This is the release notes for XWiki Commons, XWiki Rendering and XWiki Platform. They share the same release notes as they are released together and have the same version.

This release provides 2 new features: a dedicated UI to see what's new in the XWiki ecosystem directly inside XWiki instances, and a new macro to easily display icons in wiki pages. Besides those features, it also includes a lot of bug fixes and some fixes for important security vulnerabilities.

New and Noteworthy (since XWiki 15.1)

Full list of issues fixed and Dashboard for XWiki 15.2.

For Users

Icon Macro

 
A new icon macro has been introduced. It supports displaying an icon from the current or a chosen icon set and can thus be used to display icons that are consistent with XWiki's UI.

What's New in XWiki

 
Displays news about XWiki and its ecosystem, directly into your XWiki instance.

Miscellaneous

• Responsive Content in PDF Export: XWiki's user interface (UI) adapts automatically to the screen size (i.e. it's responsive), thanks to Bootstrap's grid system, and this sometimes applies even to the wiki page content. For instance the page content could be split into columns, the number of columns depending on the available screen width: a single column on extra small devices, 2 columns on small devices, 3 columns on medium and large devices. When exporting such a page to PDF the outcome can be different than what you see in view mode because the available width depends on the print page size which is different than the screen size. Starting with this version we're adapting Bootstrap's grid system for print media, in order to have a more predictable outcome:

  • extra small print: anything less than A4 portrait width => should match the behaviour from extra small screens
  • small print: A4 portrait up to A4 landscape => should match the behaviour from small screens
  • medium print: A4 landscape up to A3 landscape => should match the behaviour from medium screens
  • large print: A3 landscape and up => should match the behaviour from large screens

  By default the PDF export uses the A4 print page size so it should match the behaviour from small screens. See the PDF Export Application for more information.

For Admins

No changes!

For Developers

• Add parameters to the CKEditor html conversion request: A new xwiki:ckeditor:convertHTML event is send before a request to convert some content to HTML is sent by CKEditor. Listeners can add new request parameters by add properties on the data object send with the event. The example below show how to add an example parameter with value 1.

  $(document).on('xwiki:ckeditor:convertHTML', function(event, data) {
      data.example = 1;
  });

• Allow to chose conflict fallback version when merging: The storage merge API have been improved in order to allow consumers of the API to define what should be the fallback versions to use in case of merging conflicts: by default the version is still the current version element, but it's now also possible to chose the next version element.

Upgrades

The following runtime dependencies have been upgraded (they have a different release cycle than XWiki Commons, XWiki Rendering and XWiki Platform):

• dompurify 3.0.0
• jsTree 3.3.15
• node v18.14.0
• paged.js 0.4.1
• Logback 1.3.6
• Netty 4.1.90.Final
• JGroups 5.2.13
• Byte Buddy 1.14.2
• Rome 1.19.0
• Rome 2.1.0
• Groovy 3.0.16
• Plexus Utils 3.5.1
• log4j API 2.20.0
• jsoup 1.15.4
• Docker Java to 3.3.0
• Hibernate 5.6.15
• Tika 2.7.0
• PostgresSQL connector 42.5.3
• Protostream 4.6.1.Final
• commons-fileupload 1.5
• Closure Compiler v20230228
• JAXB Runtime 2.3.8
• Commons CSV 1.10.0
• Maven Resolver 1.9.7
• Maven 3.9.1
• Protobuf Java 3.22.2
• Infinispan 14.0.7
• JFFI 1.3.11
• Liquibase 4.20.0
• Checker Qual 3.32.0
• Caffeine 3.1.5
• Plexus Archiver 4.6.2
• JSqlParser 4.6
• Snakeyaml 2.0

Translations

The following translations have been updated: 

• German
• Dutch
• French
• Japanese
• Norwegian
• Russian

Tested Browsers & Databases

Here is the list of browsers we support and how they have been tested for this release:

	Browser	Tested on:
	Mozilla Firefox 111	Jira Tickets Marked as Fixed in the Release Notes
	Google Chrome 112	Tests run and results
	Microsoft Edge 111	Not Tested
	Safari 16	Not Tested

Here is the list of databases we support and how they have been tested for this release:

	Database	Tested on:
	HyperSQL 2.7.1	Not Tested
	MariaDB 10.11	Jira Tickets Marked as Fixed in the Release Notes
	MySQL 8	Not Tested
	PostgreSQL 15	Tests run and results
	Oracle 19c	Not Tested

Here is the list of Servlet Containers we support and how they have been tested for this release:

	Servlet Container	Tested on:
	Tomcat 9.0.73	Jira Tickets Marked as Fixed in the Release Notes Tests run and results
	Jetty 10.0.12 (XWiki Standalone packaging)	Not Tested
	Jetty 10.0.12	Not Tested

Security Issues

Security issues are not listed in issue lists or dashboards to avoid disclosing ways to use them, but they will appear automatically in them once they're disclosed. See the XWiki Security Policy for more details.

Known issues

• Bugs we know about

Backward Compatibility and Migration Notes

General Notes

• When upgrading make sure you compare and merge the following XWiki configuration files since some parameters may have been modified, removed or added:
  • xwiki.cfg
  • xwiki.properties
  • web.xml
  • hibernate.cfg.xml
• Add xwiki.store.migration=1 in xwiki.cfg so that XWiki will attempt to automatically migrate your current database to any new schema. Make sure you backup your Database before doing anything.

Issues specific to XWiki 15.2

HTML Cleaning behaviour changed

To fix a security vulnerability, restricted HTML cleaning now removes form-related HTML elements (in particular, form, input, select, textarea, and button). This should only affect HTML and raw macros that are authored by users without script right. In case of any issues, they can be allowed again by adding them to the xml.htmlElementSanitizer.extraAllowedTags configuration option in xwiki.properties.

New restrictions on document revisions

Old or deleted revisions of documents are displayed in a restricted mode that prevents the execution of script macros. This also affects the rendered diff. This may lead to unexpected errors, a warning for this is displayed for advanced users or if there is an actual error in the output. The same applies to the edit action if the request is not verified with a form token - the standard ways for creating documents shouldn't be affected by this but custom implementations might need to be adapted to avoid being affected by this change. In case you're using a lot of script macros in regular content, you could consider creating and using wiki macros instead that cover your most-used script features.

Form token required on the REST API

The REST API now requires a form token for certain requests, see  its documentation for details.

API Breakages

The following APIs were modified since XWiki 15.1:

Real breakages

Real backward compatibility breakages that we have unwillingly accepted to do for the reasons mentioned in each violation below.

• Change needed to provide a merge operation taking into account the configuration: we cannot provide a default method as it would wrongly give the feeling that the operation succeeded. We consider this breaking change acceptable since it's unlikely anyone directly implements this interface.
  • Violation type:
    java.method.addedToInterface
  • Code:
    ## Old:
    
    
    ## New:
    method org.xwiki.store.merge.MergeManagerResult<com.xpn.xwiki.objects.ElementInterface, java.lang.Object> com.xpn.xwiki.objects.ElementInterface::merge(com.xpn.xwiki.objects.ElementInterface, com.xpn.xwiki.objects.ElementInterface, com.xpn.xwiki.doc.merge.MergeConfiguration, com.xpn.xwiki.XWikiContext)

Unstable APIs

Not real backward compatibility breakages since they were done on APIs marked @Unstable (a.k.a Young APIs). Thus it's part of the contract that they can be broken until they become stable. They're listed purely for reference in case you decided to still use them (and thus agreed to be broken).

• Young API
  • Violation type:
    java.method.addedToInterface
  • Code:
    ## Old:
    
    
    ## New:
    method int java.lang.Comparable<T>::compareTo(T) @ org.xwiki.whatsnew.NewsSourceItem

Credits

The following people have contributed code and translations to this release (sorted alphabetically):

• Alex Cotiugă 
• Jesse Veentjer 
• Manuel Leduc 
• Marius Dumitru Florea 
• Michael Hamann 
• Oana-Lavinia Florean 
• Sereza7 
• Simon Urli 
• Simpel 
• Thomas Mortagne 
• Vincent Massol