Skip to content

Commit

Permalink
Item11383: Update release notes for 1.1.5
Browse files Browse the repository at this point in the history
git-svn-id: http://svn.foswiki.org/branches/Release01x01@14012 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
  • Loading branch information
GeorgeClark authored and GeorgeClark committed Feb 16, 2012
1 parent 28377ca commit 046dca8
Showing 1 changed file with 18 additions and 1 deletion.
19 changes: 18 additions & 1 deletion core/data/System/ReleaseNotes01x01.txt
Original file line number Diff line number Diff line change
Expand Up @@ -45,11 +45,28 @@ Foswiki 1.1 ships with the following:
#Release01x01Changes
---++ Important changes since Foswiki 1.1.4

Release 1.1.5 is a security focused release. There are a number of fixes and small enhancements designed to improve the security of Foswiki.

---+++ Improvements to User Registration

* The complete fix for [[http://foswiki.org/Support/SecurityAlert-CVE-2012-1004][CVE-2012-1004]] has been integrated, including pluggable field validations in the User Mapper. If your installation uses a custom user mapper, there is a new function in the base user mapper =lib/Foswiki/Users.pm=, that performs registration field validations. Override this method in your custom user mapper to add site specific validations.
* The user registration and group management API calls now all return error messages describing any failures. All errors are processed through MAKETEXT so that they are translated to the selected language.

---+++ Improvements to .hpasswd handling

* The =HtPasswdUser= password manager has been changed to globally cache the password file if enabled. In an installation running =fcgi= or =mod_perl=, this will reduce the overhead of reading the file for each transaction.
* The =.htpasswd= lock file is now configurable. There was a small risk that when multiple foswiki installations shared a common =.htpasswd= file, simultaneous updates would not be prevented, resulting in file corruption.

---+++ Changes to the =configure= password handling

The encoding of the =bin/configure= and "sudo" =admin= user has been changed. Sites should change their configure password as soon as possible. Note that this change is not backwards compatible. Once the password has been changed, if fallback to 1.1.4 is required, the password will have to be reset by removing the password from =lib/LocalSite.cfg.=

---+++ Changes to Statistics processing

The !WebStatistics topics are no longer shipped with Foswiki. Two new topics have been included; %SYSTEMWEB%.DefaultWebStatistics and %SYSTEMWEB%.WebStatisticsTemplate. The =statistics= script now has the optional capability of creating the missing !WebStatistics topics.
* The Foswiki configuration has a new parameter: ={Stats}{AutoCreateTopic}= (Default is disabled)
* The statistics script has a new parameter: =-autocreate 1= or =autocreate=1= (Default is disabled)
* The =statistics= script has a new parameter: =-autocreate 1= or =autocreate=1= (Default is 0 or disabled)
* The =statistics= script must now only be run using =POST=. HTML =GET= should never result in an update.

The details of this change are in %SYSTEMWEB%.SiteTools#WebStatistics, including a tool to help with creating the missing !WebStatistics topics.

Expand Down

0 comments on commit 046dca8

Please sign in to comment.