Release Notes for XWiki 15.5

Last modified by Ilie Andriuta on 2023/08/01
Contents

This is the release notes for XWiki Commons, XWiki Rendering and XWiki Platform. They share the same release notes as they are released together and have the same version.

This release brings two important changes: CKEditor now suggests quick edit actions when the / key is pressed, and notifications have been improved. In particular, the default settings for watch buttons and enabled notification types have been revised. Another noticeable change, the Youtube video on the home page is now removed. Finally, a new way to better differentiate users in the user picker has been introduced. For administrators, a list of known security vulnerabilities is now available (experimental), as well as a UI for deleting individual emails.

The following regressions were introduced in this release (and found after it was released). Please check them out and if they impact you we recommend waiting to upgrade to a version where they are fixed.

New and Noteworthy (since XWiki 15.4)

Full list of issues fixed and Dashboard for 15.5.

For Users

Quick Editing Actions

 
You can now access most of the WYSIWYG editing features using the keyboard, just by typing / (slash). This opens the Quick Actions drop down that lists quick action suggestions based on the context. Rendering macros are exposed as quick actions. Checkout the CKEditor Integration documentation for more information.

New Watch button state

 
The behaviour of watch buttons have changed to be more accurate regarding users' custom notification filters: if users have filters concerning some specific events only (e.g. a filter to watch mention on the whole wiki) the watch buttons will be displayed as "undecided". The idea is to expose to the users that "some events" are actually watched for that page, space or wiki.

Also using the watch buttons might disable some already existing custom filters, if those are concerning the exact same location and are contradictory. So for example, if a filter has been created to ignore mentions on a specific space, and the user decides to watch this space, then automatically the filter to ignore mention will be disabled. It can be enabled back manually by the user through the notification settings.

notification-watch-undecided

Home page change

 
The Youtube video located on the XWiki Standard flavor's home page has been removed (for privacy reasons and also for increased usability, as the underlying markup was complex to understand for users).

standard.png

Empty Line Placeholder

 
A placeholder text is now displayed on currently focused empty lines. By default it indicates the type of content block that holds the caret (e.g. paragraph, heading, list item, etc.), but it could also show tips on how to use the editor in that particular context. This is for instance used to advertise the Quick Actions shortcut (slash). Checkout the CKEditor Integration documentation for more information.

ckeditor-focusedlineplaceholder.png

Common User Name Differentiator

 
The user picker can now be configured to show additional information about the listed users (e.g. the user address or user position within the organisation) in order to help you distinguish between users with similar names. Check out the User Module documentation for more information.

Miscellaneous

  • Added keyboard support for the "more page action" dropdown.

  • Improved contrast of the autosave text when disabled.

  • Fixed tabulator order for the quick search feature. Now only visible elements will get focus via keyboard.

For Admins

Listing of Extensions Vulnerabilities

 
A security vulnerabilities section is now available in the administration. This section present the state of the known vulnerabilities of extensions installed on the wiki.

This list is filled based on a periodic scan (running every 24h by default), and uses https://osv.dev/ as its vulnerability database.

Please note that the list does not include all extensions for now. Extensions that can't be upgraded through the extension manager are not included.

Therefore, do not consider a instance as exempt of know security issues if the list is empty. See our Security Policy to know more about our security practices.

The vulnerabilities presented in the screenshots are based on outdated extensions versions and does not represent the state of an up to date XWiki instance.
They are here to show what the UI looks like with known vulnerabilities listed.

extension-security-notifications-admin.png
extension-security-notifications-uix.png
extension-security-notifications-example.png
extension-security-notifications-config.png
extension-security-notifications-admin-config.png

Mail Deletion

 
It's now possible to delete a single mail from the Admin UI, by clicking on the "Delete" button next to the mail in the Mail Status screen.

emailstatus.png

Miscellaneous

  • Common User Name Differentiator: It's now possible to configure an user property to be used as differentiator (hint) when displaying users in compact mode, in order to better identify users that have common or similar names. You can use an existing user property, like address, or a custom user property that you need to add first (e.g. the position inside the organization). This can be done from xwiki.properties file:

    #-# [Since 14.10.12]
    #-# [Since 15.5RC1]
    #-# When displaying an user in a compact mode we usually rely only on the user avatar and their full name. If this is
    #-# not enough to properly identify the user then this configuration can be used to display additional information.
    #-#
    #-# The name of the user property to be used as qualifier (hint) when displaying the user in a compact mode. This
    #-# configuration is not set by default, which means no additional information is displayed:
    # user.display.qualifierProperty =

    For instance:

    user.display.qualifierProperty = address

    At the moment this configuration is taken into account only by the user picker, and is not set by default, meaning that we don't show any differentiator by default. Check out the User Module documentation for more information.

For Developers

Provide strategies for grouping notifications

 
Notifications used to be automatically grouped using an hardcoded algorithm based on type of events and documents attached to the events. Starting with this release, we provide strategies to allow choosing how to group the events to be displayed in alert and email notifications.

This work is still at early stage since we do not provide yet an UI for users to chose their strategies, neither we provide updated templates that would work properly with all type of strategies. So if developers want to use the new strategy, they'd need to customize the notification templates.

New API to render a translation

 
There's now new LocalizationManager#getTranslation() and ContextualLocalizationManager#getTranslation() APIs to get a translation and render it for a target Syntax. For example:

@Inject
private LocalizationManager localizationManager;
...
try {
  String translation = this.localizationManager.getTranslation("key", locale, Syntax.HTML_5_0, parameters);
} catch (LocalizationException e) {
 // Error getting the HTML5 renderer
}

And

@Inject
private ContextualLocalizationManager localizationManager;
...
try {
  String translation = this.localizationManager.getTranslation("key", Syntax.HTML_5_0, parameters);
} catch (LocalizationException e) {
 // Error getting the HTML5 renderer
}

Upgrades

The following runtime dependencies have been upgraded (they have a different release cycle than XWiki Commons, XWiki Rendering and XWiki Platform):

Translations

The following translations have been updated: 

Tested Browsers & Databases

Here is the list of browsers we support and how they have been tested for this release:

 BrowserTested on:
Firefox30.pngMozilla Firefox 115Not Tested
Chrome30.pngGoogle Chrome 114Jira Tickets Marked as Fixed in the Release Notes
Edge30.pngMicrosoft Edge 114Not Tested
Safari30.pngSafari 16Not Tested

Here is the list of databases we support and how they have been tested for this release:

 DatabaseTested on:
hypersql.pngHyperSQL 2.7.2Not Tested
mariadb.pngMariaDB 10.11Not Tested
mysql.pngMySQL 8Not Tested
postgresql.pngPostgreSQL 15Not Tested
oracle.pngOracle 19cJira Tickets Marked as Fixed in the Release Notes

Here is the list of Servlet Containers we support and how they have been tested for this release:

 Servlet ContainerTested on:
tomcat-icon.pngTomcat 9.0.78Jira Tickets Marked as Fixed in the Release Notes
jetty-icon.pngJetty 10.0.12 (XWiki Standalone packaging)Not Tested
jetty-icon.pngJetty 10.0.12Not Tested

Security Issues

Security issues are not listed in issue lists or dashboards to avoid disclosing ways to use them, but they will appear automatically in them once they're disclosed. See the XWiki Security Policy for more details.

Known issues

Backward Compatibility and Migration Notes

General Notes

  • When upgrading make sure you compare and merge the following XWiki configuration files since some parameters may have been modified, removed or added:
    • xwiki.cfg
    • xwiki.properties
    • web.xml
    • hibernate.cfg.xml
  • Add xwiki.store.migration=1 in xwiki.cfg so that XWiki will attempt to automatically migrate your current database to any new schema. Make sure you backup your Database before doing anything.

Issues specific to XWiki 15.5

Notifications

Wiki is not watched anymore and notifications application types all are enabled by default

The default watch behaviour of notifications has been changes for new users on a wiki without any notifications settings. Before this release new users were automatically watching the whole wiki for a specific set of events (e.g. mentions) until they started to perform editions, in which case it was magically enabling some notifications event types for them.

This behaviour was leading to lots of problems and was confusing for users. So we voted to simplify it.

The new behaviour is that by default, for new users, the wiki is not watched and all notifications event types are automatically enabled. The rationale is that the users will start manually to watch pages (by using the watch switches, or by performing editions with the auto-watch mechanism), start to receive notifications for them as the event types are enabled, and then decide to opt-out for some of them.

Note that this only applies for new users when there's no notifications settings set for the wiki.

Stop support of post-filtering

Pre-filtering of notifications has been introduced in XWiki 12.5 and is the default since XWiki 12.6 as it fixes important scalability issues in notifications. We voted to drop the support of post-filtering of notifications during 15.x cycle. So this mechanism has been removed in 15.5, it's available only from legacy modules but it's not compatible with new features related to notifications.

Deprecation and move of NotificationManager

The NotificationManager interface which is a component type originally available from the xwiki-platform-notifications-sources module has been deprecated and move to legacy as part of the work made on grouping of notification. It is advised to use instead ParametrizedNotificationManager available from the same module.

Developers who needs to keep using NotificationManager can find it in the xwiki-platform-legacy-notifications-sources module.

Behaviour change regarding Live Email Notifications

The Live Email Notifications used to send one email per type of events or documents, after the grace period was reached for the events. So it means that if you've setup the grace period to 10 minutes, and updates were done on 3 different documents in less than 10 minutes, you'd received 3 different emails for each document.

The default behaviour has been changed by mistake so you would now receive a single email containing all changes from the last 10 minutes. It has been voted to keep this new behaviour for now. 

Note that it's possible to obtain the previous behaviour by changing the Email Grouping Strategy for using the "emailperevent" strategy. However note that this strategy would be used for all email notifications, not just for the Live Email Notifications, but also for Weekly, Daily and Hourly email notifications. 

This will be improved in the future to allow setting this preferences per scheduler (see: XWIKI-21074).

Localization

The LocalizationManager and ContextualLocalizationManager interfaces have both had a new getTranslation() method added, which can be used to render a translation into a given target syntax. If you have a custom override of these components in your wiki, these methods will return null (thus defaulting to displaying translation keys instead of proper translation content in the UI) until these custom implementations are modified to implement the new methods.

Email Resender

The ability to resend mails at XWiki startup has been removed, for 2 reasons:

  • It was done synchronousy and when there are thousands of mails to resent, that was blocking the restart of XWiki
  • We don't need to resend mail at startup and it's better to use a Scheduler job to do that regularly

Hence, the Mail Resender Scheduler job is now triggered by default to resend mail every day (that's configurable). The mail.sender.database.resendAutomaticallyAtStartup configuration property has also been removed.

Listing of extensions vulnerabilities

The vulnerabilities are retrieved from https://osv.dev/ APIs (https://api.osv.dev/v1/query). Therefore, this URL needs to be accessible from your instance.

If you don't want to depend on https://osv.dev/, it is possible to deactivate the scan of vulnerabilities by configuration, or to uninstall the extension.

API Breakages

The following APIs were modified since XWiki 15.4:

Unstable APIs

Not real backward compatibility breakages since they were done on APIs marked @Unstable (a.k.a Young APIs). Thus it's part of the contract that they can be broken until they become stable. They're listed purely for reference in case you decided to still use them (and thus agreed to be broken).

  • Young API
    • Violation type:
      java.method.addedToInterface
    • Code:
      ## Old:


      ## New:
      method int java.lang.Comparable<T>::compareTo(T) @ org.xwiki.whatsnew.NewsSourceItem
  • Young API
    • Violation type:
      java.method.addedToInterface
    • Code:
      ## Old:


      ## New:
      method java.util.Optional<java.lang.String> org.xwiki.whatsnew.NewsSourceItem::getImageURL()
  • Young API
    • Violation type:
      java.method.addedToInterface
    • Code:
      ## Old:


      ## New:
      method long org.xwiki.attachment.validation.AttachmentValidationConfiguration::getMaxUploadSize(org.xwiki.model.reference.EntityReference)

Credits

The following people have contributed code and translations to this release (sorted alphabetically):

  • Dorian OUAKLI
  • Jérôme Prinet
  • Manuel Leduc
  • Marius Dumitru Florea
  • Michael Hamann
  • Nikita Petrenko
  • Oana-Lavinia Florean
  • Sereza7
  • Simon Urli
  • Simpel
  • Thomas Mortagne
  • Vincent Massol
  • xrichard

About

About

Support

Platform

User Guide

Admin Guide

Developer Guide

Projects

XWiki

Extensions

Other

Contribute

Status

Practices

Under the Hood

Get Involved

Get Connected