Foswiki update May 2014

May 24th, 2014 No comments

Hello Foswiki community, Time for an overdue update of the Foswiki project.   Read on for notes on the Foswiki Association meetings, the upcoming Foswiki 1.2 release,  Foswiki Translations,  the Foswiki Task Teams, and the Foswiki infrastructure and GitHub migration.

 

Enjoy community.

 

Foswiki Association

The Foswiki association held its Fifth General Assembly on .17th May 2014.   Oliver Krueger and Crawford Currie have stepped down from the board.  George Clark was reelected as a board member. Lynnwood Brown and Julian Levens were elected into the board. All three accepted their election. The “new” board consists of: Paul Harvey, Michael Daum, Lynnwood Brown, Julian Levens and George Clark. The Board of Directors met on 23rd May 2014.  Lynnwood Brown was elected as Chairman, and Julian Levens  as treasurer. The complete minutes of both meetings can be found at: FifthGeneralAssemblyMinutes and AssociationBoardMinutes20140523

Release 1.2

We are beginning the release process for Foswiki 1.2 and wanted to pass along the news. George Clark agreed to serve as the Release Manager for Foswiki 1.2. There has been a lot of excellent work done on Foswiki 1.2, and it’s time to get it out.   See Development.ReleasePlan for details of what’s in the release. We will be starting regular release meetings to drive forward the release process.   We are still in the early stages of picking a schedule for the meetings.  Given the time zones involved it appears that a weekday around 1200Z seems to be mostly waking hours for many of our developers.  Release meetings will be held in the #foswiki channel on IRC,  and we’ll start off with bi-weekly meetings. Meetings will be limited to 1 hour if possible. Check out your timezones. If you have any opinions regarding the proposed schedule, please speak up!   Everyone is welcome to participate in the release process.  Planned agenda for the meetings:

  • Release blocker review
  • Other task review
  • Testing and usability feedback
  • Feature request review (limited … we are in feature freeze)

In the meantime if you have a favorite task that has not seen much activity, please mark it urgent so it bubbles up to the top of the development effort.

Translations

We’ve established a new email list for the translators:  foswiki-translations@lists.sourceforge.net. We will use this new email list to keep the translators up to date with the efforts.   You can subscribe here:  https://lists.sourceforge.net/lists/listinfo/foswiki-translations.  Please pass along this information to anyone else in your organizations who might be willing to help in keeping Foswiki translations current.

Task Teams

In the annual meeting, the Foswiki Association decided to retire several of our Task Teams.  The Translation team is being split into the Infrastructure and Release task teams.   Translation is integral to each new Foswiki release.   You can see the current and past team information here: http://foswiki.org/Community/TaskTeam.If you can help with any of the teams, please let us know.

Foswiki Infrastructure

And last but not least, we have some critical decisions to make regarding the Foswiki infrastructure:

  • The infrastructure team is working on migrating from subversion to github as our primary repository.   We’ve been running github in parallel with svn for several years now and we hope to complete the migration to git prior to the branching of Foswiki 1.2 from trunk.
    • We are proposing making github the primary Foswiki repository under the “Foswiki” github account:
      • The current flow   svn -> (git-svn repo) -> github would be reversed.
      • Core + Default extensions would be in one github repository under the Foswiki account.
      • Each non-default extension will be in it’s own github repository under the Foswiki account
      • Users will also be able to release extensions from their own github accounts.
    • The Tasks web would still be used as our tracker for extensions in the Foswiki github account.
      • It is yet to be determined if we will make any effort to support extensions released from other non-Foswiki github accounts using the Tasks web, vs. using the github tracker.
    • We will still maintain a foswiki-owned repository but it will be a mirror of the github environment.
    • We are still working on a way to map the historical svn rev numbers into git commit identifiers.   Because of differences in how git and svn record a change, it’s possible for one svn checkin to result in multiple git commits,  so it’s not a 1:1 relationship.
    • We also need to work out a good mechanism for updating the tasks web with each github commit.
  • The Pootle server (http://translate.foswiki.org/) is down due to an issue encountered during a system upgrade, and we are taking this opportunity to review tools and decide if there might be a better alternative.
    • Pootle integration to scm tools like subversion or git has been difficult, and only translates one branch.
    • Weblate (http://weblate.org/) appears to be similar to Pootle, but has very tight github integration,  and can translate across multiple branches.
    • Other suggestions are welcome.
    • If anyone here has experience with Weblate and git integration, we need assistance in working though the integration requirements and implementation.

