Release Notes for XWiki 13.3
This is the release notes for XWiki Commons, XWiki Rendering and XWiki Platform. They share the same release notes as they are released together and have the same version.
The release brings the ability to define default notification filters for new users and paves the way for adding components metadata inside Extensions (such as being able to indicate the Rendering macros that an Extension provides; This will allow for future use cases such as exposing all available macros from inside your wiki, even for extensions that you haven't installed yet!). Security has been tightened by not allowing redirection to other domains without an explicit consent. Last but not least, this release brings several developer improvements: Localization REST endpoint, a Syntax Registry, LESS compilation support for WebJars, and more.
New and Noteworthy (since XWiki 13.2)
Full list of issues fixed and Dashboard for 13.3.
For Users
No changes!
For Admins
Global Notifications Filters
Administrators can now add global notification filters which will be copied as the default filters for any new user registering on the wiki. It's possible for administrators to define both global system filters and global custom filters. Since the default filters are copied, any change made to the global filters won't impact existing users.
Searching inside Extensions
It's now possible to expose some Components found in Extensions so that they can be queried by the Extension Manager and shown in the extension details. You can now search in the Extension Manager for all Extensions providing some type of Components (Macros, Script Services, Syntax Parsers, Syntax Renderers, etc). For example, you can use component_macro:* to search for all Extensions providing Rendering Macros.
Extension Manager UI improvements
The more advanced search features of the Extension Manager are now hidden under a More button by default and more explanation was added to the shown informations.
Miscellaneous
Prevent redirections to untrusted domains: Redirections are now only performed to trusted domains in XWiki. The list of trusted domains is obtained from two sources:
- any URLs used to access the wiki is considered as trusted, as well as all the aliases used for subwikis,
- it's possible to specify in xwiki.properties the list of trusted domain by setting the property url.trustedDomains.
If a redirection is attempted to an URL whose domain does not belong to any of this source, a warning log will be output and the redirect is prevented. Note that it's possible to switch off this security mechanism by setting the property url.trustedDomainsEnabled to false.
For Developers
Less files in WebJar can be compiled to css: Less code packaged in WebJars can now be compiled to CSS when requested. When Less files are compiled to CSS, the less variables defined in the current skin are available and will be resolved to their current values.
Usage examples:
// Returns the raw content of test.less
$services.webjars.url('org.xwiki.platform:xwiki-platform-example', 'test.less')
// Returns the content of test.less compiled to css.
$services.webjars.url('org.xwiki.platform:xwiki-platform-example', 'test.less', {'evaluate': true})Localization REST API: The localization module is now providing a REST API. This API allows to request the raw source from a set of translation keys.
For instance:
# Request of a single translation, the locale is the default one.
curl -H 'Accept: application/json' http://localhost:8080/xwiki/rest/wikis/xwiki/localization/translations?key=administration.section.users.deleteUser.newAuthor.error
# {"translations":[{"key":"administration.section.users.deleteUser.newAuthor.error","rawSource":"The selected user doesn''t have {0} rights!"}]}Empty string in Static List: It is now possible to specify empty string values in a Static list by repeating twice the same separator. For example, using the default separators (|, , and space), the Foo||Bar string will be parsed as containing three values (Foo, empty string, and Bar), while Foo, Bar will be parsed as only two values (Foo and Bar), even if two separators (, and space) are used.
Syntax Registry: There's now the concept of a Syntax Registry and new Syntaxes are expected to register themselves in that registry.
You can list all registered syntaxes using:
@Inject
private SyntaxRegistry registry;
...
List<Syntax> syntaxes = registry.getSyntaxes();You can also get a Syntax object from a Syntax id string using (for example):
@Inject
private SyntaxRegistry registry;
...
Optional<Syntax> syntax = registry.getSyntax("xwiki/2.1");User Authentication Event: The classic Form and Basic Authentication mechanisms now trigger a UserAuthenticatedEvent event whenever a user is authenticated. As a new best practice, custom authenticator authors are advised to implement this new event.
