Release Notes of TWiki-4.3.2 (Georgetown), 2009-09-02

Note: This is the release note for the previous major release version 4.3.X. This note, TWikiReleaseNotes04x00, TWikiReleaseNotes04x01 and TWikiReleaseNotes04x02 are included with 5.0.X because they contain valuable information for people upgrading from earlier versions. Both for the admin and the users. See TWikiReleaseNotes05x00 for the 5.0.X release notes.

Introduction

TWiki-4.3.0 released on 2009-03-30 introduces security enhancements, usability enhancements, feature enhancements, and adds extensions to strengthen TWiki as an enterprise collaboration platform.

TWiki-4.3.1 released on 2009-04-29 introduces security enhancements. This release also introduces use of ISO date format by default.

TWiki-4.3.2 released on 2009-09-02 introduces security enhancements.

It is highly recommended to upgrade to TWiki-4.3.2. Users will find this release much more stable and secure in daily use.

Pre-installed Extensions

TWiki-4.3.2 ships with:

  • Plugins: CommentPlugin, EditTablePlugin, EmptyPlugin, HeadlinesPlugin, InterwikiPlugin, PreferencesPlugin, RenderListPlugin, SlideShowPlugin, SmiliesPlugin, SpreadSheetPlugin, TablePlugin, TinyMCEPlugin, TWikiNetSkinPlugin, TwistyPlugin, WysiwygPlugin
  • Contribs: BehaviourContrib, JSCalendarContrib, MailerContrib, TipsContrib, TWikiUserMappingContrib, TwistyContrib
  • Skins: ClassicSkin, PatternSkin, TWikiNetSkin,

Note: HeadlinesPlugin, TWikiNetSkin and TWikiNetSkinPlugin are new in TWiki-4.3.0.

Supported User Interface Languages

The user interface of this TWiki version is localized to 19 languages:

English (default), Bulgarian (bg), Chinese simplified (zh-cn), Chinese traditional (zh-tw), Czechoslovakian (cs), Danish (da), Dutch (nl), German (de), Finnish (fi), French (fr), Italian (it), Japanese (ja), Korean (ko), Polish (pl), Portuguese (pt), Russian (ru), Slovakian (sv), Spanish (es), Ukrainian (uk).

Note: TWiki needs to be configured properly to display user interface languages other than the default English language. Details in TWiki:TWiki.InstallationWithI18N and TWiki:TWiki.InternationalizationSupplement.

New Features Highlights

  • Security Enhancements
  • Usability Enhancements
    • Replace question mark links with red-links to point to non-existing topics
    • Use ISO date format by default - added in TWiki-4.3.1
  • Enterprise Collaboration Enhancements
    • Pre-installed HeadlinesPlugin to show headline newsfeeds in TWiki topics
    • Pre-installed TWikiNetSkin, TWikiNetSkinPlugin for corporate look and feel
  • Search Enhancements
    • Add footer parameter to Formatted Search
    • Add number of topics to Formatted Search
  • Miscellaneous Feature Enhancements
    • Control over variable expansion at topic creation time
    • 17 new TWikiDocGraphics images
    • Include URL supports list of domains to exclude from proxy
    • Adding Korean language
  • Plugin Enhancements
    • SpreadSheetPlugin: 5 new functions

See the full list of bug fixes at the bottom of this topic.

Deprecation Notices

The %MAINWEB% and %TWIKIWEB% variables have been deprecated. For compatibility reasons they are unlikely to ever be removed completely, but you should use the %USERSWEB% and %SYSTEMWEB% variables instead.

In Func getOopsUrl and permissionsSet have been declared deprecated. There is no plan to remove them yet.

TWiki-4.3.0 Minor Release - Details

TWiki-4.3.0 was built from SVN http://svn.twiki.org/svn/twiki/branches/TWikiRelease04x03 revision 17948 (2009-03-30)

Highlights

  • Security:
    • Review code for robustness and security
    • Secure configure script with taint mode turned on
  • Rendering:
    • %TOC% does not distinguish two headlines that have the same text
    • TablePlugin produces bad links for sorting when using "short" URLs
    • %SCRIPTSUFFIX% is added twice in %TOC% links
    • Incorrect Content-length breaks HTTP headers, a.o. pound fail results
    • TablePlugin: Date sorting is broken
    • Bullet lists in form fields are not rendered properly
    • TWiki Forms expand variables like $nop, $quote $percnt
    • TwistyPlugin: Twisty can't be placed in TWiki table cells
  • Users and groups:
    • TWikiGroups shows all members twice
  • Editing:
    • WysiwygPlugin: Bolding single character within a word introduces spaces around bolded character
  • Miscellaneous:
    • configure's get more extensions does not work well without LWP
    • CommentPlugin: Lost data if it's targeted before/after a missing anchor
    • Plugin installation fails on windows: extender.pl line 684
    • Statistics script does not handle properly topics with special characters

Enhancements

Item3647 Usability: Control over variable expansion in topic templates
Item5025 InterwikiPlugin: Allow special characters in "Page" of Site:Page
Item6148 HeadlinesPlugin: Support for {PROXY}{HOST} and {PROXY}{PORT} configure settings
Item6176 Search: Add footer parameter to Formatted Search
Item6180 HeadlinesPlugin: Support for {PROXY}{SkipProxyForDomains} configure setting, USERAGENTNAME plugin setting
Item6184 Search: Add Number of Topics to Formatted Search
Item6189 Usability: Replace question mark links with red links to point to non-existing topics
Item6199 Enhancement: Add TWikiNetSkin to Distribution
Item6200 Enhancement: Add HeadlinesPlugin to Distribution
Item6222 SpreadSheetPlugin: New functions $EMPTY(), $INSERTSTRING(), $LEFTSTRING(), $RIGHTSTRING(), $SUBSTRING() functions
Item6226 Include: Specify a list of domains to exclude from proxy with {PROXY}{SkipProxyForDomains} setting
Item6227 Documentation: 17 new TWikiDocGraphics images
Item6228 Security: Option to send signed e-mail with S/MIME

Fixes

Item1607 %TOC% does not distinguish two headlines that have the same text
Item2525 TablePlugin produces bad links for sorting when using "short" URLs
Item4835 SpreadSheetPlugin: SUBSTITUTE error when text=old and replace is empty
Item5176 %SCRIPTSUFFIX% is added twice in %TOC% links
Item5471 SpreadSheetPlugin: The character 0 cannot be replaced using the REPLACE-funtion
Item5910 TablePlugin: %TOC% variable creates links with unecessary query string
Item5914 TWiki::Request::url() must support -rewrite, -absolute and -relative
Item5920 TWikiGroups shows all members twice
Item5939 Rogue <p /> below </html> on every topic in every web
Item5960 Incorrect Content-length breaks HTTP headers, a.o. pound fail results
Item5961 WysiwygPlugin: Bolding single character within a word introduces spaces around bolded character
Item5991 JSCalendarContrib: Does not work correctly in IE7
Item5994 Secure configure script with taint mode turned on
Item6005 EditTablePlugin: "label"-formatted cell changed in unexpected way
Item6022 %ENCODE{}% treats % as safe character
Item6026 With header format emtpy table is initialized with one column only
Item6031 TablePlugin: Date sorting is broken.
Item6041 TinyMCE bug with Firefox 3 and bulleted lists
Item6050 statistics script fails when cuid is not equal login name (as login name is what's in the log files...)
Item6054 TwistyPlugin: No longer possible to have a twisty on one line without linebreak
Item6060 configure's get more extensions does not work well without LWP
Item6061 TWiki::Func::getContext documention
Item6138 Bullet lists in form fields are not rendered properly
Item6163 CommentPlugin: Lost data if it's targeted before/after a missing anchor.
Item6167 TWiki Forms expand variables like $nop, $quote $percnt
Item6170 Plugin installation fails on windows: extender.pl line 684
Item6171 Per RFC 5321, single quote is allwed in e-mail addresses
Item6178 Statistics script does not handle properly topics with special characters
Item6185 Missing newline in Formatted Search if footer used
Item6186 Review code for robustness and security
Item6208 WebChanges does not work on Windows
Item6220 TwistyPlugin: Twisty can't be placed in TWiki table cells
Item6223 Users can't edit content in Main web

TWiki 4.3.1 Patch Release - Details

TWiki-4.3.1 was built from SVN http://svn.twiki.org/svn/twiki/branches/TWikiRelease04x03 revision 18054 (2009-04-29)

Highlights

  • Security:
    • TWiki:Codev/SecurityAlert-CVE-2009-1339: A remote user may gain TWiki admin privileges with a specially crafted image tag. This cross-site request forgery vulnerability existed because TWiki allowed HTTP GET to save content.
  • Usability:
    • Use of ISO format date promoted in this release
  • Handling URLPARAM:
    • The handling of URLPARAM for empty or missing was corrected in this release.

Enhancements

Item6239 Fix TWIKIWEB to SYSTEMWEB, MAINWEB to USERSWEB
Item6254 Feature: Use ISO Date Format by Default

Fixes

Item5453 Value of "0" improperly handled in ENCODE variable
Item6232 Use of uninitialized value $1 in concatenation (.) or string at lib/TWiki.pm
Item6240 unhelpful error message when sysCommand fails
Item6243 URLPARAM "empty or missing"
Item6251 CSRF vulnerability CVE-2009-1339: Possible to gain TWiki admin privileges with a specially crafted image tag

TWiki 4.3.2 Patch Release - Details

TWiki-4.3.2 was built from SVN http://svn.twiki.org/svn/twiki/branches/TWikiRelease04x03 revision 18148 (2009-09-02)

Highlights

Enhancements

TODO

Fixes

TODO

Related Topics: TWikiHistory, TWikiInstallationGuide, TWikiUpgradeGuide, TWikiReleaseNotes04x00, TWikiReleaseNotes04x01, TWikiReleaseNotes04x02, TWikiReleaseNotes05x00, TWikiReleaseNotes05x01, TWikiReleaseNotes06x00

 
Copyright © 1999-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.TWikiReleaseNotes04x03.