As you can see,  there is much to be done.  Please help if you can! Thanks, George Clark On behalf of the Foswiki Association Board.

Foswiki 1.1.9 Virtual Machine now available

March 21st, 2014 Comments off

The Foswiki Virtual Machine image, built for VMWare player, VirtualBox and other VM software has been updated to the latest OS and Foswiki.

  • Foswiki is is updated to 1.1.9, with some optional plugins
  • The FastCGIEngineContrib is installed, and mod_fcgid is  enabled on apache for improved performance.
  • The ImagePlugin is installed for improved graphics handling.
  • The OS has been refreshed and updated to Ubuntu 12.04.4 LTS

See Support.VirtualMachineImages for instructions, and Download.DownloadVirtualMachineImage for the downloads.

Categories: Uncategorized Tags:

Foswiki 1.1.9 released

December 18th, 2013 Comments off

On behalf of the entire Foswiki community, I’m pleased to announce that Foswiki release 1.1.9 is available for download. 5 years ago, November 19th, 2008, the Foswiki name was announced. Since then, the project has made approximately 20 releases of Foswiki. This release builds upon the collective effort of many developers and sponsors across the 5+ year project history. Foswiki Release 1.1.9 is a security, performance and bug-fix release. It comes with 44 bug fixes relative to 1.1.8. For those of you that can’t wait to get their hands on it: head over to the download page http://foswiki.org/Download/FoswikiRelease01x01x09. Bugs can be reported on http://foswiki.org/Tasks/CreateNewTask Fos­wiki-1.1.9 will be the last re­lease on the 1.1.x branch hope­fully and work on the new 1.2.0 re­lease starts from now on. Fos­wiki-1.2.0 will have a cou­ple of im­por­tant fixes on board that didn’t make it into 1.1.9 but that’s an­other story. Stay tuned. And a special thanks to all the developers, testers, translators, bug reporters and everyone in the Foswiki community who made Foswiki 1.1.9 possible. On behalf of the Foswiki Association and the entire Foswiki Community: Please enjoy Foswiki 1.1.9 George Clark Release manager for 1.1.9

Highlights of Foswiki 1.1.9 release

 Security, Performance and Bug-fix Release

 For users:

  • 44 bug fixes relative to 1.1.8
  • Ships with jQuery 1.10.1, jQuery-2.0.2 and jQuery-ui-1.10.3.
  • JQuery 2.x is the fastest, lightest JQuery, for an improved user experience.

For administrators:

  • Fixes several code issues that would block migration to recent versions of perl and certain CPAN modules.
  • Resolves two important performance issues, accumulation of CSS by TablePlugin, and a major memory leak for certain search strings.
  • Security changes:
    • TOPICLIST macro no longer reveals names of view restricted topics
    • username and password URL params are restricted to POST to the login script
    • Additional sanitizing of the URL path is performed.

See the ReleaseNotes for details and other changes

Getting help & providing feedback

Don’t forget to use the upgrade or installation guides. If you need help, there are several options:

We want to hear from you! Especially if you have noticed a bug, have some ideas we could use, or just want to contribute:

Upgrade Instructions

Always remember to run configure and save the configuration after an upgrade to check for configuration changes.

Changes to login using URL parameters

All versions of foswiki previously allowed the username and password parameters to be provided on the URL. For ex: bin/view/Myweb/SomeTopic?username=JoeUser;password=SEcrET This has been changed to further restrict login.

