Changes for page Release Notes for XWiki Enterprise 2.5
Last modified by Thomas Mortagne on 2017/03/24
Change comment:
Merged two Security sections
Summary
-
Page properties (2 modified, 0 added, 0 removed)
Details
- Page properties
-
- Author
-
... ... @@ -1,1 +1,1 @@ 1 -XWiki.S orin1 +XWiki.Sergiu - Content
-
... ... @@ -4,22 +4,44 @@ 4 4 5 5 The highlights of this release are: 6 6 7 +* support for [[viewing attached office documents>>code:Macros.OfficeMacro]] in the wiki 8 +* a new User Directory 9 +* an experimental Extension Manager 7 7 * improvements to action menus 11 +* further improvements to the edit UI 12 +* support for activating a special accessibility stylesheet 13 +* more consistent [[use of user avatars>>http://incubator.myxwiki.org/xwiki/bin/Improvements/Avatars]] 14 +* an experimental ##xwiki/2.1## wiki syntax 8 8 * a mechanism for inserting custom links in the header 9 9 * the introduction of cancelable events 10 10 * better external search engine indexing support 11 -* support for [[viewing attached office documents>>http://code.xwiki.org/xwiki/bin/view/Macros/OfficeMacro]] in the wiki 12 -* an experimental Extension Manager 13 13 * experimental [[CSRF>>http://en.wikipedia.org/wiki/CSRF]] protection 14 -* a new User Directory 15 -* further improvements to the edit UI 16 -* more consistency [[use of user avatars>>http://incubator.myxwiki.org/xwiki/bin/view/Improvements/Avatars]] 17 -* support for activating a special accessibility stylesheet 18 -* an experimental ##xwiki/2.1## wiki syntax 19 -* display user avatars in annotations 19 +* experimental [[Cryptographic Module>>code:Modules.CryptographicModule]] 20 20 21 21 = New and Noteworthy (since XWiki Enterprise 2.4.4) = 22 22 23 +== Support for viewing attached office documents in the wiki == 24 + 25 +XWiki now supports viewing attached office documents without saving them on the client side. Click on the eye icon near the edit and delete buttons corresponding to the attachment you want to preview. 26 + 27 +image:OfficePreview.png 28 + 29 +We also included a new Macro for the WYSIWYG Editor. It allows to embed a office file into a page. 30 + 31 +[[image:MacroOfficeViewer||style="border: 1px solid black;"]] 32 + 33 +== New User Directory == 34 + 35 +Added User Directory section on the Quick Links tab on the left of the page. This will show you the users that the XWiki instance has, along with their avatar image. This page also allows to filter users by username. 36 + 37 +image:group-avatar.png 38 + 39 +== Experimental Extension Manager == 40 + 41 +The new [[Extension Manager>>code:Modules.ExtensionModule]] will allow you to install new extensions to XWiki Enterprise. Please note that this is an experimental feature, with limited features and a raw user interface. Use it at your own risk. 42 + 43 +[[image:ExtensionManager.png]] 44 + 23 23 == Improvements to Action Menus == 24 24 25 25 * New Add menu: Use the "Add" menu to create new spaces, pages, add attachments and comments.((( ... ... @@ -33,21 +33,12 @@ 33 33 ))) 34 34 * The Edit, Export, More actions and Profile menus also benefited from a refresh. 35 35 36 -== Mechanismfor insertingcustomlinksinthe header==58 +=== Visible content menu when scrolling down === 37 37 38 - Asanewpartofthe[[UI extensions>>dev:Design.InterfaceExtensions]]mechanism,similarto[[skinextensions>>code:Plugins.SkinExtensionsPlugin]], applicationscannowinsertcustom##<link>## elementsin theHTML headerof the page,whichallows to insert,forexample:60 +When scrolling down on a document, the content menu will follow, so the user will not have to scroll up on top of the page in order to access it. 39 39 40 -* custom navigational links (universal edit, paged navigation, index, author...) 