Official Foswiki Weblog

The Foswiki community is doing well.  We are developing and we are releasing and we are supporting and responding.

Task number are now 5 digit numbers and SVN checkins are getting close to 10000. That is an average of around 10-15 per day incl weekends.

The practical household and legal ownership is the responsibility of the Foswiki Association.

It is not the Foswiki Association that develops the software or answers support questions. The Association mainly take care that we have working webservers and software repository. And we ensure the project has a roadmap and that tasks teams are working and empowered. And we own the Foswiki name and the domain names. In every day life the community should not notice the association. Thing should just work. And they do. Very well.

It is a year ago since we had the founding General Assembly. The General Assembly is the higest authority and its main purpose is to elect the executive board and approve accounting and budgets.So we will soon have the 2nd General Assembly. Because of some tax detail in Germany we were not ready for November and December is holiday time so the 2nd General Assembly will be held in the beginning of January.

There is a Doodle vote in progress to find the best date. http://www.doodle.com/h2b5kqm5skyrgtfu

The official invitation will be sent out 6 weeks before the date we decide via the Doodle vote. The general assembly will be a conference call on the phone. You will not need to travel to participate.

We welcome new members.

You do not need to be a member of the association to be a contributor to the project. Anyone can contribute code, proposals, etc. But if you want to support the work and have influence on the executiveboard then we are happy to see you as member. Current membership fee is 10 Euros per year so in practical membership is free.

The rules for membership are described in the articles of the association and they require the following steps

1. You need to contact an existing member of the association and ask him/her to recommend you as member. If you have been visible on IRC or this mailing list, or on the foswiki.org site, we are many that will be happy to recommend you. Any member can recommend a new member incl. board members.
2. The member and yourself will then need to find two other members that will support your membership. The member that recommends you will help finding the additional two supporting members.
3. When you have the 3 names, you contact one of the 5 board members and we will put you on the list. You will be able to participate in the next General Assembly if you are on this list. You can contact Kenneth Lavrsen kenneth@lavrsen.dk.
4. One of the first steps at the General Assembly will be to accept the list of new members. This will normally be a formality. Once passed this point you are a full member and can vote for proposals and for the board and even become a member of the board.

For existing members I need to remind that participation at the next General Assembly requires that you have paid your 10 Euro membership fee. Many of you have wanted to, but could not because we had trouble setting up the needed accounts while waiting for German tax authorities. We are fixing this now. But before the January general assembly membership fees must be paid. You will soon receive an email that tells you how you can pay the 10 Euros. Approx 60% of the members have not been able to pay the fee so don’t feel too bad about it. If you already know now that you are not interested, please email Kenneth Lavrsen.

The resources you need.

To find an existing member of the association look at -http://foswiki.org/Community/CurrentFoswikiMembers

The members of the board to send the application to:http://foswiki.org/Community/Association#Board You can e-mail me at kenneth@lavrsen.dk both to be recommended and for the registration.

The association articles can be found at -http://foswiki.org/Community/AssociationArticles – Note that we are in a ping-pong with the German tax authorities about the exact wording of the purpose of the articles but don’t worry. We are not changing to become a football club. It is minor tax technical details that are discussed. It is this tax discussion that has delayed the 2nd general assembly which was supposed to be in November. Please forgive us but we try to avoid having to have an extraordinary assembly.

Regards

Kenneth Lavrsen

Deputy Chair and Secretary of the Foswiki Board.

klavrsen Event association, community, foswiki, general-assembly

The Foswiki project has just been through one of the rare situations where one of our users discover a serious security issue in our software.

It was one of those moments where many developers were thinking: “Why didn’t I see this?”. Many of us felt embarrassed.

It is a fact of life that when you have humans developing technology, things can and will go wrong. You can do a lot of minimize the risk, and the Foswiki project has conducted serious security reviews on the extensive rewrite of our code that took place from 1.0 to 1.1. And we have found and fixed issues before we even got close to releasing any code to the public, and the Foswiki project has had am impressive security record.

But the 1.1.0 release we missed a small issue where one code line had been moved down a few lines too many and we ended up not authenticating the user properly in a specific situation.

This could be a sad story but it isn’t. This situation showed what difference it makes to have a large and strong community behind an open source project.

First I want to give the timeline of what the events on the 9th and 10th of November.

• 09 Nov 2010 a little before noon CET a user asks a very good question on the Foswiki support web. He could not understand what he did wrong in setting up access rights because no matter how he did it, he was able to edit and save preferences in topics he did not have access rights to.
• Within a few hours a Foswiki developer read the support question. And to his horror the report was correct. The minute he realized the nature of the problem the support question was changed so it could only be viewed by the reporter and the Foswiki Security Task Team
• The next few hours the Foswiki security mailing list, which only the security team has access to, is glowing with emails. Five hours after the issue was reported a code fix has been made and tested by the security team members. The time is now near 18:00.
• At 18:00 I become aware of the situation and the security team quickly assess the issue and conclude that it is a security level 2 issue. This means that we have a goal to respond within 48 hours and will provide a fix and a security alert which will be provided to the people that subscribe to our low traffic announcement mailing list.
• It is decided that we will release a 1.1.2 as fast as we possibly can. We assess which urgent bugs we want to include in addition to the security fix.
• The next 8 hours are amazing. Many members of the security team works all night fixing and testing a short list of important bugs. A test of a new version of the Wysiwyg editor is conducted and merged in. Code is checked in and reviewed and tested at a rapid pace. Code is even thrown out again because it was decided to be too risky. Additional developers are pulled into the IRC channel we have created for the event to get the last review on code fixes.
• At 19:30 I request a CVE number from MITRE. And they are fantastic at MITRE. We have the number already 20:00.
• At 23:00 the security announcement and response plan is written and is being reviewed and agreed by the security team.
• At 02:00 the 10 Nov 2010 the 1.1.2 release is built and uploaded to our servers for download.
• At 02:30 the release announcement is sent to the Foswiki announcement mailing list
• At 02:35 the security announcement is sent to the Foswiki announcement mailing list

So we actually managed to react, assess, fix, finish a release, build release, and announce within 14 hours.

As I write this, I have just sent the the security announcement to the public security sites (48 hours after we did the announcement on the Foswiki mailing lists).

When I think back now on what happened I feel proud.
Proud that we managed to act like professionels even though we all work as volunteers on the project.
Proud because I am part of such a strong development team that care about the security of our users, and care about each other.
Proud because as a release manager located in Denmark I had people in USA, Mexico, Germany, France, UK, Australia, Netherlands being available helping, testing, coding, reviewing, and encouraging. I had a team backing me up getting the release out and getting the announcements out.

It shows the power of open source projects when they are supported by a committed and dedicated community.

Kenneth Lavrsen

Foswiki Release Manager
Leader of the Foswiki Security Task Team
Member of the board of the Foswiki Association

klavrsen Security community, cve, foswiki, Security

On behalf of the entire Foswiki community I can proudly announce that the release of the Foswiki release 1.1.1  is available for download at

Foswiki web site: http://foswiki.org/Download/FoswikiRelease01×01x01

Foswiki 1.1.1 is a release that fixes some important bugs that were introduced in 1.1.0. It is highly recommended that all running 1.1.0 upgrade to 1.1.1.

The entire Foswiki community has been busy the past weeks with very quick responses to the bug reports on 1.1.0. There are always a few bugs in a new “.0″ release but the team has been very committed. The reporters have received quick patches so they could continue their upgrade. The end result is a 1.1.1 which is a very stable and high quality release.

Upgrade package is available for upgrading from 1.1.0 to 1.1.1. so upgrading is quick and easy.

Foswiki 1.1 introduces jQuery Javascript user interface framework, improved topic history display, new QUERY and FORMAT macros, better user interface for group management, much improved WYSIWYG editor, facelift of the default skin, much improved configure tool, and many more enhancements.

Foswiki 1.1 has many improvements that end-users as well as administrators will appreciate. In addition Foswiki 1.1 comes with a lot of “under the hood” improvements to the core code, with the goal of making it easier to plug in work from other projects, such as jQuery, KinoSearch, Solr and others. Work has been made to improve the definition of internal APIs to allow other not-yet-written modules, such as store implementations. Most of these modifications should be invisible to the end user and admin, but are important to position Foswiki for the next generation of plugins.

What’s new – highlights:

• Adoption of the jQuery Javascript user interface framework
• New macros enabled by jQuery
• Powerful new QUERY macro
• SEARCH now has a zeroresults format string and search results pagination
• New FORMAT macro
• WikiGroups have add & remove user interface
• TinyMCEPlugin updates include much better user interface, rowspan support, and autosave feature
• Testing configuration variables in %IF
• “Copy topic” now copies attachments
• Tailoring of user registration made easier
• Easy tailoring of reset/change password and change email forms
• TMPL:DEFs may now access previous (overridden) TMPL:DEF using the new %TMPL:PREV% template token
• Logging of access failures
• configure user interface revamped
• Configure file system checks added
• Newer modern Icon set for Document Graphics
• Table Plugin has been improved
• SlideShowPlugin can now use CSS based templates
• HistoryPlugin and CompareRevisionsAddOn are now included with the default plugin set giving much nicer history/changes features
• AutoViewTemplatePlugin is now included with the default plugin set
• ZonePlugin feature set has been merged to the core Foswiki code
• New page cache feature
• Several API Enhancements for extension writers

Bugs can be reported on http://foswiki.org/Tasks/CreateNewTask

It is a proud release manager that know that you will all enjoy the 1.1.1

Kenneth Lavrsen

klavrsen Release 1.1.x, Development, features, foswiki, Release

Release of Foswiki version 1.0.10 – 08 Sep 2010

On behalf of the entire Foswiki community I can proudly announce the 
release of the Foswiki patch release 1.0.10 

Foswiki 1.0.10 is available for download at

* Foswiki web site: http://foswiki.org/Download

Foswiki 1.0.10 was built 08 Sep 2010. It is a patch release with more 
than 410 bug fixes relative to 1.0.0.

If you already run Foswiki 1.0.9 and you do not have any severe issues 
with it, you are recommended to stay with 1.0.9 and wait for Foswiki 
1.1.0 which we plan to release in October. We are going beta within a 
few days. Foswiki 1.1.0 is an exciting new release that you can all look 
forward to with some significant enhancements for both end users and 
application developers.

The reason for releasing 1.0.10 now is mainly that people installing 
Foswiki for the first time on Perl 5.12 are having severe issues with 
the installation. Foswiki 1.0.10 does not have any important 
enhancements compared to 1.0.9. Read the 1.0.10 release notes which are 
available at …

* http://foswiki.org/System/ReleaseNotes01×00

.. and review if an upgrade is desired

The regular version (Foswiki-1.0.10…) is the full version with all 
files. The upgrade version (Foswiki-upgrade-1.0.10…) contains the full 
file package except the files that you will typical have tailored in 
your installation and do not want overwritten when you upgrade. The 
upgrade package will upgrade any version from 1.0.0 or later to 1.0.10 
simply by copying all the files in the upgrade package on top of the 
existing 1.0.X. The exact steps are described on the download page. If 
you are at 1.0.0 there is no need to upgrade to 1.0.4 through 1.0.9 first.

Also note that many plugins and other extensions are being released or 
updated every week. Follow the Extensions News at where important news 
about extensions releases are announced.

* http://foswiki.org/Extensions/ExtensionNews

The number of subversion code check-ins near 9000 now and still more 
developers join the project.

As release manager on the project I want to say a sincere thank you to 
all the many that have worked hard on this release happen. A special 
thank you to those that tested the release candidate. Remember that you 
can upgrade also the release candidate using the upgrade package.

You should also both when you download and install Foswiki and regularly 
visit http://foswiki.org/Support/KnownIssuesOfFoswiki01×00 where we will 
list the more annoying bugs that have been found and most often you will 
find an immediate solution that you can apply.

We will be many developers that are ready to help you with the 
installation of (or upgrade to) Foswiki on the IRC channel #foswiki on 
the freenode.org network.

The special installer and virtual machine versions of Foswiki will be 
updated to 1.0.10 version within the next days. Keep an eye on the 
download page if you use one of these versions.

On behalf of the Foswiki Association and the entire Foswiki Community: 
Enjoy the Foswiki 1.0.10

Kenneth Lavrsen 
Release manager

See the whole discussion on Nabble.

klavrsen Release community, Development, foswiki, kennethlavrsen, Release

Release of Foswiki version 1.0.9, 17 Jan 2010

On behalf of the entire Foswiki community I can proudly announce the
release of the Foswiki patch release 1.0.9

Foswiki 1.0.9 is available for download from foswiki.org/Download/

Foswiki 1.0.9 was built 17 Jan 2010. It is a patch release with more
than 320 bug fixes relative to 1.0.0 and many small enhancements. This
release fixes many bugs in the Wysiwyg editor, bugs related to more
advanced wiki applications and bugs in the Plugin API. It contains
several bug fixes and enhancements related to security and spam fighting.

It is highly recommended to upgrade your Foswiki to 1.0.9.

The regular version (Foswiki-1.0.9…) is the full version with all
files. The upgrade version (Foswiki-upgrade-1.0.9…) contains the full
file package except the files that you will typical have tailored in
your installation and do not want overwritten when you upgrade. The
upgrade package will upgrade any version from 1.0.0 or later to 1.0.9
simply by copying all the files in the upgrade package on top of the
existing 1.0.X. The exact steps are described on the download page. If
you are at 1.0.0 there is no need to upgrade to 1.0.4 through 1.0.8 first.

Also note that many plugins and other extensions are being released or
updated every week. Follow the Extensions News at where important news
about extensions releases are announced.

foswiki.org/Extensions/ExtensionNews

The number of subversion code check-ins is over 6000 now and still more
developers join the project.

As release manager on the project I want to say a sincere thank you to
all the many that have worked hard on this release happen. A special
thank you to those that tested the two release candidates. Remember that
you can upgrade also the release candidates using the upgrade package.

You should also both when you download and install Foswiki and regularly
visit foswiki.org/Support/KnownIssuesOfFoswiki01×00 where we will
list the more annoying bugs that have been found and most often you will
find an immediate solution that you can apply.

We will be many developers that are ready to help you with the
installation of (or upgrade to) Foswiki on the IRC channel #foswiki on
the freenode.org network.

The special installer and virtual machine versions of Foswiki will be
updated to 1.0.9 version within the next days. Keep an eye on the
download page if you use one of these versions.

On behalf of the Foswiki Association and the entire Foswiki Community:
Enjoy the Foswiki 1.0.9

Kenneth Lavrsen
Release manager

Join the conversation also on our nabble-instance.

klavrsen Release community, Development, foswiki, kennethlavrsen, Release