TWiki Release 4.3.1 (Georgetown), 2009-04-29
Introduction
TWiki 4.3.0 released on 2009-03-30 introduces security enhancements, usability enhancements, feature enhancements, and adds extensions to strengthen TWiki as an enterprise collaboration platform.
TWiki 4.3.1 released on 2009-04-29 introduces security enhancements. This release also introduces use of ISO date format by default.
It is highly recommended to upgrade to TWiki 4.3.1. Users will find this release much more stable and secure in daily use.
Pre-installed Extensions
TWiki 4.3.1 is ships with:
- Plugins: CommentPlugin, EditTablePlugin, EmptyPlugin, HeadlinesPlugin, InterwikiPlugin, PreferencesPlugin, RenderListPlugin, SlideShowPlugin, SmiliesPlugin, SpreadSheetPlugin, TablePlugin, TinyMCEPlugin, TWikiNetSkinPlugin, TwistyPlugin, WysiwygPlugin
- Contribs: BehaviourContrib, JSCalendarContrib, MailerContrib, TipsContrib, TWikiUserMappingContrib, TwistyContrib
- Skins: ClassicSkin, PatternSkin, TWikiNetSkin,
New Features Highlights
- Security Enhancements
- Usability Enhancements
- Replace question mark links with red-links to point to non-existing topics
- Use ISO date dormat by default
- Enterprise Collaboration Enhancements
- Pre-installed HeadlinesPlugin to show headline newsfeeds in TWiki topics
- Pre-installed TWikiNetSkin, TWikiNetSkinPlugin for corporate look and feel
- Search Enhancements
- Add footer parameter to Formatted Search
- Add number of topics to Formatted Search
- Miscellaneous Feature Enhancements
- Control over variable expansion at topic creation time
- 17 new TWikiDocGraphics images
- Include URL supports list of domains to exclude from proxy
- Adding Korean language
- Plugin Enhancements
- SpreadSheetPlugin: 5 new functions
See the full list of bug fixes at the bottom of this topic.
Deprecation Notices
The %MAINWEB% and %TWIKIWEB% variables have been deprecated. For compatibility reasons they are unlikely to ever be removed completely, but you should use the %USERSWEB% and %SYSTEMWEB% variables instead.
In Func getOopsUrl and permissionsSet have been declared deprecated. There is no plan to remove them yet.
TWiki-4.3.0 Minor Release - Details
TWiki-4.3.0 was built from SVN
http://svn.twiki.org/svn/twiki/branches/TWikiRelease04x03 revision 17948 (2009-03-30)
Highlights
- Security:
- Review code for robustness and security
- Secure configure script with taint mode turned on
- Rendering:
- %TOC% does not distinguish two headlines that have the same text
- TablePlugin produces bad links for sorting when using "short" URLs
- %SCRIPTSUFFIX% is added twice in %TOC% links
- Incorrect Content-length breaks HTTP headers, a.o. pound fail results
- TablePlugin: Date sorting is broken
- Bullet lists in form fields are not rendered properly
- TWiki Forms expand variables like $nop, $quote $percnt
- TwistyPlugin: Twisty can't be placed in TWiki table cells
- Users and groups:
- TWikiGroups shows all members twice
- Editing:
- WysiwygPlugin: Bolding single character within a word introduces spaces around bolded character
- Miscellaneous:
- configure's get more extensions does not work well without LWP
- CommentPlugin: Lost data if it's targeted before/after a missing anchor
- Plugin installation fails on windows: extender.pl line 684
- Statistics script does not handle properly topics with special characters
Enhancements
Item3647 |
Usability: Control over variable expansion in topic templates |
Item5025 |
InterwikiPlugin: Allow special characters in "Page" of Site:Page |
Item6148 |
HeadlinesPlugin: Support for {PROXY}{HOST} and {PROXY}{PORT} configure settings |
Item6176 |
Search: Add footer parameter to Formatted Search |
Item6180 |
HeadlinesPlugin: Support for {PROXY}{SkipProxyForDomains} configure setting, USERAGENTNAME plugin setting |
Item6184 |
Search: Add Number of Topics to Formatted Search |
Item6189 |
Usability: Replace question mark links with red links to point to non-existing topics |
Item6199 |
Enhancement: Add TWikiNetSkin to Distribution |