41 -* custom RSS feed links 42 -* custom metadata links (DOAP, FOAF, generic RDF...) 62 +[[image:ActionMenu.png||style="border: 1px solid black;"]] 43 43 44 -Usage example: 45 - 46 -{{code}} 47 -$xwiki.linkx.use($xwiki.getURL('Blog.BlogRss', 'view', "xpage=plain&blog=${blogDoc.fullName}"), 48 - {'rel' : 'alternate', 'type' : 'application/rss+xml', 'title' : $title}) 49 -{{/code}} 50 - 51 51 == Further improvements to the edit UI == 52 52 53 53 After the improvements to the object and class editors introduced in 1.8 and 2.4, the wiki and WYSIWYG editors also see some enhancements in this release, bringing in some of the proposed changes from [[an older proposal>>http://incubator.myxwiki.org/xwiki/bin/Improvements/ImprovedEdit]], with some additional improvements. Specifically: ... ... @@ -61,6 +61,18 @@ 61 61 image:edit-footer.png 62 62 ))) 63 63 77 +== Preliminary optional accessibility stylesheet == 78 + 79 +Moving further on the quest for better accessibility in the XWiki platform, we introduced a preliminary stylesheet which makes the skin slightly more accessible to people with visual disabilities: bigger fonts by default, and underlined links to make them more easily distinguished by colorblind people. This stylesheet can either be activated globally in a wiki, or individually from each user's preferences. 80 + 81 +Enabling the special stylesheet: 82 + 83 +image:a11y-enable.png 84 + 85 +Bigger fonts and underlined links: 86 + 87 +image:a11y.png 88 + 64 64 == More consistent use of user avatars == 65 65 66 66 As proposed on [[the design page>>http://incubator.myxwiki.org/xwiki/bin/Improvements/Avatars]], avatars come in three default sizes: ... ... @@ -80,11 +80,10 @@ 80 80 * ###largeUserAvatar('XWiki.username')## 81 81 * ###resizedUserAvatar('XWiki.username', 100)## which allows resizing an avatar to a custom size 82 82 83 - == Display user avatars in annotations==108 +User avatars are also displayed in annotations. 84 84 85 85 image:annotation-avatars.png 86 86 87 -\\ 88 88 == More image manipulation settings == 89 89 90 90 For a long time it was possible to scale attached images on the server, thus reducing the download time and ensuring consistent scaling of images across browsers. This is achieved by appending ##width## and/or ##height## query string parameters to the URL of the image. This feature has been further enhanced: ... ... @@ -115,63 +115,21 @@ 115 115 116 116 image:img.png 117 117 118 -== Betterhandlingofattachment versionswhenrollingbackdocuments==142 +== Mechanism for inserting custom links in the header == 119 119 120 - Rollingbacka documentwillalsorollbackthecorrectattachmentversion, including restoringa deletedattachmentfrom thetrash (if notmanuallydeleted fromthere).Evenif anattachment waseted and re-uploadedseveraltimes,theplatformwilltry tofind theightversionfor theattachment, if itstillexists in theattachment trash. As an improvement,if the attachmentdid notchange,thenanewversionisnotcreated.144 +As a new part of the [[UI extensions>>dev:Design.InterfaceExtensions]] mechanism, similar to [[skin extensions>>code:Plugins.SkinExtensionsPlugin]], applications can now insert custom ##<link>## elements in the HTML header of the page, which allows to insert, for example: 121 121 122 -== Preliminary optional accessibility stylesheet == 146 +* custom navigational links (universal edit, paged navigation, index, author...) 147 +* custom RSS feed links 148 +* custom metadata links (DOAP, FOAF, generic RDF...) 123 123 124 - Moving further on the quest for betteraccessibility in the XWiki platform, we introduced a preliminary stylesheet which makes the skin slightly moreaccessible to people with visual disabilities: bigger fonts by default, and underlined links tomake them more easily distinguished by colorblindpeople. This stylesheet can either be activated globally in a wiki, or individually from each user's preferences.150 +Usage example: 125 125 126 -Enabling the special stylesheet: 152 +{{code}} 153 +$xwiki.linkx.use($xwiki.getURL('Blog.BlogRss', 'view', "xpage=plain&blog=${blogDoc.fullName}"), 154 + {'rel' : 'alternate', 'type' : 'application/rss+xml', 'title' : $title}) 155 +{{/code}} 127 127 128 -image:a11y-enable.png 129 - 130 -Bigger fonts and underlined links: 131 - 132 -image:a11y.png 133 - 134 -== Support for viewing attached office documents in the wiki == 135 - 136 -XWiki now supports viewing attached office documents without saving them on the client side. Click on the eye icon near the edit and delete buttons corresponding to the attachment you want to preview. 137 - 138 -image:OfficePreview.png 139 - 140 -We also included a new Macro for the WYSIWYG Editor. It allows to embed a office file into a page. 141 - 142 -[[image:MacroOfficeViewer||style="border: 1px solid black;"]] 143 - 144 -== Introduced cancelable events == 145 - 146 -This allows to cancel document saving, better security with script execution and canceling an event that has errors on initialization. 147 - 148 -== Better external search engine indexing support == 149 - 150 -Google search results now always point to canonical view of pages. 151 - 152 -== Visible content menu when scrolling down == 153 - 154 -[[image:ActionMenu.png||style="border: 1px solid black;"]] 155 - 156 -When scrolling down on a document, the content menu will follow, so the user will not have to scroll up on top of the page in order to access it. 157 - 158 -== New macros for the Space List and Tag Cloud == 159 - 160 -* [[Space List>>http://code.xwiki.org/xwiki/bin/inline/Macros/SpacesMacro]] Macro. This macro creates a box with links to all the spaces existing in the wiki. 161 -* [[TagCloud>>http://code.xwiki.org/xwiki/bin/view/Macros/TagCloudMacro]] Macro. Generates a TagCloud from all the tags within the wiki. 162 - 163 - 164 -== New User Directory == 165 - 166 -Added User Directory section on the Quick Links tab on the left of the page. This will show you the users that the XWiki instance has, along with their avatar image. This page also allows to filter users by username. 167 - 168 -image:group-avatar.png 169 - 170 -== Introduced [[XWiki Cryptographic Module>>code:Modules.CryptographicModule]] == 171 - 172 -This module exposes high level api, allowing developers to bolster their security using cryptography for both integrity and confidentiality. 173 -You can find more information about the cryptographic module including examples at the code zone page for the [[XWiki Cryptographic Module>>code:Modules.CryptographicModule]]. 174 - 175 175 == Experimental xwiki/2.1 wiki syntax == 176 176 177 177 The xwiki wiki syntax sees further improvements as xwiki/2.1 is still in an experimental stage. A new feature is an enhanced syntax for links, which is more generic and allows easier extensions with new link types, demonstrated in this release with support for path and [[interwiki links>>http://en.wikipedia.org/wiki/Interwiki_links]]. ... ... @@ -196,13 +196,6 @@ 196 196 {{velocity}}[[reset the history>>path:$doc.getURL('reset')||queryString="confirm=1"]]{{/velocity}} 197 197 {{/code}} 198 198 199 -== Experimental Extension Manager == 200 - 201 -The new [[Extension Manager>>http://code.xwiki.org/xwiki/bin/view/Modules/ExtensionModule]] will allow you to install new extensions to XWiki Enterprise. Please note that this is an experimental feature. Use it at your own risk. 202 - 203 - 204 -[[image:ExtensionManager.png]] 205 - 206 206 === [[Interwiki links>>http://en.wikipedia.org/wiki/Interwiki_links]] === 207 207 208 208 Basic syntax: ... ... @@ -219,15 +219,28 @@ 219 219 rendering.interWikiDefinitions = udic = http://www.urbandictionary.com/define.php?term= 220 220 {{/code}} 221 221 222 -== VariousSecurityimprovements==197 +== Introduced [[XWiki Cryptographic Module>>code:Modules.CryptographicModule]] == 223 223 224 -Continuing a push for better security started this summer, 2.5 fixes some of the few remaining cross-site scripting and SQL injections holes, and tightens the scope of programming rights. Of particular concern: 199 +This module exposes high level api, allowing developers to bolster their security using cryptography for both integrity and confidentiality. 200 +You can find more information about the cryptographic module including examples at the code zone page for the [[XWiki Cryptographic Module>>code:Modules.CryptographicModule]]. 225 225 226 -* With a default skin, programming rights are no longer available after the main content of the page; this means that the panels and the bottom tabs can't use restricted APIs anymore. 227 -* To explicitly drop programming rights, a new API method was introduced: ##$xcontext.dropPermissions()## 228 -* An experimental Cross-Site Request Forgery prevention mechanism is included, though not enabled by default. To enable it and test/upgrade your custom applications for compatibility, edit ##xwiki.properties## and flip on the ##core.csrf.enabled## setting. 202 +== Better handling of attachment versions when rolling back documents == 229 229 204 +Rolling back a document will also roll back the correct attachment version, including restoring a deleted attachment from the trash (if not manually deleted from there). Even if an attachment was deleted and re-uploaded several times, the platform will try to find the right version for the attachment, if it still exists in the attachment trash. As an improvement, if the attachment did not change, then a new version is not created. 230 230 206 +== Introduced cancelable events == 207 + 208 +This allows to cancel document saving, better security with script execution and canceling an event that has errors on initialization. 209 + 210 +== Better external search engine indexing support == 211 + 212 +Google search results now always point to canonical view of pages. 213 + 214 +== New macros for the Space List and Tag Cloud == 215 + 216 +* [[Space List>>http://code.xwiki.org/xwiki/bin/inline/Macros/SpacesMacro]] Macro. This macro creates a box with links to all the spaces existing in the wiki. 217 +* [[TagCloud>>http://code.xwiki.org/xwiki/bin/view/Macros/TagCloudMacro]] Macro. Generates a TagCloud from all the tags within the wiki. 218 + 231 231 == WYSIWYG and Rendering improvements == 232 232 233 233 Display macro parameter names instead of IDs, generalized the syntax for links, added support for query string for image links, fixed a random error when loading several WYSIWYG instances in parallel. ... ... @@ -238,8 +238,14 @@ 238 238 239 239 == Security improvements == 240 240 241 - Fixedafew XSS bugs,fixedabrokencheck onrightsfromtheRest system, fixedamissing authorupdatewhenediting classes.229 +Continuing a push for better security started this summer, 2.5 fixes some of the few remaining cross-site scripting and SQL injections holes, and tightens the scope of programming rights. Of particular concern: 242 242 231 +* With a default skin, the panels and the bottom tabs can no longer use restricted APIs. 232 +* To explicitly drop programming rights, a new API method was introduced: ##$xcontext.dropPermissions()## 233 +* An experimental Cross-Site Request Forgery prevention mechanism is included, though not enabled by default. To enable it and test/upgrade your custom applications for compatibility, edit ##xwiki.properties## and flip on the ##core.csrf.enabled## setting. 234 +* Fixed a broken check on rights from the Rest system 235 +* Fixed a missing author update when editing classes. 236 + 243 243 == Translations == 244 244 245 245 * All the translations have been updated ... ... @@ -294,7 +294,7 @@ 294 294 295 295 == API Breakages == 296 296 297 -The following APIs were modified since XWiki Enterprise 2.4: 291 +The following APIs were modified since XWiki Enterprise 2.4.4: 298 298 299 299 {{code language="none"}} 300 300 [ERROR] org.xwiki.rendering.transformation.MacroTransformationContext: Method 'public org.xwiki.rendering.internal.transformation.MacroTransformation getMacroTransformation()' has been removed ... ... @@ -302,5 +302,3 @@ 302 302 [ERROR] org.xwiki.rendering.transformation.Transformation: Method 'public void transform(org.xwiki.rendering.block.Block, org.xwiki.rendering.transformation.TransformationContext)' has been added to an interface 303 303 [ERROR] org.xwiki.rendering.transformation.TransformationManager: Method 'public void performTransformations(org.xwiki.rendering.block.Block, org.xwiki.rendering.transformation.TransformationContext)' has been added to an interface 304 304 {{/code}} 305 - 306 -