This is the release notes for XWiki Commons, XWiki Rendering and XWiki Platform. They share the same release notes as they are released together and have the same version.

This release contains a few improvments like better display of icons in object and class editors, or the capability to request the effective author for developpers, but has been mostly focused on bug fixing, including security fixes.

New and Noteworthy (since XWiki 16.5.0)

Full list of issues fixed and Dashboard for XWiki 16.6.0.

For Users

Icon update for the object and class editors

 
The object and class edit modes available to advanced users now use the icons from the current icon theme.

Note that the class edit mode contains a number of icons from Silk to represent UI components. Those icons are nowhere near any icon available in other icon themes, so they were not changed here.

Miscellaneous

• Added a new tip to the Tips Panel from the Help application. This tip describes how to access the list of keyboard controls for CKEditor.

• The tables that contain notification preferences in the user profile now follow the colors from the current Color Theme as expected.

For Admins

No changes!

For Developers

• Request Effective Author: Before this version, when a request was received by XWiki, the currently authenticated user was considered to be responsible (regarding access rights) for the submitted data and the effects of the request. This made sense most of the time, but there were cases when the current user was not the only author of the request data so giving full responsibility to the current user wasn't ideal.

  Starting with this version we introduce the concept of "request effective author". By default, the currently authenticated user is the request effective author, but XWiki extensions can overwrite this based on the request data and their own logic by setting a UserReference as the value of a request attribute named com.xpn.xwiki.web.XWikiRequest#effectiveAuthor. The only XWiki extension that does this at the moment is the realtime WYSIWYG editor, which sets the request effective author to the user with the least script access rights that has made changes in the realtime session that sent the request.

  We also added a new method XWikiRequest#getEffectiveAuthor() to expose the request effective author. This is used for instance by the Save action to set the effective metadata author of the saved XWiki document. This means that even though the current user will continue to appear in the document history as the one that saved the document, the actual user that is used to check access rights when rendering that document (e.g. when executing script macros such as Velocity) could be different.

Upgrades

The following runtime dependencies have been upgraded (they have a different release cycle than XWiki Commons, XWiki Rendering and XWiki Platform):

• dompurify 3.1.5
• Elastic search client 8.14.3
• jsoup 1.18.1
• Docker Java 3.4.0
• MySQL connector 9.0.0
• PrettyTime 5.0.9
• XML-DTD 4.3
• Commons Codec 1.17.1
• Jackson 2.17.2
• Maven Resolver to 1.9.21
• bytebuddy 1.14.18
• JGroups 5.3.9
• Plexus Archiver 4.10.0
• httpcore 5.2.5
• Checker Qual 3.45.0
• Groovy 4.0.22
• Woodstox 7.0.0
• Maven to 3.9.8
• Syntax Highlighting 4.8

• Moved back to JSON-Java (instead of Open JSON) and upgrade to 20240303

Translations

The following translations have been updated: 

• Azerbaijani
• German
• Korean
• Portuguese (Brazil)

Tested Browsers & Databases

Manual testing

Here is the list of browsers we support and how they have been manually tested for this release:

	Browser	Tested on:
	Mozilla Firefox 128	Not Tested
	Google Chrome 127	Jira Tickets Marked as Fixed in the Release Notes
	Microsoft Edge 127	Tests run and results
	Safari 17	Not Tested

Here is the list of databases we support and how they have been manually tested for this release:

	Database	Tested on:
	HyperSQL 2.7.3	Not Tested
	MariaDB 11.3	Not tested
	MySQL 8.4	Jira Tickets Marked as Fixed in the Release Notes
	PostgreSQL 16	Tests run and results
	Oracle 19c	Not Tested

Here is the list of Servlet Containers we support and how they have been manually tested for this release:

	Servlet Container	Tested on:
	Tomcat 9.0.91	Jira Tickets Marked as Fixed in the Release Notes Tests run and results
	Jetty 10.0.21 (XWiki Standalone packaging)	Not Tested
	Jetty 10.0.21	Not Tested

Security Issues

Security issues are not listed in issue lists or dashboards to avoid disclosing ways to use them, but they will appear automatically in them once they're disclosed. See the XWiki Security Policy for more details.

Known issues

• Bugs we know about

Backward Compatibility and Migration Notes

General Notes

• When upgrading make sure you compare and merge the following XWiki configuration files since some parameters may have been modified, removed or added:
  • xwiki.cfg
  • xwiki.properties
  • web.xml
  • hibernate.cfg.xml
• Add xwiki.store.migration=1 in xwiki.cfg so that XWiki will attempt to automatically migrate your current database to any new schema. Make sure you backup your Database before doing anything.

API Breakages

No API breakage since XWiki 16.5.0.

Credits

The following people have contributed code and translations to this release (sorted alphabetically):

• Alex Cotiugă 
• LucasC 
• Manuel Leduc 
• Mariana Batista 
• Marius Dumitru Florea 
• Michael Hamann 
• Oana-Lavinia Florean 
• Pierre Jeanjean 
• Simon Urli 
• Simpel 
• Thomas Mortagne 
• Vincent Massol 
• Ümit Solmaz