Changes for page Release Notes for XWiki Enterprise 2.5
Last modified by Thomas Mortagne on 2017/03/24
Change comment:
Improved the note about testing csrf protection
Summary
-
Page properties (2 modified, 0 added, 0 removed)
Details
- Page properties
-
- Author
-
... ... @@ -1,1 +1,1 @@ 1 -XWiki. VincentMassol1 +XWiki.abusenius - Content
-
... ... @@ -185,7 +185,9 @@ 185 185 [[image:referenceType:referenceData||paramN=valueN]] 186 186 {{/code}} 187 187 188 -{{info}}This syntax is not enabled by default, you must edit ##xwiki.cfg## and add it to the ##xwiki.rendering.syntaxes## setting to try it out.{{/info}} 188 +{{info}} 189 +This syntax is not enabled by default, you must edit ##xwiki.cfg## and add it to the ##xwiki.rendering.syntaxes## setting to try it out. 190 +{{/info}} 189 189 190 190 === [[Interwiki links>>http://en.wikipedia.org/wiki/Interwiki_links]] === 191 191 ... ... @@ -263,14 +263,28 @@ 263 263 264 264 == General Notes == 265 265 266 -{{warning}}If you're running in a multiwiki setup you'll also need to define the property //xwiki.store.migration.databases=all// to your //xwiki.cfg// file or explicitly name all databases to be migrated as in //xwiki.store.migration.databases=db1,db2,...//.{{/warning}} 268 +{{warning}} 269 +If you're running in a multiwiki setup you'll also need to define the property //xwiki.store.migration.databases=all// to your //xwiki.cfg// file or explicitly name all databases to be migrated as in //xwiki.store.migration.databases=db1,db2,...//. 270 +{{/warning}} 267 267 268 268 You may also want to [[import the default wiki XAR>>Main.Download]] in order to benefit from the improvements listed above. 269 269 270 -{{warning}}Always make sure you compare your //xwiki.cfg// file with the newest version since some configuration parameters were added. Note you should add //xwiki.store.migration=1// so that XWiki will attempt to automatically migrate your current database to the new schema. Make sure you backup your Database before doing anything.{{/warning}} 274 +{{warning}} 275 +Always make sure you compare your //xwiki.cfg// file with the newest version since some configuration parameters were added. Note you should add //xwiki.store.migration=1// so that XWiki will attempt to automatically migrate your current database to the new schema. Make sure you backup your Database before doing anything. 276 +{{/warning}} 271 271 272 - {{warning}}Experimentalsupport for CSRF protection is included in this release, although not enabled by default. This mechanism changes the way data is supposed to be saved, a change which will not completely break custom applicationsin mostcases,but which might insert an extra validation step needed for actually saving the data.{{/warning}}278 +== Migration Notes == 273 273 280 +The main entry point for the search UI is now the Main.Search page that will use the configured search engine (Lucene by default). If you want to refer to Lucene or Database search explicitly you can use the ##Main.LuceneSearch## and ##Main.DatabaseSearch## pages. Note that nothing is broken here (##Main.WebSearch## page is still there and internally it includes the ##Main.DatabaseSearch## page), it's just the new clean way of targeting the search page. 281 + 282 +=== Testing CSRF protection === 283 + 284 +An experimental support for CSRF protection is included in this release, although not enabled by default. 285 + 286 +{{warning}} 287 +This mechanism changes the way data is supposed to be saved, a change which will not completely break custom applications in most cases, but which might insert an extra validation step needed for actually saving the data. 288 +{{/warning}} 289 + 274 274 It is **strongly recommended** to set up a testing/development environment, enable this feature and fully test all the code. In most cases things should work with no additional changes. If the default edit mode is not used, or if the default velocity templates are not used, it should be enough to add the following line: 275 275 276 276 {{code language="html"}} ... ... @@ -277,10 +277,6 @@ 277 277 <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" /> 278 278 {{/code}} 279 279 280 -== Migration Notes == 281 - 282 -The main entry point for the search UI is now the Main.Search page that will use the configured search engine (Lucene by default). If you want to refer to Lucene or Database search explicitly you can use the ##Main.LuceneSearch## and ##Main.DatabaseSearch## pages. Note that nothing is broken here (##Main.WebSearch## page is still there and internally it includes the ##Main.DatabaseSearch## page), it's just the new clean way of targeting the search page. 283 - 284 284 === Removed deprecated flickr plugin === 285 285 286 286 The old flickr plugin was outdated and the API was broken, so, as a consequence, it has been removed. A new plugin will be available in the future. Meanwhile you can still find it in the contrib-retired at this [[link>>http://svn.xwiki.org/svnroot/xwiki/contrib/retired/plugin-flickr/]].