This is the release notes for XWiki Commons, XWiki Rendering and XWiki Platform. They share the same release notes as they are released together and have the same version.

This release contains a few improvments like better display of icons in object and class editors, or the capability to request the effective author for developpers, but has been mostly focused on bug fixing, including security fixes.

New and Noteworthy (since XWiki 16.5.0)

Full list of issues fixed and Dashboard for XWiki 16.6.0.

For Users

Realtime WYSIWYG Source button

 
When using Realtime WYSIWYG Editing, editing and viewing the source wiki syntax is now possible by clicking the Source button in the toolbar.

When editing the source wiki syntax, the realtime editing session is interrupted temporarily. Once the user is done editing the source wiki syntax, the editor re-joins the realtime editing session automatically if it is safe to do so.
If the user wants to re-join the realtime editing session anyway, they can click the "Allow Realtime" Checkbox.

Icon update for the object and class editors

 
The object and class edit modes available to advanced users now use the icons from the current icon theme.

Note that the class edit mode contains a number of icons from Silk to represent UI components. Those icons are nowhere near any icon available in other icon themes, so they were not changed here.

Miscellaneous

• Added a new tip to the Tips Panel from the Help application. This tip describes how to access the list of keyboard controls for CKEditor.

• The tables that contain notification preferences in the user profile now follow the colors from the current Color Theme as expected.

For Admins

No changes!

For Developers

• Request Effective Author: Before this version, when a request was received by XWiki, the currently authenticated user was considered to be responsible (regarding access rights) for the submitted data and the effects of the request. This made sense most of the time, but there were cases when the current user was not the only author of the request data so giving full responsibility to the current user wasn't ideal.

  Starting with this version we introduce the concept of "request effective author". By default, the currently authenticated user is the request effective author, but XWiki extensions can overwrite this based on the request data and their own logic by setting a UserReference as the value of a request attribute named com.xpn.xwiki.web.XWikiRequest#effectiveAuthor. The only XWiki extension that does this at the moment is the realtime WYSIWYG editor, which sets the request effective author to the user with the least script access rights that has made changes in the realtime session that sent the request.

  We also added a new method XWikiRequest#getEffectiveAuthor() to expose the request effective author. This is used for instance by the Save action to set the effective metadata author of the saved XWiki document. This means that even though the current user will continue to appear in the document history as the one that saved the document, the actual user that is used to check access rights when rendering that document (e.g. when executing script macros such as Velocity) could be different.

Upgrades

The following runtime dependencies have been upgraded (they have a different release cycle than XWiki Commons, XWiki Rendering and XWiki Platform):

• dompurify 3.1.5
• Elastic search client 8.14.3
• jsoup 1.18.1
• Docker Java 3.4.0
• MySQL connector 9.0.0
• PrettyTime 5.0.9
• XML-DTD 4.3
• Commons Codec 1.17.1
• Jackson 2.17.2
• Maven Resolver to 1.9.21
• bytebuddy 1.14.18
• JGroups 5.3.9
• Plexus Archiver 4.10.0
• httpcore 5.2.5
• Checker Qual 3.45.0
• Groovy 4.0.22
• Woodstox 7.0.0
• Maven to 3.9.8
• Syntax Highlighting 4.8

• Moved back to JSON-Java (instead of Open JSON) and upgrade to 20240303

Translations

The following translations have been updated: 

• German
• Simplified Chinese

Tested Browsers & Databases

Automated testing

XWiki executes a lot of automated tests during its build, testing all supported configurations. In addition, some manual QA is also executed to try to discover additional problems (see below):

Manual testing

Here is the list of browsers we support and how they have been manually tested for this release:

	Browser	Tested on:
	Mozilla Firefox 128	Not Tested
	Google Chrome 127	Jira Tickets Marked as Fixed in the Release Notes
	Microsoft Edge 127	Tests run and results
	Safari 17	Not Tested

Here is the list of databases we support and how they have been manually tested for this release:

	Database	Tested on:
	HyperSQL 2.7.3	Not Tested
	MariaDB 11.3	Not tested
	MySQL 8.4	Jira Tickets Marked as Fixed in the Release Notes
	PostgreSQL 16	Tests run and results
	Oracle 19c	Not Tested

Here is the list of Servlet Containers we support and how they have been manually tested for this release:

	Servlet Container	Tested on:
	Tomcat 9.0.91	Jira Tickets Marked as Fixed in the Release Notes Tests run and results
	Jetty 10.0.21 (XWiki Standalone packaging)	Not Tested
	Jetty 10.0.21	Not Tested

Security Issues

Security issues are not listed in issue lists or dashboards to avoid disclosing ways to use them, but they will appear automatically in them once they're disclosed. See the XWiki Security Policy for more details.

Accessibility

We are working towards WCAG 2.1 level AA compliance.

Current status:

• A total of 354878 automated tests are run.
• 99.50% of our automated WCAG tests are passing. There are 347 warnings left in the tests to fix (0.10%) and 1414 incomplete tests (0.40%), i.e. they need manual validation.
  • Note that the automated WCAG tests have 2 limitations: WCAG tests are executed only for UIs for which we have automated functional tests available, and the underlying library we use for testing (Axe Core) estimates that it catches only about 50% of WCAG issues. In the future we plan to also run manual WCAG tests once we've fixed all the issues we can catch automatically.
  • Out of the *61* rules automatically tested on XWiki, only *4* of them return warnings. All the other tests will fail the build if violated in the future.
• Remaining accessibility violations can be seen on this filter result table.
• The progress of fixing accessibility issues vs raising them can be seen on this status chart.

Known issues

• Bugs we know about

Backward Compatibility and Migration Notes

General Notes

• When upgrading make sure you compare and merge the following XWiki configuration files since some parameters may have been modified, removed or added:
  • xwiki.cfg
  • xwiki.properties
  • web.xml
  • hibernate.cfg.xml
• Add xwiki.store.migration=1 in xwiki.cfg so that XWiki will attempt to automatically migrate your current database to any new schema. Make sure you backup your Database before doing anything.

API Breakages

The following APIs were modified since XWiki 16.5.0:

No breakage!

Credits

The following people have contributed code and translations to this release (sorted alphabetically):

• Alex Cotiugă 
• Antoine Mottier 
• Dorian OUAKLI 
• LucasC 
• Manuel Leduc 
• Mariana Batista 
• Marius Dumitru Florea 
• Michael Hamann 
• Oana-Lavinia Florean 
• Pierre Jeanjean 
• Simon Urli 
• Simpel 
• Thomas Mortagne 
• Vincent Massol 
• xingya1822 
• Ümit Solmaz