diff --git a/core/data/System/ReleaseHistory.txt b/core/data/System/ReleaseHistory.txt index be10b6126..01cab12ad 100644 --- a/core/data/System/ReleaseHistory.txt +++ b/core/data/System/ReleaseHistory.txt @@ -1,4 +1,4 @@ -%META:TOPICINFO{author="ProjectContributor" date="1519617704" format="1.1" version="1"}% +%META:TOPICINFO{author="ProjectContributor" date="1646665532" format="1.1" version="1"}% %META:TOPICPARENT{name="AdminDocumentationCategory"}% %STARTINCLUDE% @@ -9,6 +9,10 @@ The complete timeline of Foswiki Releases. Foswiki was forked from TWiki 4.2.4 a %TOC% +---++ Foswiki Release 2.1.7 - 07 Mar 2022 + +Foswiki 2.1.7 was built on 07 Mar 2022. It is a release that contains 110 fixes and 7 critical security related fixes. + ---++ Foswiki Release 2.1.6 - 27 Feb 2018 Foswiki 2.1.6 was built on 27 Feb 2018. It is a release that contains 11 fixes, including some critical security related fixes. diff --git a/core/data/System/ReleaseNotes02x01.txt b/core/data/System/ReleaseNotes02x01.txt index 79a400c4d..8bdcb0064 100644 --- a/core/data/System/ReleaseNotes02x01.txt +++ b/core/data/System/ReleaseNotes02x01.txt @@ -1,10 +1,10 @@ -%META:TOPICINFO{author="ProjectContributor" date="1519617704" format="1.1" version="1"}% +%META:TOPICINFO{author="ProjectContributor" date="1646666094" format="1.1" version="1"}% %META:TOPICPARENT{name="ReleaseHistory"}% ---+!! Foswiki Release 2.1.6 %TWISTY{showlink="Table of Contents..." hidelink="hide TOC"}% %TOC% -%ENDTWISTY{}% +%ENDTWISTY% ---++ Foswiki - The Free and Open Source Wiki @@ -18,7 +18,6 @@ Foswiki is backwards compatible with content generated on all previous Foswiki v Foswiki is released under the GNU General Public License. - ---++ Foswiki Releases %TWISTY{showlink="Release 1.0 releases..." hidelink="hide Release 1.0"}% @@ -59,7 +58,6 @@ Foswiki is released under the GNU General Public License. * Foswiki 2.1.5 was built on 22 Jan 2018. It is a release that contains 43 fixes and 5 enhancements. * Foswiki 2.1.6 was built on 27 Feb 2018. It is a release that contains 11 fixes, including some critical security related fixes. - ---++ Pre-installed Extensions Foswiki 2.1 is shipped with the following: @@ -124,6 +122,16 @@ function correctly without this zone. No changes are required unless you have replaced the =foswiki.tmpl= or =foswiki.pattern.tmpl= with a local version. +---+++ Additional support for Proxy configurations. + +Foswiki has a new option under bin/configure -> Security and Authentication -> Proxies: ={PROXY}{UseForwardedForHeader}=. Enable this setting +if the Foswiki is accessed through a reverse proxy. Foswiki will the use the =X-Forwarded-For= header to determine the Client IP address. This has several effects: + * Foswiki will log the real Client IP address instead of the address of the reverse proxy server. + * Session IP matching will use the real client IP when determining if the CGI Session is for the correct client. + * Plugins that perform security functions based upon the IP address will see the real client IP address. +This setting should only be enabled if the majority of the clients access the server via the reverse proxy. It is possible for clients to spoof the +=X-Forwarded-For= header, so only enable this setting when appropriate to avoid client IP Address spoofing. + ---+++ Change in HTTP status return for authentication failures. The fix for [[%BUGS%/Item14445][Item14445]] changes the HTTP status return for authentiation errors from =401 - Unauthorized= to =200 - OK= @@ -308,7 +316,7 @@ Foswiki thanks the Translators for their efforts. If you are interesting in hel ---++ Foswiki Release 2.1 Details ---+++ New Features - + | [[%FO%/Development.AddConcatOptionToAttrs][AddConcatOptionToAttrs]] | Add +"more" and key+"more" options to Foswiki::Attrs | | [[%FO%/Development.CompleteMIMESupportInEmail][CompleteMIMESupportInEmail]] | Wrap all outgoing mails into uniform and safe MIME envelope. | | [[%FO%/Development.CustomNewUserTemplates][CustomNewUserTemplates]] | Enhance register script to specify a =templatetopic= param instead of hard-coded 'NewUserTemplate' | @@ -646,9 +654,132 @@ Foswiki thanks the Translators for their efforts. If you are interesting in hel | [[%BUGS%/Item14636][Item14636]] | jquery.wikiword not setting the regex options correctly. | | [[%BUGS%/Item14639][Item14639]] | Operational topics in Main, Sandbox webs should be protected from editing non-admins. | - +---++ Foswiki Release 2.1.7 Details ---- +---+++ Security + +| [[%BUGS%/Item14903][Item14903]] | change password accepts "1" as an old password | +| [[%BUGS%/Item14918][Item14918]] | backport fix of CVE-2015-9251 and CVE-2019-11358 | +| [[%BUGS%/Item14936][Item14936]] | eliminate use of 2-args open() | +| [[%BUGS%/Item15024][Item15024]] | QUERY macro does not check access rights | +| [[%BUGS%/Item15033][Item15033]] | update jquery.validate | +| [[%BUGS%/Item15048][Item15048]] | disable access to sessionid | +| [[%BUGS%/Item15061][Item15061]] | multiple cross-site scripting vulnerability in jQuery UI | + +---+++ Fixes +| [[%BUGS%/Item14687][Item14687]] | SET macro documentation related to INCLUDE and topic scope is incorrect. | +| [[%BUGS%/Item14688][Item14688]] | Typos in InterwikiPlugin documentation. | +| [[%BUGS%/Item14773][Item14773]] | configure documentation refers to =FastReport=. Should be =JsonReport= | +| [[%BUGS%/Item14809][Item14809]] | System/InstallGuide Step 2: Ownership table lists wrong FreeBSD group | +| [[%BUGS%/Item14902][Item14902]] | Add new Ubuntu 20.04 required perl module to requirements | +| [[%BUGS%/Item14660][Item14660]] | missing tab id causes a javascript error | +| [[%BUGS%/Item14662][Item14662]] | comment type "return" not functional | +| [[%BUGS%/Item14721][Item14721]] | fix loading of language files for jquery.i18n | +| [[%BUGS%/Item14722][Item14722]] | add jquery.browser as a separate module being removed from newer jQuery | +| [[%BUGS%/Item14725][Item14725]] | wrong initial color of jquery.farbtastic dialog | +| [[%BUGS%/Item14729][Item14729]] | fix regular expression for headings trying to support ExplicitNumberingPlugin | +| [[%BUGS%/Item14730][Item14730]] | can't use path with a 0 (zero) in it | +| [[%BUGS%/Item14731][Item14731]] | illegal json returned by attachments rest handler | +| [[%BUGS%/Item14741][Item14741]] | EVAL(0) should return 0 not the empty string | +| [[%BUGS%/Item14762][Item14762]] | jquery.loader does not clear timeout properly for automated reloading | +| [[%BUGS%/Item14873][Item14873]] | rewrite and simplify UpdatesPlugin | +| [[%BUGS%/Item14874][Item14874]] | deprecate uglify-js and yuicompressor in favor of terser and csso | +| [[%BUGS%/Item14890][Item14890]] | breadcrumbs won't line-break on mobile devices | +| [[%BUGS%/Item14910][Item14910]] | Remove Taint::Runtime | +| [[%BUGS%/Item14929][Item14929]] | Single '0' (zero) not displayed in any table if plugin is activated for that topic | +| [[%BUGS%/Item14931][Item14931]] | Error moving file with [space]WikiWord[space] name. | +| [[%BUGS%/Item14933][Item14933]] | remove dependency on jquery.livequery module | +| [[%BUGS%/Item14934][Item14934]] | language file compression isn't experimental anymore | +| [[%BUGS%/Item14935][Item14935]] | leave absolute_urls context when an exception occured during registration | +| [[%BUGS%/Item14937][Item14937]] | error parsing dotted triplets ip addresses | +| [[%BUGS%/Item14938][Item14938]] | don't