Moved Modules
- The Help Center Application has been retired and its content integrated in the Help Application, for the following reasons:
- 2 extensions must not share the same pages
- It’s logical that the help is in sync with what it documents
- contrib extensions should be minimized for XS, all of XS deps should be in the XWiki GitHub organization (since they are maintained by the XS dev team), and preferably inside xwiki-platform when possible.
- Simpler to manage XS releases
Upgrades
The following runtime dependencies have been upgraded (they have a different release cycle than XWiki Commons, XWiki Rendering and XWiki Platform):
- log4j API 2.14.1
- XZ 1.9
- XStream 1.4.16
- Woodstox 6.2.5
- Tika 1.26
- Protobuf Java 3.15.8
- Netty 4.1.63
- Liquibase 4.3.3
- Jakarta Mail 1.6.7
- JNA 5.8.0
- JFFI 1.3.2
- Infinispan 11.0.10
- ICU4J 69.1
- Hibernate 5.4.30
- Guava 30.1.1
- Error Prone annotations 2.6.0
- Checker Qual 3.12.0
- Apache PDFBox 2.0.23
- Antlr 4.9.2
- Maven 3.8.1 and Resolver 1.6.2
Translations
The following translations have been updated:
Tested Browsers & Databases
Here is the list of browsers we support and how they have been tested for this release:
Browser | Tested on: | |
---|---|---|
Google Chrome 90 | Tests run and results | |
Mozilla Firefox 88 | ||
Microsoft Edge 90 | Not Tested | |
Internet Explorer 11 | Jira Tickets Marked as Fixed in the Release Notes | |
Safari 14 | Not Tested |
Here is the list of databases we support and how they have been tested for this release:
Database | Tested on: | |
---|---|---|
HyperSQL 2.5.1 | Tests run and results | |
Oracle 19c | ||
MariaDB 10.5 | Not Tested | |
MySQL 8 | Jira Tickets Marked as Fixed in the Release Notes | |
PostgreSQL 13 | Not Tested |
Here is the list of Servlet Containers we support and how they have been tested for this release:
Servlet Container | Tested on: | |
---|---|---|
Tomcat 9.0.45 | ||
Jetty 9.4.29 (XWiki Standalone packaging) | ||
Jetty 9.4.29 | Not Tested |
Known issues
Backward Compatibility and Migration Notes
General Notes
- When upgrading make sure you compare and merge the following XWiki configuration files since some parameters may have been modified, removed or added:
- xwiki.cfg
- xwiki.properties
- web.xml
- hibernate.cfg.xml
- Add xwiki.store.migration=1 in xwiki.cfg so that XWiki will attempt to automatically migrate your current database to any new schema. Make sure you backup your Database before doing anything.
Issues specific to XWiki 13.3
This release introduced a new security mechanism to prevent unwanted redirection (details can be found here). This mechanism might need a proper setup of url.trustedDomains property. In case it would create unwanted behaviour, you can always switch it off by editing your xwiki.properties config file and adding:
Also note that developers can use a specific property bypassDomainSecurityCheck in the execution context, when they need to use an URL redirect API even when the trusted domains are not properly configured, e.g. in some specific authenticators.
API Breakages
The following APIs were modified since XWiki 13.3:
- Was never meant to be public
- Violation type:java.class.removed
- Code:## Old:
class com.xpn.xwiki.store.migration.hibernate.MigrationResourceAccessor
- Violation type:
Credits
The following people have contributed code and translations to this release (sorted alphabetically):
- aemi-dev
- Alex Cotiugă
- arcilli
- Björn Ludwig
- Boris Yevstyhneiev
- Camelia Andrei
- ClemDee
- DamianArado
- Ecaterina Moraru (Valica)
- Eduard Moraru
- Guillaume C
- Guillaume Delhumeau
- Gwennan Smitskamp
- Manuel Leduc
- Marius Dumitru Florea
- Mohammad Humayun Khan
- Onlo
- Paul Massol
- Simon Urli
- slauriere
- Thomas Mortagne
- Vincent Massol
- xrichard