabled.
Item14461 Formfield select values containing entities will reset on next save.
Item14462 {AuthScripts} is hidden unless Template Login is in use.
Item14471 HistoryPlugin not properly rendering date tokens as stated in documentation.
Item14472 Use jquery.prop instead of attr to get/set properties.
Item14488 PatternSkin is missing "body" zone used by NatSkin and many extensions
Item14490 EditRowPlugin Edit button image not displaying correctly.
Item14492 HtPasswdUser implements bcrypt with a hard coded cost. {Htpasswd}{BCryptCost} is ignored.
Item14515 Foswiki 2.1.3 cannot run on Windows "Aux" is a reserved filename on windows.
Item14529 UpdatesPlugin should not use the cookie realm.
Item14536 Configure leaves "wait" cursor spinning while waiting for user action.
Item14544 SCRIPTURL breaks when X-FORWARDED-HOST has multiple values.
Item14549 Prevent User/WikiName cache pollution by faulty call of internal user api.
Item14550 Wrong initialization of {_options} hash reference in list formfields.
Item14554 Remove link to unused wikiring.com domain.
Item14556 Clean up page header area with PatternSkin.
Item14557 PerlDependencyReport crashes under some conditions.
Item14559 Regression via Item13898 - broken topic selectors.
Item14560 WikiWord changes don't trigger a change event on the target element.
Item14566 Don't cache a null result in foswiki.getPreference().
Item14573 Fix auto-height calculation of tabpane.
Item14574 HTML cellspacing attribute has no effect.
Item14584 jquery.wikiword changed interpretation of source parameter in a incompatible way.
Item14586 Blinking scrollbar in natedit caused by incorrect window height.
Item14588 mailnotify fills debug log with errors about "surprising mapping" and "missing mapping".
Item14589 Invalid help link when editing topic preferences.
Item14590 Missing closing tag in html diff of mailnotify.
Item14591 Store fails to read old revisions with RcsWrap store, if .txt file is modified.
Item14605 Unescaped brace in Regular Expression, Perl 5.27.8.

Enhancements

Item14518 JQueryPlugin should warn configure if an older version of jquery is selected.
Item14532 Allow process name override for FCGI task.
Item14565 Bundle jquery.validate js files into one.
Item14570 Add "use strict" to farbtastic's init and fix js errors.
Item14577 Add user contributed sartup script for FreeBSD.

Foswiki Release 2.1.6 Details

Fixes

Item14537 The EditRowPlugin makes tables "shaky".
Item14616 The generic tools/extension_installer no longer functions on perl 5.26+.
Item14622 UserRegistration validate.js is not compatible with CaptchaPlugin.
Item14626 Incorrect example in System.Macros / System.PreferenceSettings.
Item14629 Certain topics can be overridden without permission.
Item14630 Topic ACLs are lost when copying to a new topic.
Item14632 Topic autocompletion not functional anymore.
Item14633 wrong language in <html> tag.
Item14634 Use jquery.i18n for translations in jquery.natedit.
Item14636 jquery.wikiword not setting the regex options correctly.
Item14639 Operational topics in Main, Sandbox webs should be protected from editing non-admins.

Foswiki Release 2.1.7 Details

Security

Item14903 change password accepts "1" as an old password
Item14918 backport fix of CVE-2015-9251 and CVE-2019-11358
Item14936 eliminate use of 2-args open()
Item15024 QUERY macro does not check access rights
Item15033 update jquery.validate
Item15048 disable access to sessionid
Item15061 multiple cross-site scripting vulnerability in jQuery UI

Fixes

Item14687 SET macro documentation related to INCLUDE and topic scope is incorrect.
Item14688 Typos in InterwikiPlugin documentation.
Item14773 configure documentation refers to FastReport. Should be JsonReport
Item14809 System/InstallGuide Step 2: Ownership table lists wrong FreeBSD group
Item14902 Add new Ubuntu 20.04 required perl module to requirements
Item14660 missing tab id causes a javascript error
Item14662 comment type "return" not functional
Item14721 fix loading of language files for jquery.i18n
Item14722 add jquery.browser as a separate module being removed from newer jQuery
Item14725 wrong initial color of jquery.farbtastic dialog
Item14729 fix regular expression for headings trying to support ExplicitNumberingPlugin
Item14730 can't use path with a 0 (zero) in it
Item14731 illegal json returned by attachments rest handler
Item14741 EVAL(0) should return 0 not the empty string
Item14762 jquery.loader does not clear timeout properly for automated reloading
Item14873 rewrite and simplify UpdatesPlugin
Item14874 deprecate uglify-js and yuicompressor in favor of terser and csso
Item14890 breadcrumbs won't line-break on mobile devices
Item14910 Remove Taint::Runtime
Item14929 Single '0' (zero) not displayed in any table if plugin is activated for that topic
Item14931 Error moving file with [space]WikiWord[space] name.
Item14933 remove dependency on jquery.livequery module
Item14934 language file compression isn't experimental anymore
Item14935 leave absolute_urls context when an exception occured during registration
Item14937 error parsing dotted triplets ip addresses
Item14938 don't return compressed content when calling foswiki on the command line
Item14941 only load comment.js and comment.css on pages where it is required
Item14942 make sure isValueMapped is defined for any formfield
Item14943 document publicOnly parameter in %INCLUDE and make it a true boolean
Item14945 improve performance of template loader
Item14946 RCS storage tests fail with a one-off second difference sometimes
Item14990 remove explicit undef from return statement
Item14991 improve performance of isGroup() call
Item15000 fix button's behavior in disabled state
Item15004 use relative urls wherever possible
Item15007 extender.pl too loud on STDERR
Item15008 bring back support for "dontnotify" in natedit
Item15026 modernize default link protocol pattern
Item15027 add jquery-3.6.0
Item15029 Meta::getPreferences() sometimes fails when called too early
Item15030 encoding error including attachments
Item15031 be less restrictive checking compatible acl settings in editor
Item15032 tinymce cannot attach a file when strike one is disabled
Item15038 select2 formfields were not validated
Item15057 Add support for MariaDB
Item15058 script tags for javascrit i18n should not use src attribute
Item15066 rating formfield is not mergeable
Item15067 jquery-ui's dialogs maniplulate the z-index of the widget on every mouseclick
Item15069 improvements to radio, checkbox and label
Item15070 use of uninitialized variable when there is no text
Item15071 add some more useful entries to mime.types
Item14564 add jquery-3 and an appropriate migrate module
Item14685 permissions read from the wrong topic
Item14689 Email::Address is deprecated, Email::Address::XS is the preferred module.
Item14732 statistics script blocks all of foswiki
Item14739 regression: cannot control logged actions anymore
Item14766 deprecate all 1.x jquery, deprecate all 2.x except the latest
Item14819 lost content on specific editor interactions
Item14839 fix default value in textboxlist formfields
Item14840 fix tooltip position in draggable elements
Item14884 performance problem listing webs (hotfix available)
Item14906 OP_ref has to read data relative to the topic being queried
Item14908 cannot use zero as a formfield default
Item14944 cannot use zero in alttext of FORMFIELD
Item14970 INCLUDEing an url does not decode the retrieved content according to its charset
Item14992 always display date and time of revisions
Item14996 wrong url host if foswiki called via localhost
Item15006 missing cpan dependencies for core engine
Item15010 configure fails to accept newer rcs versions
Item15014 prevent password fields from being autofilled in configure
Item15022 Change notifications not send out under certain conditions
Item15023 Eliminate local cache in FORMFIELD macro
Item15025 FORMFIELD and QUERY don't read the correct topic object
Item15028 store password during registration
Item15041 global FOSWIKI_BROADCAST not initialized correctly
Item15045 getRevisionInfo of an attachment always returns the revision info of the first attachment on the topic
Item15047 Deep recursion if UserInterfaceInternationalisation is enabled yet no languages are enabled

Enhancements

Item14454 Bundle JsViews as an option with JsRender
Item14567 add keyboard navigation to jquery.stars
Item14568 add chili recipes for autolisp and ini
Item14569 deprecate jquery.placeholder
Item14571 add manual sorting mode to textboxlist
Item14572 upgrade jquery.livequery
Item14720 upgrade animate.css to latest release
Item14723 upgrade jquery.sprintf
Item14724 enhance Makefile system to support sass and babel
Item14726 better support for +values in textboxlist
Item14727 improve locale support of datepicker
Item14728 forward "open" event of ui-dialogs to jqUIDialogLink element
Item14735 use animate.css for jquery.loader effects instead of jQuery's own ones
Item14767 implement a proper icon service
Item14837 update animate.css to latest upstream version
Item14838 add "remember" feature to tabs
Item14875 various maintenance fixes
Item14897 rationalize edit template structure for better customization
Item14901 Add support for XML and CERT data types in configure pages
Item14963 add warmup parameter
Item14994 don't generate inline @import-ed css
Item15002 improve placement of content in jquery.loader
Item15003 improve freebsd init script for foswiki service
Item15005 too many log messages in fastcgi procmanager
Item15018 rework some old css code in jQuery
Item15019 give logos a proper dimension
Item15021 multiple enhancements to SlideshowPlugin
Item15040 add include cover
Item15043 unable to configure zero max requests
Item15044 improve free bsd startup scripts
Item15059 JQICONs create a stray html attribute
Item15060 add validation rule for foswikiMandatory css class
Item15065 add jsonRpc api to foswiki namespace in javascript
Item15068 don't bubble up jquery.loader events

Related Topic: ReleaseHistory
Topic revision: r1 - 28 Mar 2022, UnknownUser

  • User Reference
  • BeginnersStartHere
  • EditingShorthand
  • Macros
  • MacrosQuickReference
  • FormattedSearch
  • QuerySearch
  • DocumentGraphics
  • SkinBrowser
  • InstalledPlugins

  • Admin Maintenance
  • Reference Manual
  • AdminToolsCategory
  • InterWikis
  • ManagingWebs
  • SiteTools
  • DefaultPreferences
  • WebPreferences

This site is powered by FoswikiCopyright © by the contributing authors. All material on this site is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback