This is the release notes for XWiki Commons, XWiki Rendering and XWiki Platform. They share the same release notes as they are released together and have the same version.

This release comes with two usability improvements: the authentication process is now easier to discover, and editing the avatar in the user profile is now easier. It also brings minor accessibility improvements, as well as technical modules that will be useful to improve security in the future.
This release contains security fixes, with the highest severity being 8.7/10.

New and Noteworthy (since XWiki 16.9.0)

Full list of issues fixed and Dashboard for 16.10.0.

For Users

Improvements for editing the user avatar

 
The button for editing the user profile avatar is now more visible, easier to find and interact than before.

This action is now placed below the picture and features a standard button that spans the length of the sidebar menu 

Updated the registration UI

 
Multiple steps of the registration process have been updated and improved in accordance with design research done earlier:

• The registration and authentification buttons for guest users have been moved from the drawer to the navigation bar.
• The registration form validation has been improved to provide a precise status on every field before trying to submit it.
• The successful registration landing page is now looking a bit more welcoming.

Miscellaneous

• The default colors used in the code macro have been altered slightly, in order to fit WCAG-defined contrast values. Those changes in color only apply to some highlighting colors, and are barely noticeable.

For Admins

No changes!

For Developers

Required Rights

 
New APIs have been introduced for required rights, a new mechanism for explicitly marking which rights the content of a document needs. 

This provides two protections:

• Restricting script executions in documents where scripts haven't explicitly been enabled, 
• Preventing users without script, admin, or programming right from editing documents that require these rights. 

For now, this is a developer-only change, required rights aren't enforced by default and there is no UI (a UI is planned for a following release). Developers whose extensions depend on XWiki 16.10.0+ are encouraged to start using the new document authorization manager when checking the rights of document authors, e.g., when registering a component based on an XObject. 

Extensions can also start enforcing required rights on their documents, marking which pages need wiki admin or programming right for example and check if their extensions still work when enabling enforcing required rights for these documents. 

The XAR Format Specification has been adapted, accordingly. If not done already, required rights analyzers should be implemented for all XObjects and macros that need rights beyond what's covered by standard fields. This includes for example the interpretation of Velocity code in fields that aren't marked as containing Velocity code, or requiring wiki admin right for certain scope values. Those analyzers are necessary to allow suggesting the user all rights that are required by a page.

Upgrades

The following runtime dependencies have been upgraded (they have a different release cycle than XWiki Commons, XWiki Rendering and XWiki Platform):

The following dependencies were upgraded for the XWiki Standalone distribution:

• Jetty 2.0.15

Translations

The following translations have been updated:

• German
• Simplified Chinese

Security Issues

Security issues are not listed in issue lists or dashboards to avoid disclosing ways to use them, but they will appear automatically in them once they're disclosed. See the XWiki Security Policy for more details.

Known issues

• Bugs we know about

Backward Compatibility and Migration Notes

General Notes

• When upgrading make sure you compare and merge the following XWiki configuration files since some parameters may have been modified, removed or added:
  • xwiki.cfg
  • xwiki.properties
  • web.xml
  • hibernate.cfg.xml
• Add xwiki.store.migration=1 in xwiki.cfg so that XWiki will attempt to automatically migrate your current database to any new schema. Make sure you backup your Database before doing anything.

Issues specific to XWiki 16.10.0-rc-1

• With the update of the registration UI, there are some new items by default in the top navigation bar. Instances hiding the drawer from guest users will probably want to disable those two new Interface Extensions when migrating.

Credits

The following people have contributed code and translations to this release (sorted alphabetically):

• Alex Cotiugă
• Antoine Mottier
• Clemens Robbenhaar
• LucasC
• Manuel Leduc
• Marius Dumitru Florea
• Michael Hamann
• Sereza7
• Simon Urli
• Simpel
• Thomas Mortagne
• Vincent Massol
• raphj
• tkrieck
• 一颗小土豆