Release Notes for XWiki 14.10
This is the release notes for XWiki Commons, XWiki Rendering and XWiki Platform. They share the same release notes as they are released together and have the same version.
This release includes a new export dialog, makes the new browser-based PDF export and the new image selector the default, adds a feature to restrict attachment mimetypes and makes the UI more consistent by adding breadcrumbs in more cases. It also fixes bugs including several security vulnerabilities, making it a recommended upgrade.
New and Noteworthy (since XWiki 14.9)
Full list of issues fixed and Dashboard for 14.10.
For Users
Browser-based PDF Export Used by Default
Starting with this version the new browser-based (client-side) PDF Export is used by default, replacing the old PDF export based on Apache FOP (Formatting Objects Processor). Some of the benefits are:
- dynamic content generated with JavaScript code is now included in the PDF export
- the CSS styles used in the PDF export are the same as those used when viewing the wiki page
- multi-page export supported by default
- writing custom PDF templates is easier
The new PDF Export implementation is still young so you are encouraged to report any issues you may encounter, or propose improvements. If you want to get back the old PDF export implementation, it's easy: there's a configuration option on the PDF Export wiki administration section. If you want to disable the new PDF export implementation completely, that's also possible, either by leaving the list of PDF templates empty in the dedicated administration section, or simply by uninstalling the PDF Export Application.
New Export Modal
The Export Modal has been redesigned:
- first you need to select the export format from the list of available formats, which are grouped by category and show an icon and a label; you can also type to filter the list of formats
- if the selected export format doesn't support multi-page export or the current page is terminal then the export is triggered directly
- if the selected export format supports multi-page export and the current page is nested then the Export Tree Modal is shown, allowing you to select the pages to export
- depending on the selected format:
- the export tree may show hidden pages (e.g. for XAR export) or not (e.g. for PDF export)
- the initial selection in the export tree may consist only in the current page (e.g. for PDF export) or the current page and all its child pages (e.g. for HTML export)
Each export format may customize further the export tree or add additional steps (e.g. PDF Export Options modal).
Breadcrumbs on Copy, Delete and Rename Operations
When a delete, copy or rename operation is started or its progress is displayed, the breadcrumbs are now visible at the top of the page. This makes it easier to navigate from a deleted, copied or renamed page.
Miscellaneous
Export Without Paged.js: If you're getting a timeout while doing a PDF export and the exported content is not too big then you probably hit a Paged.js bug. Paged.js is the JavaScript library we use to layout the exported content in print pages. You can overcome this by unchecking the Table of Contents, Header and Footer from the PDF Export Options modal and then triggering the export again. This time the export will be done without Paged.js, relying solely on the web browser, which shouldn't pose any problems. Of course, the downside is that you loose the Table of Contents, Header and Footer. Fortunately Paged.js is under active development so we hope its bugs will be fixed soon.
For Admins
Attachment can be restricted based on their mimetypes
It is now possible to limit the attachments uploaded on a space based on their mimetypes. This attachment validation is now applied on attachment upload using the attachment pane, the REST API, and CKEditor image dialog.
The configuration can be done at farm level with xwiki.properties (see below), at wiki level in the administration, in the Attachments Restriction section, or at space level using the page administration.
#-# Define the list of allowed attachment mimetypes. By default, this list is empty, but you can specify a
#-# comma-separated list of allowed mimetypes. Note that a joker (*) can be used to accept any media type. Once this
#-# list is not empty, any attachment with an unlisted mimetype will be rejected.
#-# For instance, if you want to only accept plain text and any kind of images, you can set the list to:
#-# text/plain,image/*
# attachment.upload.allowList=
#-# [Since 14.10RC1]
#-# Define the list of blocked attachment mimetypes. By default, this list is empty, but you can specify a
#-# comma-separated list of blocked mimetypes. Note that a joker (*) can be used to accept any media type. Once this
#-# list is not empty, any attachment matching one of the listed mimetype will be rejected.
#-# For instance, if you want to reject plain text and any kind of images, you can set the list to:
#-# text/plain,image/*
#-#
# attachment.upload.blockList=
PDF Export Limits
The PDF Export Application can now be configured to:
- limit the amount of content that can be included in a single PDF export; this can be done either from the PDF Export wiki administration section using the "Maximum content size" property or, globally, from xwiki.properties# [Since 14.10]
# The maximum content size, in kilobytes (KB), an user is allowed to export to PDF; in order to compute the content size
# we sum the size of the HTML rendering for each of the XWiki documents included in the export; the size of external
# resources, such as images, style sheets, JavaScript code is not taken into account; 0 means no limit;
export.pdf.maxContentSize=100 - limit the number of PDF exports that can be done in parallel; this can be specified only globally, from xwiki.properties# [Since 14.10]
# The maximum number of PDF exports that can be executed in parallel (each PDF export needs a separate thread).
export.pdf.threadPoolSize=3
Miscellaneous
Script right is not allowed by default anymore: The XWiki default right scheme has been edited to not allow by default the Script right to all users anymore. We decided to perform this change as the Script right gives a lot of powers to users and we found many possible security vulnerabilities related to using this right. This change will not impact existing instance of XWiki that would perform an upgrade: it only concerns new instances. However we strongly suggest administrators to review the rights they give to users to not give Script right by default to all users, and to give it only to a subset of trusted users.
The new CKEditor Image Dialog is now the default: The new CKEditor Image Dialog is now activated by default. On new instances, or when CKEditor.Config does not exists the change is automatic. Otherwise, activating the new image dialog must be done by removing xwiki-image from the disabled plugins list in the WYSIWYG Editor section of the Administration.
Email notification default frequency: It is now possible to configure globally the default frequency used for email notifications, in the administration section of the Notification Application.
