Release Notes for XWiki 14.10.4

Last modified by Ilie Andriuta on 2023/02/03
Contents

This is the release notes for XWiki Commons, XWiki Rendering and XWiki Platform. They share the same release notes as they are released together and have the same version.

This is a bug fix release containing important security fixes of the LTS version of XWiki. We highly recommend upgrading to it.

The following regressions were introduced in this release (and found after it was released). Please check them out and if they impact you we recommend waiting to upgrade to a version where they are fixed.

New and Noteworthy (since XWiki 14.10.3)

Full list of issues fixed and Dashboard for XWiki 14.10.4.

For Users

No changes!

For Admins

  • New tags right check strategy configuration: It is now possible to configure the algorithm used when checking view rights on tags (returned by the Tags API) by editing xwiki.properties.

    #-# [Since 14.4.8, 14.10.4, 15.0RC1]
    #-# Configure the tag selection algorithm to use.
    #-# The default algorithm is "exhaustive", which check all elements (documents and tags) for view right before returning
    #-# them. This exhaustive check can lead to tag clouds and tag lists being slow to compute on instances with very large 
    #-# amounts of tags or tagged documents (more than 5000 of elements).   
    #-# Note that it is advised to keep using the default implementation as much as possible, and to switch to the "unsafe"
    #-# option only when all performance improvements options have been exhausted 
    #-# (see https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Performances/)
    #-# The "unsafe" algorithm does not perform any right checks. It is approximately 10 times faster than "exhaustive"
    #-# but does not provide any guarantee that the current user won't be able to view a tag he/she is not allowed to. 
    #-# Therefore, we cannot recommend to use it unless tags performance is critical AND tags and document references are 
    #-# not considered as critical information.
    # tag.rightCheckStrategy.hint=exhaustive
    # tag.rightCheckStrategy.hint=unsafe

For Developers

New script service for URL security operations

 
A new script service has been introduced to allow performing security checks on URL. The script service currently provides a single method which can be used like that:

{{velocity}}
#set ($myURL = "http://xwiki.org")
#set ($safeURI = $services.security.url.parseToSafeURI($myURL))
## The URI is null if not safe.
#if ($safeURI)
 ## use it as an URI object. 
#end
{{/velocity}}

Miscellaneous

  • New script service for HTML operations: A new HTML script service has been introduced allowing to use the recently introduced HTMLElementSanitizer in scripts. It can be used in velocity with $services.html.xxx.

Translations

The following translations have been updated: 

Tested Browsers & Databases

Here is the list of browsers we support and how they have been tested for this release:

 BrowserTested on:
Firefox30.pngMozilla Firefox 109Tests run and results
Chrome30.pngGoogle Chrome 109
Edge30.pngMicrosoft Edge 109Jira Tickets Marked as Fixed in the Release Notes
Safari30.pngSafari 16Not Tested

Here is the list of databases we support and how they have been tested for this release:

 DatabaseTested on:
hypersql.pngHyperSQL 2.7.1Not Tested
postgresql.pngPostgreSQL 15Jira Tickets Marked as Fixed in the Release Notes
mariadb.pngMariaDB 10.6Tests run and results
mysql.pngMySQL 8
oracle.pngOracle 19cNot Tested

Here is the list of Servlet Containers we support and how they have been tested for this release:

 Servlet ContainerTested on:
tomcat-icon.pngTomcat 9.0.71
jetty-icon.pngJetty 10.0.7 (XWiki Standalone packaging)
jetty-icon.pngJetty 10.0.7Not Tested

Known issues

Backward Compatibility and Migration Notes

General Notes

  • When upgrading make sure you compare and merge the following XWiki configuration files since some parameters may have been modified, removed or added:
    • xwiki.cfg
    • xwiki.properties
    • web.xml
    • hibernate.cfg.xml
  • Add xwiki.store.migration=1 in xwiki.cfg so that XWiki will attempt to automatically migrate your current database to any new schema. Make sure you backup your Database before doing anything.

Issues specific to XWiki 14.10.4

Reinitialization of Solr search index during migration

A bug with the Solr search index has been fixed as part of this release, but it needs a reindex of the documents to be properly taking into account. The migration will empty the index so that a full reindex is performed: as a consequence the search feature might take a few time to be entirely working after the first restart. 

API Breakages

No breakage since XWiki 14.10.3.

Credits

The following people have contributed code and translations to this release (sorted alphabetically):

  • ClĂ©ment Aubin
  • Gankov Andrey
  • Manuel Leduc
  • Marius Dumitru Florea
  • Michael Hamann
  • Nikita Petrenko
  • Simon Urli
  • Simpel
  • Suguru Hirahara
  • Thomas Mortagne
Tags:
   

About

About

Support

Platform

User Guide

Admin Guide

Developer Guide

Projects

XWiki

Extensions

Other

Contribute

Status

Practices

Under the Hood

Get Involved

Get Connected