Release Notes for XWiki 13.3

Version 2.5 by Thomas Mortagne on 2021/04/26

This is the release notes for XWiki Commons, XWiki Rendering and XWiki Platform. They share the same release notes as they are released together and have the same version.

The release brings the ability to define default notification filters for new users and paves the way for adding components metadata inside Extensions (such as being able to indicate the Rendering macros that an Extension provides; This will allow for future use cases such as exposing all available macros from inside your wiki, even for extensions that you haven't installed yet!). Security has been tightened by not allowing redirection to other domains without an explicit consent. Last but not least, this release brings several developer improvements: Localization REST endpoint, a Syntax Registry, LESS compilation support for WebJars, and more.

New and Noteworthy (since XWiki 13.2)

Full list of issues fixed and Dashboard for 13.3.

For Users

No changes!

For Admins

Global Notifications Filters

 
Administrators can now add global notification filters which will be copied as the default filters for any new user registering on the wiki. It's possible for administrators to define both global system filters and global custom filters. Since the default filters are copied, any change made to the global filters won't impact existing users.

Searching inside Extensions

 
It's now possible to expose some Components found in Extensions so that they can be queried by the Extension Manager and shown in the extension details. You can now search in the Extension Manager for all Extensions providing some type of Components (Macros, Script Services, Syntax Parsers, Syntax Renderers, etc). For example, you can use component_macro:* to search for all Extensions providing Rendering Macros.

Extension Manager UI improvements

 
The more advanced search features of the Extension Manager are now hidden under a More button by default and more explanation was added to the shown informations.

Miscellaneous

  • Prevent redirections to untrusted domains: Redirections are now only performed to trusted domains in XWiki. The list of trusted domains is obtained from two sources:

    1. any URLs used to access the wiki is considered as trusted, as well as all the aliases used for subwikis,
    2. it's possible to specify in xwiki.properties the list of trusted domain by setting the property url.trustedDomains.

    If a redirection is attempted to an URL whose domain does not belong to any of this source, a warning log will be output and the redirect is prevented. Note that it's possible to switch off this security mechanism by setting the property url.trustedDomainsEnabled to false.

For Developers

  • Less files in WebJar can be compiled to css: Less code packaged in WebJars can now be compiled to CSS when requested. When Less files are compiled to CSS, the less variables defined in the current skin are available and will be resolved to their current values.

    Usage examples:

    // Returns the raw content of test.less
    $services.webjars.url('org.xwiki.platform:xwiki-platform-example', 'test.less')
    // Returns the content of test.less compiled to css.
    $services.webjars.url('org.xwiki.platform:xwiki-platform-example', 'test.less', {'evaluate': true})
  • Localization REST API: The localization module is now providing a REST API. This API allows to request the raw source from a set of translation keys.

    For instance:

    # Request of a single translation, the locale is the default one.
    curl -H 'Accept: application/json' http://localhost:8080/xwiki/rest/wikis/xwiki/localization/translations?key=administration.section.users.deleteUser.newAuthor.error
    # {"translations":[{"key":"administration.section.users.deleteUser.newAuthor.error","rawSource":"The selected user doesn''t have {0} rights!"}]}
  • Empty string in Static List: It is now possible to specify empty string values in a Static list by repeating twice the same separator. For example, using the default separators (|, , and space), the Foo||Bar string will be parsed as containing three values (Foo, empty string, and Bar), while Foo, Bar will be parsed as only two values (Foo and Bar), even if two separators (, and space) are used.

  • Syntax Registry: There's now the concept of a Syntax Registry and new Syntaxes are expected to register themselves in that registry

    You can list all registered syntaxes using:

    @Inject
    private SyntaxRegistry registry;
    ...
    List<Syntax> syntaxes = registry.getSyntaxes();

    You can also get a Syntax object from a Syntax id string using (for example):

    @Inject
    private SyntaxRegistry registry;
    ...
    Optional<Syntax> syntax = registry.getSyntax("xwiki/2.1");

    See available Syntaxes for more.

  • User Authentication Event: The classic Form and Basic Authentication mechanisms now trigger a UserAuthenticatedEvent event whenever a user is authenticated. As a new best practice, custom authenticator authors are advised to implement this new event.

Moved Modules

  • The Help Center Application has been retired and its content integrated in the Help Application, for the following reasons:
    • 2 extensions must not share the same pages
    • It’s logical that the help is in sync with what it documents
    • contrib extensions should be minimized for XS, all of XS deps should be in the XWiki GitHub organization (since they are maintained by the XS dev team), and preferably inside xwiki-platform when possible.
    • Simpler to manage XS releases

Upgrades

The following runtime dependencies have been upgraded (they have a different release cycle than XWiki Commons, XWiki Rendering and XWiki Platform):

Translations

The following translations have been updated: 

Known issues

Backward Compatibility and Migration Notes

General Notes

  • When upgrading make sure you compare and merge the following XWiki configuration files since some parameters may have been modified, removed or added:
    • xwiki.cfg
    • xwiki.properties
    • web.xml
    • hibernate.cfg.xml
  • Add xwiki.store.migration=1 in xwiki.cfg so that XWiki will attempt to automatically migrate your current database to any new schema. Make sure you backup your Database before doing anything.

Issues specific to XWiki 13.3

This release introduced a new security mechanism to prevent unwanted redirection (details can be found here). This mechanism might need a proper setup of url.trustedDomains property. In case it would create unwanted behaviour, you can always switch it off by editing your xwiki.properties config file and adding:

url.trustedDomainsEnabled=false

Also note that developers can use a specific property bypassDomainSecurityCheck in the execution context, when they need to use an URL redirect API even when the trusted domains are not properly configured, e.g. in some specific authenticators.

API Breakages

The following APIs were modified since <project> <version - 1>:

Credits

The following people have contributed code and translations to this release (sorted alphabetically):

<code contributors>

Tags:
   

Get Connected