We are very pleased to announce the availability of Foswiki 2.1.8. This release contains 61 fixes relative to 2.1.7, including 9 critical security related fixes.

Most notable are:

• CVE-2023-33756: SpreadSheetPlugin's EVAL feature exposes information about paths and files on the server
• CVE-2023-24698: Local file inclusion vulnerability in viewfile

But also:

• directories in working directory are created as world writable 777 permissions
• possible XSS attack in attachment comments
• restricted allowed protocols to http and https, i.e. forbid file protocol for local file inclusion
• prevent symlink attacks by defaulting to a secure location for temporary files
• update to jquery-ui 1.13.2
• backport patch to earlier jQuery versons to fix a potential XSS vulnerability
• possible XSS vulnerability in topic title field

For more details read the release notes

You can download it from different locations immediately, see our download page for details. Please use our task tracker to report any issues. Or contact us on online via IRC or Slack.

For installation information, see the System Requirements and the Installation Guide.

timlegge/docker-foswiki has been updated to Foswiki 2.1.7. What you need to know to upgrade your instance.

We are very pleased to announce the availability of Foswiki 2.1.7.

This release addresses significant security issues we discovered in all previous Foswiki releases.

Upgrade to Foswiki 2.1.7 is highly recommended.

This release comes with a total of 110 fixes and enhancements as well as 7 security fixes.

For more details read the release notes

You can download it from different locations immediately, see our download page for details. Please use our task tracker to report any issues. Or contact us on online via IRC or Slack.

For installation information, see the System Requirements and the Installation Guide.

I have spent some time setting up an Apache Foswiki docker container to use as the basis for some course material. I wanted a container that started quickly and worked in the Katacoda course environment. I also wanted it to have good response times , which prompted me to try various "optimisations" that are available in Apache and Foswiki. Since it is easy to set up multiple environments in Katacoda/Docker, my curiosity got the better of me and I decided to compare and contrast. It sent me down a few rabbit holes and I thought the results might be of interest to others. So here is the write up.

When opening a PDF file in your browser you most probably are using mozilla's PDF.js component. Recently it started to fail reading large PDF files that are stored on Foswiki and require authentication: files seemed to be corrupt missing the bulk of their data.