Item6200 |
Enhancement: Add HeadlinesPlugin to Distribution |
Item6222 |
SpreadSheetPlugin: New functions $EMPTY(), $INSERTSTRING(), $LEFTSTRING(), $RIGHTSTRING(), $SUBSTRING() functions |
Item6226 |
Include: Specify a list of domains to exclude from proxy with {PROXY}{SkipProxyForDomains} setting |
Item6227 |
Documentation: 17 new TWikiDocGraphics images |
Item6228 |
Security: Option to send signed e-mail with S/MIME |
Fixes
Item1607 |
%TOC% does not distinguish two headlines that have the same text |
Item2525 |
TablePlugin produces bad links for sorting when using "short" URLs |
Item4835 |
SpreadSheetPlugin: SUBSTITUTE error when text=old and replace is empty |
Item5176 |
%SCRIPTSUFFIX% is added twice in %TOC% links |
Item5471 |
SpreadSheetPlugin: The character 0 cannot be replaced using the REPLACE-funtion |
Item5910 |
TablePlugin: %TOC% variable creates links with unecessary query string |
Item5914 |
TWiki::Request::url() must support -rewrite, -absolute and -relative |
Item5920 |
TWikiGroups shows all members twice |
Item5939 |
Rogue <p /> below </html> on every topic in every web |
Item5960 |
Incorrect Content-length breaks HTTP headers, a.o. pound fail results |
Item5961 |
WysiwygPlugin: Bolding single character within a word introduces spaces around bolded character |
Item5991 |
JSCalendarContrib: Does not work correctly in IE7 |
Item5994 |
Secure configure script with taint mode turned on |
Item6005 |
EditTablePlugin: "label"-formatted cell changed in unexpected way |
Item6022 |
%ENCODE{}% treats % as safe character |
Item6026 |
With header format emtpy table is initialized with one column only |
Item6031 |
TablePlugin: Date sorting is broken. |
Item6041 |
TinyMCE bug with Firefox 3 and bulleted lists |
Item6050 |
statistics script fails when cuid is not equal login name (as login name is what's in the log files...) |
Item6054 |
TwistyPlugin: No longer possible to have a twisty on one line without linebreak |
Item6060 |
configure's get more extensions does not work well without LWP |
Item6061 |
TWiki::Func::getContext documention |
Item6138 |
Bullet lists in form fields are not rendered properly |
Item6163 |
CommentPlugin: Lost data if it's targeted before/after a missing anchor. |
Item6167 |
TWiki Forms expand variables like $nop, $quote $percnt |
Item6170 |
Plugin installation fails on windows: extender.pl line 684 |
Item6171 |
Per RFC 5321, single quote is allwed in e-mail addresses |
Item6178 |
Statistics script does not handle properly topics with special characters |
Item6185 |
Missing newline in Formatted Search if footer used |
Item6186 |
Review code for robustness and security |
Item6208 |
WebChanges does not work on Windows |
Item6220 |
TwistyPlugin: Twisty can't be placed in TWiki table cells |
Item6223 |
Users can't edit content in Main web |
TWiki 4.3.1 Patch Release - Details
TWiki-4.3.1 was built from SVN
http://svn.twiki.org/svn/twiki/branches/TWikiRelease04x03 revision 18054 (2009-04-29)
Highlights
- Security:
- TWiki:Codev/SecurityAlert-CVE-2009-1339: A remote user may gain TWiki admin privileges with a specially crafted image tag. This cross-site request forgery vulnerability existed because TWiki allowed HTTP GET to save content.
- Usability:
- Use of ISO format date promoted in this release
- Handling URLPARAM:
- The handling of URLPARAM for empty or missing was corrected in this release.
Enhancements
Item6239 |
Fix TWIKIWEB to SYSTEMWEB, MAINWEB to USERSWEB |
Item6254 |
Feature: Use ISO Date Format by Default |
Fixes
Item5453 |
Value of "0" improperly handled in ENCODE variable |
Item6232 |
Use of uninitialized value $1 in concatenation (.) or string at lib/TWiki.pm |
Item6240 |
unhelpful error message when sysCommand fails |
Item6243 |
URLPARAM "empty or missing" |
Item6251 |
CSRF vulnerability CVE-2009-1339: Possible to gain TWiki admin privileges with a specially crafted image tag |
Related Topic: TWikiHistory,
TWikiInstallationGuide,
TWikiUpgradeGuide