  • username and password will only be accepted on POST type operations. a simple GET url with username and password will not accept the supplied credentials.
    • The previous behaviour can be restored by enabling $Foswiki::cfg{Session}{AcceptUserPwParamOnGET} in the configuration
  • username and password will only be accepted as login credentials on the view, viewauth and loginscripts.
    • Other scripts can be authorized by configuring $Foswiki::cfg{Session}{AcceptUserPwParam}

JQuery upgrade

This release ships with several upgraded versions of JQuery including:

  • jQuery 1.10.1,
  • jQuery-2.0.2
  • jQuery-ui-1.10.3

The default jQuery release is changed to version 1.8.3. The deprecated jQuery Tooltip plugin is replaced with the new jQuery UI::Tooltip. Before upgrade, determine if any topics or plugins JQREQUIRE “tooltip”.   Those topics or plugins need to be upgraded to use the new UI::Tooltip.  Upgraders should visit bin/configure and make the following changes to the JQuery configuration:

  • Update {JQueryPlugin}{JQueryVersion} to version 1.8.3
  • Disable {JQueryPlugin}{Plugins}{Tooltip}{Enabled} and
  • Enable {JQueryPlugin}{Plugins}{'UI::Tooltip'}{Enabled}

The following optional plugins:ClassificationPlugin, HarvestPlugin, ImagePlugin, NatSkin, SolrPlugin  are known to use tooltip and if installed, will require an upgrade to the latest version. You might also start using jquery-2.0.2 to get the best performance and configure jQuery-1.10.1 to be served to old Internet Explorers automatically:

  • Update {JQueryPlugin}{JQueryVersion} to version 2.0.2
  • Set {JQueryPlugin}{JQueryVersionForOldIEs} to version 1.10.1

Upgrade package includes the Sandbox.WebHome topic

The topic creator script was improved in 1.1.7, and the Sandbox topic was included in the upgrade package. Normally WebHome topics are never shipped in an upgrade package.

Module version strings and new module dependency since 1.1.6

The Foswiki and default extension version strings have been changed from a developer oriented string Foswiki-1.1.5, Tue, 10 Apr 2012, build 14595, to a simple perl version string – “v1.1.6″. The “RELEASE” string will continue to be more descriptive and can be displayed with a new macro %WIKIRELEASE%. This adds a new dependency on version 0.77 – the Perl module version class.

  • Sites using Perl 5.10.1 or newer have the correct version of version.
  • Sites on older versions of perl should install the latest version using CPAN or their system’s package manager.

Before upgrading, verify that the installed version of CPAN:version is at least version 0.77. If not, upgrade CPAN:version before attempting to upgrade Foswiki!
This is how to test your version of “version”:

perl -Mversion -e ‘print “$version::VERSION\n”‘

0.9901

New setting needed for PatternSkin

If PatternSkin is installed on an older Foswiki, or the Foswiki-upgrade package is used to upgrade an existing Foswiki system, there is a new required setting that must be added to Main.SitePreferences.

   * Set PATTERNSKIN_JQUERY_THEME = PatternSkinTheme

The new System.DefaultPreferences topic shipped with the upgrade package does have this setting, but if you have customized you DefaultPreferences, then this needs to be added. Also, you’ll need to go through one save cycle of configure to register the new JQuery pattern theme in the configuration. (If configure reports no changes, make a minor change and save again, and configure will merge in the changed settings). Or edit the LocalSite.cfg file by hand and add

$Foswiki::cfg{JQueryPlugin}{Themes}{PatternSkinTheme}{Url} = '$Foswiki::cfg{PubUrlPath}/$Foswiki::cfg{SystemWebName}/PatternSkinTheme/jquery-ui.css';
$Foswiki::cfg{JQueryPlugin}{Themes}{PatternSkinTheme}{Enabled} = 1;

Other important things to know.

Most extensions released since Foswiki 1.1.6 have converted to formal perl version strings. version->declare('v1.1.6'). The PatchFoswikiContrib must be installed on older versions of Foswiki before installing any of these extensions on older Foswiki versions. Note that they have not been tested on Foswiki 1.0

Installation

Please refer to the INSTALL.html which can be found the downloaded tgz/zip.