return compressed content when calling foswiki on the command line | +| [[%BUGS%/Item14941][Item14941]] | only load comment.js and comment.css on pages where it is required | +| [[%BUGS%/Item14942][Item14942]] | make sure isValueMapped is defined for any formfield | +| [[%BUGS%/Item14943][Item14943]] | document =publicOnly= parameter in %INCLUDE and make it a true boolean | +| [[%BUGS%/Item14945][Item14945]] | improve performance of template loader | +| [[%BUGS%/Item14946][Item14946]] | RCS storage tests fail with a one-off second difference sometimes | +| [[%BUGS%/Item14990][Item14990]] | remove explicit undef from return statement | +| [[%BUGS%/Item14991][Item14991]] | improve performance of =isGroup()= call | +| [[%BUGS%/Item15000][Item15000]] | fix button's behavior in disabled state | +| [[%BUGS%/Item15004][Item15004]] | use relative urls wherever possible | +| [[%BUGS%/Item15007][Item15007]] | extender.pl too loud on STDERR | +| [[%BUGS%/Item15008][Item15008]] | bring back support for "dontnotify" in natedit | +| [[%BUGS%/Item15026][Item15026]] | modernize default link protocol pattern | +| [[%BUGS%/Item15027][Item15027]] | add jquery-3.6.0 | +| [[%BUGS%/Item15029][Item15029]] | Meta::getPreferences() sometimes fails when called too early | +| [[%BUGS%/Item15030][Item15030]] | encoding error including attachments | +| [[%BUGS%/Item15031][Item15031]] | be less restrictive checking compatible acl settings in editor | +| [[%BUGS%/Item15032][Item15032]] | tinymce cannot attach a file when strike one is disabled | +| [[%BUGS%/Item15038][Item15038]] | select2 formfields were not validated | +| [[%BUGS%/Item15057][Item15057]] | Add support for MariaDB | +| [[%BUGS%/Item15058][Item15058]] | script tags for javascrit i18n should not use src attribute | +| [[%BUGS%/Item15066][Item15066]] | rating formfield is not mergeable | +| [[%BUGS%/Item15067][Item15067]] | jquery-ui's dialogs maniplulate the z-index of the widget on every mouseclick | +| [[%BUGS%/Item15069][Item15069]] | improvements to radio, checkbox and label | +| [[%BUGS%/Item15070][Item15070]] | use of uninitialized variable when there is no text | +| [[%BUGS%/Item15071][Item15071]] | add some more useful entries to mime.types | +| [[%BUGS%/Item14564][Item14564]] | add jquery-3 and an appropriate migrate module | +| [[%BUGS%/Item14685][Item14685]] | permissions read from the wrong topic | +| [[%BUGS%/Item14689][Item14689]] | Email::Address is deprecated, Email::Address::XS is the preferred module. | +| [[%BUGS%/Item14732][Item14732]] | statistics script blocks all of foswiki | +| [[%BUGS%/Item14739][Item14739]] | regression: cannot control logged actions anymore | +| [[%BUGS%/Item14766][Item14766]] | deprecate all 1.x jquery, deprecate all 2.x except the latest | +| [[%BUGS%/Item14819][Item14819]] | lost content on specific editor interactions | +| [[%BUGS%/Item14839][Item14839]] | fix default value in textboxlist formfields | +| [[%BUGS%/Item14840][Item14840]] | fix tooltip position in draggable elements | +| [[%BUGS%/Item14884][Item14884]] | performance problem listing webs (hotfix available) | +| [[%BUGS%/Item14906][Item14906]] | OP_ref has to read data relative to the topic being queried | +| [[%BUGS%/Item14908][Item14908]] | cannot use zero as a formfield default | +| [[%BUGS%/Item14944][Item14944]] | cannot use zero in alttext of FORMFIELD | +| [[%BUGS%/Item14970][Item14970]] | INCLUDEing an url does not decode the retrieved content according to its charset | +| [[%BUGS%/Item14992][Item14992]] | always display date _and_ time of revisions | +| [[%BUGS%/Item14996][Item14996]] | wrong url host if foswiki called via localhost | +| [[%BUGS%/Item15006][Item15006]] | missing cpan dependencies for core engine | +| [[%BUGS%/Item15010][Item15010]] | configure fails to accept newer rcs versions | +| [[%BUGS%/Item15014][Item15014]] | prevent password fields from being autofilled in configure | +| [[%BUGS%/Item15022][Item15022]] | Change notifications not send out under certain conditions | +| [[%BUGS%/Item15023][Item15023]] | Eliminate local cache in FORMFIELD macro | +| [[%BUGS%/Item15025][Item15025]] | FORMFIELD and QUERY don't read the correct topic object | +| [[%BUGS%/Item15028][Item15028]] | store password during registration | +| [[%BUGS%/Item15041][Item15041]] | global FOSWIKI_BROADCAST not initialized correctly | +| [[%BUGS%/Item15045][Item15045]] | getRevisionInfo of an attachment always returns the revision info of the first attachment on the topic | +| [[%BUGS%/Item15047][Item15047]] | Deep recursion if UserInterfaceInternationalisation is enabled yet no languages are enabled | + +---+++ Enhancements +| [[%BUGS%/Item14454][Item14454]] | Bundle JsViews as an option with JsRender | +| [[%BUGS%/Item14567][Item14567]] | add keyboard navigation to jquery.stars | +| [[%BUGS%/Item14568][Item14568]] | add chili recipes for autolisp and ini | +| [[%BUGS%/Item14569][Item14569]] | deprecate jquery.placeholder | +| [[%BUGS%/Item14571][Item14571]] | add manual sorting mode to textboxlist | +| [[%BUGS%/Item14572][Item14572]] | upgrade jquery.livequery | +| [[%BUGS%/Item14720][Item14720]] | upgrade animate.css to latest release | +| [[%BUGS%/Item14723][Item14723]] | upgrade jquery.sprintf | +| [[%BUGS%/Item14724][Item14724]] | enhance Makefile system to support sass and babel | +| [[%BUGS%/Item14726][Item14726]] | better support for +values in textboxlist | +| [[%BUGS%/Item14727][Item14727]] | improve locale support of datepicker | +| [[%BUGS%/Item14728][Item14728]] | forward "open" event of ui-dialogs to jqUIDialogLink element | +| [[%BUGS%/Item14735][Item14735]] | use animate.css for jquery.loader effects instead of jQuery's own ones | +| [[%BUGS%/Item14767][Item14767]] | implement a proper icon service | +| [[%BUGS%/Item14837][Item14837]] | update animate.css to latest upstream version | +| [[%BUGS%/Item14838][Item14838]] | add "remember" feature to tabs | +| [[%BUGS%/Item14875][Item14875]] | various maintenance fixes | +| [[%BUGS%/Item14897][Item14897]] | rationalize edit template structure for better customization | +| [[%BUGS%/Item14901][Item14901]] | Add support for XML and CERT data types in configure pages | +| [[%BUGS%/Item14963][Item14963]] | add warmup parameter | +| [[%BUGS%/Item14994][Item14994]] | don't generate inline @import-ed css | +| [[%BUGS%/Item15002][Item15002]] | improve placement of content in jquery.loader | +| [[%BUGS%/Item15003][Item15003]] | improve freebsd init script for foswiki service | +| [[%BUGS%/Item15005][Item15005]] | too many log messages in fastcgi procmanager | +| [[%BUGS%/Item15018][Item15018]] | rework some old css code in jQuery | +| [[%BUGS%/Item15019][Item15019]] | give logos a proper dimension | +| [[%BUGS%/Item15021][Item15021]] | multiple enhancements to SlideshowPlugin | +| [[%BUGS%/Item15040][Item15040]] | add include cover | +| [[%BUGS%/Item15043][Item15043]] | unable to configure zero max requests | +| [[%BUGS%/Item15044][Item15044]] | improve free bsd startup scripts | +| [[%BUGS%/Item15059][Item15059]] | JQICONs create a stray html attribute | +| [[%BUGS%/Item15060][Item15060]] | add validation rule for foswikiMandatory css class | +| [[%BUGS%/Item15065][Item15065]] | add jsonRpc api to foswiki namespace in javascript | +| [[%BUGS%/Item15068][Item15068]] | don't bubble up jquery.loader events | -*Related Topic:* ReleaseHistory +*Related Topic:* [[ReleaseHistory]]