For Developers
Export Formats Extension Point
A new UI extension point org.xwiki.platform.template.exportFormats is available to add export formats to the Export Modal. If you were using the old org.xwiki.plaftorm.menu.export.buttons extension point then we highly recommend updating your code to use this new extension point instead. Checkout the documentation for more information.
Restricted TextArea
It's now possible to indicate in the configuration of a TextArea property if you want the content to be executed in a restricted context. See TextArea for more details.
This new property is now used in comments objects, which means you can display a comment content as any other textarea property without the need to make the context restricted.
Miscellaneous
Table of contents is easier to style: The ordered or unordered list element at the root of the table of contents macro now has the wikitoc class attribute such that it is easier to style via CSS.
Upgrades
The following runtime dependencies have been upgraded (they have a different release cycle than XWiki Commons, XWiki Rendering and XWiki Platform):
- Vue 2.7.13
- CSS4J & CSS4J DOM4 3.9.0
- @babel/eslint-parser 7.19.1
- @testing-library/jest-dom 5.16.5
- MariaDB connector 3.0.9
- httpclient 5.2
- MySQL connector 8.0.31
- JFFI 1.3.10
- JNR FFI 2.2.13
- Netty 4.1.85.Final
- Apache XML Graphics Commons 2.8
- Plexus Archiver 4.6.0
- Hibernate 5.6.14
- Jackson 2.14.0
- Ivy 2.5.1
- Closure Compiler v20221102
- Infinispan 13.0.12.Final
- Joda-Time 2.12.1
- Byte Buddy 1.12.18
- ICU4J 72.1
- JAXB Runtime 2.3.7
- Protobuf Java 3.21.9
- Plexus Utils 3.5.0
- HSQLDB 2.7.1
- Woodstox 6.4.0
- Gson 2.10
- Batik 1.16
- Checker Qual 3.27.0
- common-compress 1.22
Translations
The following translations have been updated:
Tested Browsers & Databases
Here is the list of browsers we support and how they have been tested for this release:
Browser | Tested on: | |
---|---|---|
Mozilla Firefox 107 | Jira Tickets Marked as Fixed in the Release Notes | |
Google Chrome 107 | Tests run and results | |
Microsoft Edge 107 | ||
Safari 16 | Not Tested |
Here is the list of databases we support and how they have been tested for this release:
Database | Tested on: | |
---|---|---|
HyperSQL 2.7.1 | Not Tested | |
PostgreSQL 15 | Jira Tickets Marked as Fixed in the Release Notes | |
MariaDB 10.6 | Not tested | |
MySQL 8 | Tests run and results | |
Oracle 19c |
Here is the list of Servlet Containers we support and how they have been tested for this release:
Servlet Container | Tested on: | |
---|---|---|
Tomcat 9.0.69 | ||
Jetty 10.0.7 (XWiki Standalone packaging) | ||
Jetty 10.0.7 | Not Tested |
Known issues
Backward Compatibility and Migration Notes
General Notes
- When upgrading make sure you compare and merge the following XWiki configuration files since some parameters may have been modified, removed or added:
- xwiki.cfg
- xwiki.properties
- web.xml
- hibernate.cfg.xml
- Add xwiki.store.migration=1 in xwiki.cfg so that XWiki will attempt to automatically migrate your current database to any new schema. Make sure you backup your Database before doing anything.
Issues specific to XWiki 14.10
- The xwiki.action.import.xar.usefilter configuration property has been removed and it's no longer possible to use the old XAR import (it has been replaced by a newer implementation since XWiki 6.2).
- XWiki#exists methods throw an exception in case of problem instead of returning false
- As indicated in the Administrators section above, the Script right is no longer given by default to all users in new instances of XWiki
- The Google Analytics feature has been removed from XWiki Standard and moved to an Extension
API Breakages
The following APIs were modified since XWiki 14.9:
Unstable APIs
Not real backward compatibility breakages since they were done on APIs marked @Unstable (a.k.a Young APIs). Thus it's part of the contract that they can be broken until they become stable. They're listed purely for reference in case you decided to still use them (and thus agreed to be broken).
- New method needed in the unstable interface for temporary attachments.
- Violation type:java.method.addedToInterface
- Code:## Old:
## New:
method void org.xwiki.store.TemporaryAttachmentSessionsManager::temporarilyAttach(com.xpn.xwiki.doc.XWikiAttachment, org.xwiki.model.reference.DocumentReference) throws org.xwiki.store.TemporaryAttachmentException
- Violation type:
- New method needed in the unstable interface for browser tab.
- Violation type:java.method.addedToInterface
- Code:## Old:
## New:
method java.lang.String org.xwiki.export.pdf.browser.BrowserTab::getSource()
- Violation type:
- New REST resource added.
- Violation type:java.annotation.attributeValueChanged
- Code:## Old:
class org.xwiki.rest.model.jaxb.LinkCollection
## New:
class org.xwiki.rest.model.jaxb.LinkCollection
- Violation type:
- New method needed for better error handling by consumers of the API.
- Violation type:java.method.addedToInterface
- Code:## Old:
## New:
method org.xwiki.wysiwyg.converter.RequestParameterConversionResult org.xwiki.wysiwyg.converter.RequestParameterConverter::convert(javax.servlet.ServletRequest)
- Violation type:
Credits
The following people have contributed code and translations to this release (sorted alphabetically):
Alex Cotiugă
ClemDee
Clément Aubin
Evgeny Gribanov
Gankov Andrey
Manuel Leduc
Marius Dumitru Florea
Michael Hamann
Nikita Petrenko
Raphaël Jakse
Simon Urli
Simpel
Suguru Hirahara
Thomas Mortagne
Vincent Massol
Wurzelmann
fivemoons
slauriere
xrichard