License

  • This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  • This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  • See the GNU General Public License for more details, published at http://www.gnu.org/copyleft/gpl.html

Release Details

Categories: Release Tags:

Foswiki 1.1.8 released

March 1st, 2013 No comments

While it’s been quiet in the blog lately, we’re back just in time for the latest release in the Foswiki 1.1 series, with a few general improvements but also a fixed security issue. In other words: you don’t want to miss the new Foswiki version! It’s available right now at http://foswiki.org/Download/FoswikiRelease01x01x08.

Be sure to pay attention to the upgrade instructions there, especially if you’re upgrading from Foswiki 1.1.5 or older.

In case you haven’t been following the release announcements elsewhere, I’ve included a brief description of the other releases you may have missed. If you want to know every last detail about all the changes in recent releases, look at the full release notes for the Foswiki 1.1 series.

Highlights of Foswiki 1.1.8 release

Security Release

Release 1.1.8 fixes a Critical Security Vulnerability. All previous releases of Foswiki are vulnerable to a security issue in Locale::Maketext. It is described further in SecurityAlert-CVE-2013-1666.  If your site runs with Internationalization enabled, you should upgrade to this release.

  • For users: 4 bug fixes relative to 1.1.7
  • For administrators: SSL Email works on newer versions of IO::Socket::SSL. (The prior fix in 1.1.7 was incomplete).

Highlights of Foswiki 1.1.7 release

Release 1.1.7 fixes a Critical Security Vulnerability. All previous releases of Foswiki are vulnerable to a security issue in Locale::Maketext. It is described further in SecurityAlert-CVE-2012-6329. A 2nd vulnerability in the Foswiki %MAKETEXT% macro was also discovered, and is described further in SecurityAlert-CVE-2012-6330 .

For users:

  • 20 bug fixes and 4 improvements relative to 1.1.6
  • WYSIWYG editor improves handling of WikiWord links. Changing the displayed WikiWord also updates the link target.
  • The default font has been restored to the attributes from 1.1.5. This prevents layout differences when upgrading to Foswiki 1.1.7

For administrators:

  • For sites using SSL accelerators and load balancers: A new expert configuration parameter {ForceDefaultUrlHost} can be enabled to force Foswiki to override the user entered URL with the {DefaultUrlHost} setting.
  • SSL Email works again on newer versions of IO::Socket::SSL
  • Pending registration requests now have a separate timer independent from the Session timer.
  • Removed undocumented dependency on updated HTML::TreeBuilder > 4.0

Highlights of Foswiki 1.1.6 release

For users:

  • More than 117 bug fixes and improvements relative to 1.1.5
  • TinyMCE has been updated to release 3.4.9
  • Markup within input fields is no longer rendered
  • The Chili syntax highlighter has been enabled by default

For administrators:

  • Duplicate email checks are applied to pending registrations.
  • Stale pending registrations are removed.
  • Configure makes a backup before saving configuration changes
  • Performance problems with Rename and Log Rotation have been addressed.
Categories: Release, Security Tags:

New WysiwgyPlugin and TinyMCEPlugin released

May 22nd, 2012 1 comment

Updated versions of the WysiwygPlugin and TinyMCEPlugin have been released to the Foswiki Extensions web. This update adds a couple of minor enhancements and addresses several issues reported with WYSIWYG editing since the release of 1.1.5.

Update: This version does not work with perl older than 5.10.
Update 2:  Version 1.1.12 of WysiwygPlugin fixes the perl compatibility issues and resolves a but where certain links were corrupted.

  • TinyMCE Editor is upgraded to Release 3.4.9
  • The editor can now view and edit blocks marked with the foswikiHidden class
  • Loss of whitespace in the edited topic  has been resolved.
  • Improvements  in link handling.  All wiki links are editable as true HTML links in TinyMCE.
  • Colors implemented using the new 1.1.5  foswiki CSS are now recognized

There are several other bug fixes and enhancements.   Details are in the WysiwygPlugin and TinyMCEPlugin topics.  The new extensions are both now installed on foswiki.org.

Categories: Development Tags:

Foswiki 1.1.5 released

April 11th, 2012 No comments

While 1.1.5 is primarily a security focused release, it also comes with more than 120 bug fixes and improvements related to 1.1.4. For those of you that can’t wait to get their hands on it: head over to the download page.

Update: The VMware images , FoswikiOnUsb, RHEL6/Centos6 and Debian/Ubuntu installs have been updated to the Foswiki latest release.

Improvements to User Registration

  • The complete fix for CVE-2012-1004 has been integrated, including pluggable field validations in the User Mapper. If your installation uses a custom user mapper, there is a new function in the base user mapper lib/Foswiki/Users.pm, that performs registration field validations. Override this method in your custom user mapper to add site specific validations.
  • The user registration and group management API calls now all return error messages describing any failures. All errors are processed through MAKETEXT so that they are translated to the selected language.
  • New options can reject duplicate registrations using the same email, and can either white-list or black-list email domains from registering.

Improvements to .htpasswd handling

  • The HtPasswdUser password manager has been changed to globally cache the password file if enabled. In an installation running fcgi or mod_perl, this will reduce the overhead of reading the file for each transaction.
  • The .htpasswd lock file is now configurable. There was a small risk that when multiple foswiki installations shared a common .htpasswd file, simultaneous updates would not be prevented, resulting in file corruption.
  • The default for {Htpasswd}{Encoding} has been changed to apache-md5. We strongly recommend that installations migrate away from crypt encoding – the prior default. crypt truncates passwords at 8 characters.
  • The {Htpasswd}{AutoDetect} option is enabled by default. This ensures that an existing .htpasswd file cannot be accidentally corrupted due to the change in default encoding.
  • A new password encoding hash has been added. bcrypt encoding. (Ref. http://yorickpeterse.com/articles/use-bcrypt-fool )

Better session support for mixed http and https environments

If your foswiki is set up to accept both https and http requests, your users may find themselves logged out much faster than desired. 1.1.5 fixes this by using separate authentication session cookies when using http and https, but this may mean your users may need to login again. This applies to both TemplateLogin and ApacheLogin.

Changes to the configure password handling

The encoding of the bin/configure and “sudo” admin user has been changed. Sites should change their configure password as soon as possible. Note that this change is not backwards compatible. Once the password has been changed, if fallback to 1.1.4 is required, the password will have to be reset by removing the password from lib/LocalSite.cfg.

Changes to Statistics processing

The WebStatistics topics are no longer shipped with Foswiki. Two new topics have been included; DefaultWebStatistics and WebStatisticsTemplate. The statistics script now has the optional capability of creating the missing WebStatistics topics.

  • The Foswiki configuration has a new parameter: {Stats}{AutoCreateTopic} (Default is disabled)
  • The statistics script has a new parameter: -autocreate 1 or autocreate=1 (Default is 0 or disabled)
  • The statistics script must now only be run using POST. HTML GET should never result in an update.

Changes to PlainFile logger to improve log rotation

In previous versions of foswiki, the default PlainFile logger failed to rotate the logs if any log records were corrupted. This is more likely in the error log file, but can be caused by any log record that is written containing embedded newlines. If a log record is read without the expected | Timestamp | as the first column, rotation stops.

This behavior has been corrected, however sites where rotation was failing may have extremely large log files. When foswiki performs the rotation at the beginning of the next month, rotation can take an extended time, resulting in extended response time.

