Foswiki on GitHub is open for business! Next release meeting: Monday October 13, 1300Z

Foswiki archived release

alert This release is superseded by Foswiki 1.1.9. Visit the download page.

Highlights of this release

  • Security Focused Release. This release includes the complete fix for CVE-2012-1004.

For users:

  • More than 120 bug fixes and improvements relative to 1.1.4
  • TinyMCE Editor is upgraded from 3.3.8 to 3.4.6
  • Registration errors are now returned to users in their selected language
  • Strike-out <del> and <s> tags are lost by WYSIWYG editor
  • New SpreadSheetPlugin operators: FLOOR and CEILING

For administrators:

  • Default encoding for .htpasswd has changed and the AutoDetect option is enabled by default. Be sure to review the System.ReleaseNotes01x01.
  • Better session support for mixed http and https environments
  • Configure and admin password uses stronger encoding
  • Statistics can now auto-create the WebStatistics topics. Also the statistics script must be called using POST.

ALERT! Security alerts or advisories apply to this release: This release is vulnerable to the above alerts. Instructions on how to mitigate these issues are described in the alert details.

Download Foswiki 1.1.5 now

GPG Signatures and MD5 checksums are provided for verifying the integrity of the files for the primary download packages.

File GPG MD5 Description
download Foswiki-1.1.5.tgz GPG MD5 tar gz version of Foswiki
download Foswiki-1.1.5.zip GPG MD5 zip version of Foswiki

Upgrade versions

If you already have Foswiki version an earlier version 1.1.X installed

File GPG MD5 Description
download Foswiki-upgrade-1.1.5.tgz GPG MD5 upgrade tar gz version of Foswiki
download Foswiki-upgrade-1.1.5.zip GPG MD5 upgrade zip version of Foswiki

ALERT! The upgrade packages exclude the files that are typically changed when you customize your installation. The upgrade package can be copied on top of an existing running 1.1.X installation for a quick upgrade to 1.1.5. See Installation section for details.

Upgrading to 1.1.5 from a 1.0.X release using the upgrade package is known to have issues. Copying a 1.1.5 upgrade package on top of a 1.0 will leave a lot obsolete files behind which could cause trouble. Using a LocalSite.cfg file from a 1.0 system will appear to work, but will cause significant issues with QuerySearch. Migration from Foswiki 1.0 to any release of 1.1 should be done using a reinstall.

%STARTSECTION{"download-none"}%
<blockquote class="foswikiAlert"> *This release has not been built yet!*  This is a draft of the release announcement.  If you want an early start to testing, see Development.SubversionBasedInstall.</blockquote>
%ENDSECTION{"download-none"}%


%STARTSECTION{"download-topic"}%
%INCLUDE{"Download.FoswikiReleaseViewTemplate" section="download"
  release="%FORMFIELD{"Release" topic="%BASETOPIC%"}%"
  url="%PUBURLPATH%/%BASEWEB%/%BASETOPIC%"
  upgraded=""
  upgrade=""
}%
%ENDSECTION{"download-topic"}%

%STARTSECTION{"download-topic-upgrade"}%
---+++!! Upgrade versions

If you already have Foswiki version an earlier version 1.1.X installed

%INCLUDE{"Download.FoswikiReleaseViewTemplate" section="download"
  release="%FORMFIELD{"Release" topic="%BASETOPIC%"}%"
  url="%PUBURLPATH%/%BASEWEB%/%BASETOPIC%"
  upgraded="upgrade-"
  upgrade="upgrade"
}%
%ENDSECTION{"download-topic-upgrade"}%

%STARTSECTION{"download-sourceforge"}%
%INCLUDE{"Download.FoswikiReleaseViewTemplate" section="download"
  release="%FORMFIELD{"Release" topic="%BASETOPIC%"}%"
  url="http://sourceforge.net/projects/foswiki/files/foswiki/%FORMFIELD{"Release" topic="%BASETOPIC%"}%"
  upgraded=""
  upgrade=""
}%
%ENDSECTION{"download-sourceforge"}%

%STARTSECTION{"download-sourceforge-upgrade"}%
---+++!! Upgrade versions

If you already have Foswiki version an earlier version 1.1.X installed

%INCLUDE{"Download.FoswikiReleaseViewTemplate" section="download"
  release="%FORMFIELD{"Release" topic="%BASETOPIC%"}%"
  url="http://sourceforge.net/projects/foswiki/files/foswiki/%FORMFIELD{"Release" topic="%BASETOPIC%"}%"
  upgraded="upgrade-"
  upgrade="upgrade"
}%

%X% The upgrade packages exclude the files that are typically changed when you customize your installation. The upgrade package can be copied on top of an existing running %FORMFIELD{"ReleaseMajor" topic="%BASETOPIC%"}%.%FORMFIELD{"ReleaseMinor" topic="%BASETOPIC%"}%.X installation for a quick upgrade to %FORMFIELD{"Release" topic="%BASETOPIC%"}%. See [[#Installation][Installation section for details]].

Upgrading to %FORMFIELD{"Release" topic="%BASETOPIC%"}% from a 1.0.X release using the upgrade package is known to have issues. Copying a %FORMFIELD{"Release" topic="%BASETOPIC%"}% upgrade package on top of a 1.0 will leave a lot obsolete files behind which could cause trouble. Using a =LocalSite.cfg= file from a 1.0 system will appear to work, but will cause significant issues with System.QuerySearch. Migration from Foswiki 1.0 to any release of %FORMFIELD{"ReleaseMajor" topic="%BASETOPIC%"}%.%FORMFIELD{"ReleaseMinor" topic="%BASETOPIC%"}% should be done using a reinstall.
%ENDSECTION{"download-sourceforge-upgrade"}%

%STARTSECTION{"download"}%
| *File* | *GPG* | *MD5* | *Description* |
| [[%url%/Foswiki-%upgraded%%release%.tgz][%ICON{download}% Foswiki-%upgraded%%release%.tgz]] | [[%url%/Foswiki-%upgraded%%release%.tgz.asc][GPG]] | [[%url%/Foswiki-%upgraded%%release%.md5][MD5]] | %upgrade% tar gz version of Foswiki |
| [[%url%/Foswiki-%upgraded%%release%.zip][%ICON{download}% Foswiki-%upgraded%%release%.zip]] | [[%url%/Foswiki-%upgraded%%release%.zip.asc][GPG]] | [[%url%/Foswiki-%upgraded%%release%.md5][MD5]] | %upgrade% zip version of Foswiki |%ENDSECTION{"download"}%

Other downloads/installers

Foswiki 1.1.5 has a Debian apt repository, a yum rpm (Centos6, RHEL6) repository for easy foswiki and extensions installations, a zero install USB stick for windows and a ready to use virtual machine:

See also: OtherFoswikiInstallers

Getting help & providing feedback

Don't forget to use the upgrade or installation guides. If you need help, there are several options:

We want to hear from you! Especially if you have noticed a bug, have some ideas we could use, or just want to contribute:

  • You can upgrade 1.1.0, 1.1.1, 1.1.2, 1.1.3 or 1.1.4 to 1.1.5 using the upgrade package.
  • Jump to: Installation and Upgrade details
  • GPG Signatures and MD5 checksums are provided for verifying the integrity of the files for the primary download packages.

Important changes since Foswiki 1.1.4

Changes to Data Form handing

A fix to Tasks.Item11666 will cause default values to be assigned to radio button type form fields. The first listed value will be the default. This can have a surprising or unintended effect on existing data forms that expected these fields to default to unassigned. Existing data forms should be reviewed for correct default assignments before upgrade.
  • Ensure that the desired default choice is listed first in the Values field.
  • If no default is desired, list an empty value first Ex. | , Yes, No | Note however that this will result in an unlabeled button in the field representing the unassigned choice.

Improvements to User Registration

  • The complete fix for CVE-2012-1004 has been integrated, including pluggable field validations in the User Mapper. If your installation uses a custom user mapper, there is a new function in the base user mapper lib/Foswiki/Users.pm, that performs registration field validations. Override this method in your custom user mapper to add site specific validations.
  • The user registration and group management API calls now all return error messages describing any failures. All errors are processed through MAKETEXT so that they are translated to the selected language.
  • New options can reject duplicate registrations using the same email, and can either white-list or black-list email domains from registering.

Improvements to .htpasswd handling

  • The HtPasswdUser password manager has been changed to globally cache the password file if enabled. In an installation running fcgi or mod_perl, this will reduce the overhead of reading the file for each transaction.
  • The .htpasswd lock file is now configurable. There was a small risk that when multiple foswiki installations shared a common .htpasswd file, simultaneous updates would not be prevented, resulting in file corruption.
  • The default for {Htpasswd}{Encoding} has been changed to apache-md5. We strongly recommend that installations migrate away from crypt encoding - the prior default. crypt truncates passwords at 8 characters.
  • The {Htpasswd}{AutoDetect} option is enabled by default. This ensures that an existing .htpasswd file cannot be accidentally corrupted due to the change in default encoding.
  • A new password encoding hash has been added. bcrypt encoding. (Ref. http://yorickpeterse.com/articles/use-bcrypt-fool )

Better session support for mixed http and https environments

If your foswiki is set up to accept both https and http requests, your users may find themselves logged out much faster than desired.

1.1.5 fixes this by using separate authentication session cookies when using http and https, but this may mean your users may need to login again. This applies to both TemplateLogin and ApacheLogin.

Changes to the configure password handling

The encoding of the bin/configure and "sudo" admin user has been changed.Sites should change their configure password as soon as possible. Note that this change is not backwards compatible.Once the password has been changed, if fallback to 1.1.4 is required, the password will have to be reset by removing the password from lib/LocalSite.cfg.

Changes to Statistics processing

The WebStatistics topics are no longer shipped with Foswiki. Two new topics have been included: DefaultWebStatistics and WebStatisticsTemplate. The statistics script now has the optional capability of creating the missing WebStatistics topics.
  • The Foswiki configuration has a new parameter: {Stats}{AutoCreateTopic} (default is disabled)
  • The statistics script has a new parameter: -autocreate 1 or autocreate=1 (default is 0 or disabled)
  • The statistics script must now only be run using POST. HTML GET should never result in an update.

The details of this change are in SiteTools#WebStatistics, including a tool to help with creating the missing WebStatistics topics.

Changes to PlainFile logger to improve log rotation

In previous versions of foswiki, the default PlainFile logger failed to rotate the logs if any log records were corrupted.This is more likely in the error log file, but can be caused by any log record that is written containing embedded newlines.If a log record is read without the expected | Timestamp | as the first column, rotation stops.

This behavior has been corrected, however sites where rotation was failing may have extremely large log files. When foswiki performs the rotation at the beginning of the next month, rotation can take an extended time, resulting in extended response time.

See the Release Notes for more details.

Known Issues in Foswiki 1.1.5

Details of this release

Fixes

  • Ampersands in [[Square Bracket?queries]] are double-encoded
  • Argument "50" isn't numeric in multiplication, Search.pm line 279
  • {AuthRealm} checker doesn't detect htdigest-md5 encoding
  • AuthScripts checker could be a little more helpful
  • beforeSaveHandler is passed an uncommitted meta object
  • Better error feedback from TopicUserMapper and UI::Register
  • Broken copy - paste of list items
  • Cannot edit on IE8
  • Can't create empty groups with UI
  • Can't disable default tableplugin settings
  • Checking PATH for an insecure elements
  • CommentPlugin types table is missing some shipped types.
  • Configure doesn't make it easy to set a missing admin password
  • Configure Extensions tabs needs some usability help
  • Configure loads DEPENDENCIES from lib, but file is in lib/Foswiki/Contrib/core
  • Configure updates for checkers and documentation
  • Convert RenderListPlugin to use preRenderingHandler
  • Correct boolean operator and comment
  • Delete of a Heading 1 in WYSIWYG mangles the headings
  • Documentation 'ifStatements ==> ingroup-Function'
  • Documentation updates for SlideShowPlugin
  • Document use of %BR% to create linebreaks in FormattedSearch results
  • Document {WarningsAreErrors} in EmptyPlugin
  • $dollarcomma token not used in SUBSTITUTE and other Spreadsheet macros
  • Don't try to view invalid rev
  • Email debug messages need some improvements
  • Email errors not handled well during registration
  • Error with Statistics
  • Excessive debug logging from Statistics runs
  • Extra slash in link throwing off google crawler
  • Fn_MAKETEXT::test_underscore fails unless at least one language is enabled
  • FORMAT{"0" type="string"... doesn't work
  • $Foswiki::cfg references in other config variables not expanded within web Extensions installer
  • Foswiki Func does not seem to have a way to expand tmpl parameters
  • Foswiki::Func::saveTopicText() with embedded META:TOPICINFO duplicates the TOPICINFO.
  • Foswiki::inlineAlert() reports missing template if resutls are empty. Also wrong template name.
  • Foswiki logger fails to rotate files other than events.log
  • geturl.pl script needs POST capability to run statistics
  • GroupViewTemplate loads style definitions into head repeatedly
  • Helper topics that return JSON should set content type application/json
  • Hitting cancel on the 'edit topic preferences' oopsmore UI saves the changes
  • HtpasswdUser creates a cache, make it a global cache
  • HtpasswdUser issues when shared between multiple Foswiki instances
  • If search results are less than pagesize, unresolved token shows up
  • Implement USERINFOisTooRestrictive
  • Inside <pre> formatted text, <b>, <strong> tags are lost in WYSIWYG transition
  • Javascript error with IE7 causes Format dropdown to fail on nested webs
  • JQuerySimpleModal sample window isn't displayed properly in 1.1.2 (was good in 1.1.1)
  • JSCalendarContrib should fallback to numbers for month in case it is given a date like 1/12/2012 and format expects 1 Dec 2012.
  • @_lines redefined in I18N module
  • LINKTOOLTIPINFO html corrupted if text contained quotes and removal created a WikiWord
  • List iterator fails on undef lists.
  • Logs are not rolling on first of months.
  • Looks like the defaulting of checkboxes in dataforms is broken (at least it is not doing what the docco says)
  • Macros are processed by commonTagsHandler within verbatim blocks of included topics
  • Make TABPANE contents visible if no js
  • Manage and register needs some tlc
  • Manage editSettings does not take a topic lease.
  • MetaCache robustness: remove from cache on $topicObject->finish()
  • Mixed http and https sites get logged off too quickly
  • Need better documentation and handling of Perl dependencies
  • Pattern's print skin adds path and author information to the output that is not in a separate div - so its impossible to hide with css
  • Properly remove spurious lease files
  • Protect inline script and style tags from wysiwyg
  • pushTopicContext does not re-read preferences in afterSaveHandler
  • %QUERY containing where clause can fail if only one item is being examined
  • QUERY referencing the attachment fields can't access attachment 0 when there is only one attachment
  • Redirect call in Save and Rename have incorrect call to Foswiki::redirect()
  • Register can fail midway and leave the registration half done making re-registration impossible.
  • Registration failure due to email created topics but loses the password (deferred to 1.1)
  • Relax the check which assigns {DefaultUrlHost} as the urlHost, to detect localhost URL variants using https and custom port numbers
  • Release 1.1 SlideShowPlugin breaks jquery widgets
  • Rename computes the list of referring topics even though there's no LOCAL_SEARCH or GLOBAL_SEARCH on the rename template
  • Resizing EditBox broken: enlarges a lot, shrink doesn't work
  • {SafeEnvPath} deserves a decent default
  • SANDBOXWEB macro is undefined.
  • select+values formfield doesn't display its mapped value
  • select+values formfields can lose their value mapping
  • Spelling mistake in the installation guide
  • SpreadSheetPlugin $ABOVE() thinks rows are zero-based
  • Statistics not generated for subwebs
  • Statistics topic changes in Item11182 has issues if WebStatistics topic is renamed or archived.
  • Strike-out <del>, <s> tags are lost in WYSIWYG transition
  • TablePlugin doesn't report errors back to user
  • Tables containing headings fail to roundtrip
  • The message "Please wait... retrieving page from server" looks too much like an error. Change to "Loading" JS Animation.
  • The pattern skin revision info has an odd failure mode when a TOPICINFO.author is a wikiname that isn't a valid cuid anymore
  • The renderWikiWordHandler is called for things that are not WikiWord links
  • The rest script needs better endPoint handling
  • The statistics script updates topics with GET. It should be restricted to POST
  • TinyMCE Corrupting HTML Tables
  • TopicUserMapping blocks registration if passwords are not writable - FAIL!!
  • Top of the formatting help in edit seems to not be rendered right anymore
  • Upgrades to 1.1.x don't get the OP_match operator added to query search. Breaks attachments table.
  • User registration needs mechanism to validate form fields
  • Use style attributes instead of bgcolor
  • Value of GMTIME{"$week"} is not ISO8601 conform
  • View iterates through the revs when a revision directive isn't present
  • WebSiteTools was still using the deprecated search script
  • WysiwygPlugin removes line breaks

Enhancements

  • Add BCrypt encryption to HtPasswdUser.pm
  • Add Javascript callbacks to get notified after editor changes to/from Raw or WYSIWYG mode.
  • Add link to StandardColors to web creation form
  • Add package navigation to Perl Doc
  • Add support for redirectto to the addUserToGroup and removeUserFromGroup register actions.
  • add +values to radio and checkbox formfields
  • All Form/element.pm's should have a css class on them.. especially Label.
  • Alllow templates to better control placement of the WYSIWYG button.
  • Change default password encoding to apache-md5 and enable auto-detect of old crypt passwords by default
  • Enhance SpreadSheetPlugin with new functions FLOOR and CEILING
  • Implement Development.AddOptionalRegistrationEmailValidation
  • Implement Development.ImproveStatisticsHandlingForMissingTopics
  • Pattern skin font definitions are too far into the html to work for JQDialogs
  • Re-introduce style option and new default calendar skin
  • Sandbox webname should be configurable in the same way that other default webs are configurable
  • Un-deprecate, improve Foswiki::Func::getScriptUrlPath() API
  • Update to WYSIWYG Editor to TinyMCE 3.4.7
  • Use a better password method for configure
  • We should not use simplemodal, but rather the much better jquery.ui.dialog.
  • You are trying to viewfile an attachment that does not exist. lacks a link to the topic.

Installation

New Installations or Upgrade from Foswiki 1.0

Please refer to the INSTALL.html file which can be found the downloaded tgz/zip. It is a copy of the System.InstallationGuide

Upgrade from Foswiki 1.1.x

  • ALERT! Do not upgrade in-place from Foswiki 1.0 to 1.1. Install a new copy of Foswiki for a 1.0 upgrade.
  • ALERT! Do not copy a 1.0.x lib/LocalSite.cfg file into 1.1. Reconfigure using bin/configure

Before you start

  • Make a backup of your Foswiki installation
  • Review Data Forms and ensure that for any radio type fields, the desired default is listed first. Or start the values with a comma, defaulting to an empty value.
  • Review your Apache configuration for any ExpiresDefault setting for client side caching. If client caching is in use, decrease the expires time to a short duration and delay the upgrade until existing browser client cache has expired.
  • Review the ReleaseNotes01x01 and JQueryMigrationGuide carefully for any issues that might apply to your installation.
  • Review the list of files in the upgrade tgz or zipfile. If your installation has modified files shipped in the upgrade package, you need to decide if you want to use the new versions.

Doing the upgrade

  • Copy the contents of the upgrade tgz or zipfile onto your installation
    • To expand the tar file in-place over an existing installation, use tar --strip-components=1 -xvzpf Foswiki-upgrade-1.1.5.tgz The strip-components operand will remove the top-level directory from the extracted files.
  • Update file ownership and permissions- See SettingFileAccessRightsLinuxUnix
  • Restart Apache
  • Visit bin/configure
    • Address any warnings or errors reported by the new configuration checkers
    • Go to the Extensions, JQuery tab.
      • Select the 1.7.1 version of jquery,
      • ensure that a JQuery theme has been selected
      • Disable any JQuery plugins flagged as obsolete
  • If you use the Foswiki Cache, be sure to refresh the cache. See System.PageCaching#Refreshing_the_cache

Language Translation Status

For translations status, see Foswiki's Pootle translation server.

Installation

Please refer to the INSTALL.html which can be found the downloaded tgz/zip.

License

  • This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  • This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  • See the GNU General Public License for more details, published at http://www.gnu.org/copyleft/gpl.html

Release Details

Topic revision: r16 - 07 Jun 2012, GeorgeClark
 
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement. Creative Commons License