Rotation is performed when the timestamp of the log file (events.logerror.logdebug.log) is in a month prior to the current month. In order for rotation to proceed:

  • The directory containing the log files must be writable.
  • Archive files named [logfile].YYYYMM must not exist for any records in the current [logfile].log file.
    • For example, if events.log contains an event dated 2012-01-15:, then the archive file events.201201 must not exist.
  • In order to force rotation and avoid extended web server response time:
  • Quiesce the web server to prevent logging activity
  • Upgrade to 1.1.5, which will install the updated lib/Foswiki/Logger/PlainFile.pm
  • Reset the timestamps to the previous month on the logfile requiring rotation
    • touch -t 201202280101 events.log will set the timestamp to February 28th on a linux/unix system.
    • Windows users will need to install a 3rd party tool to change timestamps, or wait for the next month
  • Change to the bin directory and run the view script from the shell as the web user.
    • sudo -u www ./view (Actual user will vary depending on the distribution)

The plainfile logger will now report additional information on the rotation process, including displaying bad records to STDERR. Edit lib/Foswiki/Logger/Plainfile.pm and change the line use constant TRACE => 0; to use constant TRACE => 1; to enable more detailed debug messages.

Categories: Release Tags: , ,

foswiki.org running 1.1.5-RC2

April 7th, 2012 1 comment

So far 1.1.5-RC1 has been very reliable, and RC2 will be “the release” unless new urgent issues are found. We plan to build 1.1.5 on April 10th.   You can download RC2 for testing from our Download Site.

Categories: Development Tags:

foswiki.org running 1.1.5-Beta1

February 29th, 2012 No comments

foswiki.org has been updated to an early beta of release 1.1.5. We are not quite ready for a public beta. There are a number of release blocking bugs that we hope to get fixed over the next week or two, and translations still need to be completed. So don’t look for the 1.1.5-Beta1 download just yet. We installed the early beta to get some live testing of a bug in log file rotation, and will hopefully find that it is fixed when the March 1st rollover occurs.

Details of the release are in the Beta release notes.

Categories: Development Tags:

Meet Foswiki at the CeBIT 2012

February 10th, 2012 No comments

 

halle 2, stand e62Foswiki will have a booth on this year’s CeBIT fair sponsored by Linux New Media AG. So come visit us in Hall 2, Section E58 at the Open Source Forum 6th – 10th March. More information at http://foswiki.org/Community/FoswikiCeBIT2012.

Categories: Promo Tags: , ,

Foswiki 1.1.4 heads-up on manual changes to .txt files

January 25th, 2012 4 comments

One of the great strengths of Foswiki is that it stores topics in plain text files. This feature has proven its worth time and again, as Foswiki is able to quickly adapt to organisational change, easily support external processes that write to topics, and is quickly accessible for emergency measures. For an admin who has login access to the server, it’s very easy to use the command-line to make bulk changes to many topics simultaneously.

In Foswiki 1.1.4 we addressed a nasty bug that was inherited from the very earliest days of TWiki. This bug could result in serious history errors such as the wrong username being attributed to edits, incorrect revision numbers, and broken revision histories. Unfortunately there was a side-effect of this fix that anyone who modifies topics on the server needs to be aware of, and take action on.

Any process (or person) that changes a .txt file on the server must make sure that the corresponding .txt,v file is left with a file date that is equal to or more recent than the .txt file.

If you don’t do this, Foswiki will be forced to constantly re-read the .txt,v for the correct revision history, which can affect performance. Also, when such a topic is edited, Foswiki will create a new revision attributed to the “UnknownUser” to record that the topic was changed outside of Foswiki’s control. This is the correct behaviour in the general case, and will save less experienced users a lot of pain. However more experienced users may know that their changes are ‘safe’ and that no change to the topic history is required. In this case, it is trivial to update the file date on the .txt,v file. In summary,

  • After making any manual change to a .txt file on the server make sure that the corresponding .txt,v is ‘touched’ (use the UNIX ‘touch’ command, or simply text-edit and save the file)
  • Scripts that make bulk changes to files – and external processes that write .txt files – should be modified to ‘touch’ the .txt,v files after writing.
  • If you have already made such a change but can’t remember which files you changed, you can use the following linux command line to ‘touch’ all .txt,v files (this is perfectly safe)
find /path/to/foswiki/data -name '*.txt,v' -exec touch {} ;
Categories: Development Tags: